Tetrate Service ExpressVersion: LatestAPI Reference
Packages:
- tsb.tetrate.io/v2
- application.tsb.tetrate.io/v2
- extension.tsb.tetrate.io/v2
- gateway.tsb.tetrate.io/v2
- istiointernal.tsb.tetrate.io/v2
- rbac.tsb.tetrate.io/v2
- security.tsb.tetrate.io/v2
- traffic.tsb.tetrate.io/v2
tsb.tetrate.io/v2
Resource Types:
Cluster
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | tsb.tetrate.io/v2 | true |
| kind | string | Cluster | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object | A Kubernetes cluster managing both pods and VMs. | false |
| status | object | false |
Cluster.spec
A Kubernetes cluster managing both pods and VMs.
| Name | Type | Description | Required |
|---|---|---|---|
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
| installTemplate | object | false | |
| labels | map[string]string | false | |
| locality | object | Deprecated. | false |
| namespaceScope | object | Configure the default scoping of namespaces in this cluster. | false |
| namespaces | []object | false | |
| network | string | The network (e.g., VPC) where this cluster is present. | false |
| serviceAccount | object | The service account created with permissions to manage the current cluster. | false |
| state | object | false | |
| tier1Cluster | boolean | Indicates whether this cluster is hosting a tier1 gateway or not. | false |
| tokenTtl | string | Lifetime of the tokens. | false |
| trustDomain | string | Trust domain for this cluster, used for multi-cluster routing. | false |
Cluster.spec.installTemplate
| Name | Type | Description | Required |
|---|---|---|---|
| helm | object | valid values.yaml to be used with controlplane helm chart. | false |
| message | string | false |
Cluster.spec.installTemplate.helm
valid values.yaml to be used with controlplane helm chart.
| Name | Type | Description | Required |
|---|---|---|---|
| image | object | Values for the TSB operator image. | false |
| operator | object | Values for the TSB operator application. | false |
| secrets | object | Values for the Control Plane secrets. | false |
| spec | object | Values for the Control Plane CR spec. | false |
Cluster.spec.installTemplate.helm.image
Values for the TSB operator image.
| Name | Type | Description | Required |
|---|---|---|---|
| registry | string | Registry used to download the operator image. | false |
| tag | string | The tag of the operator image. | false |
Cluster.spec.installTemplate.helm.operator
Values for the TSB operator application.
| Name | Type | Description | Required |
|---|---|---|---|
| deployment | object | Values for the TSB operator deployment. | false |
| service | object | Values for the TSB operator service. | false |
| serviceAccount | object | Values for the TSB operator service account. | false |
Cluster.spec.installTemplate.helm.operator.deployment
Values for the TSB operator deployment.
| Name | Type | Description | Required |
|---|---|---|---|
| affinity | object | Affinity configuration for the pod. | false |
| annotations | map[string]string | Custom collection of annotations to add to the deployment. | false |
| env | []object | Custom collection of environment vars to add to the container. | false |
| podAnnotations | map[string]string | Custom collection of annotations to add to the pod. | false |
| replicaCount | integer | Number of replicas managed by the deployment. Format: int32 | false |
| strategy | object | Deployment strategy to use. | false |
| tolerations | []object | Toleration collection applying to the pod scheduling. | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity
Affinity configuration for the pod.
| Name | Type | Description | Required |
|---|---|---|---|
| nodeAffinity | object | Group of node affinity scheduling rules. | false |
| podAffinity | object | Group of inter-pod affinity scheduling rules. | false |
| podAntiAffinity | object | Group of inter-pod anti-affinity scheduling rules. | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity.nodeAffinity
Group of node affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | object | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| preference | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
| Name | Type | Description | Required |
|---|---|---|---|
| nodeSelectorTerms | []object | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAffinity
Group of inter-pod affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAntiAffinity
Group of inter-pod anti-affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.operator.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.operator.deployment.env[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false | |
| valueFrom | object | false |
Cluster.spec.installTemplate.helm.operator.deployment.env[index].valueFrom
| Name | Type | Description | Required |
|---|---|---|---|
| configMapKeyRef | object | false | |
| fieldRef | object | false | |
| resourceFieldRef | object | false | |
| secretKeyRef | object | false |
Cluster.spec.installTemplate.helm.operator.deployment.env[index].valueFrom.configMapKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.operator.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.operator.deployment.env[index].valueFrom.fieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| fieldPath | string | false |
Cluster.spec.installTemplate.helm.operator.deployment.env[index].valueFrom.resourceFieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| containerName | string | false | |
| divisor | object | false | |
| resource | string | false |
Cluster.spec.installTemplate.helm.operator.deployment.env[index].valueFrom.resourceFieldRef.divisor
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.operator.deployment.env[index].valueFrom.secretKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.operator.deployment.env[index].valueFrom.secretKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.operator.deployment.strategy
Deployment strategy to use.
| Name | Type | Description | Required |
|---|---|---|---|
| rollingUpdate | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.operator.deployment.strategy.rollingUpdate
| Name | Type | Description | Required |
|---|---|---|---|
| maxSurge | object | false | |
| maxUnavailable | object | false |
Cluster.spec.installTemplate.helm.operator.deployment.strategy.rollingUpdate.maxSurge
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.operator.deployment.strategy.rollingUpdate.maxUnavailable
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.operator.deployment.tolerations[index]
| Name | Type | Description | Required |
|---|---|---|---|
| effect | string | Effect indicates the taint effect to match. | false |
| key | string | Key is the taint key that the toleration applies to. | false |
| operator | string | Operator represents a key's relationship to the value. | false |
| tolerationSeconds | integer | Format: int64 | false |
| value | string | Value is the taint value the toleration matches to. | false |
Cluster.spec.installTemplate.helm.operator.service
Values for the TSB operator service.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Custom collection of annotations to add to the service. | false |
Cluster.spec.installTemplate.helm.operator.serviceAccount
Values for the TSB operator service account.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Custom collection of annotations to add to the service account. | false |
| imagePullSecrets | []string | Collection of secrets names required to be able to pull images from the registry. | false |
| pullPassword | string | false | |
| pullSecret | string | A Docker config JSON to be stored in a secret to be used as an image pull secret. | false |
| pullUsername | string | false |
Cluster.spec.installTemplate.helm.secrets
Values for the Control Plane secrets.
| Name | Type | Description | Required |
|---|---|---|---|
| clusterServiceAccount | object | Cluster service account used to authenticate to the Management Plane. | false |
| elasticsearch | object | Secrets to reach the Elasticsearch. | false |
| tsb | object | Secrets to reach the TSB Management Plane. | false |
| xcp | object | Secrets to reach the XCP Central in the Management Plane. | false |
Cluster.spec.installTemplate.helm.secrets.clusterServiceAccount
Cluster service account used to authenticate to the Management Plane.
| Name | Type | Description | Required |
|---|---|---|---|
| JWK | string | Literal JWK used to generate and sign the tokens for all the Control Plane agents. | false |
| clusterFQN | string | TSB FQN of the onboarded cluster resource. | false |
| encodedJWK | string | Base64-encoded JWK used to generate and sign the tokens for all the Control Plane agents. | false |
Cluster.spec.installTemplate.helm.secrets.elasticsearch
Secrets to reach the Elasticsearch.
| Name | Type | Description | Required |
|---|---|---|---|
| cacert | string | Elasticsearch CA cert TLS used by control plane to verify TLS connection. | false |
| password | string | The password to access Elasticsearch. | false |
| username | string | The username to access Elasticsearch. | false |
Cluster.spec.installTemplate.helm.secrets.tsb
Secrets to reach the TSB Management Plane.
| Name | Type | Description | Required |
|---|---|---|---|
| cacert | string | CA certificate used to verify TLS certs exposed the Management Plane (front envoy). | false |
Cluster.spec.installTemplate.helm.secrets.xcp
Secrets to reach the XCP Central in the Management Plane.
| Name | Type | Description | Required |
|---|---|---|---|
| autoGenerateCerts | boolean | Enabling this will auto generate XCP Edge certificate if mTLS is enabled to authenticate to XCP Central. | false |
| edge | object | Secrets for the XCP Edge component. | false |
| rootca | string | CA certificate of XCP components. | false |
| rootcakey | string | Key of the CA certificate of XCP components. | false |
Cluster.spec.installTemplate.helm.secrets.xcp.edge
Secrets for the XCP Edge component.
| Name | Type | Description | Required |
|---|---|---|---|
| cert | string | Edge certificate used for mTLS with XCP Central. | false |
| key | string | Key of the Edge certificate used for mTLS with XCP Central. | false |
| token | string | JWT token used to authenticate XCP Edge against the XCP Central. | false |
Cluster.spec.installTemplate.helm.spec
Values for the Control Plane CR spec.
| Name | Type | Description | Required |
|---|---|---|---|
| components | object | The set of components that make up the control plane. | false |
| hub | string | TSB container hub path e.g. | false |
| imagePullSecrets | []object | false | |
| managementPlane | object | Configure the management plane to retrieve configuration from. | false |
| meshExpansion | object | Configure mesh expansion to connect workloads external to Kubernetes to the mesh. | false |
| meshObservability | object | false | |
| providerSettings | object | Configures Kubernetes provider specific settings. | false |
| telemetryStore | object | Configure the store that TSB will use to persist application telemetry data. | false |
| tier1Cluster | boolean | false |
Cluster.spec.installTemplate.helm.spec.components
The set of components that make up the control plane.
| Name | Type | Description | Required |
|---|---|---|---|
| collector | object | false | |
| defaultKubeSpec | object | Configure Kubernetes default settings for all components. | false |
| defaultLogLevel | string | The default log level for all components if the per component log level config is not specified. | false |
| gitops | object | Configuration for the integration of the Control Plane with Continuous Deployment pipelines. | false |
| hpaAdapter | object | false | |
| internalCertProvider | object | Configure the Kubernetes CSR certificate provider for TSB internal purposes like Webhook TLS certificates. | false |
| istio | object | false | |
| ngac | object | false | |
| oap | object | false | |
| onboarding | object | Workload Onboarding. | false |
| rateLimitServer | object | false | |
| route53Controller | object | false | |
| satellite | object | Satellite provide load balancing capabilities for data content before the data from Envoy reaches the SPM in Control Plane. | false |
| wasmfetcher | object | Configuration for the WASM Fetcher component. | false |
| xcp | object | false |
Cluster.spec.installTemplate.helm.spec.components.collector
| Name | Type | Description | Required |
|---|---|---|---|
| kubeSpec | object | false | |
| logLevel | string | Specifies the log level for OTEL collector component. | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec
| Name | Type | Description | Required |
|---|---|---|---|
| deployment | object | false | |
| overlays | []object | false | |
| service | object | false | |
| serviceAccount | object | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment
| Name | Type | Description | Required |
|---|---|---|---|
| affinity | object | The scheduling constraints for the pod. | false |
| containerSecurityContext | object | false | |
| env | []object | Environment variables for all containers in the deployment. | false |
| hpaSpec | object | false | |
| podAnnotations | map[string]string | Pod annotations are an unstructured key value map stored with the pod. | false |
| podSecurityContext | object | false | |
| replicaCount | integer | Number of desired pods. Minimum: 0 | false |
| resources | object | false | |
| strategy | object | The deployment strategy to use to replace existing pods with new ones. | false |
| tolerations | []object | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity
The scheduling constraints for the pod.
| Name | Type | Description | Required |
|---|---|---|---|
| nodeAffinity | object | Group of node affinity scheduling rules. | false |
| podAffinity | object | Group of inter-pod affinity scheduling rules. | false |
| podAntiAffinity | object | Group of inter-pod anti-affinity scheduling rules. | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.nodeAffinity
Group of node affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | object | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| preference | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
| Name | Type | Description | Required |
|---|---|---|---|
| nodeSelectorTerms | []object | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAffinity
Group of inter-pod affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAntiAffinity
Group of inter-pod anti-affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.containerSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| allowPrivilegeEscalation | boolean | false | |
| capabilities | object | false | |
| privileged | boolean | false | |
| procMount | string | false | |
| readOnlyRootFilesystem | boolean | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.containerSecurityContext.capabilities
| Name | Type | Description | Required |
|---|---|---|---|
| add | []string | false | |
| drop | []string | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.containerSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.containerSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.containerSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.env[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false | |
| valueFrom | object | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.env[index].valueFrom
| Name | Type | Description | Required |
|---|---|---|---|
| configMapKeyRef | object | false | |
| fieldRef | object | false | |
| resourceFieldRef | object | false | |
| secretKeyRef | object | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.env[index].valueFrom.fieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| fieldPath | string | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| containerName | string | false | |
| divisor | object | false | |
| resource | string | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.env[index].valueFrom.secretKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec
| Name | Type | Description | Required |
|---|---|---|---|
| maxReplicas | integer | Format: int32 | false |
| metrics | []object | false | |
| minReplicas | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index]
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| object | object | false | |
| pods | object | false | |
| resource | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].external
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| metricSelector | object | false | |
| targetAverageValue | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].object
| Name | Type | Description | Required |
|---|---|---|---|
| averageValue | object | false | |
| metricName | string | false | |
| selector | object | false | |
| target | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].object.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].object.target
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| kind | string | false | |
| name | string | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].pods
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| selector | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].resource
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| target | object | false | |
| targetAverageUtilization | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].resource.target
| Name | Type | Description | Required |
|---|---|---|---|
| averageUtilization | integer | Format: int32 | false |
| averageValue | object | false | |
| type | string | false | |
| value | object | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.podSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| fsGroup | integer | Minimum: 0 | false |
| fsGroupChangePolicy | string | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| supplementalGroups | []integer | false | |
| sysctls | []object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.podSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.podSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.podSecurityContext.sysctls[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.podSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.resources
| Name | Type | Description | Required |
|---|---|---|---|
| limits | map[string]string | false | |
| requests | map[string]string | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.strategy
The deployment strategy to use to replace existing pods with new ones.
| Name | Type | Description | Required |
|---|---|---|---|
| rollingUpdate | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.strategy.rollingUpdate
| Name | Type | Description | Required |
|---|---|---|---|
| maxSurge | object | false | |
| maxUnavailable | object | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.strategy.rollingUpdate.maxSurge
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.deployment.tolerations[index]
| Name | Type | Description | Required |
|---|---|---|---|
| effect | string | Effect indicates the taint effect to match. | false |
| key | string | Key is the taint key that the toleration applies to. | false |
| operator | string | Operator represents a key's relationship to the value. | false |
| tolerationSeconds | integer | Format: int64 | false |
| value | string | Value is the taint value the toleration matches to. | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.overlays[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | Resource API version. | false |
| kind | string | Resource kind. | false |
| name | string | Name of resource. | false |
| patches | []object | List of patches to apply to resource. | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.overlays[index].patches[index]
| Name | Type | Description | Required |
|---|---|---|---|
| path | string | false | |
| value | object | Value to add, delete or replace. | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.service
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Pod annotations are an unstructured key value map stored with the service. | false |
| labels | map[string]string | Labels are an unstructured key value map stored with the deployment. | false |
| ports | []object | The set of ports on which this service is exposed. | false |
| type | string | Determines how the Service is exposed. | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.service.ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| kubernetesNodePort | integer | Minimum: 0 | false |
| name | string | Name assigned to the port. | false |
| number | integer | A valid non-negative integer port number. Minimum: 0 | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.serviceAccount
| Name | Type | Description | Required |
|---|---|---|---|
| imagePullSecrets | []object | false |
Cluster.spec.installTemplate.helm.spec.components.collector.kubeSpec.serviceAccount.imagePullSecrets[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec
Configure Kubernetes default settings for all components.
| Name | Type | Description | Required |
|---|---|---|---|
| account | object | false | |
| deployment | object | false | |
| job | object | false | |
| service | object | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.account
| Name | Type | Description | Required |
|---|---|---|---|
| imagePullSecrets | []object | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.account.imagePullSecrets[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment
| Name | Type | Description | Required |
|---|---|---|---|
| affinity | object | The scheduling constraints for the pod. | false |
| containerSecurityContext | object | false | |
| env | []object | Environment variables for all containers in the deployment. | false |
| podAnnotations | map[string]string | Pod annotations are an unstructured key value map stored with the pod. | false |
| podSecurityContext | object | false | |
| strategy | object | The deployment strategy to use to replace existing pods with new ones. | false |
| tolerations | []object | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity
The scheduling constraints for the pod.
| Name | Type | Description | Required |
|---|---|---|---|
| nodeAffinity | object | Group of node affinity scheduling rules. | false |
| podAffinity | object | Group of inter-pod affinity scheduling rules. | false |
| podAntiAffinity | object | Group of inter-pod anti-affinity scheduling rules. | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.nodeAffinity
Group of node affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | object | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| preference | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
| Name | Type | Description | Required |
|---|---|---|---|
| nodeSelectorTerms | []object | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAffinity
Group of inter-pod affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAntiAffinity
Group of inter-pod anti-affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.containerSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| allowPrivilegeEscalation | boolean | false | |
| capabilities | object | false | |
| privileged | boolean | false | |
| procMount | string | false | |
| readOnlyRootFilesystem | boolean | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.containerSecurityContext.capabilities
| Name | Type | Description | Required |
|---|---|---|---|
| add | []string | false | |
| drop | []string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.containerSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.containerSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.containerSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.env[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false | |
| valueFrom | object | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.env[index].valueFrom
| Name | Type | Description | Required |
|---|---|---|---|
| configMapKeyRef | object | false | |
| fieldRef | object | false | |
| resourceFieldRef | object | false | |
| secretKeyRef | object | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.env[index].valueFrom.configMapKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.env[index].valueFrom.fieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| fieldPath | string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.env[index].valueFrom.resourceFieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| containerName | string | false | |
| divisor | object | false | |
| resource | string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.env[index].valueFrom.secretKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.podSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| fsGroup | integer | Minimum: 0 | false |
| fsGroupChangePolicy | string | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| supplementalGroups | []integer | false | |
| sysctls | []object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.podSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.podSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.podSecurityContext.sysctls[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.podSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.strategy
The deployment strategy to use to replace existing pods with new ones.
| Name | Type | Description | Required |
|---|---|---|---|
| rollingUpdate | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.strategy.rollingUpdate
| Name | Type | Description | Required |
|---|---|---|---|
| maxSurge | object | false | |
| maxUnavailable | object | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.strategy.rollingUpdate.maxSurge
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.strategy.rollingUpdate.maxUnavailable
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.deployment.tolerations[index]
| Name | Type | Description | Required |
|---|---|---|---|
| effect | string | Effect indicates the taint effect to match. | false |
| key | string | Key is the taint key that the toleration applies to. | false |
| operator | string | Operator represents a key's relationship to the value. | false |
| tolerationSeconds | integer | Format: int64 | false |
| value | string | Value is the taint value the toleration matches to. | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job
| Name | Type | Description | Required |
|---|---|---|---|
| affinity | object | The scheduling constraints for the pod. | false |
| containerSecurityContext | object | false | |
| podAnnotations | map[string]string | Pod annotations are an unstructured key value map stored with the pod. | false |
| podSecurityContext | object | false | |
| tolerations | []object | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity
The scheduling constraints for the pod.
| Name | Type | Description | Required |
|---|---|---|---|
| nodeAffinity | object | Group of node affinity scheduling rules. | false |
| podAffinity | object | Group of inter-pod affinity scheduling rules. | false |
| podAntiAffinity | object | Group of inter-pod anti-affinity scheduling rules. | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.nodeAffinity
Group of node affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | object | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| preference | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
| Name | Type | Description | Required |
|---|---|---|---|
| nodeSelectorTerms | []object | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAffinity
Group of inter-pod affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAntiAffinity
Group of inter-pod anti-affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.containerSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| allowPrivilegeEscalation | boolean | false | |
| capabilities | object | false | |
| privileged | boolean | false | |
| procMount | string | false | |
| readOnlyRootFilesystem | boolean | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.containerSecurityContext.capabilities
| Name | Type | Description | Required |
|---|---|---|---|
| add | []string | false | |
| drop | []string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.containerSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.containerSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.containerSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.podSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| fsGroup | integer | Minimum: 0 | false |
| fsGroupChangePolicy | string | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| supplementalGroups | []integer | false | |
| sysctls | []object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.podSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.podSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.podSecurityContext.sysctls[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.podSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.job.tolerations[index]
| Name | Type | Description | Required |
|---|---|---|---|
| effect | string | Effect indicates the taint effect to match. | false |
| key | string | Key is the taint key that the toleration applies to. | false |
| operator | string | Operator represents a key's relationship to the value. | false |
| tolerationSeconds | integer | Format: int64 | false |
| value | string | Value is the taint value the toleration matches to. | false |
Cluster.spec.installTemplate.helm.spec.components.defaultKubeSpec.service
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Pod annotations are an unstructured key value map stored with the service. | false |
Cluster.spec.installTemplate.helm.spec.components.gitops
Configuration for the integration of the Control Plane with Continuous Deployment pipelines.
| Name | Type | Description | Required |
|---|---|---|---|
| batchWindow | string | When configured, all admission requests will be paused for the configured duration. | false |
| enabled | boolean | The GitOps component is in beta and disabled by default. | false |
| managementplaneRequestTimeout | string | The GitOps component performs operations against the management plane through the k8s webhook. | false |
| reconcileInterval | string | Interval at which the reconcile process will run. | false |
| reconcileRequestTimeout | string | The GitOps component performs operations against the management plane internal reconcile loop. | false |
| webhookTimeout | string | Timeout that will be set in the k8s gitops webhook resource. | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter
| Name | Type | Description | Required |
|---|---|---|---|
| kubeSpec | object | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec
| Name | Type | Description | Required |
|---|---|---|---|
| deployment | object | false | |
| overlays | []object | false | |
| service | object | false | |
| serviceAccount | object | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment
| Name | Type | Description | Required |
|---|---|---|---|
| affinity | object | The scheduling constraints for the pod. | false |
| containerSecurityContext | object | false | |
| env | []object | Environment variables for all containers in the deployment. | false |
| hpaSpec | object | false | |
| podAnnotations | map[string]string | Pod annotations are an unstructured key value map stored with the pod. | false |
| podSecurityContext | object | false | |
| replicaCount | integer | Number of desired pods. Minimum: 0 | false |
| resources | object | false | |
| strategy | object | The deployment strategy to use to replace existing pods with new ones. | false |
| tolerations | []object | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity
The scheduling constraints for the pod.
| Name | Type | Description | Required |
|---|---|---|---|
| nodeAffinity | object | Group of node affinity scheduling rules. | false |
| podAffinity | object | Group of inter-pod affinity scheduling rules. | false |
| podAntiAffinity | object | Group of inter-pod anti-affinity scheduling rules. | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.nodeAffinity
Group of node affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | object | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| preference | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
| Name | Type | Description | Required |
|---|---|---|---|
| nodeSelectorTerms | []object | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAffinity
Group of inter-pod affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAntiAffinity
Group of inter-pod anti-affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.containerSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| allowPrivilegeEscalation | boolean | false | |
| capabilities | object | false | |
| privileged | boolean | false | |
| procMount | string | false | |
| readOnlyRootFilesystem | boolean | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.containerSecurityContext.capabilities
| Name | Type | Description | Required |
|---|---|---|---|
| add | []string | false | |
| drop | []string | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.containerSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.containerSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.containerSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.env[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false | |
| valueFrom | object | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.env[index].valueFrom
| Name | Type | Description | Required |
|---|---|---|---|
| configMapKeyRef | object | false | |
| fieldRef | object | false | |
| resourceFieldRef | object | false | |
| secretKeyRef | object | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.env[index].valueFrom.fieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| fieldPath | string | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| containerName | string | false | |
| divisor | object | false | |
| resource | string | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.env[index].valueFrom.secretKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec
| Name | Type | Description | Required |
|---|---|---|---|
| maxReplicas | integer | Format: int32 | false |
| metrics | []object | false | |
| minReplicas | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index]
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| object | object | false | |
| pods | object | false | |
| resource | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].external
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| metricSelector | object | false | |
| targetAverageValue | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].object
| Name | Type | Description | Required |
|---|---|---|---|
| averageValue | object | false | |
| metricName | string | false | |
| selector | object | false | |
| target | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].object.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].object.target
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| kind | string | false | |
| name | string | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].pods
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| selector | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].resource
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| target | object | false | |
| targetAverageUtilization | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].resource.target
| Name | Type | Description | Required |
|---|---|---|---|
| averageUtilization | integer | Format: int32 | false |
| averageValue | object | false | |
| type | string | false | |
| value | object | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.podSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| fsGroup | integer | Minimum: 0 | false |
| fsGroupChangePolicy | string | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| supplementalGroups | []integer | false | |
| sysctls | []object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.podSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.podSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.podSecurityContext.sysctls[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.podSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.resources
| Name | Type | Description | Required |
|---|---|---|---|
| limits | map[string]string | false | |
| requests | map[string]string | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.strategy
The deployment strategy to use to replace existing pods with new ones.
| Name | Type | Description | Required |
|---|---|---|---|
| rollingUpdate | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.strategy.rollingUpdate
| Name | Type | Description | Required |
|---|---|---|---|
| maxSurge | object | false | |
| maxUnavailable | object | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.strategy.rollingUpdate.maxSurge
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.deployment.tolerations[index]
| Name | Type | Description | Required |
|---|---|---|---|
| effect | string | Effect indicates the taint effect to match. | false |
| key | string | Key is the taint key that the toleration applies to. | false |
| operator | string | Operator represents a key's relationship to the value. | false |
| tolerationSeconds | integer | Format: int64 | false |
| value | string | Value is the taint value the toleration matches to. | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.overlays[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | Resource API version. | false |
| kind | string | Resource kind. | false |
| name | string | Name of resource. | false |
| patches | []object | List of patches to apply to resource. | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.overlays[index].patches[index]
| Name | Type | Description | Required |
|---|---|---|---|
| path | string | false | |
| value | object | Value to add, delete or replace. | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.service
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Pod annotations are an unstructured key value map stored with the service. | false |
| labels | map[string]string | Labels are an unstructured key value map stored with the deployment. | false |
| ports | []object | The set of ports on which this service is exposed. | false |
| type | string | Determines how the Service is exposed. | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.service.ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| kubernetesNodePort | integer | Minimum: 0 | false |
| name | string | Name assigned to the port. | false |
| number | integer | A valid non-negative integer port number. Minimum: 0 | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.serviceAccount
| Name | Type | Description | Required |
|---|---|---|---|
| imagePullSecrets | []object | false |
Cluster.spec.installTemplate.helm.spec.components.hpaAdapter.kubeSpec.serviceAccount.imagePullSecrets[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider
Configure the Kubernetes CSR certificate provider for TSB internal purposes like Webhook TLS certificates.
| Name | Type | Description | Required |
|---|---|---|---|
| certManager | object | false | |
| custom | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager
| Name | Type | Description | Required |
|---|---|---|---|
| certManagerCaInjector | object | Configure kubernetes specific settings for cert-manager-cainjector. | false |
| certManagerSpec | object | Configure kubernetes specific settings for cert-manager. | false |
| certManagerStartupapicheck | object | Configure kubernetes specific settings for cert-manager-startupapicheck. | false |
| certManagerWebhookSpec | object | Configure kubernetes specific settings for cert-manager-webhook. | false |
| managed | enum | Managed specifies whether TSB should manage the lifecycle of cert-manager. Enum: AUTO, EXTERNAL, INTERNAL | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector
Configure kubernetes specific settings for cert-manager-cainjector.
| Name | Type | Description | Required |
|---|---|---|---|
| kubeSpec | object | Configure kubernetes specific settings for cert-manager-cainjector. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec
Configure kubernetes specific settings for cert-manager-cainjector.
| Name | Type | Description | Required |
|---|---|---|---|
| deployment | object | false | |
| overlays | []object | false | |
| service | object | false | |
| serviceAccount | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment
| Name | Type | Description | Required |
|---|---|---|---|
| affinity | object | The scheduling constraints for the pod. | false |
| containerSecurityContext | object | false | |
| env | []object | Environment variables for all containers in the deployment. | false |
| hpaSpec | object | false | |
| podAnnotations | map[string]string | Pod annotations are an unstructured key value map stored with the pod. | false |
| podSecurityContext | object | false | |
| replicaCount | integer | Number of desired pods. Minimum: 0 | false |
| resources | object | false | |
| strategy | object | The deployment strategy to use to replace existing pods with new ones. | false |
| tolerations | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity
The scheduling constraints for the pod.
| Name | Type | Description | Required |
|---|---|---|---|
| nodeAffinity | object | Group of node affinity scheduling rules. | false |
| podAffinity | object | Group of inter-pod affinity scheduling rules. | false |
| podAntiAffinity | object | Group of inter-pod anti-affinity scheduling rules. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.nodeAffinity
Group of node affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| preference | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
| Name | Type | Description | Required |
|---|---|---|---|
| nodeSelectorTerms | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAffinity
Group of inter-pod affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAntiAffinity
Group of inter-pod anti-affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.containerSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| allowPrivilegeEscalation | boolean | false | |
| capabilities | object | false | |
| privileged | boolean | false | |
| procMount | string | false | |
| readOnlyRootFilesystem | boolean | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.containerSecurityContext.capabilities
| Name | Type | Description | Required |
|---|---|---|---|
| add | []string | false | |
| drop | []string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.containerSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.containerSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.containerSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.env[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false | |
| valueFrom | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.env[index].valueFrom
| Name | Type | Description | Required |
|---|---|---|---|
| configMapKeyRef | object | false | |
| fieldRef | object | false | |
| resourceFieldRef | object | false | |
| secretKeyRef | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.env[index].valueFrom.fieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| fieldPath | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| containerName | string | false | |
| divisor | object | false | |
| resource | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.env[index].valueFrom.secretKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec
| Name | Type | Description | Required |
|---|---|---|---|
| maxReplicas | integer | Format: int32 | false |
| metrics | []object | false | |
| minReplicas | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index]
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| object | object | false | |
| pods | object | false | |
| resource | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].external
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| metricSelector | object | false | |
| targetAverageValue | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].object
| Name | Type | Description | Required |
|---|---|---|---|
| averageValue | object | false | |
| metricName | string | false | |
| selector | object | false | |
| target | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].object.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].object.target
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| kind | string | false | |
| name | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].pods
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| selector | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].resource
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| target | object | false | |
| targetAverageUtilization | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].resource.target
| Name | Type | Description | Required |
|---|---|---|---|
| averageUtilization | integer | Format: int32 | false |
| averageValue | object | false | |
| type | string | false | |
| value | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.podSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| fsGroup | integer | Minimum: 0 | false |
| fsGroupChangePolicy | string | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| supplementalGroups | []integer | false | |
| sysctls | []object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.podSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.podSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.podSecurityContext.sysctls[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.podSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.resources
| Name | Type | Description | Required |
|---|---|---|---|
| limits | map[string]string | false | |
| requests | map[string]string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.strategy
The deployment strategy to use to replace existing pods with new ones.
| Name | Type | Description | Required |
|---|---|---|---|
| rollingUpdate | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.strategy.rollingUpdate
| Name | Type | Description | Required |
|---|---|---|---|
| maxSurge | object | false | |
| maxUnavailable | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.strategy.rollingUpdate.maxSurge
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.deployment.tolerations[index]
| Name | Type | Description | Required |
|---|---|---|---|
| effect | string | Effect indicates the taint effect to match. | false |
| key | string | Key is the taint key that the toleration applies to. | false |
| operator | string | Operator represents a key's relationship to the value. | false |
| tolerationSeconds | integer | Format: int64 | false |
| value | string | Value is the taint value the toleration matches to. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.overlays[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | Resource API version. | false |
| kind | string | Resource kind. | false |
| name | string | Name of resource. | false |
| patches | []object | List of patches to apply to resource. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.overlays[index].patches[index]
| Name | Type | Description | Required |
|---|---|---|---|
| path | string | false | |
| value | object | Value to add, delete or replace. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.service
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Pod annotations are an unstructured key value map stored with the service. | false |
| labels | map[string]string | Labels are an unstructured key value map stored with the deployment. | false |
| ports | []object | The set of ports on which this service is exposed. | false |
| type | string | Determines how the Service is exposed. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.service.ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| kubernetesNodePort | integer | Minimum: 0 | false |
| name | string | Name assigned to the port. | false |
| number | integer | A valid non-negative integer port number. Minimum: 0 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.serviceAccount
| Name | Type | Description | Required |
|---|---|---|---|
| imagePullSecrets | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerCaInjector.kubeSpec.serviceAccount.imagePullSecrets[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec
Configure kubernetes specific settings for cert-manager.
| Name | Type | Description | Required |
|---|---|---|---|
| kubeSpec | object | Configure kubernetes specific settings for cert-manager. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec
Configure kubernetes specific settings for cert-manager.
| Name | Type | Description | Required |
|---|---|---|---|
| deployment | object | false | |
| overlays | []object | false | |
| service | object | false | |
| serviceAccount | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment
| Name | Type | Description | Required |
|---|---|---|---|
| affinity | object | The scheduling constraints for the pod. | false |
| containerSecurityContext | object | false | |
| env | []object | Environment variables for all containers in the deployment. | false |
| hpaSpec | object | false | |
| podAnnotations | map[string]string | Pod annotations are an unstructured key value map stored with the pod. | false |
| podSecurityContext | object | false | |
| replicaCount | integer | Number of desired pods. Minimum: 0 | false |
| resources | object | false | |
| strategy | object | The deployment strategy to use to replace existing pods with new ones. | false |
| tolerations | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity
The scheduling constraints for the pod.
| Name | Type | Description | Required |
|---|---|---|---|
| nodeAffinity | object | Group of node affinity scheduling rules. | false |
| podAffinity | object | Group of inter-pod affinity scheduling rules. | false |
| podAntiAffinity | object | Group of inter-pod anti-affinity scheduling rules. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.nodeAffinity
Group of node affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| preference | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
| Name | Type | Description | Required |
|---|---|---|---|
| nodeSelectorTerms | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAffinity
Group of inter-pod affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAntiAffinity
Group of inter-pod anti-affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.containerSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| allowPrivilegeEscalation | boolean | false | |
| capabilities | object | false | |
| privileged | boolean | false | |
| procMount | string | false | |
| readOnlyRootFilesystem | boolean | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.containerSecurityContext.capabilities
| Name | Type | Description | Required |
|---|---|---|---|
| add | []string | false | |
| drop | []string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.containerSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.containerSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.containerSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.env[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false | |
| valueFrom | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.env[index].valueFrom
| Name | Type | Description | Required |
|---|---|---|---|
| configMapKeyRef | object | false | |
| fieldRef | object | false | |
| resourceFieldRef | object | false | |
| secretKeyRef | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.env[index].valueFrom.fieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| fieldPath | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| containerName | string | false | |
| divisor | object | false | |
| resource | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.env[index].valueFrom.secretKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec
| Name | Type | Description | Required |
|---|---|---|---|
| maxReplicas | integer | Format: int32 | false |
| metrics | []object | false | |
| minReplicas | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index]
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| object | object | false | |
| pods | object | false | |
| resource | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].external
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| metricSelector | object | false | |
| targetAverageValue | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].object
| Name | Type | Description | Required |
|---|---|---|---|
| averageValue | object | false | |
| metricName | string | false | |
| selector | object | false | |
| target | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].object.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].object.target
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| kind | string | false | |
| name | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].pods
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| selector | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].resource
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| target | object | false | |
| targetAverageUtilization | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].resource.target
| Name | Type | Description | Required |
|---|---|---|---|
| averageUtilization | integer | Format: int32 | false |
| averageValue | object | false | |
| type | string | false | |
| value | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.podSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| fsGroup | integer | Minimum: 0 | false |
| fsGroupChangePolicy | string | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| supplementalGroups | []integer | false | |
| sysctls | []object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.podSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.podSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.podSecurityContext.sysctls[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.podSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.resources
| Name | Type | Description | Required |
|---|---|---|---|
| limits | map[string]string | false | |
| requests | map[string]string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.strategy
The deployment strategy to use to replace existing pods with new ones.
| Name | Type | Description | Required |
|---|---|---|---|
| rollingUpdate | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.strategy.rollingUpdate
| Name | Type | Description | Required |
|---|---|---|---|
| maxSurge | object | false | |
| maxUnavailable | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.strategy.rollingUpdate.maxSurge
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.deployment.tolerations[index]
| Name | Type | Description | Required |
|---|---|---|---|
| effect | string | Effect indicates the taint effect to match. | false |
| key | string | Key is the taint key that the toleration applies to. | false |
| operator | string | Operator represents a key's relationship to the value. | false |
| tolerationSeconds | integer | Format: int64 | false |
| value | string | Value is the taint value the toleration matches to. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.overlays[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | Resource API version. | false |
| kind | string | Resource kind. | false |
| name | string | Name of resource. | false |
| patches | []object | List of patches to apply to resource. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.overlays[index].patches[index]
| Name | Type | Description | Required |
|---|---|---|---|
| path | string | false | |
| value | object | Value to add, delete or replace. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.service
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Pod annotations are an unstructured key value map stored with the service. | false |
| labels | map[string]string | Labels are an unstructured key value map stored with the deployment. | false |
| ports | []object | The set of ports on which this service is exposed. | false |
| type | string | Determines how the Service is exposed. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.service.ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| kubernetesNodePort | integer | Minimum: 0 | false |
| name | string | Name assigned to the port. | false |
| number | integer | A valid non-negative integer port number. Minimum: 0 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.serviceAccount
| Name | Type | Description | Required |
|---|---|---|---|
| imagePullSecrets | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerSpec.kubeSpec.serviceAccount.imagePullSecrets[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck
Configure kubernetes specific settings for cert-manager-startupapicheck.
| Name | Type | Description | Required |
|---|---|---|---|
| kubeSpec | object | Configure kubernetes specific settings for cert-manager-startupapicheck. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec
Configure kubernetes specific settings for cert-manager-startupapicheck.
| Name | Type | Description | Required |
|---|---|---|---|
| deployment | object | false | |
| job | object | false | |
| overlays | []object | false | |
| service | object | false | |
| serviceAccount | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment
| Name | Type | Description | Required |
|---|---|---|---|
| affinity | object | The scheduling constraints for the pod. | false |
| containerSecurityContext | object | false | |
| env | []object | Environment variables for all containers in the deployment. | false |
| hpaSpec | object | false | |
| podAnnotations | map[string]string | Pod annotations are an unstructured key value map stored with the pod. | false |
| podSecurityContext | object | false | |
| replicaCount | integer | Number of desired pods. Minimum: 0 | false |
| resources | object | false | |
| strategy | object | The deployment strategy to use to replace existing pods with new ones. | false |
| tolerations | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity
The scheduling constraints for the pod.
| Name | Type | Description | Required |
|---|---|---|---|
| nodeAffinity | object | Group of node affinity scheduling rules. | false |
| podAffinity | object | Group of inter-pod affinity scheduling rules. | false |
| podAntiAffinity | object | Group of inter-pod anti-affinity scheduling rules. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.nodeAffinity
Group of node affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| preference | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
| Name | Type | Description | Required |
|---|---|---|---|
| nodeSelectorTerms | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAffinity
Group of inter-pod affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAntiAffinity
Group of inter-pod anti-affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.containerSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| allowPrivilegeEscalation | boolean | false | |
| capabilities | object | false | |
| privileged | boolean | false | |
| procMount | string | false | |
| readOnlyRootFilesystem | boolean | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.containerSecurityContext.capabilities
| Name | Type | Description | Required |
|---|---|---|---|
| add | []string | false | |
| drop | []string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.containerSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.containerSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.containerSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.env[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false | |
| valueFrom | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.env[index].valueFrom
| Name | Type | Description | Required |
|---|---|---|---|
| configMapKeyRef | object | false | |
| fieldRef | object | false | |
| resourceFieldRef | object | false | |
| secretKeyRef | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.env[index].valueFrom.fieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| fieldPath | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| containerName | string | false | |
| divisor | object | false | |
| resource | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.env[index].valueFrom.secretKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec
| Name | Type | Description | Required |
|---|---|---|---|
| maxReplicas | integer | Format: int32 | false |
| metrics | []object | false | |
| minReplicas | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index]
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| object | object | false | |
| pods | object | false | |
| resource | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].external
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| metricSelector | object | false | |
| targetAverageValue | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].object
| Name | Type | Description | Required |
|---|---|---|---|
| averageValue | object | false | |
| metricName | string | false | |
| selector | object | false | |
| target | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].object.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].object.target
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| kind | string | false | |
| name | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].pods
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| selector | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].resource
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| target | object | false | |
| targetAverageUtilization | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].resource.target
| Name | Type | Description | Required |
|---|---|---|---|
| averageUtilization | integer | Format: int32 | false |
| averageValue | object | false | |
| type | string | false | |
| value | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.podSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| fsGroup | integer | Minimum: 0 | false |
| fsGroupChangePolicy | string | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| supplementalGroups | []integer | false | |
| sysctls | []object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.podSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.podSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.podSecurityContext.sysctls[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.podSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.resources
| Name | Type | Description | Required |
|---|---|---|---|
| limits | map[string]string | false | |
| requests | map[string]string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.strategy
The deployment strategy to use to replace existing pods with new ones.
| Name | Type | Description | Required |
|---|---|---|---|
| rollingUpdate | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.strategy.rollingUpdate
| Name | Type | Description | Required |
|---|---|---|---|
| maxSurge | object | false | |
| maxUnavailable | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.strategy.rollingUpdate.maxSurge
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.deployment.tolerations[index]
| Name | Type | Description | Required |
|---|---|---|---|
| effect | string | Effect indicates the taint effect to match. | false |
| key | string | Key is the taint key that the toleration applies to. | false |
| operator | string | Operator represents a key's relationship to the value. | false |
| tolerationSeconds | integer | Format: int64 | false |
| value | string | Value is the taint value the toleration matches to. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job
| Name | Type | Description | Required |
|---|---|---|---|
| affinity | object | The scheduling constraints for the pod. | false |
| containerSecurityContext | object | false | |
| env | []object | Environment variables for all containers in the job. | false |
| podAnnotations | map[string]string | Pod annotations are an unstructured key value map stored with the pod. | false |
| podSecurityContext | object | false | |
| tolerations | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity
The scheduling constraints for the pod.
| Name | Type | Description | Required |
|---|---|---|---|
| nodeAffinity | object | Group of node affinity scheduling rules. | false |
| podAffinity | object | Group of inter-pod affinity scheduling rules. | false |
| podAntiAffinity | object | Group of inter-pod anti-affinity scheduling rules. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.nodeAffinity
Group of node affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| preference | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
| Name | Type | Description | Required |
|---|---|---|---|
| nodeSelectorTerms | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAffinity
Group of inter-pod affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAntiAffinity
Group of inter-pod anti-affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.containerSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| allowPrivilegeEscalation | boolean | false | |
| capabilities | object | false | |
| privileged | boolean | false | |
| procMount | string | false | |
| readOnlyRootFilesystem | boolean | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.containerSecurityContext.capabilities
| Name | Type | Description | Required |
|---|---|---|---|
| add | []string | false | |
| drop | []string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.containerSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.containerSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.containerSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.env[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false | |
| valueFrom | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.env[index].valueFrom
| Name | Type | Description | Required |
|---|---|---|---|
| configMapKeyRef | object | false | |
| fieldRef | object | false | |
| resourceFieldRef | object | false | |
| secretKeyRef | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.env[index].valueFrom.configMapKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.env[index].valueFrom.configMapKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.env[index].valueFrom.fieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| fieldPath | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.env[index].valueFrom.resourceFieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| containerName | string | false | |
| divisor | object | false | |
| resource | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.env[index].valueFrom.resourceFieldRef.divisor
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.env[index].valueFrom.secretKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.env[index].valueFrom.secretKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.podSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| fsGroup | integer | Minimum: 0 | false |
| fsGroupChangePolicy | string | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| supplementalGroups | []integer | false | |
| sysctls | []object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.podSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.podSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.podSecurityContext.sysctls[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.podSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.job.tolerations[index]
| Name | Type | Description | Required |
|---|---|---|---|
| effect | string | Effect indicates the taint effect to match. | false |
| key | string | Key is the taint key that the toleration applies to. | false |
| operator | string | Operator represents a key's relationship to the value. | false |
| tolerationSeconds | integer | Format: int64 | false |
| value | string | Value is the taint value the toleration matches to. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.overlays[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | Resource API version. | false |
| kind | string | Resource kind. | false |
| name | string | Name of resource. | false |
| patches | []object | List of patches to apply to resource. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.overlays[index].patches[index]
| Name | Type | Description | Required |
|---|---|---|---|
| path | string | false | |
| value | object | Value to add, delete or replace. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.service
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Pod annotations are an unstructured key value map stored with the service. | false |
| labels | map[string]string | Labels are an unstructured key value map stored with the deployment. | false |
| ports | []object | The set of ports on which this service is exposed. | false |
| type | string | Determines how the Service is exposed. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.service.ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| kubernetesNodePort | integer | Minimum: 0 | false |
| name | string | Name assigned to the port. | false |
| number | integer | A valid non-negative integer port number. Minimum: 0 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.serviceAccount
| Name | Type | Description | Required |
|---|---|---|---|
| imagePullSecrets | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerStartupapicheck.kubeSpec.serviceAccount.imagePullSecrets[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec
Configure kubernetes specific settings for cert-manager-webhook.
| Name | Type | Description | Required |
|---|---|---|---|
| kubeSpec | object | Configure kubernetes specific settings for cert-manager-webhook. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec
Configure kubernetes specific settings for cert-manager-webhook.
| Name | Type | Description | Required |
|---|---|---|---|
| deployment | object | false | |
| overlays | []object | false | |
| service | object | false | |
| serviceAccount | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment
| Name | Type | Description | Required |
|---|---|---|---|
| affinity | object | The scheduling constraints for the pod. | false |
| containerSecurityContext | object | false | |
| env | []object | Environment variables for all containers in the deployment. | false |
| hpaSpec | object | false | |
| podAnnotations | map[string]string | Pod annotations are an unstructured key value map stored with the pod. | false |
| podSecurityContext | object | false | |
| replicaCount | integer | Number of desired pods. Minimum: 0 | false |
| resources | object | false | |
| strategy | object | The deployment strategy to use to replace existing pods with new ones. | false |
| tolerations | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity
The scheduling constraints for the pod.
| Name | Type | Description | Required |
|---|---|---|---|
| nodeAffinity | object | Group of node affinity scheduling rules. | false |
| podAffinity | object | Group of inter-pod affinity scheduling rules. | false |
| podAntiAffinity | object | Group of inter-pod anti-affinity scheduling rules. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.nodeAffinity
Group of node affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| preference | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
| Name | Type | Description | Required |
|---|---|---|---|
| nodeSelectorTerms | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAffinity
Group of inter-pod affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAntiAffinity
Group of inter-pod anti-affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.containerSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| allowPrivilegeEscalation | boolean | false | |
| capabilities | object | false | |
| privileged | boolean | false | |
| procMount | string | false | |
| readOnlyRootFilesystem | boolean | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.containerSecurityContext.capabilities
| Name | Type | Description | Required |
|---|---|---|---|
| add | []string | false | |
| drop | []string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.containerSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.containerSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.containerSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.env[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false | |
| valueFrom | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.env[index].valueFrom
| Name | Type | Description | Required |
|---|---|---|---|
| configMapKeyRef | object | false | |
| fieldRef | object | false | |
| resourceFieldRef | object | false | |
| secretKeyRef | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.env[index].valueFrom.fieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| fieldPath | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| containerName | string | false | |
| divisor | object | false | |
| resource | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.env[index].valueFrom.secretKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec
| Name | Type | Description | Required |
|---|---|---|---|
| maxReplicas | integer | Format: int32 | false |
| metrics | []object | false | |
| minReplicas | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index]
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| object | object | false | |
| pods | object | false | |
| resource | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].external
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| metricSelector | object | false | |
| targetAverageValue | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].object
| Name | Type | Description | Required |
|---|---|---|---|
| averageValue | object | false | |
| metricName | string | false | |
| selector | object | false | |
| target | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].object.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].object.target
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| kind | string | false | |
| name | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].pods
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| selector | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].resource
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| target | object | false | |
| targetAverageUtilization | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].resource.target
| Name | Type | Description | Required |
|---|---|---|---|
| averageUtilization | integer | Format: int32 | false |
| averageValue | object | false | |
| type | string | false | |
| value | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.podSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| fsGroup | integer | Minimum: 0 | false |
| fsGroupChangePolicy | string | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| supplementalGroups | []integer | false | |
| sysctls | []object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.podSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.podSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.podSecurityContext.sysctls[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.podSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.resources
| Name | Type | Description | Required |
|---|---|---|---|
| limits | map[string]string | false | |
| requests | map[string]string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.strategy
The deployment strategy to use to replace existing pods with new ones.
| Name | Type | Description | Required |
|---|---|---|---|
| rollingUpdate | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.strategy.rollingUpdate
| Name | Type | Description | Required |
|---|---|---|---|
| maxSurge | object | false | |
| maxUnavailable | object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.strategy.rollingUpdate.maxSurge
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.deployment.tolerations[index]
| Name | Type | Description | Required |
|---|---|---|---|
| effect | string | Effect indicates the taint effect to match. | false |
| key | string | Key is the taint key that the toleration applies to. | false |
| operator | string | Operator represents a key's relationship to the value. | false |
| tolerationSeconds | integer | Format: int64 | false |
| value | string | Value is the taint value the toleration matches to. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.overlays[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | Resource API version. | false |
| kind | string | Resource kind. | false |
| name | string | Name of resource. | false |
| patches | []object | List of patches to apply to resource. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.overlays[index].patches[index]
| Name | Type | Description | Required |
|---|---|---|---|
| path | string | false | |
| value | object | Value to add, delete or replace. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.service
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Pod annotations are an unstructured key value map stored with the service. | false |
| labels | map[string]string | Labels are an unstructured key value map stored with the deployment. | false |
| ports | []object | The set of ports on which this service is exposed. | false |
| type | string | Determines how the Service is exposed. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.service.ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| kubernetesNodePort | integer | Minimum: 0 | false |
| name | string | Name assigned to the port. | false |
| number | integer | A valid non-negative integer port number. Minimum: 0 | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.serviceAccount
| Name | Type | Description | Required |
|---|---|---|---|
| imagePullSecrets | []object | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.certManager.certManagerWebhookSpec.kubeSpec.serviceAccount.imagePullSecrets[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.internalCertProvider.custom
| Name | Type | Description | Required |
|---|---|---|---|
| caBundleSecretName | string | Configure the CABundleSecretName to be used to verify the signed CSR request by different TSB components. | false |
| csrSignerName | string | Name of Kubernetes CSR signer to be used to sign the CSR request by different TSB components for internal purposes. | false |
Cluster.spec.installTemplate.helm.spec.components.istio
| Name | Type | Description | Required |
|---|---|---|---|
| baseOverlays | []object | The overlays applied to the Istio base component. | false |
| cniOverlays | []object | The overlays applied to the Istio CNI component. | false |
| defaultWorkloadCertTTL | string | The default TTL of issued workload certificates. | false |
| kubeSpec | object | Configure Kubernetes specific settings. | false |
| logLevels | map[string]string | Specifies the global logging level settings for the Istio control plane components. | false |
| maxWorkloadCertTTL | string | The maximum TTL that can be set in issued workload certificates. | false |
| mountInternalWasmExtensions | boolean | false | |
| pilotOverlays | []object | The overlays applied to the Istio pilot component. | false |
| traceSamplingRate | number | The percentage of traces Envoy will sample. Format: double | false |
| trustDomain | string | The trust domain corresponds to the trust root of a system. | false |
| tsbVersion | string | Specifies the tsb release version. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.baseOverlays[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | Resource API version. | false |
| kind | string | Resource kind. | false |
| name | string | Name of resource. | false |
| patches | []object | List of patches to apply to resource. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.baseOverlays[index].patches[index]
| Name | Type | Description | Required |
|---|---|---|---|
| path | string | false | |
| value | object | Value to add, delete or replace. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.cniOverlays[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | Resource API version. | false |
| kind | string | Resource kind. | false |
| name | string | Name of resource. | false |
| patches | []object | List of patches to apply to resource. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.cniOverlays[index].patches[index]
| Name | Type | Description | Required |
|---|---|---|---|
| path | string | false | |
| value | object | Value to add, delete or replace. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec
Configure Kubernetes specific settings.
| Name | Type | Description | Required |
|---|---|---|---|
| CNI | object | false | |
| deployment | object | false | |
| overlays | []object | false | |
| service | object | false | |
| serviceAccount | object | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.CNI
| Name | Type | Description | Required |
|---|---|---|---|
| binaryDirectory | string | Directory on the host to install the CNI binary. | false |
| chained | boolean | false | |
| clusterRole | string | The ClusterRole Istio CNI will bind to in the ControlPlane namespace. | false |
| configurationDirectory | string | Directory on the host to install the CNI config. | false |
| configurationFileName | string | false | |
| revision | string | The revisioned istio-operator that will reconcile the Istio CNI component. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment
| Name | Type | Description | Required |
|---|---|---|---|
| affinity | object | The scheduling constraints for the pod. | false |
| containerSecurityContext | object | false | |
| env | []object | Environment variables for all containers in the deployment. | false |
| hpaSpec | object | false | |
| podAnnotations | map[string]string | Pod annotations are an unstructured key value map stored with the pod. | false |
| podSecurityContext | object | false | |
| replicaCount | integer | Number of desired pods. Minimum: 0 | false |
| resources | object | false | |
| strategy | object | The deployment strategy to use to replace existing pods with new ones. | false |
| tolerations | []object | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity
The scheduling constraints for the pod.
| Name | Type | Description | Required |
|---|---|---|---|
| nodeAffinity | object | Group of node affinity scheduling rules. | false |
| podAffinity | object | Group of inter-pod affinity scheduling rules. | false |
| podAntiAffinity | object | Group of inter-pod anti-affinity scheduling rules. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.nodeAffinity
Group of node affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | object | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| preference | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
| Name | Type | Description | Required |
|---|---|---|---|
| nodeSelectorTerms | []object | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAffinity
Group of inter-pod affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAntiAffinity
Group of inter-pod anti-affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.containerSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| allowPrivilegeEscalation | boolean | false | |
| capabilities | object | false | |
| privileged | boolean | false | |
| procMount | string | false | |
| readOnlyRootFilesystem | boolean | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.containerSecurityContext.capabilities
| Name | Type | Description | Required |
|---|---|---|---|
| add | []string | false | |
| drop | []string | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.containerSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.containerSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.containerSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.env[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false | |
| valueFrom | object | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.env[index].valueFrom
| Name | Type | Description | Required |
|---|---|---|---|
| configMapKeyRef | object | false | |
| fieldRef | object | false | |
| resourceFieldRef | object | false | |
| secretKeyRef | object | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.env[index].valueFrom.fieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| fieldPath | string | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| containerName | string | false | |
| divisor | object | false | |
| resource | string | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.env[index].valueFrom.secretKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec
| Name | Type | Description | Required |
|---|---|---|---|
| maxReplicas | integer | Format: int32 | false |
| metrics | []object | false | |
| minReplicas | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index]
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| object | object | false | |
| pods | object | false | |
| resource | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].external
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| metricSelector | object | false | |
| targetAverageValue | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].object
| Name | Type | Description | Required |
|---|---|---|---|
| averageValue | object | false | |
| metricName | string | false | |
| selector | object | false | |
| target | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].object.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].object.target
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| kind | string | false | |
| name | string | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].pods
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| selector | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].resource
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| target | object | false | |
| targetAverageUtilization | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].resource.target
| Name | Type | Description | Required |
|---|---|---|---|
| averageUtilization | integer | Format: int32 | false |
| averageValue | object | false | |
| type | string | false | |
| value | object | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.podSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| fsGroup | integer | Minimum: 0 | false |
| fsGroupChangePolicy | string | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| supplementalGroups | []integer | false | |
| sysctls | []object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.podSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.podSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.podSecurityContext.sysctls[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.podSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.resources
| Name | Type | Description | Required |
|---|---|---|---|
| limits | map[string]string | false | |
| requests | map[string]string | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.strategy
The deployment strategy to use to replace existing pods with new ones.
| Name | Type | Description | Required |
|---|---|---|---|
| rollingUpdate | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.strategy.rollingUpdate
| Name | Type | Description | Required |
|---|---|---|---|
| maxSurge | object | false | |
| maxUnavailable | object | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.strategy.rollingUpdate.maxSurge
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.deployment.tolerations[index]
| Name | Type | Description | Required |
|---|---|---|---|
| effect | string | Effect indicates the taint effect to match. | false |
| key | string | Key is the taint key that the toleration applies to. | false |
| operator | string | Operator represents a key's relationship to the value. | false |
| tolerationSeconds | integer | Format: int64 | false |
| value | string | Value is the taint value the toleration matches to. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.overlays[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | Resource API version. | false |
| kind | string | Resource kind. | false |
| name | string | Name of resource. | false |
| patches | []object | List of patches to apply to resource. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.overlays[index].patches[index]
| Name | Type | Description | Required |
|---|---|---|---|
| path | string | false | |
| value | object | Value to add, delete or replace. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.service
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Pod annotations are an unstructured key value map stored with the service. | false |
| labels | map[string]string | Labels are an unstructured key value map stored with the deployment. | false |
| ports | []object | The set of ports on which this service is exposed. | false |
| type | string | Determines how the Service is exposed. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.service.ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| kubernetesNodePort | integer | Minimum: 0 | false |
| name | string | Name assigned to the port. | false |
| number | integer | A valid non-negative integer port number. Minimum: 0 | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.serviceAccount
| Name | Type | Description | Required |
|---|---|---|---|
| imagePullSecrets | []object | false |
Cluster.spec.installTemplate.helm.spec.components.istio.kubeSpec.serviceAccount.imagePullSecrets[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.pilotOverlays[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | Resource API version. | false |
| kind | string | Resource kind. | false |
| name | string | Name of resource. | false |
| patches | []object | List of patches to apply to resource. | false |
Cluster.spec.installTemplate.helm.spec.components.istio.pilotOverlays[index].patches[index]
| Name | Type | Description | Required |
|---|---|---|---|
| path | string | false | |
| value | object | Value to add, delete or replace. | false |
Cluster.spec.installTemplate.helm.spec.components.ngac
| Name | Type | Description | Required |
|---|---|---|---|
| enabled | boolean | NGAC is an experimental component. | false |
| kubeSpec | object | false | |
| logLevels | map[string]string | The log level configuration by scopes. | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec
| Name | Type | Description | Required |
|---|---|---|---|
| deployment | object | false | |
| overlays | []object | false | |
| service | object | false | |
| serviceAccount | object | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment
| Name | Type | Description | Required |
|---|---|---|---|
| affinity | object | The scheduling constraints for the pod. | false |
| containerSecurityContext | object | false | |
| env | []object | Environment variables for all containers in the deployment. | false |
| hpaSpec | object | false | |
| podAnnotations | map[string]string | Pod annotations are an unstructured key value map stored with the pod. | false |
| podSecurityContext | object | false | |
| replicaCount | integer | Number of desired pods. Minimum: 0 | false |
| resources | object | false | |
| strategy | object | The deployment strategy to use to replace existing pods with new ones. | false |
| tolerations | []object | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity
The scheduling constraints for the pod.
| Name | Type | Description | Required |
|---|---|---|---|
| nodeAffinity | object | Group of node affinity scheduling rules. | false |
| podAffinity | object | Group of inter-pod affinity scheduling rules. | false |
| podAntiAffinity | object | Group of inter-pod anti-affinity scheduling rules. | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.nodeAffinity
Group of node affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | object | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| preference | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
| Name | Type | Description | Required |
|---|---|---|---|
| nodeSelectorTerms | []object | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAffinity
Group of inter-pod affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAntiAffinity
Group of inter-pod anti-affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.containerSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| allowPrivilegeEscalation | boolean | false | |
| capabilities | object | false | |
| privileged | boolean | false | |
| procMount | string | false | |
| readOnlyRootFilesystem | boolean | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.containerSecurityContext.capabilities
| Name | Type | Description | Required |
|---|---|---|---|
| add | []string | false | |
| drop | []string | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.containerSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.containerSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.containerSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.env[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false | |
| valueFrom | object | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.env[index].valueFrom
| Name | Type | Description | Required |
|---|---|---|---|
| configMapKeyRef | object | false | |
| fieldRef | object | false | |
| resourceFieldRef | object | false | |
| secretKeyRef | object | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.env[index].valueFrom.fieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| fieldPath | string | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| containerName | string | false | |
| divisor | object | false | |
| resource | string | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.env[index].valueFrom.secretKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec
| Name | Type | Description | Required |
|---|---|---|---|
| maxReplicas | integer | Format: int32 | false |
| metrics | []object | false | |
| minReplicas | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index]
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| object | object | false | |
| pods | object | false | |
| resource | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].external
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| metricSelector | object | false | |
| targetAverageValue | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].object
| Name | Type | Description | Required |
|---|---|---|---|
| averageValue | object | false | |
| metricName | string | false | |
| selector | object | false | |
| target | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].object.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].object.target
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| kind | string | false | |
| name | string | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].pods
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| selector | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].resource
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| target | object | false | |
| targetAverageUtilization | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].resource.target
| Name | Type | Description | Required |
|---|---|---|---|
| averageUtilization | integer | Format: int32 | false |
| averageValue | object | false | |
| type | string | false | |
| value | object | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.podSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| fsGroup | integer | Minimum: 0 | false |
| fsGroupChangePolicy | string | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| supplementalGroups | []integer | false | |
| sysctls | []object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.podSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.podSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.podSecurityContext.sysctls[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.podSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.resources
| Name | Type | Description | Required |
|---|---|---|---|
| limits | map[string]string | false | |
| requests | map[string]string | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.strategy
The deployment strategy to use to replace existing pods with new ones.
| Name | Type | Description | Required |
|---|---|---|---|
| rollingUpdate | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.strategy.rollingUpdate
| Name | Type | Description | Required |
|---|---|---|---|
| maxSurge | object | false | |
| maxUnavailable | object | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.strategy.rollingUpdate.maxSurge
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.deployment.tolerations[index]
| Name | Type | Description | Required |
|---|---|---|---|
| effect | string | Effect indicates the taint effect to match. | false |
| key | string | Key is the taint key that the toleration applies to. | false |
| operator | string | Operator represents a key's relationship to the value. | false |
| tolerationSeconds | integer | Format: int64 | false |
| value | string | Value is the taint value the toleration matches to. | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.overlays[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | Resource API version. | false |
| kind | string | Resource kind. | false |
| name | string | Name of resource. | false |
| patches | []object | List of patches to apply to resource. | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.overlays[index].patches[index]
| Name | Type | Description | Required |
|---|---|---|---|
| path | string | false | |
| value | object | Value to add, delete or replace. | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.service
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Pod annotations are an unstructured key value map stored with the service. | false |
| labels | map[string]string | Labels are an unstructured key value map stored with the deployment. | false |
| ports | []object | The set of ports on which this service is exposed. | false |
| type | string | Determines how the Service is exposed. | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.service.ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| kubernetesNodePort | integer | Minimum: 0 | false |
| name | string | Name assigned to the port. | false |
| number | integer | A valid non-negative integer port number. Minimum: 0 | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.serviceAccount
| Name | Type | Description | Required |
|---|---|---|---|
| imagePullSecrets | []object | false |
Cluster.spec.installTemplate.helm.spec.components.ngac.kubeSpec.serviceAccount.imagePullSecrets[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.oap
| Name | Type | Description | Required |
|---|---|---|---|
| kubeSpec | object | false | |
| logLevel | string | Specifies the log level for OAP component. | false |
| onDemandEnvoyMetricsEnabled | boolean | false | |
| storageIndexMergingEnabled | boolean | false | |
| streamingLogEnabled | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec
| Name | Type | Description | Required |
|---|---|---|---|
| deployment | object | false | |
| overlays | []object | false | |
| service | object | false | |
| serviceAccount | object | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment
| Name | Type | Description | Required |
|---|---|---|---|
| affinity | object | The scheduling constraints for the pod. | false |
| containerSecurityContext | object | false | |
| env | []object | Environment variables for all containers in the deployment. | false |
| hpaSpec | object | false | |
| podAnnotations | map[string]string | Pod annotations are an unstructured key value map stored with the pod. | false |
| podSecurityContext | object | false | |
| replicaCount | integer | Number of desired pods. Minimum: 0 | false |
| resources | object | false | |
| strategy | object | The deployment strategy to use to replace existing pods with new ones. | false |
| tolerations | []object | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity
The scheduling constraints for the pod.
| Name | Type | Description | Required |
|---|---|---|---|
| nodeAffinity | object | Group of node affinity scheduling rules. | false |
| podAffinity | object | Group of inter-pod affinity scheduling rules. | false |
| podAntiAffinity | object | Group of inter-pod anti-affinity scheduling rules. | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.nodeAffinity
Group of node affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | object | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| preference | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
| Name | Type | Description | Required |
|---|---|---|---|
| nodeSelectorTerms | []object | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAffinity
Group of inter-pod affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAntiAffinity
Group of inter-pod anti-affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.containerSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| allowPrivilegeEscalation | boolean | false | |
| capabilities | object | false | |
| privileged | boolean | false | |
| procMount | string | false | |
| readOnlyRootFilesystem | boolean | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.containerSecurityContext.capabilities
| Name | Type | Description | Required |
|---|---|---|---|
| add | []string | false | |
| drop | []string | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.containerSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.containerSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.containerSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.env[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false | |
| valueFrom | object | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.env[index].valueFrom
| Name | Type | Description | Required |
|---|---|---|---|
| configMapKeyRef | object | false | |
| fieldRef | object | false | |
| resourceFieldRef | object | false | |
| secretKeyRef | object | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.env[index].valueFrom.fieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| fieldPath | string | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| containerName | string | false | |
| divisor | object | false | |
| resource | string | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.env[index].valueFrom.secretKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec
| Name | Type | Description | Required |
|---|---|---|---|
| maxReplicas | integer | Format: int32 | false |
| metrics | []object | false | |
| minReplicas | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index]
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| object | object | false | |
| pods | object | false | |
| resource | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].external
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| metricSelector | object | false | |
| targetAverageValue | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].object
| Name | Type | Description | Required |
|---|---|---|---|
| averageValue | object | false | |
| metricName | string | false | |
| selector | object | false | |
| target | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].object.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].object.target
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| kind | string | false | |
| name | string | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].pods
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| selector | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].resource
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| target | object | false | |
| targetAverageUtilization | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].resource.target
| Name | Type | Description | Required |
|---|---|---|---|
| averageUtilization | integer | Format: int32 | false |
| averageValue | object | false | |
| type | string | false | |
| value | object | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.podSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| fsGroup | integer | Minimum: 0 | false |
| fsGroupChangePolicy | string | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| supplementalGroups | []integer | false | |
| sysctls | []object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.podSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.podSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.podSecurityContext.sysctls[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.podSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.resources
| Name | Type | Description | Required |
|---|---|---|---|
| limits | map[string]string | false | |
| requests | map[string]string | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.strategy
The deployment strategy to use to replace existing pods with new ones.
| Name | Type | Description | Required |
|---|---|---|---|
| rollingUpdate | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.strategy.rollingUpdate
| Name | Type | Description | Required |
|---|---|---|---|
| maxSurge | object | false | |
| maxUnavailable | object | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.strategy.rollingUpdate.maxSurge
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.deployment.tolerations[index]
| Name | Type | Description | Required |
|---|---|---|---|
| effect | string | Effect indicates the taint effect to match. | false |
| key | string | Key is the taint key that the toleration applies to. | false |
| operator | string | Operator represents a key's relationship to the value. | false |
| tolerationSeconds | integer | Format: int64 | false |
| value | string | Value is the taint value the toleration matches to. | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.overlays[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | Resource API version. | false |
| kind | string | Resource kind. | false |
| name | string | Name of resource. | false |
| patches | []object | List of patches to apply to resource. | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.overlays[index].patches[index]
| Name | Type | Description | Required |
|---|---|---|---|
| path | string | false | |
| value | object | Value to add, delete or replace. | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.service
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Pod annotations are an unstructured key value map stored with the service. | false |
| labels | map[string]string | Labels are an unstructured key value map stored with the deployment. | false |
| ports | []object | The set of ports on which this service is exposed. | false |
| type | string | Determines how the Service is exposed. | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.service.ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| kubernetesNodePort | integer | Minimum: 0 | false |
| name | string | Name assigned to the port. | false |
| number | integer | A valid non-negative integer port number. Minimum: 0 | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.serviceAccount
| Name | Type | Description | Required |
|---|---|---|---|
| imagePullSecrets | []object | false |
Cluster.spec.installTemplate.helm.spec.components.oap.kubeSpec.serviceAccount.imagePullSecrets[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding
Workload Onboarding.
| Name | Type | Description | Required |
|---|---|---|---|
| operator | object | Configure | false |
| plane | object | Configure | false |
| repository | object | Configure | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator
Configure Workload Onboarding Operator component.
| Name | Type | Description | Required |
|---|---|---|---|
| kubeSpec | object | Configure Kubernetes specific settings. | false |
| logLevels | map[string]string | The log level configuration by scopes. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec
Configure Kubernetes specific settings.
| Name | Type | Description | Required |
|---|---|---|---|
| deployment | object | false | |
| overlays | []object | false | |
| service | object | false | |
| serviceAccount | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment
| Name | Type | Description | Required |
|---|---|---|---|
| affinity | object | The scheduling constraints for the pod. | false |
| containerSecurityContext | object | false | |
| env | []object | Environment variables for all containers in the deployment. | false |
| hpaSpec | object | false | |
| podAnnotations | map[string]string | Pod annotations are an unstructured key value map stored with the pod. | false |
| podSecurityContext | object | false | |
| replicaCount | integer | Number of desired pods. Minimum: 0 | false |
| resources | object | false | |
| strategy | object | The deployment strategy to use to replace existing pods with new ones. | false |
| tolerations | []object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity
The scheduling constraints for the pod.
| Name | Type | Description | Required |
|---|---|---|---|
| nodeAffinity | object | Group of node affinity scheduling rules. | false |
| podAffinity | object | Group of inter-pod affinity scheduling rules. | false |
| podAntiAffinity | object | Group of inter-pod anti-affinity scheduling rules. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.nodeAffinity
Group of node affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| preference | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
| Name | Type | Description | Required |
|---|---|---|---|
| nodeSelectorTerms | []object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAffinity
Group of inter-pod affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAntiAffinity
Group of inter-pod anti-affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.containerSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| allowPrivilegeEscalation | boolean | false | |
| capabilities | object | false | |
| privileged | boolean | false | |
| procMount | string | false | |
| readOnlyRootFilesystem | boolean | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.containerSecurityContext.capabilities
| Name | Type | Description | Required |
|---|---|---|---|
| add | []string | false | |
| drop | []string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.containerSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.containerSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.containerSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.env[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false | |
| valueFrom | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.env[index].valueFrom
| Name | Type | Description | Required |
|---|---|---|---|
| configMapKeyRef | object | false | |
| fieldRef | object | false | |
| resourceFieldRef | object | false | |
| secretKeyRef | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.env[index].valueFrom.fieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| fieldPath | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| containerName | string | false | |
| divisor | object | false | |
| resource | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.env[index].valueFrom.secretKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec
| Name | Type | Description | Required |
|---|---|---|---|
| maxReplicas | integer | Format: int32 | false |
| metrics | []object | false | |
| minReplicas | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index]
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| object | object | false | |
| pods | object | false | |
| resource | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].external
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| metricSelector | object | false | |
| targetAverageValue | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].object
| Name | Type | Description | Required |
|---|---|---|---|
| averageValue | object | false | |
| metricName | string | false | |
| selector | object | false | |
| target | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].object.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].object.target
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| kind | string | false | |
| name | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].pods
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| selector | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].resource
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| target | object | false | |
| targetAverageUtilization | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].resource.target
| Name | Type | Description | Required |
|---|---|---|---|
| averageUtilization | integer | Format: int32 | false |
| averageValue | object | false | |
| type | string | false | |
| value | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.podSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| fsGroup | integer | Minimum: 0 | false |
| fsGroupChangePolicy | string | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| supplementalGroups | []integer | false | |
| sysctls | []object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.podSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.podSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.podSecurityContext.sysctls[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.podSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.resources
| Name | Type | Description | Required |
|---|---|---|---|
| limits | map[string]string | false | |
| requests | map[string]string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.strategy
The deployment strategy to use to replace existing pods with new ones.
| Name | Type | Description | Required |
|---|---|---|---|
| rollingUpdate | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.strategy.rollingUpdate
| Name | Type | Description | Required |
|---|---|---|---|
| maxSurge | object | false | |
| maxUnavailable | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.strategy.rollingUpdate.maxSurge
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.deployment.tolerations[index]
| Name | Type | Description | Required |
|---|---|---|---|
| effect | string | Effect indicates the taint effect to match. | false |
| key | string | Key is the taint key that the toleration applies to. | false |
| operator | string | Operator represents a key's relationship to the value. | false |
| tolerationSeconds | integer | Format: int64 | false |
| value | string | Value is the taint value the toleration matches to. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.overlays[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | Resource API version. | false |
| kind | string | Resource kind. | false |
| name | string | Name of resource. | false |
| patches | []object | List of patches to apply to resource. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.overlays[index].patches[index]
| Name | Type | Description | Required |
|---|---|---|---|
| path | string | false | |
| value | object | Value to add, delete or replace. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.service
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Pod annotations are an unstructured key value map stored with the service. | false |
| labels | map[string]string | Labels are an unstructured key value map stored with the deployment. | false |
| ports | []object | The set of ports on which this service is exposed. | false |
| type | string | Determines how the Service is exposed. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.service.ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| kubernetesNodePort | integer | Minimum: 0 | false |
| name | string | Name assigned to the port. | false |
| number | integer | A valid non-negative integer port number. Minimum: 0 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.serviceAccount
| Name | Type | Description | Required |
|---|---|---|---|
| imagePullSecrets | []object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.operator.kubeSpec.serviceAccount.imagePullSecrets[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane
Configure Workload Onboarding Plane component.
| Name | Type | Description | Required |
|---|---|---|---|
| instance | object | Kubernetes settings for the | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance
Kubernetes settings for the Workload Onboarding Plane Instance component.
| Name | Type | Description | Required |
|---|---|---|---|
| kubeSpec | object | Configure Kubernetes specific settings. | false |
| logLevels | map[string]string | The log level configuration by scopes. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec
Configure Kubernetes specific settings.
| Name | Type | Description | Required |
|---|---|---|---|
| deployment | object | false | |
| overlays | []object | false | |
| service | object | false | |
| serviceAccount | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment
| Name | Type | Description | Required |
|---|---|---|---|
| affinity | object | The scheduling constraints for the pod. | false |
| containerSecurityContext | object | false | |
| env | []object | Environment variables for all containers in the deployment. | false |
| hpaSpec | object | false | |
| podAnnotations | map[string]string | Pod annotations are an unstructured key value map stored with the pod. | false |
| podSecurityContext | object | false | |
| replicaCount | integer | Number of desired pods. Minimum: 0 | false |
| resources | object | false | |
| strategy | object | The deployment strategy to use to replace existing pods with new ones. | false |
| tolerations | []object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity
The scheduling constraints for the pod.
| Name | Type | Description | Required |
|---|---|---|---|
| nodeAffinity | object | Group of node affinity scheduling rules. | false |
| podAffinity | object | Group of inter-pod affinity scheduling rules. | false |
| podAntiAffinity | object | Group of inter-pod anti-affinity scheduling rules. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.nodeAffinity
Group of node affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| preference | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
| Name | Type | Description | Required |
|---|---|---|---|
| nodeSelectorTerms | []object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAffinity
Group of inter-pod affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAntiAffinity
Group of inter-pod anti-affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.containerSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| allowPrivilegeEscalation | boolean | false | |
| capabilities | object | false | |
| privileged | boolean | false | |
| procMount | string | false | |
| readOnlyRootFilesystem | boolean | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.containerSecurityContext.capabilities
| Name | Type | Description | Required |
|---|---|---|---|
| add | []string | false | |
| drop | []string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.containerSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.containerSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.containerSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.env[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false | |
| valueFrom | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.env[index].valueFrom
| Name | Type | Description | Required |
|---|---|---|---|
| configMapKeyRef | object | false | |
| fieldRef | object | false | |
| resourceFieldRef | object | false | |
| secretKeyRef | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.env[index].valueFrom.fieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| fieldPath | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| containerName | string | false | |
| divisor | object | false | |
| resource | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.env[index].valueFrom.secretKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec
| Name | Type | Description | Required |
|---|---|---|---|
| maxReplicas | integer | Format: int32 | false |
| metrics | []object | false | |
| minReplicas | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index]
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| object | object | false | |
| pods | object | false | |
| resource | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].external
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| metricSelector | object | false | |
| targetAverageValue | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].object
| Name | Type | Description | Required |
|---|---|---|---|
| averageValue | object | false | |
| metricName | string | false | |
| selector | object | false | |
| target | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].object.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].object.target
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| kind | string | false | |
| name | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].pods
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| selector | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].resource
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| target | object | false | |
| targetAverageUtilization | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].resource.target
| Name | Type | Description | Required |
|---|---|---|---|
| averageUtilization | integer | Format: int32 | false |
| averageValue | object | false | |
| type | string | false | |
| value | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.podSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| fsGroup | integer | Minimum: 0 | false |
| fsGroupChangePolicy | string | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| supplementalGroups | []integer | false | |
| sysctls | []object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.podSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.podSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.podSecurityContext.sysctls[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.podSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.resources
| Name | Type | Description | Required |
|---|---|---|---|
| limits | map[string]string | false | |
| requests | map[string]string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.strategy
The deployment strategy to use to replace existing pods with new ones.
| Name | Type | Description | Required |
|---|---|---|---|
| rollingUpdate | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.strategy.rollingUpdate
| Name | Type | Description | Required |
|---|---|---|---|
| maxSurge | object | false | |
| maxUnavailable | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.strategy.rollingUpdate.maxSurge
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.deployment.tolerations[index]
| Name | Type | Description | Required |
|---|---|---|---|
| effect | string | Effect indicates the taint effect to match. | false |
| key | string | Key is the taint key that the toleration applies to. | false |
| operator | string | Operator represents a key's relationship to the value. | false |
| tolerationSeconds | integer | Format: int64 | false |
| value | string | Value is the taint value the toleration matches to. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.overlays[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | Resource API version. | false |
| kind | string | Resource kind. | false |
| name | string | Name of resource. | false |
| patches | []object | List of patches to apply to resource. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.overlays[index].patches[index]
| Name | Type | Description | Required |
|---|---|---|---|
| path | string | false | |
| value | object | Value to add, delete or replace. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.service
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Pod annotations are an unstructured key value map stored with the service. | false |
| labels | map[string]string | Labels are an unstructured key value map stored with the deployment. | false |
| ports | []object | The set of ports on which this service is exposed. | false |
| type | string | Determines how the Service is exposed. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.service.ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| kubernetesNodePort | integer | Minimum: 0 | false |
| name | string | Name assigned to the port. | false |
| number | integer | A valid non-negative integer port number. Minimum: 0 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.serviceAccount
| Name | Type | Description | Required |
|---|---|---|---|
| imagePullSecrets | []object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.plane.instance.kubeSpec.serviceAccount.imagePullSecrets[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository
Configure Workload Onboarding Repository component.
| Name | Type | Description | Required |
|---|---|---|---|
| kubeSpec | object | Configure Kubernetes specific settings. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec
Configure Kubernetes specific settings.
| Name | Type | Description | Required |
|---|---|---|---|
| deployment | object | false | |
| overlays | []object | false | |
| service | object | false | |
| serviceAccount | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment
| Name | Type | Description | Required |
|---|---|---|---|
| affinity | object | The scheduling constraints for the pod. | false |
| containerSecurityContext | object | false | |
| env | []object | Environment variables for all containers in the deployment. | false |
| hpaSpec | object | false | |
| podAnnotations | map[string]string | Pod annotations are an unstructured key value map stored with the pod. | false |
| podSecurityContext | object | false | |
| replicaCount | integer | Number of desired pods. Minimum: 0 | false |
| resources | object | false | |
| strategy | object | The deployment strategy to use to replace existing pods with new ones. | false |
| tolerations | []object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity
The scheduling constraints for the pod.
| Name | Type | Description | Required |
|---|---|---|---|
| nodeAffinity | object | Group of node affinity scheduling rules. | false |
| podAffinity | object | Group of inter-pod affinity scheduling rules. | false |
| podAntiAffinity | object | Group of inter-pod anti-affinity scheduling rules. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.nodeAffinity
Group of node affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| preference | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
| Name | Type | Description | Required |
|---|---|---|---|
| nodeSelectorTerms | []object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAffinity
Group of inter-pod affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAntiAffinity
Group of inter-pod anti-affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.containerSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| allowPrivilegeEscalation | boolean | false | |
| capabilities | object | false | |
| privileged | boolean | false | |
| procMount | string | false | |
| readOnlyRootFilesystem | boolean | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.containerSecurityContext.capabilities
| Name | Type | Description | Required |
|---|---|---|---|
| add | []string | false | |
| drop | []string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.containerSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.containerSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.containerSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.env[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false | |
| valueFrom | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.env[index].valueFrom
| Name | Type | Description | Required |
|---|---|---|---|
| configMapKeyRef | object | false | |
| fieldRef | object | false | |
| resourceFieldRef | object | false | |
| secretKeyRef | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.env[index].valueFrom.fieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| fieldPath | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| containerName | string | false | |
| divisor | object | false | |
| resource | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.env[index].valueFrom.secretKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec
| Name | Type | Description | Required |
|---|---|---|---|
| maxReplicas | integer | Format: int32 | false |
| metrics | []object | false | |
| minReplicas | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index]
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| object | object | false | |
| pods | object | false | |
| resource | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].external
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| metricSelector | object | false | |
| targetAverageValue | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].object
| Name | Type | Description | Required |
|---|---|---|---|
| averageValue | object | false | |
| metricName | string | false | |
| selector | object | false | |
| target | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].object.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].object.target
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| kind | string | false | |
| name | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].pods
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| selector | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].resource
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| target | object | false | |
| targetAverageUtilization | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].resource.target
| Name | Type | Description | Required |
|---|---|---|---|
| averageUtilization | integer | Format: int32 | false |
| averageValue | object | false | |
| type | string | false | |
| value | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.podSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| fsGroup | integer | Minimum: 0 | false |
| fsGroupChangePolicy | string | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| supplementalGroups | []integer | false | |
| sysctls | []object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.podSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.podSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.podSecurityContext.sysctls[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.podSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.resources
| Name | Type | Description | Required |
|---|---|---|---|
| limits | map[string]string | false | |
| requests | map[string]string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.strategy
The deployment strategy to use to replace existing pods with new ones.
| Name | Type | Description | Required |
|---|---|---|---|
| rollingUpdate | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.strategy.rollingUpdate
| Name | Type | Description | Required |
|---|---|---|---|
| maxSurge | object | false | |
| maxUnavailable | object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.strategy.rollingUpdate.maxSurge
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.deployment.tolerations[index]
| Name | Type | Description | Required |
|---|---|---|---|
| effect | string | Effect indicates the taint effect to match. | false |
| key | string | Key is the taint key that the toleration applies to. | false |
| operator | string | Operator represents a key's relationship to the value. | false |
| tolerationSeconds | integer | Format: int64 | false |
| value | string | Value is the taint value the toleration matches to. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.overlays[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | Resource API version. | false |
| kind | string | Resource kind. | false |
| name | string | Name of resource. | false |
| patches | []object | List of patches to apply to resource. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.overlays[index].patches[index]
| Name | Type | Description | Required |
|---|---|---|---|
| path | string | false | |
| value | object | Value to add, delete or replace. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.service
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Pod annotations are an unstructured key value map stored with the service. | false |
| labels | map[string]string | Labels are an unstructured key value map stored with the deployment. | false |
| ports | []object | The set of ports on which this service is exposed. | false |
| type | string | Determines how the Service is exposed. | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.service.ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| kubernetesNodePort | integer | Minimum: 0 | false |
| name | string | Name assigned to the port. | false |
| number | integer | A valid non-negative integer port number. Minimum: 0 | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.serviceAccount
| Name | Type | Description | Required |
|---|---|---|---|
| imagePullSecrets | []object | false |
Cluster.spec.installTemplate.helm.spec.components.onboarding.repository.kubeSpec.serviceAccount.imagePullSecrets[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer
| Name | Type | Description | Required |
|---|---|---|---|
| backend | object | Configure Database backend settings. | false |
| domain | string | false | |
| kubeSpec | object | Configure Kubernetes specific settings. | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.backend
Configure Database backend settings.
| Name | Type | Description | Required |
|---|---|---|---|
| redis | object | Settings for redis database backend. | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.backend.redis
Settings for redis database backend.
| Name | Type | Description | Required |
|---|---|---|---|
| uri | string | The Redis Database URI. | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec
Configure Kubernetes specific settings.
| Name | Type | Description | Required |
|---|---|---|---|
| deployment | object | false | |
| overlays | []object | false | |
| service | object | false | |
| serviceAccount | object | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment
| Name | Type | Description | Required |
|---|---|---|---|
| affinity | object | The scheduling constraints for the pod. | false |
| containerSecurityContext | object | false | |
| env | []object | Environment variables for all containers in the deployment. | false |
| hpaSpec | object | false | |
| podAnnotations | map[string]string | Pod annotations are an unstructured key value map stored with the pod. | false |
| podSecurityContext | object | false | |
| replicaCount | integer | Number of desired pods. Minimum: 0 | false |
| resources | object | false | |
| strategy | object | The deployment strategy to use to replace existing pods with new ones. | false |
| tolerations | []object | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity
The scheduling constraints for the pod.
| Name | Type | Description | Required |
|---|---|---|---|
| nodeAffinity | object | Group of node affinity scheduling rules. | false |
| podAffinity | object | Group of inter-pod affinity scheduling rules. | false |
| podAntiAffinity | object | Group of inter-pod anti-affinity scheduling rules. | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.nodeAffinity
Group of node affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | object | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| preference | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
| Name | Type | Description | Required |
|---|---|---|---|
| nodeSelectorTerms | []object | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAffinity
Group of inter-pod affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAntiAffinity
Group of inter-pod anti-affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.containerSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| allowPrivilegeEscalation | boolean | false | |
| capabilities | object | false | |
| privileged | boolean | false | |
| procMount | string | false | |
| readOnlyRootFilesystem | boolean | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.containerSecurityContext.capabilities
| Name | Type | Description | Required |
|---|---|---|---|
| add | []string | false | |
| drop | []string | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.containerSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.containerSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.containerSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.env[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false | |
| valueFrom | object | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.env[index].valueFrom
| Name | Type | Description | Required |
|---|---|---|---|
| configMapKeyRef | object | false | |
| fieldRef | object | false | |
| resourceFieldRef | object | false | |
| secretKeyRef | object | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.env[index].valueFrom.fieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| fieldPath | string | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| containerName | string | false | |
| divisor | object | false | |
| resource | string | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.env[index].valueFrom.secretKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec
| Name | Type | Description | Required |
|---|---|---|---|
| maxReplicas | integer | Format: int32 | false |
| metrics | []object | false | |
| minReplicas | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index]
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| object | object | false | |
| pods | object | false | |
| resource | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].external
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| metricSelector | object | false | |
| targetAverageValue | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].object
| Name | Type | Description | Required |
|---|---|---|---|
| averageValue | object | false | |
| metricName | string | false | |
| selector | object | false | |
| target | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].object.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].object.target
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| kind | string | false | |
| name | string | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].pods
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| selector | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].resource
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| target | object | false | |
| targetAverageUtilization | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].resource.target
| Name | Type | Description | Required |
|---|---|---|---|
| averageUtilization | integer | Format: int32 | false |
| averageValue | object | false | |
| type | string | false | |
| value | object | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.podSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| fsGroup | integer | Minimum: 0 | false |
| fsGroupChangePolicy | string | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| supplementalGroups | []integer | false | |
| sysctls | []object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.podSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.podSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.podSecurityContext.sysctls[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.podSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.resources
| Name | Type | Description | Required |
|---|---|---|---|
| limits | map[string]string | false | |
| requests | map[string]string | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.strategy
The deployment strategy to use to replace existing pods with new ones.
| Name | Type | Description | Required |
|---|---|---|---|
| rollingUpdate | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.strategy.rollingUpdate
| Name | Type | Description | Required |
|---|---|---|---|
| maxSurge | object | false | |
| maxUnavailable | object | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.strategy.rollingUpdate.maxSurge
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.deployment.tolerations[index]
| Name | Type | Description | Required |
|---|---|---|---|
| effect | string | Effect indicates the taint effect to match. | false |
| key | string | Key is the taint key that the toleration applies to. | false |
| operator | string | Operator represents a key's relationship to the value. | false |
| tolerationSeconds | integer | Format: int64 | false |
| value | string | Value is the taint value the toleration matches to. | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.overlays[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | Resource API version. | false |
| kind | string | Resource kind. | false |
| name | string | Name of resource. | false |
| patches | []object | List of patches to apply to resource. | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.overlays[index].patches[index]
| Name | Type | Description | Required |
|---|---|---|---|
| path | string | false | |
| value | object | Value to add, delete or replace. | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.service
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Pod annotations are an unstructured key value map stored with the service. | false |
| labels | map[string]string | Labels are an unstructured key value map stored with the deployment. | false |
| ports | []object | The set of ports on which this service is exposed. | false |
| type | string | Determines how the Service is exposed. | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.service.ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| kubernetesNodePort | integer | Minimum: 0 | false |
| name | string | Name assigned to the port. | false |
| number | integer | A valid non-negative integer port number. Minimum: 0 | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.serviceAccount
| Name | Type | Description | Required |
|---|---|---|---|
| imagePullSecrets | []object | false |
Cluster.spec.installTemplate.helm.spec.components.rateLimitServer.kubeSpec.serviceAccount.imagePullSecrets[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller
| Name | Type | Description | Required |
|---|---|---|---|
| kubeSpec | object | Configure Kubernetes specific settings. | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec
Configure Kubernetes specific settings.
| Name | Type | Description | Required |
|---|---|---|---|
| deployment | object | false | |
| overlays | []object | false | |
| service | object | false | |
| serviceAccount | object | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment
| Name | Type | Description | Required |
|---|---|---|---|
| affinity | object | The scheduling constraints for the pod. | false |
| containerSecurityContext | object | false | |
| env | []object | Environment variables for all containers in the deployment. | false |
| hpaSpec | object | false | |
| podAnnotations | map[string]string | Pod annotations are an unstructured key value map stored with the pod. | false |
| podSecurityContext | object | false | |
| replicaCount | integer | Number of desired pods. Minimum: 0 | false |
| resources | object | false | |
| strategy | object | The deployment strategy to use to replace existing pods with new ones. | false |
| tolerations | []object | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity
The scheduling constraints for the pod.
| Name | Type | Description | Required |
|---|---|---|---|
| nodeAffinity | object | Group of node affinity scheduling rules. | false |
| podAffinity | object | Group of inter-pod affinity scheduling rules. | false |
| podAntiAffinity | object | Group of inter-pod anti-affinity scheduling rules. | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.nodeAffinity
Group of node affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | object | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| preference | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
| Name | Type | Description | Required |
|---|---|---|---|
| nodeSelectorTerms | []object | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAffinity
Group of inter-pod affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAntiAffinity
Group of inter-pod anti-affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.containerSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| allowPrivilegeEscalation | boolean | false | |
| capabilities | object | false | |
| privileged | boolean | false | |
| procMount | string | false | |
| readOnlyRootFilesystem | boolean | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.containerSecurityContext.capabilities
| Name | Type | Description | Required |
|---|---|---|---|
| add | []string | false | |
| drop | []string | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.containerSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.containerSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.containerSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.env[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false | |
| valueFrom | object | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.env[index].valueFrom
| Name | Type | Description | Required |
|---|---|---|---|
| configMapKeyRef | object | false | |
| fieldRef | object | false | |
| resourceFieldRef | object | false | |
| secretKeyRef | object | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.env[index].valueFrom.fieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| fieldPath | string | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| containerName | string | false | |
| divisor | object | false | |
| resource | string | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.env[index].valueFrom.secretKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec
| Name | Type | Description | Required |
|---|---|---|---|
| maxReplicas | integer | Format: int32 | false |
| metrics | []object | false | |
| minReplicas | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index]
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| object | object | false | |
| pods | object | false | |
| resource | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].external
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| metricSelector | object | false | |
| targetAverageValue | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].object
| Name | Type | Description | Required |
|---|---|---|---|
| averageValue | object | false | |
| metricName | string | false | |
| selector | object | false | |
| target | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].object.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].object.target
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| kind | string | false | |
| name | string | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].pods
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| selector | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].resource
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| target | object | false | |
| targetAverageUtilization | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].resource.target
| Name | Type | Description | Required |
|---|---|---|---|
| averageUtilization | integer | Format: int32 | false |
| averageValue | object | false | |
| type | string | false | |
| value | object | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.podSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| fsGroup | integer | Minimum: 0 | false |
| fsGroupChangePolicy | string | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| supplementalGroups | []integer | false | |
| sysctls | []object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.podSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.podSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.podSecurityContext.sysctls[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.podSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.resources
| Name | Type | Description | Required |
|---|---|---|---|
| limits | map[string]string | false | |
| requests | map[string]string | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.strategy
The deployment strategy to use to replace existing pods with new ones.
| Name | Type | Description | Required |
|---|---|---|---|
| rollingUpdate | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.strategy.rollingUpdate
| Name | Type | Description | Required |
|---|---|---|---|
| maxSurge | object | false | |
| maxUnavailable | object | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.strategy.rollingUpdate.maxSurge
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.deployment.tolerations[index]
| Name | Type | Description | Required |
|---|---|---|---|
| effect | string | Effect indicates the taint effect to match. | false |
| key | string | Key is the taint key that the toleration applies to. | false |
| operator | string | Operator represents a key's relationship to the value. | false |
| tolerationSeconds | integer | Format: int64 | false |
| value | string | Value is the taint value the toleration matches to. | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.overlays[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | Resource API version. | false |
| kind | string | Resource kind. | false |
| name | string | Name of resource. | false |
| patches | []object | List of patches to apply to resource. | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.overlays[index].patches[index]
| Name | Type | Description | Required |
|---|---|---|---|
| path | string | false | |
| value | object | Value to add, delete or replace. | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.service
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Pod annotations are an unstructured key value map stored with the service. | false |
| labels | map[string]string | Labels are an unstructured key value map stored with the deployment. | false |
| ports | []object | The set of ports on which this service is exposed. | false |
| type | string | Determines how the Service is exposed. | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.service.ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| kubernetesNodePort | integer | Minimum: 0 | false |
| name | string | Name assigned to the port. | false |
| number | integer | A valid non-negative integer port number. Minimum: 0 | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.serviceAccount
| Name | Type | Description | Required |
|---|---|---|---|
| imagePullSecrets | []object | false |
Cluster.spec.installTemplate.helm.spec.components.route53Controller.kubeSpec.serviceAccount.imagePullSecrets[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.satellite
Satellite provide load balancing capabilities for data content before the data from Envoy reaches the SPM in Control Plane.
| Name | Type | Description | Required |
|---|---|---|---|
| enabled | boolean | Satellite is an optional component. | false |
| kubeSpec | object | false | |
| logLevel | string | Specifies the log level for the component. | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec
| Name | Type | Description | Required |
|---|---|---|---|
| deployment | object | false | |
| overlays | []object | false | |
| service | object | false | |
| serviceAccount | object | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment
| Name | Type | Description | Required |
|---|---|---|---|
| affinity | object | The scheduling constraints for the pod. | false |
| containerSecurityContext | object | false | |
| env | []object | Environment variables for all containers in the deployment. | false |
| hpaSpec | object | false | |
| podAnnotations | map[string]string | Pod annotations are an unstructured key value map stored with the pod. | false |
| podSecurityContext | object | false | |
| replicaCount | integer | Number of desired pods. Minimum: 0 | false |
| resources | object | false | |
| strategy | object | The deployment strategy to use to replace existing pods with new ones. | false |
| tolerations | []object | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity
The scheduling constraints for the pod.
| Name | Type | Description | Required |
|---|---|---|---|
| nodeAffinity | object | Group of node affinity scheduling rules. | false |
| podAffinity | object | Group of inter-pod affinity scheduling rules. | false |
| podAntiAffinity | object | Group of inter-pod anti-affinity scheduling rules. | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.nodeAffinity
Group of node affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | object | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| preference | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
| Name | Type | Description | Required |
|---|---|---|---|
| nodeSelectorTerms | []object | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAffinity
Group of inter-pod affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAntiAffinity
Group of inter-pod anti-affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.containerSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| allowPrivilegeEscalation | boolean | false | |
| capabilities | object | false | |
| privileged | boolean | false | |
| procMount | string | false | |
| readOnlyRootFilesystem | boolean | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.containerSecurityContext.capabilities
| Name | Type | Description | Required |
|---|---|---|---|
| add | []string | false | |
| drop | []string | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.containerSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.containerSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.containerSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.env[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false | |
| valueFrom | object | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.env[index].valueFrom
| Name | Type | Description | Required |
|---|---|---|---|
| configMapKeyRef | object | false | |
| fieldRef | object | false | |
| resourceFieldRef | object | false | |
| secretKeyRef | object | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.env[index].valueFrom.fieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| fieldPath | string | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| containerName | string | false | |
| divisor | object | false | |
| resource | string | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.env[index].valueFrom.secretKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec
| Name | Type | Description | Required |
|---|---|---|---|
| maxReplicas | integer | Format: int32 | false |
| metrics | []object | false | |
| minReplicas | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index]
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| object | object | false | |
| pods | object | false | |
| resource | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].external
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| metricSelector | object | false | |
| targetAverageValue | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].object
| Name | Type | Description | Required |
|---|---|---|---|
| averageValue | object | false | |
| metricName | string | false | |
| selector | object | false | |
| target | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].object.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].object.target
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| kind | string | false | |
| name | string | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].pods
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| selector | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].resource
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| target | object | false | |
| targetAverageUtilization | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].resource.target
| Name | Type | Description | Required |
|---|---|---|---|
| averageUtilization | integer | Format: int32 | false |
| averageValue | object | false | |
| type | string | false | |
| value | object | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.podSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| fsGroup | integer | Minimum: 0 | false |
| fsGroupChangePolicy | string | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| supplementalGroups | []integer | false | |
| sysctls | []object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.podSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.podSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.podSecurityContext.sysctls[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.podSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.resources
| Name | Type | Description | Required |
|---|---|---|---|
| limits | map[string]string | false | |
| requests | map[string]string | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.strategy
The deployment strategy to use to replace existing pods with new ones.
| Name | Type | Description | Required |
|---|---|---|---|
| rollingUpdate | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.strategy.rollingUpdate
| Name | Type | Description | Required |
|---|---|---|---|
| maxSurge | object | false | |
| maxUnavailable | object | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.strategy.rollingUpdate.maxSurge
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.deployment.tolerations[index]
| Name | Type | Description | Required |
|---|---|---|---|
| effect | string | Effect indicates the taint effect to match. | false |
| key | string | Key is the taint key that the toleration applies to. | false |
| operator | string | Operator represents a key's relationship to the value. | false |
| tolerationSeconds | integer | Format: int64 | false |
| value | string | Value is the taint value the toleration matches to. | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.overlays[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | Resource API version. | false |
| kind | string | Resource kind. | false |
| name | string | Name of resource. | false |
| patches | []object | List of patches to apply to resource. | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.overlays[index].patches[index]
| Name | Type | Description | Required |
|---|---|---|---|
| path | string | false | |
| value | object | Value to add, delete or replace. | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.service
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Pod annotations are an unstructured key value map stored with the service. | false |
| labels | map[string]string | Labels are an unstructured key value map stored with the deployment. | false |
| ports | []object | The set of ports on which this service is exposed. | false |
| type | string | Determines how the Service is exposed. | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.service.ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| kubernetesNodePort | integer | Minimum: 0 | false |
| name | string | Name assigned to the port. | false |
| number | integer | A valid non-negative integer port number. Minimum: 0 | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.serviceAccount
| Name | Type | Description | Required |
|---|---|---|---|
| imagePullSecrets | []object | false |
Cluster.spec.installTemplate.helm.spec.components.satellite.kubeSpec.serviceAccount.imagePullSecrets[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher
Configuration for the WASM Fetcher component.
| Name | Type | Description | Required |
|---|---|---|---|
| cacheDisableInsecureRegistries | boolean | Denies insecure registries to be used for fetching WASM modules. | false |
| cacheExpiration | string | WASM Module cache expiration time. | false |
| cacheMaxRetries | integer | Maximum number of retries when fetching WASM modules from the OCI registry. Format: int32 | false |
| cachePurgeInterval | string | WASM cache purge interval to periodically clean up the stale WASM modules. | false |
| cacheRequestTimeout | string | Specifies the timeout used when retrieving the WASM plugin from the OCI registry. | false |
| kubeSpec | object | false | |
| logLevels | map[string]string | The log level configuration by scopes. | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec
| Name | Type | Description | Required |
|---|---|---|---|
| deployment | object | false | |
| overlays | []object | false | |
| service | object | false | |
| serviceAccount | object | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment
| Name | Type | Description | Required |
|---|---|---|---|
| affinity | object | The scheduling constraints for the pod. | false |
| containerSecurityContext | object | false | |
| env | []object | Environment variables for all containers in the deployment. | false |
| hpaSpec | object | false | |
| podAnnotations | map[string]string | Pod annotations are an unstructured key value map stored with the pod. | false |
| podSecurityContext | object | false | |
| replicaCount | integer | Number of desired pods. Minimum: 0 | false |
| resources | object | false | |
| strategy | object | The deployment strategy to use to replace existing pods with new ones. | false |
| tolerations | []object | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity
The scheduling constraints for the pod.
| Name | Type | Description | Required |
|---|---|---|---|
| nodeAffinity | object | Group of node affinity scheduling rules. | false |
| podAffinity | object | Group of inter-pod affinity scheduling rules. | false |
| podAntiAffinity | object | Group of inter-pod anti-affinity scheduling rules. | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.nodeAffinity
Group of node affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | object | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| preference | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
| Name | Type | Description | Required |
|---|---|---|---|
| nodeSelectorTerms | []object | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAffinity
Group of inter-pod affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAntiAffinity
Group of inter-pod anti-affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.containerSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| allowPrivilegeEscalation | boolean | false | |
| capabilities | object | false | |
| privileged | boolean | false | |
| procMount | string | false | |
| readOnlyRootFilesystem | boolean | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.containerSecurityContext.capabilities
| Name | Type | Description | Required |
|---|---|---|---|
| add | []string | false | |
| drop | []string | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.containerSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.containerSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.containerSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.env[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false | |
| valueFrom | object | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.env[index].valueFrom
| Name | Type | Description | Required |
|---|---|---|---|
| configMapKeyRef | object | false | |
| fieldRef | object | false | |
| resourceFieldRef | object | false | |
| secretKeyRef | object | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.env[index].valueFrom.fieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| fieldPath | string | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| containerName | string | false | |
| divisor | object | false | |
| resource | string | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.env[index].valueFrom.secretKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec
| Name | Type | Description | Required |
|---|---|---|---|
| maxReplicas | integer | Format: int32 | false |
| metrics | []object | false | |
| minReplicas | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index]
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| object | object | false | |
| pods | object | false | |
| resource | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].external
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| metricSelector | object | false | |
| targetAverageValue | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].object
| Name | Type | Description | Required |
|---|---|---|---|
| averageValue | object | false | |
| metricName | string | false | |
| selector | object | false | |
| target | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].object.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].object.target
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| kind | string | false | |
| name | string | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].pods
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| selector | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].resource
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| target | object | false | |
| targetAverageUtilization | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].resource.target
| Name | Type | Description | Required |
|---|---|---|---|
| averageUtilization | integer | Format: int32 | false |
| averageValue | object | false | |
| type | string | false | |
| value | object | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.podSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| fsGroup | integer | Minimum: 0 | false |
| fsGroupChangePolicy | string | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| supplementalGroups | []integer | false | |
| sysctls | []object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.podSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.podSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.podSecurityContext.sysctls[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.podSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.resources
| Name | Type | Description | Required |
|---|---|---|---|
| limits | map[string]string | false | |
| requests | map[string]string | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.strategy
The deployment strategy to use to replace existing pods with new ones.
| Name | Type | Description | Required |
|---|---|---|---|
| rollingUpdate | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.strategy.rollingUpdate
| Name | Type | Description | Required |
|---|---|---|---|
| maxSurge | object | false | |
| maxUnavailable | object | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.strategy.rollingUpdate.maxSurge
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.deployment.tolerations[index]
| Name | Type | Description | Required |
|---|---|---|---|
| effect | string | Effect indicates the taint effect to match. | false |
| key | string | Key is the taint key that the toleration applies to. | false |
| operator | string | Operator represents a key's relationship to the value. | false |
| tolerationSeconds | integer | Format: int64 | false |
| value | string | Value is the taint value the toleration matches to. | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.overlays[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | Resource API version. | false |
| kind | string | Resource kind. | false |
| name | string | Name of resource. | false |
| patches | []object | List of patches to apply to resource. | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.overlays[index].patches[index]
| Name | Type | Description | Required |
|---|---|---|---|
| path | string | false | |
| value | object | Value to add, delete or replace. | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.service
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Pod annotations are an unstructured key value map stored with the service. | false |
| labels | map[string]string | Labels are an unstructured key value map stored with the deployment. | false |
| ports | []object | The set of ports on which this service is exposed. | false |
| type | string | Determines how the Service is exposed. | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.service.ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| kubernetesNodePort | integer | Minimum: 0 | false |
| name | string | Name assigned to the port. | false |
| number | integer | A valid non-negative integer port number. Minimum: 0 | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.serviceAccount
| Name | Type | Description | Required |
|---|---|---|---|
| imagePullSecrets | []object | false |
Cluster.spec.installTemplate.helm.spec.components.wasmfetcher.kubeSpec.serviceAccount.imagePullSecrets[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp
| Name | Type | Description | Required |
|---|---|---|---|
| centralAuthMode | enum | Authentication mode for connections from XCP Edges to XCP Central. Enum: UNKNOWN, MUTUAL_TLS, JWT | false |
| centralProvidedCaCert | boolean | If true, obtain the CA cert for Istio from XCP central. | false |
| configProtection | object | false | |
| enableHttpMeshInternalIdentityPropagation | boolean | false | |
| isolationBoundaries | []object | Configures Isolated Istio environments along with Istio revisions for each environment. | false |
| kubeSpec | object | false | |
| logLevels | map[string]string | Loglevel for XCP. | false |
| revision | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.configProtection
| Name | Type | Description | Required |
|---|---|---|---|
| authorizedUsers | []string | List of usernames of authorized users or svc accounts to create/update/delete XCP configs when config protection is enabled. | false |
| enableAuthorizedCreateUpdateDeleteOnXcpConfigs | boolean | false | |
| enableAuthorizedUpdateDeleteOnXcpConfigs | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index]
| Name | Type | Description | Required |
|---|---|---|---|
| meshExpansion | object | Configure mesh expansion to connect workloads external to Kubernetes to the mesh. | false |
| name | string | Name of the IsolationBoundary. | false |
| revisions | []object | Configure multiple Istio Revisions under the IsolationBoundary. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion
Configure mesh expansion to connect workloads external to Kubernetes to the mesh.
| Name | Type | Description | Required |
|---|---|---|---|
| customGateway | object | A custom mesh expansion gateway. | false |
| onboarding | object | Configuration of the | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion.customGateway
A custom mesh expansion gateway.
| Name | Type | Description | Required |
|---|---|---|---|
| host | string | Mesh expansion gateway host address (can be hostname or IP address). | false |
| port | integer | Port mesh expansion gateway is listening on. Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion.onboarding
Configuration of the Workload Onboarding Plane.
| Name | Type | Description | Required |
|---|---|---|---|
| endpoint | object | false | |
| localRepository | object | false | |
| tokenIssuer | object | Configuration of the built-in | false |
| uid | string | Unique identifier of this particular installation of the | false |
| workloads | object | Configuration of the workload handling. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion.onboarding.endpoint
| Name | Type | Description | Required |
|---|---|---|---|
| hosts | []string | List of hosts included in the TLS certificate. | false |
| secretName | string | Name of the secret that holds TLS certificate chain and private key. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion.onboarding.tokenIssuer
Configuration of the built-in Workload Onboarding Token Issuer.
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | Configuration of the built-in JWT Token Issuer. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion.onboarding.tokenIssuer.jwt
Configuration of the built-in JWT Token Issuer.
| Name | Type | Description | Required |
|---|---|---|---|
| expiration | string | Expiration is the duration issued tokens are valid for. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion.onboarding.workloads
Configuration of the workload handling.
| Name | Type | Description | Required |
|---|---|---|---|
| authentication | object | Workload authentication configuration. | false |
| deregistration | object | Workload deregistration configuration. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion.onboarding.workloads.authentication
Workload authentication configuration.
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | JWT authentication configuration. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion.onboarding.workloads.authentication.jwt
JWT authentication configuration.
| Name | Type | Description | Required |
|---|---|---|---|
| issuers | []object | List of permitted JWT issuers. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion.onboarding.workloads.authentication.jwt.issuers[index]
| Name | Type | Description | Required |
|---|---|---|---|
| issuer | string | JWT | false |
| jwks | string | Inlined JSON Web Key Set document. | false |
| jwksUri | string | URL of the JSON Web Key Set document. | false |
| shortName | string | Unique short name associated with the issuer. | false |
| tokenFields | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion.onboarding.workloads.authentication.jwt.issuers[index].tokenFields
| Name | Type | Description | Required |
|---|---|---|---|
| attributes | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion.onboarding.workloads.authentication.jwt.issuers[index].tokenFields.attributes
| Name | Type | Description | Required |
|---|---|---|---|
| jsonPath | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].meshExpansion.onboarding.workloads.deregistration
Workload deregistration configuration.
| Name | Type | Description | Required |
|---|---|---|---|
| propagationDelay | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| disable | boolean | false | |
| istio | object | Istio overlay configuration for the revision. | false |
| name | string | Name of the IstioRevision. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio
Istio overlay configuration for the revision.
| Name | Type | Description | Required |
|---|---|---|---|
| baseOverlays | []object | The overlays applied to the Istio base component. | false |
| cniOverlays | []object | The overlays applied to the Istio CNI component. | false |
| defaultWorkloadCertTTL | string | The default TTL of issued workload certificates. | false |
| kubeSpec | object | Configure Kubernetes specific settings. | false |
| logLevels | map[string]string | Specifies the global logging level settings for the Istio control plane components. | false |
| maxWorkloadCertTTL | string | The maximum TTL that can be set in issued workload certificates. | false |
| mountInternalWasmExtensions | boolean | false | |
| pilotOverlays | []object | The overlays applied to the Istio pilot component. | false |
| traceSamplingRate | number | The percentage of traces Envoy will sample. Format: double | false |
| trustDomain | string | The trust domain corresponds to the trust root of a system. | false |
| tsbVersion | string | Specifies the tsb release version. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.baseOverlays[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | Resource API version. | false |
| kind | string | Resource kind. | false |
| name | string | Name of resource. | false |
| patches | []object | List of patches to apply to resource. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.baseOverlays[index].patches[index]
| Name | Type | Description | Required |
|---|---|---|---|
| path | string | false | |
| value | object | Value to add, delete or replace. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.cniOverlays[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | Resource API version. | false |
| kind | string | Resource kind. | false |
| name | string | Name of resource. | false |
| patches | []object | List of patches to apply to resource. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.cniOverlays[index].patches[index]
| Name | Type | Description | Required |
|---|---|---|---|
| path | string | false | |
| value | object | Value to add, delete or replace. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec
Configure Kubernetes specific settings.
| Name | Type | Description | Required |
|---|---|---|---|
| CNI | object | false | |
| deployment | object | false | |
| overlays | []object | false | |
| service | object | false | |
| serviceAccount | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.CNI
| Name | Type | Description | Required |
|---|---|---|---|
| binaryDirectory | string | Directory on the host to install the CNI binary. | false |
| chained | boolean | false | |
| clusterRole | string | The ClusterRole Istio CNI will bind to in the ControlPlane namespace. | false |
| configurationDirectory | string | Directory on the host to install the CNI config. | false |
| configurationFileName | string | false | |
| revision | string | The revisioned istio-operator that will reconcile the Istio CNI component. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment
| Name | Type | Description | Required |
|---|---|---|---|
| affinity | object | The scheduling constraints for the pod. | false |
| containerSecurityContext | object | false | |
| env | []object | Environment variables for all containers in the deployment. | false |
| hpaSpec | object | false | |
| podAnnotations | map[string]string | Pod annotations are an unstructured key value map stored with the pod. | false |
| podSecurityContext | object | false | |
| replicaCount | integer | Number of desired pods. Minimum: 0 | false |
| resources | object | false | |
| strategy | object | The deployment strategy to use to replace existing pods with new ones. | false |
| tolerations | []object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity
The scheduling constraints for the pod.
| Name | Type | Description | Required |
|---|---|---|---|
| nodeAffinity | object | Group of node affinity scheduling rules. | false |
| podAffinity | object | Group of inter-pod affinity scheduling rules. | false |
| podAntiAffinity | object | Group of inter-pod anti-affinity scheduling rules. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.nodeAffinity
Group of node affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| preference | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
| Name | Type | Description | Required |
|---|---|---|---|
| nodeSelectorTerms | []object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAffinity
Group of inter-pod affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAntiAffinity
Group of inter-pod anti-affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.containerSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| allowPrivilegeEscalation | boolean | false | |
| capabilities | object | false | |
| privileged | boolean | false | |
| procMount | string | false | |
| readOnlyRootFilesystem | boolean | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.containerSecurityContext.capabilities
| Name | Type | Description | Required |
|---|---|---|---|
| add | []string | false | |
| drop | []string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.containerSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.containerSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.containerSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.env[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false | |
| valueFrom | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.env[index].valueFrom
| Name | Type | Description | Required |
|---|---|---|---|
| configMapKeyRef | object | false | |
| fieldRef | object | false | |
| resourceFieldRef | object | false | |
| secretKeyRef | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.env[index].valueFrom.fieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| fieldPath | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| containerName | string | false | |
| divisor | object | false | |
| resource | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.env[index].valueFrom.secretKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec
| Name | Type | Description | Required |
|---|---|---|---|
| maxReplicas | integer | Format: int32 | false |
| metrics | []object | false | |
| minReplicas | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index]
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| object | object | false | |
| pods | object | false | |
| resource | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].external
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| metricSelector | object | false | |
| targetAverageValue | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].object
| Name | Type | Description | Required |
|---|---|---|---|
| averageValue | object | false | |
| metricName | string | false | |
| selector | object | false | |
| target | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].object.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].object.target
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| kind | string | false | |
| name | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].pods
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| selector | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].resource
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| target | object | false | |
| targetAverageUtilization | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].resource.target
| Name | Type | Description | Required |
|---|---|---|---|
| averageUtilization | integer | Format: int32 | false |
| averageValue | object | false | |
| type | string | false | |
| value | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.podSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| fsGroup | integer | Minimum: 0 | false |
| fsGroupChangePolicy | string | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| supplementalGroups | []integer | false | |
| sysctls | []object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.podSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.podSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.podSecurityContext.sysctls[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.podSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.resources
| Name | Type | Description | Required |
|---|---|---|---|
| limits | map[string]string | false | |
| requests | map[string]string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.strategy
The deployment strategy to use to replace existing pods with new ones.
| Name | Type | Description | Required |
|---|---|---|---|
| rollingUpdate | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.strategy.rollingUpdate
| Name | Type | Description | Required |
|---|---|---|---|
| maxSurge | object | false | |
| maxUnavailable | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.strategy.rollingUpdate.maxSurge
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.deployment.tolerations[index]
| Name | Type | Description | Required |
|---|---|---|---|
| effect | string | Effect indicates the taint effect to match. | false |
| key | string | Key is the taint key that the toleration applies to. | false |
| operator | string | Operator represents a key's relationship to the value. | false |
| tolerationSeconds | integer | Format: int64 | false |
| value | string | Value is the taint value the toleration matches to. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.overlays[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | Resource API version. | false |
| kind | string | Resource kind. | false |
| name | string | Name of resource. | false |
| patches | []object | List of patches to apply to resource. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.overlays[index].patches[index]
| Name | Type | Description | Required |
|---|---|---|---|
| path | string | false | |
| value | object | Value to add, delete or replace. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.service
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Pod annotations are an unstructured key value map stored with the service. | false |
| labels | map[string]string | Labels are an unstructured key value map stored with the deployment. | false |
| ports | []object | The set of ports on which this service is exposed. | false |
| type | string | Determines how the Service is exposed. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.service.ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| kubernetesNodePort | integer | Minimum: 0 | false |
| name | string | Name assigned to the port. | false |
| number | integer | A valid non-negative integer port number. Minimum: 0 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.serviceAccount
| Name | Type | Description | Required |
|---|---|---|---|
| imagePullSecrets | []object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.kubeSpec.serviceAccount.imagePullSecrets[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.pilotOverlays[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | Resource API version. | false |
| kind | string | Resource kind. | false |
| name | string | Name of resource. | false |
| patches | []object | List of patches to apply to resource. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.isolationBoundaries[index].revisions[index].istio.pilotOverlays[index].patches[index]
| Name | Type | Description | Required |
|---|---|---|---|
| path | string | false | |
| value | object | Value to add, delete or replace. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec
| Name | Type | Description | Required |
|---|---|---|---|
| deployment | object | false | |
| overlays | []object | false | |
| service | object | false | |
| serviceAccount | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment
| Name | Type | Description | Required |
|---|---|---|---|
| affinity | object | The scheduling constraints for the pod. | false |
| containerSecurityContext | object | false | |
| env | []object | Environment variables for all containers in the deployment. | false |
| hpaSpec | object | false | |
| podAnnotations | map[string]string | Pod annotations are an unstructured key value map stored with the pod. | false |
| podSecurityContext | object | false | |
| replicaCount | integer | Number of desired pods. Minimum: 0 | false |
| resources | object | false | |
| strategy | object | The deployment strategy to use to replace existing pods with new ones. | false |
| tolerations | []object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity
The scheduling constraints for the pod.
| Name | Type | Description | Required |
|---|---|---|---|
| nodeAffinity | object | Group of node affinity scheduling rules. | false |
| podAffinity | object | Group of inter-pod affinity scheduling rules. | false |
| podAntiAffinity | object | Group of inter-pod anti-affinity scheduling rules. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.nodeAffinity
Group of node affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| preference | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
| Name | Type | Description | Required |
|---|---|---|---|
| nodeSelectorTerms | []object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index]
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | false | |
| matchFields | []object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| operator | string | false | |
| values | []string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAffinity
Group of inter-pod affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAntiAffinity
Group of inter-pod anti-affinity scheduling rules.
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object | false | |
| requiredDuringSchedulingIgnoredDuringExecution | []object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| podAffinityTerm | object | false | |
| weight | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labelSelector | object | false | |
| namespaces | []string | false | |
| topologyKey | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.containerSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| allowPrivilegeEscalation | boolean | false | |
| capabilities | object | false | |
| privileged | boolean | false | |
| procMount | string | false | |
| readOnlyRootFilesystem | boolean | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.containerSecurityContext.capabilities
| Name | Type | Description | Required |
|---|---|---|---|
| add | []string | false | |
| drop | []string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.containerSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.containerSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.containerSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.env[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false | |
| valueFrom | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.env[index].valueFrom
| Name | Type | Description | Required |
|---|---|---|---|
| configMapKeyRef | object | false | |
| fieldRef | object | false | |
| resourceFieldRef | object | false | |
| secretKeyRef | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.env[index].valueFrom.configMapKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.env[index].valueFrom.fieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| fieldPath | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef
| Name | Type | Description | Required |
|---|---|---|---|
| containerName | string | false | |
| divisor | object | false | |
| resource | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.env[index].valueFrom.resourceFieldRef.divisor
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.env[index].valueFrom.secretKeyRef
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | false | |
| localObjectReference | object | false | |
| optional | boolean | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.env[index].valueFrom.secretKeyRef.localObjectReference
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec
| Name | Type | Description | Required |
|---|---|---|---|
| maxReplicas | integer | Format: int32 | false |
| metrics | []object | false | |
| minReplicas | integer | Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index]
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| object | object | false | |
| pods | object | false | |
| resource | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].external
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| metricSelector | object | false | |
| targetAverageValue | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].external.metricSelector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].external.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].external.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].object
| Name | Type | Description | Required |
|---|---|---|---|
| averageValue | object | false | |
| metricName | string | false | |
| selector | object | false | |
| target | object | false | |
| targetValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].object.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].object.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].object.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].object.target
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | false | |
| kind | string | false | |
| name | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].object.targetValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].pods
| Name | Type | Description | Required |
|---|---|---|---|
| metricName | string | false | |
| selector | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector
| Name | Type | Description | Required |
|---|---|---|---|
| matchExpressions | []object | matchExpressions is a list of label selector requirements. | false |
| matchLabels | map[string]string | matchLabels is a map of B;key,valueB; pairs. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].pods.selector.matchExpressions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| key | string | key is the label key that the selector applies to. | false |
| operator | string | operator represents a key's relationship to a set of values. | false |
| values | []string | values is an array of string values. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].pods.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].resource
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| target | object | false | |
| targetAverageUtilization | object | false | |
| targetAverageValue | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].resource.target
| Name | Type | Description | Required |
|---|---|---|---|
| averageUtilization | integer | Format: int32 | false |
| averageValue | object | false | |
| type | string | false | |
| value | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.averageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].resource.target.value
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageUtilization
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.hpaSpec.metrics[index].resource.targetAverageValue
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.podSecurityContext
| Name | Type | Description | Required |
|---|---|---|---|
| fsGroup | integer | Minimum: 0 | false |
| fsGroupChangePolicy | string | false | |
| runAsGroup | integer | Minimum: 0 | false |
| runAsNonRoot | boolean | false | |
| runAsUser | integer | Minimum: 0 | false |
| seLinuxOptions | object | false | |
| seccompProfile | object | false | |
| supplementalGroups | []integer | false | |
| sysctls | []object | false | |
| windowsOptions | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.podSecurityContext.seLinuxOptions
| Name | Type | Description | Required |
|---|---|---|---|
| level | string | false | |
| role | string | false | |
| type | string | false | |
| user | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.podSecurityContext.seccompProfile
| Name | Type | Description | Required |
|---|---|---|---|
| localhostProfile | string | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.podSecurityContext.sysctls[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| value | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.podSecurityContext.windowsOptions
| Name | Type | Description | Required |
|---|---|---|---|
| gmsaCredentialSpec | string | false | |
| gmsaCredentialSpecName | string | false | |
| runAsUserName | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.resources
| Name | Type | Description | Required |
|---|---|---|---|
| limits | map[string]string | false | |
| requests | map[string]string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.strategy
The deployment strategy to use to replace existing pods with new ones.
| Name | Type | Description | Required |
|---|---|---|---|
| rollingUpdate | object | false | |
| type | string | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.strategy.rollingUpdate
| Name | Type | Description | Required |
|---|---|---|---|
| maxSurge | object | false | |
| maxUnavailable | object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.strategy.rollingUpdate.maxSurge
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.strategy.rollingUpdate.maxUnavailable
| Name | Type | Description | Required |
|---|---|---|---|
| intVal | integer | Minimum: -2.147483648e+09 | false |
| strVal | string | false | |
| type | integer | Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.deployment.tolerations[index]
| Name | Type | Description | Required |
|---|---|---|---|
| effect | string | Effect indicates the taint effect to match. | false |
| key | string | Key is the taint key that the toleration applies to. | false |
| operator | string | Operator represents a key's relationship to the value. | false |
| tolerationSeconds | integer | Format: int64 | false |
| value | string | Value is the taint value the toleration matches to. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.overlays[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | Resource API version. | false |
| kind | string | Resource kind. | false |
| name | string | Name of resource. | false |
| patches | []object | List of patches to apply to resource. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.overlays[index].patches[index]
| Name | Type | Description | Required |
|---|---|---|---|
| path | string | false | |
| value | object | Value to add, delete or replace. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.service
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Pod annotations are an unstructured key value map stored with the service. | false |
| labels | map[string]string | Labels are an unstructured key value map stored with the deployment. | false |
| ports | []object | The set of ports on which this service is exposed. | false |
| type | string | Determines how the Service is exposed. | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.service.ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| kubernetesNodePort | integer | Minimum: 0 | false |
| name | string | Name assigned to the port. | false |
| number | integer | A valid non-negative integer port number. Minimum: 0 | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.serviceAccount
| Name | Type | Description | Required |
|---|---|---|---|
| imagePullSecrets | []object | false |
Cluster.spec.installTemplate.helm.spec.components.xcp.kubeSpec.serviceAccount.imagePullSecrets[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.imagePullSecrets[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the referent. | false |
Cluster.spec.installTemplate.helm.spec.managementPlane
Configure the management plane to retrieve configuration from.
| Name | Type | Description | Required |
|---|---|---|---|
| clusterName | string | false | |
| host | string | Management plane host address (can be hostname or IPv4/IPv6 address). | false |
| port | integer | Port management plane is listening on. Format: int32 | false |
| selfSigned | boolean | Management plane uses a self signed or private TLS certificate. | false |
Cluster.spec.installTemplate.helm.spec.meshExpansion
Configure mesh expansion to connect workloads external to Kubernetes to the mesh.
| Name | Type | Description | Required |
|---|---|---|---|
| customGateway | object | A custom mesh expansion gateway. | false |
| onboarding | object | Configuration of the | false |
Cluster.spec.installTemplate.helm.spec.meshExpansion.customGateway
A custom mesh expansion gateway.
| Name | Type | Description | Required |
|---|---|---|---|
| host | string | Mesh expansion gateway host address (can be hostname or IP address). | false |
| port | integer | Port mesh expansion gateway is listening on. Format: int32 | false |
Cluster.spec.installTemplate.helm.spec.meshExpansion.onboarding
Configuration of the Workload Onboarding Plane.
| Name | Type | Description | Required |
|---|---|---|---|
| endpoint | object | false | |
| localRepository | object | false | |
| tokenIssuer | object | Configuration of the built-in | false |
| uid | string | Unique identifier of this particular installation of the | false |
| workloads | object | Configuration of the workload handling. | false |
Cluster.spec.installTemplate.helm.spec.meshExpansion.onboarding.endpoint
| Name | Type | Description | Required |
|---|---|---|---|
| hosts | []string | List of hosts included in the TLS certificate. | false |
| secretName | string | Name of the secret that holds TLS certificate chain and private key. | false |
Cluster.spec.installTemplate.helm.spec.meshExpansion.onboarding.tokenIssuer
Configuration of the built-in Workload Onboarding Token Issuer.
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | Configuration of the built-in JWT Token Issuer. | false |
Cluster.spec.installTemplate.helm.spec.meshExpansion.onboarding.tokenIssuer.jwt
Configuration of the built-in JWT Token Issuer.
| Name | Type | Description | Required |
|---|---|---|---|
| expiration | string | Expiration is the duration issued tokens are valid for. | false |
Cluster.spec.installTemplate.helm.spec.meshExpansion.onboarding.workloads
Configuration of the workload handling.
| Name | Type | Description | Required |
|---|---|---|---|
| authentication | object | Workload authentication configuration. | false |
| deregistration | object | Workload deregistration configuration. | false |
Cluster.spec.installTemplate.helm.spec.meshExpansion.onboarding.workloads.authentication
Workload authentication configuration.
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | JWT authentication configuration. | false |
Cluster.spec.installTemplate.helm.spec.meshExpansion.onboarding.workloads.authentication.jwt
JWT authentication configuration.
| Name | Type | Description | Required |
|---|---|---|---|
| issuers | []object | List of permitted JWT issuers. | false |
Cluster.spec.installTemplate.helm.spec.meshExpansion.onboarding.workloads.authentication.jwt.issuers[index]
| Name | Type | Description | Required |
|---|---|---|---|
| issuer | string | JWT | false |
| jwks | string | Inlined JSON Web Key Set document. | false |
| jwksUri | string | URL of the JSON Web Key Set document. | false |
| shortName | string | Unique short name associated with the issuer. | false |
| tokenFields | object | false |
Cluster.spec.installTemplate.helm.spec.meshExpansion.onboarding.workloads.authentication.jwt.issuers[index].tokenFields
| Name | Type | Description | Required |
|---|---|---|---|
| attributes | object | false |
Cluster.spec.installTemplate.helm.spec.meshExpansion.onboarding.workloads.authentication.jwt.issuers[index].tokenFields.attributes
| Name | Type | Description | Required |
|---|---|---|---|
| jsonPath | string | false |
Cluster.spec.installTemplate.helm.spec.meshExpansion.onboarding.workloads.deregistration
Workload deregistration configuration.
| Name | Type | Description | Required |
|---|---|---|---|
| propagationDelay | string | false |
Cluster.spec.installTemplate.helm.spec.meshObservability
| Name | Type | Description | Required |
|---|---|---|---|
| demoSettings | object | false | |
| settings | object | false |
Cluster.spec.installTemplate.helm.spec.meshObservability.demoSettings
| Name | Type | Description | Required |
|---|---|---|---|
| apiEndpointMetricsEnabled | boolean | Toggle to process, analyze, and generate api endpoints RED metrics. | false |
Cluster.spec.installTemplate.helm.spec.meshObservability.settings
| Name | Type | Description | Required |
|---|---|---|---|
| apiEndpointMetricsEnabled | boolean | Toggle to process, analyze, and generate api endpoints RED metrics. | false |
Cluster.spec.installTemplate.helm.spec.providerSettings
Configures Kubernetes provider specific settings.
| Name | Type | Description | Required |
|---|---|---|---|
| eks | object | Settings specific to EKS. | false |
| route53 | object | Settings specific to Route53. | false |
Cluster.spec.installTemplate.helm.spec.providerSettings.eks
Settings specific to EKS.
| Name | Type | Description | Required |
|---|---|---|---|
| useNlbByDefault | boolean | false |
Cluster.spec.installTemplate.helm.spec.providerSettings.route53
Settings specific to Route53.
| Name | Type | Description | Required |
|---|---|---|---|
| domainFilter | []string | List of domains to limit possible target zones by a domain suffix. | false |
| evaluateTargetHealth | boolean | Control whether to evaluate the health of a DNS target. | false |
| filterSettings | object | Filter target settings. | false |
| interval | string | Duration of interval between individual synchronizations. | false |
| namespaceSelector | object | Specifies the namespace to watch. | false |
| policy | enum | Specifies the policy to use when managing DNS records. Enum: SYNC, UPSERT_ONLY, CREATE_ONLY | false |
| serviceAccountName | string | Service account name to use for IAM role. | false |
| ttl | integer | Default TTL (in seconds) value for DNS records. Format: int64 | false |
Cluster.spec.installTemplate.helm.spec.providerSettings.route53.filterSettings
Filter target settings.
| Name | Type | Description | Required |
|---|---|---|---|
| annotationFilter | string | Filter out (remove) targets that matches annotation using label selector semantics. | false |
| excludeDomain | []string | Exclude subdomains. | false |
| labelFilter | string | Filter out (remove) targets that matches label selector. | false |
| zoneIdFilter | []string | When using the AWS provider, filter for zones with this ID. | false |
| zoneTagFilter | []string | When using the AWS provider, filter for zones with this tag. | false |
| zoneType | enum | Filter out (removes) zones of this type. Enum: NONE, PUBLIC, PRIVATE | false |
Cluster.spec.installTemplate.helm.spec.providerSettings.route53.namespaceSelector
Specifies the namespace to watch.
| Name | Type | Description | Required |
|---|---|---|---|
| ignoreNamespaces | string | Comma separated list of namespaces to ignore when watching for DNS endpoints. | false |
| namespace | string | Specifies the namespace to watch for resources. | false |
Cluster.spec.installTemplate.helm.spec.telemetryStore
Configure the store that TSB will use to persist application telemetry data.
| Name | Type | Description | Required |
|---|---|---|---|
| elastic | object | false |
Cluster.spec.installTemplate.helm.spec.telemetryStore.elastic
| Name | Type | Description | Required |
|---|---|---|---|
| host | string | Elasticsearch host address (can be hostname or IP address). | false |
| port | integer | Port Elasticsearch is listening on. Format: int32 | false |
| protocol | enum | Protocol to communicate with Elasticsearch, defaults to https. Enum: https, http | false |
| selfSigned | boolean | Use Self-Signed certificates. | false |
| version | integer | DEPRECATED: Major version of the Elasticsearch cluster. Format: int32 | false |
Cluster.spec.locality
Deprecated.
| Name | Type | Description | Required |
|---|---|---|---|
| region | string | The geographic location of the cluster. | false |
Cluster.spec.namespaceScope
Configure the default scoping of namespaces in this cluster.
| Name | Type | Description | Required |
|---|---|---|---|
| exceptions | []string | Namespaces to be excluded form the default scope. | false |
| scope | enum | Enum: GLOBAL, LOCAL | false |
Cluster.spec.namespaces[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| services | []object | false |
Cluster.spec.namespaces[index].services[index]
| Name | Type | Description | Required |
|---|---|---|---|
| canonicalName | string | false | |
| gatewayHost | boolean | false | |
| hostname | string | The hostname by which this service is accessed. | false |
| kubernetesExternalAddresses | []string | false | |
| kubernetesServiceFqdn | string | false | |
| kubernetesServiceIp | string | false | |
| meshExternal | boolean | false | |
| name | string | false | |
| namespace | string | namespace associated with the service. | false |
| numHops | integer | Minimum: 0 | false |
| numKubernetesEndpoints | integer | The number of kubernetes pods providing this service. Minimum: 0 | false |
| numVmEndpoints | integer | The number of VMs providing this service. Minimum: 0 | false |
| ports | []object | The set of ports on which this service is exposed. | false |
| selector | map[string]string | label selectors associated with the service. | false |
| spiffeIds | []string | List of SPIFFE identities used by the workloads of the service. | false |
| subsets | []string | false | |
| tier1GatewayHost | boolean | false | |
| workloads | []object | Workloads implementing the Service. | false |
Cluster.spec.namespaces[index].services[index].ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| kubernetesNodePort | integer | Minimum: 0 | false |
| name | string | Name assigned to the port. | false |
| number | integer | A valid non-negative integer port number. Minimum: 0 | false |
Cluster.spec.namespaces[index].services[index].workloads[index]
| Name | Type | Description | Required |
|---|---|---|---|
| address | string | Routable address of the workload. | false |
| isVm | boolean | Indicates whether the workload is kubernetes endpoint or vm. | false |
| name | string | Instance name of the workload. | false |
| proxy | object | Proxy details. | false |
Cluster.spec.namespaces[index].services[index].workloads[index].proxy
Proxy details.
| Name | Type | Description | Required |
|---|---|---|---|
| controlPlaneAddress | string | false | |
| envoyVersion | string | Envoy version of the proxy. | false |
| istioVersion | string | Istio version of the proxy. | false |
| status | map[string]string | Sync status for each xDS component. | false |
Cluster.spec.serviceAccount
The service account created with permissions to manage the current cluster.
| Name | Type | Description | Required |
|---|---|---|---|
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
| keys | []object | Keys associated with the service account. | false |
Cluster.spec.serviceAccount.keys[index]
| Name | Type | Description | Required |
|---|---|---|---|
| defaultToken | string | false | |
| encoding | enum | Format in which the public and private keys are encoded. Enum: PEM, JWK | false |
| id | string | Unique identifier for this key-pair. | false |
| privateKey | string | The encoded private key associated with the service account. | false |
| publicKey | string | The encoded public key associated with the service account. | false |
Cluster.spec.state
| Name | Type | Description | Required |
|---|---|---|---|
| discoveredLocality | object | false | |
| istioVersions | []string | This shows currently running istio versions in the cluster. | false |
| lastSyncTime | string | Format: date-time | false |
| provider | string | cluster provider. | false |
| tsbCpVersion | string | false | |
| xcpVersion | string | false |
Cluster.spec.state.discoveredLocality
| Name | Type | Description | Required |
|---|---|---|---|
| region | string | The geographic location of the cluster. | false |
Organization
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | tsb.tetrate.io/v2 | true |
| kind | string | Organization | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object |
| false |
| status | object | false |
Organization.spec
Organization is the root of the Service Bridge object hierarchy.
| Name | Type | Description | Required |
|---|---|---|---|
| configGenerationMetadata | object | Default metadata values that will be propagated to the children Istio generated configurations. | false |
| deletionProtectionEnabled | boolean | When set, prevents the resource from being deleted. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
Organization.spec.configGenerationMetadata
Default metadata values that will be propagated to the children Istio generated configurations.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Set of key value paris that will be added into the | false |
| labels | map[string]string | Set of key value paris that will be added into the | false |
OrganizationSetting
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | tsb.tetrate.io/v2 | true |
| kind | string | OrganizationSetting | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object | Settings that apply globally to the entire organization. | false |
| status | object | false |
OrganizationSetting.spec
Settings that apply globally to the entire organization.
| Name | Type | Description | Required |
|---|---|---|---|
| defaultSecuritySetting | object | Security settings for all proxy workloads in this organization. | false |
| defaultTrafficSetting | object | Traffic settings for all proxy workloads in this organization. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
| networkSettings | object | Reachability between clusters on various networks. | false |
| regionalFailover | []object | Default locality routing settings for all gateways. | false |
OrganizationSetting.spec.defaultSecuritySetting
Security settings for all proxy workloads in this organization.
| Name | Type | Description | Required |
|---|---|---|---|
| authentication | enum | Enum: UNSET, OPTIONAL, REQUIRED | false |
| authenticationSettings | object | false | |
| authorization | object | false | |
| configGenerationMetadata | object | Metadata values that will be add into the Istio generated configurations. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| extension | []object | false | |
| fqn | string | Fully-qualified name of the resource. | false |
| propagationStrategy | enum | Enum: REPLACE, STRICTER | false |
| waf | object | NOTICE: this feature is in alpha stage and under active development. | false |
OrganizationSetting.spec.defaultSecuritySetting.authenticationSettings
| Name | Type | Description | Required |
|---|---|---|---|
| http | object | false | |
| trafficMode | enum | Enum: UNSET, OPTIONAL, REQUIRED | false |
OrganizationSetting.spec.defaultSecuritySetting.authenticationSettings.http
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | Authenticate an HTTP request from a JWT Token attached to it. | false |
| rules | object | List of rules how to authenticate an HTTP request. | false |
OrganizationSetting.spec.defaultSecuritySetting.authenticationSettings.http.jwt
Authenticate an HTTP request from a JWT Token attached to it.
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| fromHeaders | []object | This field specifies the locations to extract JWT token. | false |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false | |
| outputClaimToHeaders | []object | This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. | false |
| outputPayloadToHeader | string | false |
OrganizationSetting.spec.defaultSecuritySetting.authenticationSettings.http.jwt.fromHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | The HTTP header name. | false |
| prefix | string | The prefix that should be stripped before decoding the token. | false |
OrganizationSetting.spec.defaultSecuritySetting.authenticationSettings.http.jwt.outputClaimToHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| claim | string | The name of the claim to be copied from. | false |
| header | string | The name of the header to be created. | false |
OrganizationSetting.spec.defaultSecuritySetting.authenticationSettings.http.rules
List of rules how to authenticate an HTTP request.
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | []object | List of rules how to authenticate an HTTP request from a JWT Token attached to it. | false |
OrganizationSetting.spec.defaultSecuritySetting.authenticationSettings.http.rules.jwt[index]
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| fromHeaders | []object | This field specifies the locations to extract JWT token. | false |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false | |
| outputClaimToHeaders | []object | This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. | false |
| outputPayloadToHeader | string | false |
OrganizationSetting.spec.defaultSecuritySetting.authenticationSettings.http.rules.jwt[index].fromHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | The HTTP header name. | false |
| prefix | string | The prefix that should be stripped before decoding the token. | false |
OrganizationSetting.spec.defaultSecuritySetting.authenticationSettings.http.rules.jwt[index].outputClaimToHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| claim | string | The name of the claim to be copied from. | false |
| header | string | The name of the header to be created. | false |
OrganizationSetting.spec.defaultSecuritySetting.authorization
| Name | Type | Description | Required |
|---|---|---|---|
| http | object | This is for configuring HTTP request authorization. | false |
| mode | enum | A short cut for specifying the set of allowed callers. Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, DISABLED, CUSTOM, RULES | false |
| rules | object | false | |
| serviceAccounts | []string | false |
OrganizationSetting.spec.defaultSecuritySetting.authorization.http
This is for configuring HTTP request authorization.
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| local | object | false |
OrganizationSetting.spec.defaultSecuritySetting.authorization.http.external
| Name | Type | Description | Required |
|---|---|---|---|
| includeRequestHeaders | []string | false | |
| tls | object | false | |
| uri | string | false |
OrganizationSetting.spec.defaultSecuritySetting.authorization.http.external.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
OrganizationSetting.spec.defaultSecuritySetting.authorization.http.external.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
OrganizationSetting.spec.defaultSecuritySetting.authorization.http.local
| Name | Type | Description | Required |
|---|---|---|---|
| rules | []object | false |
OrganizationSetting.spec.defaultSecuritySetting.authorization.http.local.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | []object | false | |
| name | string | A friendly name to identify the binding. | false |
| to | []object | false |
OrganizationSetting.spec.defaultSecuritySetting.authorization.http.local.rules[index].from[index]
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | JWT configuration to identity the subject. | false |
OrganizationSetting.spec.defaultSecuritySetting.authorization.http.local.rules[index].from[index].jwt
JWT configuration to identity the subject.
| Name | Type | Description | Required |
|---|---|---|---|
| iss | string | false | |
| other | map[string]string | A set of arbitrary claims that are required to qualify the subject. | false |
| sub | string | false |
OrganizationSetting.spec.defaultSecuritySetting.authorization.http.local.rules[index].to[index]
| Name | Type | Description | Required |
|---|---|---|---|
| methods | []string | The HTTP methods that are allowed by this rule. | false |
| paths | []string | The request path where the request is made against. | false |
OrganizationSetting.spec.defaultSecuritySetting.authorization.rules
| Name | Type | Description | Required |
|---|---|---|---|
| allow | []object | Allow specifies a list of rules. | false |
| deny | []object | Deny specifies a list of rules. | false |
| denyAll | boolean | Deny all specifies whether all requests should be rejected. | false |
OrganizationSetting.spec.defaultSecuritySetting.authorization.rules.allow[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | object | From specifies the source of a request. | false |
| to | object | To specifies the destination of a request. | false |
OrganizationSetting.spec.defaultSecuritySetting.authorization.rules.allow[index].from
From specifies the source of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the source of a request. | false |
OrganizationSetting.spec.defaultSecuritySetting.authorization.rules.allow[index].to
To specifies the destination of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the destination of a request. | false |
OrganizationSetting.spec.defaultSecuritySetting.authorization.rules.deny[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | object | From specifies the source of a request. | false |
| to | object | To specifies the destination of a request. | false |
OrganizationSetting.spec.defaultSecuritySetting.authorization.rules.deny[index].from
From specifies the source of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the source of a request. | false |
OrganizationSetting.spec.defaultSecuritySetting.authorization.rules.deny[index].to
To specifies the destination of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the destination of a request. | false |
OrganizationSetting.spec.defaultSecuritySetting.configGenerationMetadata
Metadata values that will be add into the Istio generated configurations.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Set of key value paris that will be added into the | false |
| labels | map[string]string | Set of key value paris that will be added into the | false |
OrganizationSetting.spec.defaultSecuritySetting.extension[index]
| Name | Type | Description | Required |
|---|---|---|---|
| config | object | Configuration parameters sent to the WASM plugin execution. | false |
| fqn | string | Fqn of the extension to be executed. | false |
| match | []object | Specifies the criteria to determine which traffic is passed to WasmExtension. | false |
OrganizationSetting.spec.defaultSecuritySetting.extension[index].match[index]
| Name | Type | Description | Required |
|---|---|---|---|
| mode | enum | Criteria for selecting traffic by their direction. Enum: UNDEFINED, CLIENT, SERVER, CLIENT_AND_SERVER | false |
| ports | []object | Criteria for selecting traffic by their destination port. | false |
OrganizationSetting.spec.defaultSecuritySetting.extension[index].match[index].ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| number | integer | Minimum: 0 | false |
OrganizationSetting.spec.defaultSecuritySetting.waf
NOTICE: this feature is in alpha stage and under active development.
| Name | Type | Description | Required |
|---|---|---|---|
| rules | []string | Rules to be leveraged by WAF. | false |
OrganizationSetting.spec.defaultTrafficSetting
Traffic settings for all proxy workloads in this organization.
| Name | Type | Description | Required |
|---|---|---|---|
| configGenerationMetadata | object | Metadata values that will be add into the Istio generated configurations. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| egress | object | false | |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
| rateLimiting | object | Configuration for rate limiting requests. | false |
| reachability | object | false | |
| resilience | object | false |
OrganizationSetting.spec.defaultTrafficSetting.configGenerationMetadata
Metadata values that will be add into the Istio generated configurations.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Set of key value paris that will be added into the | false |
| labels | map[string]string | Set of key value paris that will be added into the | false |
OrganizationSetting.spec.defaultTrafficSetting.egress
| Name | Type | Description | Required |
|---|---|---|---|
| host | string | Specifies the egress gateway hostname. | false |
| port | integer | Deprecated. Format: int32 | false |
OrganizationSetting.spec.defaultTrafficSetting.rateLimiting
Configuration for rate limiting requests.
| Name | Type | Description | Required |
|---|---|---|---|
| externalService | object | Configure ratelimiting using an external ratelimit server. | false |
| settings | object | false |
OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.externalService
Configure ratelimiting using an external ratelimit server.
| Name | Type | Description | Required |
|---|---|---|---|
| domain | string | The rate limit domain to use when calling the rate limit service. | false |
| failClosed | boolean | false | |
| rateLimitServerUri | string | The URI at which the external rate limit server can be reached. | false |
| rules | []object | A set of rate limit rules. | false |
| timeout | string | The timeout in seconds for the external rate limit server RPC. | false |
| tls | object | false |
OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| dimensions | []object | A list of dimensions that are to be applied for this rate limit configuration. | false |
OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index].dimensions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| destinationCluster | object | Rate limit on destination envoy cluster. | false |
| headerValueMatch | object | Rate limit on the existence of certain request headers. | false |
| remoteAddress | object | Rate limit on remote address of client. | false |
| requestHeaders | object | Rate limit on the value of certain request headers. | false |
| sourceCluster | object | Rate limit on source envoy cluster. | false |
OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch
Rate limit on the existence of certain request headers.
| Name | Type | Description | Required |
|---|---|---|---|
| descriptorValue | string | The value to use in the descriptor entry. | false |
| headers | map[string]object | false |
OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch.headers[key]
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index].dimensions[index].requestHeaders
Rate limit on the value of certain request headers.
| Name | Type | Description | Required |
|---|---|---|---|
| descriptorKey | string | The key to use in the descriptor entry. | false |
| headerName | string | The header name to be queried from the request headers. | false |
OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.externalService.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.externalService.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.settings
| Name | Type | Description | Required |
|---|---|---|---|
| failClosed | boolean | false | |
| rules | []object | A list of rules for ratelimiting. | false |
| timeout | string | The timeout in seconds for the rate limit server RPC. | false |
OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| dimensions | []object | A list of dimensions to define each ratelimit rule. | false |
| limit | object | The ratelimit value that will be configured for the above rules. | false |
OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].dimensions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| header | object | Rate limit on certain HTTP headers. | false |
| remoteAddress | object | Rate limit on the remote address of client. | false |
OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].dimensions[index].header
Rate limit on certain HTTP headers.
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the header to match on. | false |
| value | object | Value of the header to match on if matching on a specific value. | false |
OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].dimensions[index].header.value
Value of the header to match on if matching on a specific value.
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].dimensions[index].remoteAddress
Rate limit on the remote address of client.
| Name | Type | Description | Required |
|---|---|---|---|
| value | string | Ratelimit on a specific remote address. | false |
OrganizationSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].limit
The ratelimit value that will be configured for the above rules.
| Name | Type | Description | Required |
|---|---|---|---|
| requestsPerUnit | integer | Specifies the value of the rate limit. Minimum: 0 | false |
| unit | enum | Specifies the unit of time for rate limit. Enum: UNKNOWN, SECOND, MINUTE, HOUR, DAY | false |
OrganizationSetting.spec.defaultTrafficSetting.reachability
| Name | Type | Description | Required |
|---|---|---|---|
| hosts | []string | false | |
| mode | enum | A short cut for specifying the set of services accessed by the workload. Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, CUSTOM | false |
OrganizationSetting.spec.defaultTrafficSetting.resilience
| Name | Type | Description | Required |
|---|---|---|---|
| circuitBreakerSensitivity | enum | Enum: UNSET, LOW, MEDIUM, HIGH | false |
| httpRequestTimeout | string | Timeout for HTTP requests. | false |
| httpRetries | object | Retry policy for HTTP requests. | false |
| keepAlive | object | Keep Alive Settings. | false |
| tcpKeepalive | boolean | Deprecated. | false |
OrganizationSetting.spec.defaultTrafficSetting.resilience.httpRetries
Retry policy for HTTP requests.
| Name | Type | Description | Required |
|---|---|---|---|
| attempts | integer | Number of retries for a given request. Format: int32 | false |
| perTryTimeout | string | Timeout per retry attempt for a given request. | false |
| retryOn | string | Specifies the conditions under which retry takes place. | false |
OrganizationSetting.spec.defaultTrafficSetting.resilience.keepAlive
Keep Alive Settings.
| Name | Type | Description | Required |
|---|---|---|---|
| tcp | object | TCP Keep Alive settings associated with the upstream and downstream TCP connections. | false |
OrganizationSetting.spec.defaultTrafficSetting.resilience.keepAlive.tcp
TCP Keep Alive settings associated with the upstream and downstream TCP connections.
| Name | Type | Description | Required |
|---|---|---|---|
| downstream | object | TCP Keep Alive Settings associated with the downstream (client) connection. | false |
| upstream | object | TCP Keep Alive Settings associated with the upstream (backend) connection. | false |
OrganizationSetting.spec.defaultTrafficSetting.resilience.keepAlive.tcp.downstream
TCP Keep Alive Settings associated with the downstream (client) connection.
| Name | Type | Description | Required |
|---|---|---|---|
| idleTime | integer | Minimum: 0 | false |
| interval | integer | The number of seconds between keep-alive probes. Minimum: 0 | false |
| probes | integer | Minimum: 0 | false |
OrganizationSetting.spec.defaultTrafficSetting.resilience.keepAlive.tcp.upstream
TCP Keep Alive Settings associated with the upstream (backend) connection.
| Name | Type | Description | Required |
|---|---|---|---|
| idleTime | integer | Minimum: 0 | false |
| interval | integer | The number of seconds between keep-alive probes. Minimum: 0 | false |
| probes | integer | Minimum: 0 | false |
OrganizationSetting.spec.networkSettings
Reachability between clusters on various networks.
| Name | Type | Description | Required |
|---|---|---|---|
| networkReachability | map[string]string | Reachability between clusters on various networks. | false |
OrganizationSetting.spec.regionalFailover[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | string | Originating region. | false |
| to | string | false |
ServiceAccount
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | tsb.tetrate.io/v2 | true |
| kind | string | ServiceAccount | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object |
| false |
| status | object | false |
ServiceAccount.spec
ServiceAccount represents a service account that can be used to access the TSB platform.
| Name | Type | Description | Required |
|---|---|---|---|
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
| keys | []object | Keys associated with the service account. | false |
ServiceAccount.spec.keys[index]
| Name | Type | Description | Required |
|---|---|---|---|
| defaultToken | string | false | |
| encoding | enum | Format in which the public and private keys are encoded. Enum: PEM, JWK | false |
| id | string | Unique identifier for this key-pair. | false |
| privateKey | string | The encoded private key associated with the service account. | false |
| publicKey | string | The encoded public key associated with the service account. | false |
Team
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | tsb.tetrate.io/v2 | true |
| kind | string | Team | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object |
| false |
| status | object | false |
Team.spec
Team is a named collection of users under a tenant.
| Name | Type | Description | Required |
|---|---|---|---|
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
| members | []string | List of members under the team. | false |
| sourceType | enum | Where the team comes from. Enum: INVALID, LDAP, LOCAL, AZURE, MANUAL | false |
Tenant
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | tsb.tetrate.io/v2 | true |
| kind | string | Tenant | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object |
| false |
| status | object | false |
Tenant.spec
Tenant is a self-contained entity within an organization in the Service Bridge hierarchy.
| Name | Type | Description | Required |
|---|---|---|---|
| configGenerationMetadata | object | Default metadata values that will be propagated to the children Istio generated configurations. | false |
| deletionProtectionEnabled | boolean | When set, prevents the resource from being deleted. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
| securityDomain | string | Security domains can be used to group different resources under the same security domain. | false |
Tenant.spec.configGenerationMetadata
Default metadata values that will be propagated to the children Istio generated configurations.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Set of key value paris that will be added into the | false |
| labels | map[string]string | Set of key value paris that will be added into the | false |
TenantSetting
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | tsb.tetrate.io/v2 | true |
| kind | string | TenantSetting | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object | Default settings that apply to all workspaces under a tenant. | false |
| status | object | false |
TenantSetting.spec
Default settings that apply to all workspaces under a tenant.
| Name | Type | Description | Required |
|---|---|---|---|
| defaultSecuritySetting | object | Security settings for all proxy workloads in this tenant. | false |
| defaultTrafficSetting | object | Traffic settings for all proxy workloads in this tenant. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
TenantSetting.spec.defaultSecuritySetting
Security settings for all proxy workloads in this tenant.
| Name | Type | Description | Required |
|---|---|---|---|
| authentication | enum | Enum: UNSET, OPTIONAL, REQUIRED | false |
| authenticationSettings | object | false | |
| authorization | object | false | |
| configGenerationMetadata | object | Metadata values that will be add into the Istio generated configurations. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| extension | []object | false | |
| fqn | string | Fully-qualified name of the resource. | false |
| propagationStrategy | enum | Enum: REPLACE, STRICTER | false |
| waf | object | NOTICE: this feature is in alpha stage and under active development. | false |
TenantSetting.spec.defaultSecuritySetting.authenticationSettings
| Name | Type | Description | Required |
|---|---|---|---|
| http | object | false | |
| trafficMode | enum | Enum: UNSET, OPTIONAL, REQUIRED | false |
TenantSetting.spec.defaultSecuritySetting.authenticationSettings.http
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | Authenticate an HTTP request from a JWT Token attached to it. | false |
| rules | object | List of rules how to authenticate an HTTP request. | false |
TenantSetting.spec.defaultSecuritySetting.authenticationSettings.http.jwt
Authenticate an HTTP request from a JWT Token attached to it.
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| fromHeaders | []object | This field specifies the locations to extract JWT token. | false |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false | |
| outputClaimToHeaders | []object | This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. | false |
| outputPayloadToHeader | string | false |
TenantSetting.spec.defaultSecuritySetting.authenticationSettings.http.jwt.fromHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | The HTTP header name. | false |
| prefix | string | The prefix that should be stripped before decoding the token. | false |
TenantSetting.spec.defaultSecuritySetting.authenticationSettings.http.jwt.outputClaimToHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| claim | string | The name of the claim to be copied from. | false |
| header | string | The name of the header to be created. | false |
TenantSetting.spec.defaultSecuritySetting.authenticationSettings.http.rules
List of rules how to authenticate an HTTP request.
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | []object | List of rules how to authenticate an HTTP request from a JWT Token attached to it. | false |
TenantSetting.spec.defaultSecuritySetting.authenticationSettings.http.rules.jwt[index]
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| fromHeaders | []object | This field specifies the locations to extract JWT token. | false |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false | |
| outputClaimToHeaders | []object | This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. | false |
| outputPayloadToHeader | string | false |
TenantSetting.spec.defaultSecuritySetting.authenticationSettings.http.rules.jwt[index].fromHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | The HTTP header name. | false |
| prefix | string | The prefix that should be stripped before decoding the token. | false |
TenantSetting.spec.defaultSecuritySetting.authenticationSettings.http.rules.jwt[index].outputClaimToHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| claim | string | The name of the claim to be copied from. | false |
| header | string | The name of the header to be created. | false |
TenantSetting.spec.defaultSecuritySetting.authorization
| Name | Type | Description | Required |
|---|---|---|---|
| http | object | This is for configuring HTTP request authorization. | false |
| mode | enum | A short cut for specifying the set of allowed callers. Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, DISABLED, CUSTOM, RULES | false |
| rules | object | false | |
| serviceAccounts | []string | false |
TenantSetting.spec.defaultSecuritySetting.authorization.http
This is for configuring HTTP request authorization.
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| local | object | false |
TenantSetting.spec.defaultSecuritySetting.authorization.http.external
| Name | Type | Description | Required |
|---|---|---|---|
| includeRequestHeaders | []string | false | |
| tls | object | false | |
| uri | string | false |
TenantSetting.spec.defaultSecuritySetting.authorization.http.external.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
TenantSetting.spec.defaultSecuritySetting.authorization.http.external.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
TenantSetting.spec.defaultSecuritySetting.authorization.http.local
| Name | Type | Description | Required |
|---|---|---|---|
| rules | []object | false |
TenantSetting.spec.defaultSecuritySetting.authorization.http.local.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | []object | false | |
| name | string | A friendly name to identify the binding. | false |
| to | []object | false |
TenantSetting.spec.defaultSecuritySetting.authorization.http.local.rules[index].from[index]
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | JWT configuration to identity the subject. | false |
TenantSetting.spec.defaultSecuritySetting.authorization.http.local.rules[index].from[index].jwt
JWT configuration to identity the subject.
| Name | Type | Description | Required |
|---|---|---|---|
| iss | string | false | |
| other | map[string]string | A set of arbitrary claims that are required to qualify the subject. | false |
| sub | string | false |
TenantSetting.spec.defaultSecuritySetting.authorization.http.local.rules[index].to[index]
| Name | Type | Description | Required |
|---|---|---|---|
| methods | []string | The HTTP methods that are allowed by this rule. | false |
| paths | []string | The request path where the request is made against. | false |
TenantSetting.spec.defaultSecuritySetting.authorization.rules
| Name | Type | Description | Required |
|---|---|---|---|
| allow | []object | Allow specifies a list of rules. | false |
| deny | []object | Deny specifies a list of rules. | false |
| denyAll | boolean | Deny all specifies whether all requests should be rejected. | false |
TenantSetting.spec.defaultSecuritySetting.authorization.rules.allow[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | object | From specifies the source of a request. | false |
| to | object | To specifies the destination of a request. | false |
TenantSetting.spec.defaultSecuritySetting.authorization.rules.allow[index].from
From specifies the source of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the source of a request. | false |
TenantSetting.spec.defaultSecuritySetting.authorization.rules.allow[index].to
To specifies the destination of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the destination of a request. | false |
TenantSetting.spec.defaultSecuritySetting.authorization.rules.deny[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | object | From specifies the source of a request. | false |
| to | object | To specifies the destination of a request. | false |
TenantSetting.spec.defaultSecuritySetting.authorization.rules.deny[index].from
From specifies the source of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the source of a request. | false |
TenantSetting.spec.defaultSecuritySetting.authorization.rules.deny[index].to
To specifies the destination of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the destination of a request. | false |
TenantSetting.spec.defaultSecuritySetting.configGenerationMetadata
Metadata values that will be add into the Istio generated configurations.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Set of key value paris that will be added into the | false |
| labels | map[string]string | Set of key value paris that will be added into the | false |
TenantSetting.spec.defaultSecuritySetting.extension[index]
| Name | Type | Description | Required |
|---|---|---|---|
| config | object | Configuration parameters sent to the WASM plugin execution. | false |
| fqn | string | Fqn of the extension to be executed. | false |
| match | []object | Specifies the criteria to determine which traffic is passed to WasmExtension. | false |
TenantSetting.spec.defaultSecuritySetting.extension[index].match[index]
| Name | Type | Description | Required |
|---|---|---|---|
| mode | enum | Criteria for selecting traffic by their direction. Enum: UNDEFINED, CLIENT, SERVER, CLIENT_AND_SERVER | false |
| ports | []object | Criteria for selecting traffic by their destination port. | false |
TenantSetting.spec.defaultSecuritySetting.extension[index].match[index].ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| number | integer | Minimum: 0 | false |
TenantSetting.spec.defaultSecuritySetting.waf
NOTICE: this feature is in alpha stage and under active development.
| Name | Type | Description | Required |
|---|---|---|---|
| rules | []string | Rules to be leveraged by WAF. | false |
TenantSetting.spec.defaultTrafficSetting
Traffic settings for all proxy workloads in this tenant.
| Name | Type | Description | Required |
|---|---|---|---|
| configGenerationMetadata | object | Metadata values that will be add into the Istio generated configurations. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| egress | object | false | |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
| rateLimiting | object | Configuration for rate limiting requests. | false |
| reachability | object | false | |
| resilience | object | false |
TenantSetting.spec.defaultTrafficSetting.configGenerationMetadata
Metadata values that will be add into the Istio generated configurations.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Set of key value paris that will be added into the | false |
| labels | map[string]string | Set of key value paris that will be added into the | false |
TenantSetting.spec.defaultTrafficSetting.egress
| Name | Type | Description | Required |
|---|---|---|---|
| host | string | Specifies the egress gateway hostname. | false |
| port | integer | Deprecated. Format: int32 | false |
TenantSetting.spec.defaultTrafficSetting.rateLimiting
Configuration for rate limiting requests.
| Name | Type | Description | Required |
|---|---|---|---|
| externalService | object | Configure ratelimiting using an external ratelimit server. | false |
| settings | object | false |
TenantSetting.spec.defaultTrafficSetting.rateLimiting.externalService
Configure ratelimiting using an external ratelimit server.
| Name | Type | Description | Required |
|---|---|---|---|
| domain | string | The rate limit domain to use when calling the rate limit service. | false |
| failClosed | boolean | false | |
| rateLimitServerUri | string | The URI at which the external rate limit server can be reached. | false |
| rules | []object | A set of rate limit rules. | false |
| timeout | string | The timeout in seconds for the external rate limit server RPC. | false |
| tls | object | false |
TenantSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| dimensions | []object | A list of dimensions that are to be applied for this rate limit configuration. | false |
TenantSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index].dimensions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| destinationCluster | object | Rate limit on destination envoy cluster. | false |
| headerValueMatch | object | Rate limit on the existence of certain request headers. | false |
| remoteAddress | object | Rate limit on remote address of client. | false |
| requestHeaders | object | Rate limit on the value of certain request headers. | false |
| sourceCluster | object | Rate limit on source envoy cluster. | false |
TenantSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch
Rate limit on the existence of certain request headers.
| Name | Type | Description | Required |
|---|---|---|---|
| descriptorValue | string | The value to use in the descriptor entry. | false |
| headers | map[string]object | false |
TenantSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch.headers[key]
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
TenantSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index].dimensions[index].requestHeaders
Rate limit on the value of certain request headers.
| Name | Type | Description | Required |
|---|---|---|---|
| descriptorKey | string | The key to use in the descriptor entry. | false |
| headerName | string | The header name to be queried from the request headers. | false |
TenantSetting.spec.defaultTrafficSetting.rateLimiting.externalService.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
TenantSetting.spec.defaultTrafficSetting.rateLimiting.externalService.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
TenantSetting.spec.defaultTrafficSetting.rateLimiting.settings
| Name | Type | Description | Required |
|---|---|---|---|
| failClosed | boolean | false | |
| rules | []object | A list of rules for ratelimiting. | false |
| timeout | string | The timeout in seconds for the rate limit server RPC. | false |
TenantSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| dimensions | []object | A list of dimensions to define each ratelimit rule. | false |
| limit | object | The ratelimit value that will be configured for the above rules. | false |
TenantSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].dimensions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| header | object | Rate limit on certain HTTP headers. | false |
| remoteAddress | object | Rate limit on the remote address of client. | false |
TenantSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].dimensions[index].header
Rate limit on certain HTTP headers.
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the header to match on. | false |
| value | object | Value of the header to match on if matching on a specific value. | false |
TenantSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].dimensions[index].header.value
Value of the header to match on if matching on a specific value.
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
TenantSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].dimensions[index].remoteAddress
Rate limit on the remote address of client.
| Name | Type | Description | Required |
|---|---|---|---|
| value | string | Ratelimit on a specific remote address. | false |
TenantSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].limit
The ratelimit value that will be configured for the above rules.
| Name | Type | Description | Required |
|---|---|---|---|
| requestsPerUnit | integer | Specifies the value of the rate limit. Minimum: 0 | false |
| unit | enum | Specifies the unit of time for rate limit. Enum: UNKNOWN, SECOND, MINUTE, HOUR, DAY | false |
TenantSetting.spec.defaultTrafficSetting.reachability
| Name | Type | Description | Required |
|---|---|---|---|
| hosts | []string | false | |
| mode | enum | A short cut for specifying the set of services accessed by the workload. Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, CUSTOM | false |
TenantSetting.spec.defaultTrafficSetting.resilience
| Name | Type | Description | Required |
|---|---|---|---|
| circuitBreakerSensitivity | enum | Enum: UNSET, LOW, MEDIUM, HIGH | false |
| httpRequestTimeout | string | Timeout for HTTP requests. | false |
| httpRetries | object | Retry policy for HTTP requests. | false |
| keepAlive | object | Keep Alive Settings. | false |
| tcpKeepalive | boolean | Deprecated. | false |
TenantSetting.spec.defaultTrafficSetting.resilience.httpRetries
Retry policy for HTTP requests.
| Name | Type | Description | Required |
|---|---|---|---|
| attempts | integer | Number of retries for a given request. Format: int32 | false |
| perTryTimeout | string | Timeout per retry attempt for a given request. | false |
| retryOn | string | Specifies the conditions under which retry takes place. | false |
TenantSetting.spec.defaultTrafficSetting.resilience.keepAlive
Keep Alive Settings.
| Name | Type | Description | Required |
|---|---|---|---|
| tcp | object | TCP Keep Alive settings associated with the upstream and downstream TCP connections. | false |
TenantSetting.spec.defaultTrafficSetting.resilience.keepAlive.tcp
TCP Keep Alive settings associated with the upstream and downstream TCP connections.
| Name | Type | Description | Required |
|---|---|---|---|
| downstream | object | TCP Keep Alive Settings associated with the downstream (client) connection. | false |
| upstream | object | TCP Keep Alive Settings associated with the upstream (backend) connection. | false |
TenantSetting.spec.defaultTrafficSetting.resilience.keepAlive.tcp.downstream
TCP Keep Alive Settings associated with the downstream (client) connection.
| Name | Type | Description | Required |
|---|---|---|---|
| idleTime | integer | Minimum: 0 | false |
| interval | integer | The number of seconds between keep-alive probes. Minimum: 0 | false |
| probes | integer | Minimum: 0 | false |
TenantSetting.spec.defaultTrafficSetting.resilience.keepAlive.tcp.upstream
TCP Keep Alive Settings associated with the upstream (backend) connection.
| Name | Type | Description | Required |
|---|---|---|---|
| idleTime | integer | Minimum: 0 | false |
| interval | integer | The number of seconds between keep-alive probes. Minimum: 0 | false |
| probes | integer | Minimum: 0 | false |
Workspace
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | tsb.tetrate.io/v2 | true |
| kind | string | Workspace | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object | A Workspace is a collection of related namespaces in one or more clusters. | false |
| status | object | false |
Workspace.spec
A Workspace is a collection of related namespaces in one or more clusters.
| Name | Type | Description | Required |
|---|---|---|---|
| configGenerationMetadata | object | Default metadata values that will be propagated to the children Istio generated configurations. | false |
| deletionProtectionEnabled | boolean | When set, prevents the resource from being deleted. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
| isolationBoundary | string | Istio Isolation Boundary name to which this workspace belongs. | false |
| namespaceSelector | object | Set of namespaces owned exclusively by this workspace. | false |
| privileged | boolean | false | |
| securityDomain | string | Security domains can be used to group different resources under the same security domain. | false |
Workspace.spec.configGenerationMetadata
Default metadata values that will be propagated to the children Istio generated configurations.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Set of key value paris that will be added into the | false |
| labels | map[string]string | Set of key value paris that will be added into the | false |
Workspace.spec.namespaceSelector
Set of namespaces owned exclusively by this workspace.
| Name | Type | Description | Required |
|---|---|---|---|
| names | []string | false |
WorkspaceSetting
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | tsb.tetrate.io/v2 | true |
| kind | string | WorkspaceSetting | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object | Default security and traffic settings for all proxy workloads in the workspace. | false |
| status | object | false |
WorkspaceSetting.spec
Default security and traffic settings for all proxy workloads in the workspace.
| Name | Type | Description | Required |
|---|---|---|---|
| defaultEastWestGatewaySettings | []object | Default east west gateway settings specifies workspace-wide east-west gateway configuration. | false |
| defaultSecuritySetting | object | Security settings for all proxy workloads in this workspace. | false |
| defaultTrafficSetting | object | Traffic settings for all proxy workloads in this workspace. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
| hostsReachability | object | Hosts reachability defines the list of hostnames that this workspace can reach. | false |
| regionalFailover | []object | Locality routing settings for all gateways in the workspace. | false |
WorkspaceSetting.spec.defaultEastWestGatewaySettings[index]
| Name | Type | Description | Required |
|---|---|---|---|
| configGenerationMetadata | object | Metadata values that will be add into the Istio generated configurations. | false |
| exposedServices | []object | false | |
| workloadSelector | object | false |
WorkspaceSetting.spec.defaultEastWestGatewaySettings[index].configGenerationMetadata
Metadata values that will be add into the Istio generated configurations.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Set of key value paris that will be added into the | false |
| labels | map[string]string | Set of key value paris that will be added into the | false |
WorkspaceSetting.spec.defaultEastWestGatewaySettings[index].exposedServices[index]
| Name | Type | Description | Required |
|---|---|---|---|
| serviceLabels | map[string]string | false |
WorkspaceSetting.spec.defaultEastWestGatewaySettings[index].workloadSelector
| Name | Type | Description | Required |
|---|---|---|---|
| labels | map[string]string | false | |
| namespace | string | The namespace where the workload resides. | false |
WorkspaceSetting.spec.defaultSecuritySetting
Security settings for all proxy workloads in this workspace.
| Name | Type | Description | Required |
|---|---|---|---|
| authentication | enum | Enum: UNSET, OPTIONAL, REQUIRED | false |
| authenticationSettings | object | false | |
| authorization | object | false | |
| configGenerationMetadata | object | Metadata values that will be add into the Istio generated configurations. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| extension | []object | false | |
| fqn | string | Fully-qualified name of the resource. | false |
| propagationStrategy | enum | Enum: REPLACE, STRICTER | false |
| waf | object | NOTICE: this feature is in alpha stage and under active development. | false |
WorkspaceSetting.spec.defaultSecuritySetting.authenticationSettings
| Name | Type | Description | Required |
|---|---|---|---|
| http | object | false | |
| trafficMode | enum | Enum: UNSET, OPTIONAL, REQUIRED | false |
WorkspaceSetting.spec.defaultSecuritySetting.authenticationSettings.http
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | Authenticate an HTTP request from a JWT Token attached to it. | false |
| rules | object | List of rules how to authenticate an HTTP request. | false |
WorkspaceSetting.spec.defaultSecuritySetting.authenticationSettings.http.jwt
Authenticate an HTTP request from a JWT Token attached to it.
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| fromHeaders | []object | This field specifies the locations to extract JWT token. | false |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false | |
| outputClaimToHeaders | []object | This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. | false |
| outputPayloadToHeader | string | false |
WorkspaceSetting.spec.defaultSecuritySetting.authenticationSettings.http.jwt.fromHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | The HTTP header name. | false |
| prefix | string | The prefix that should be stripped before decoding the token. | false |
WorkspaceSetting.spec.defaultSecuritySetting.authenticationSettings.http.jwt.outputClaimToHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| claim | string | The name of the claim to be copied from. | false |
| header | string | The name of the header to be created. | false |
WorkspaceSetting.spec.defaultSecuritySetting.authenticationSettings.http.rules
List of rules how to authenticate an HTTP request.
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | []object | List of rules how to authenticate an HTTP request from a JWT Token attached to it. | false |
WorkspaceSetting.spec.defaultSecuritySetting.authenticationSettings.http.rules.jwt[index]
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| fromHeaders | []object | This field specifies the locations to extract JWT token. | false |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false | |
| outputClaimToHeaders | []object | This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. | false |
| outputPayloadToHeader | string | false |
WorkspaceSetting.spec.defaultSecuritySetting.authenticationSettings.http.rules.jwt[index].fromHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | The HTTP header name. | false |
| prefix | string | The prefix that should be stripped before decoding the token. | false |
WorkspaceSetting.spec.defaultSecuritySetting.authenticationSettings.http.rules.jwt[index].outputClaimToHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| claim | string | The name of the claim to be copied from. | false |
| header | string | The name of the header to be created. | false |
WorkspaceSetting.spec.defaultSecuritySetting.authorization
| Name | Type | Description | Required |
|---|---|---|---|
| http | object | This is for configuring HTTP request authorization. | false |
| mode | enum | A short cut for specifying the set of allowed callers. Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, DISABLED, CUSTOM, RULES | false |
| rules | object | false | |
| serviceAccounts | []string | false |
WorkspaceSetting.spec.defaultSecuritySetting.authorization.http
This is for configuring HTTP request authorization.
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| local | object | false |
WorkspaceSetting.spec.defaultSecuritySetting.authorization.http.external
| Name | Type | Description | Required |
|---|---|---|---|
| includeRequestHeaders | []string | false | |
| tls | object | false | |
| uri | string | false |
WorkspaceSetting.spec.defaultSecuritySetting.authorization.http.external.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
WorkspaceSetting.spec.defaultSecuritySetting.authorization.http.external.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
WorkspaceSetting.spec.defaultSecuritySetting.authorization.http.local
| Name | Type | Description | Required |
|---|---|---|---|
| rules | []object | false |
WorkspaceSetting.spec.defaultSecuritySetting.authorization.http.local.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | []object | false | |
| name | string | A friendly name to identify the binding. | false |
| to | []object | false |
WorkspaceSetting.spec.defaultSecuritySetting.authorization.http.local.rules[index].from[index]
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | JWT configuration to identity the subject. | false |
WorkspaceSetting.spec.defaultSecuritySetting.authorization.http.local.rules[index].from[index].jwt
JWT configuration to identity the subject.
| Name | Type | Description | Required |
|---|---|---|---|
| iss | string | false | |
| other | map[string]string | A set of arbitrary claims that are required to qualify the subject. | false |
| sub | string | false |
WorkspaceSetting.spec.defaultSecuritySetting.authorization.http.local.rules[index].to[index]
| Name | Type | Description | Required |
|---|---|---|---|
| methods | []string | The HTTP methods that are allowed by this rule. | false |
| paths | []string | The request path where the request is made against. | false |
WorkspaceSetting.spec.defaultSecuritySetting.authorization.rules
| Name | Type | Description | Required |
|---|---|---|---|
| allow | []object | Allow specifies a list of rules. | false |
| deny | []object | Deny specifies a list of rules. | false |
| denyAll | boolean | Deny all specifies whether all requests should be rejected. | false |
WorkspaceSetting.spec.defaultSecuritySetting.authorization.rules.allow[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | object | From specifies the source of a request. | false |
| to | object | To specifies the destination of a request. | false |
WorkspaceSetting.spec.defaultSecuritySetting.authorization.rules.allow[index].from
From specifies the source of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the source of a request. | false |
WorkspaceSetting.spec.defaultSecuritySetting.authorization.rules.allow[index].to
To specifies the destination of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the destination of a request. | false |
WorkspaceSetting.spec.defaultSecuritySetting.authorization.rules.deny[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | object | From specifies the source of a request. | false |
| to | object | To specifies the destination of a request. | false |
WorkspaceSetting.spec.defaultSecuritySetting.authorization.rules.deny[index].from
From specifies the source of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the source of a request. | false |
WorkspaceSetting.spec.defaultSecuritySetting.authorization.rules.deny[index].to
To specifies the destination of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the destination of a request. | false |
WorkspaceSetting.spec.defaultSecuritySetting.configGenerationMetadata
Metadata values that will be add into the Istio generated configurations.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Set of key value paris that will be added into the | false |
| labels | map[string]string | Set of key value paris that will be added into the | false |
WorkspaceSetting.spec.defaultSecuritySetting.extension[index]
| Name | Type | Description | Required |
|---|---|---|---|
| config | object | Configuration parameters sent to the WASM plugin execution. | false |
| fqn | string | Fqn of the extension to be executed. | false |
| match | []object | Specifies the criteria to determine which traffic is passed to WasmExtension. | false |
WorkspaceSetting.spec.defaultSecuritySetting.extension[index].match[index]
| Name | Type | Description | Required |
|---|---|---|---|
| mode | enum | Criteria for selecting traffic by their direction. Enum: UNDEFINED, CLIENT, SERVER, CLIENT_AND_SERVER | false |
| ports | []object | Criteria for selecting traffic by their destination port. | false |
WorkspaceSetting.spec.defaultSecuritySetting.extension[index].match[index].ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| number | integer | Minimum: 0 | false |
WorkspaceSetting.spec.defaultSecuritySetting.waf
NOTICE: this feature is in alpha stage and under active development.
| Name | Type | Description | Required |
|---|---|---|---|
| rules | []string | Rules to be leveraged by WAF. | false |
WorkspaceSetting.spec.defaultTrafficSetting
Traffic settings for all proxy workloads in this workspace.
| Name | Type | Description | Required |
|---|---|---|---|
| configGenerationMetadata | object | Metadata values that will be add into the Istio generated configurations. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| egress | object | false | |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
| rateLimiting | object | Configuration for rate limiting requests. | false |
| reachability | object | false | |
| resilience | object | false |
WorkspaceSetting.spec.defaultTrafficSetting.configGenerationMetadata
Metadata values that will be add into the Istio generated configurations.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Set of key value paris that will be added into the | false |
| labels | map[string]string | Set of key value paris that will be added into the | false |
WorkspaceSetting.spec.defaultTrafficSetting.egress
| Name | Type | Description | Required |
|---|---|---|---|
| host | string | Specifies the egress gateway hostname. | false |
| port | integer | Deprecated. Format: int32 | false |
WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting
Configuration for rate limiting requests.
| Name | Type | Description | Required |
|---|---|---|---|
| externalService | object | Configure ratelimiting using an external ratelimit server. | false |
| settings | object | false |
WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.externalService
Configure ratelimiting using an external ratelimit server.
| Name | Type | Description | Required |
|---|---|---|---|
| domain | string | The rate limit domain to use when calling the rate limit service. | false |
| failClosed | boolean | false | |
| rateLimitServerUri | string | The URI at which the external rate limit server can be reached. | false |
| rules | []object | A set of rate limit rules. | false |
| timeout | string | The timeout in seconds for the external rate limit server RPC. | false |
| tls | object | false |
WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| dimensions | []object | A list of dimensions that are to be applied for this rate limit configuration. | false |
WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index].dimensions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| destinationCluster | object | Rate limit on destination envoy cluster. | false |
| headerValueMatch | object | Rate limit on the existence of certain request headers. | false |
| remoteAddress | object | Rate limit on remote address of client. | false |
| requestHeaders | object | Rate limit on the value of certain request headers. | false |
| sourceCluster | object | Rate limit on source envoy cluster. | false |
WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch
Rate limit on the existence of certain request headers.
| Name | Type | Description | Required |
|---|---|---|---|
| descriptorValue | string | The value to use in the descriptor entry. | false |
| headers | map[string]object | false |
WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch.headers[key]
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.externalService.rules[index].dimensions[index].requestHeaders
Rate limit on the value of certain request headers.
| Name | Type | Description | Required |
|---|---|---|---|
| descriptorKey | string | The key to use in the descriptor entry. | false |
| headerName | string | The header name to be queried from the request headers. | false |
WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.externalService.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.externalService.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.settings
| Name | Type | Description | Required |
|---|---|---|---|
| failClosed | boolean | false | |
| rules | []object | A list of rules for ratelimiting. | false |
| timeout | string | The timeout in seconds for the rate limit server RPC. | false |
WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| dimensions | []object | A list of dimensions to define each ratelimit rule. | false |
| limit | object | The ratelimit value that will be configured for the above rules. | false |
WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].dimensions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| header | object | Rate limit on certain HTTP headers. | false |
| remoteAddress | object | Rate limit on the remote address of client. | false |
WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].dimensions[index].header
Rate limit on certain HTTP headers.
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the header to match on. | false |
| value | object | Value of the header to match on if matching on a specific value. | false |
WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].dimensions[index].header.value
Value of the header to match on if matching on a specific value.
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].dimensions[index].remoteAddress
Rate limit on the remote address of client.
| Name | Type | Description | Required |
|---|---|---|---|
| value | string | Ratelimit on a specific remote address. | false |
WorkspaceSetting.spec.defaultTrafficSetting.rateLimiting.settings.rules[index].limit
The ratelimit value that will be configured for the above rules.
| Name | Type | Description | Required |
|---|---|---|---|
| requestsPerUnit | integer | Specifies the value of the rate limit. Minimum: 0 | false |
| unit | enum | Specifies the unit of time for rate limit. Enum: UNKNOWN, SECOND, MINUTE, HOUR, DAY | false |
WorkspaceSetting.spec.defaultTrafficSetting.reachability
| Name | Type | Description | Required |
|---|---|---|---|
| hosts | []string | false | |
| mode | enum | A short cut for specifying the set of services accessed by the workload. Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, CUSTOM | false |
WorkspaceSetting.spec.defaultTrafficSetting.resilience
| Name | Type | Description | Required |
|---|---|---|---|
| circuitBreakerSensitivity | enum | Enum: UNSET, LOW, MEDIUM, HIGH | false |
| httpRequestTimeout | string | Timeout for HTTP requests. | false |
| httpRetries | object | Retry policy for HTTP requests. | false |
| keepAlive | object | Keep Alive Settings. | false |
| tcpKeepalive | boolean | Deprecated. | false |
WorkspaceSetting.spec.defaultTrafficSetting.resilience.httpRetries
Retry policy for HTTP requests.
| Name | Type | Description | Required |
|---|---|---|---|
| attempts | integer | Number of retries for a given request. Format: int32 | false |
| perTryTimeout | string | Timeout per retry attempt for a given request. | false |
| retryOn | string | Specifies the conditions under which retry takes place. | false |
WorkspaceSetting.spec.defaultTrafficSetting.resilience.keepAlive
Keep Alive Settings.
| Name | Type | Description | Required |
|---|---|---|---|
| tcp | object | TCP Keep Alive settings associated with the upstream and downstream TCP connections. | false |
WorkspaceSetting.spec.defaultTrafficSetting.resilience.keepAlive.tcp
TCP Keep Alive settings associated with the upstream and downstream TCP connections.
| Name | Type | Description | Required |
|---|---|---|---|
| downstream | object | TCP Keep Alive Settings associated with the downstream (client) connection. | false |
| upstream | object | TCP Keep Alive Settings associated with the upstream (backend) connection. | false |
WorkspaceSetting.spec.defaultTrafficSetting.resilience.keepAlive.tcp.downstream
TCP Keep Alive Settings associated with the downstream (client) connection.
| Name | Type | Description | Required |
|---|---|---|---|
| idleTime | integer | Minimum: 0 | false |
| interval | integer | The number of seconds between keep-alive probes. Minimum: 0 | false |
| probes | integer | Minimum: 0 | false |
WorkspaceSetting.spec.defaultTrafficSetting.resilience.keepAlive.tcp.upstream
TCP Keep Alive Settings associated with the upstream (backend) connection.
| Name | Type | Description | Required |
|---|---|---|---|
| idleTime | integer | Minimum: 0 | false |
| interval | integer | The number of seconds between keep-alive probes. Minimum: 0 | false |
| probes | integer | Minimum: 0 | false |
WorkspaceSetting.spec.hostsReachability
Hosts reachability defines the list of hostnames that this workspace can reach.
| Name | Type | Description | Required |
|---|---|---|---|
| hostnames | []object | The Gateway hostname that can be one of the following. | false |
WorkspaceSetting.spec.hostsReachability.hostnames[index]
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
WorkspaceSetting.spec.regionalFailover[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | string | Originating region. | false |
| to | string | false |
application.tsb.tetrate.io/v2
Resource Types:
API
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | application.tsb.tetrate.io/v2 | true |
| kind | string | API | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object | An API configuring a set of servers and endpoints that expose the Application business logic. | false |
| status | object | false |
API.spec
An API configuring a set of servers and endpoints that expose the Application business logic.
| Name | Type | Description | Required |
|---|---|---|---|
| configResources | []object | The configuration resources that are related to this API object. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| endpoints | []object | List of endpoints exposed by this API. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
| httpServers | []object | List of gateways servers that expose the API. | false |
| openapi | string | The raw OpenAPI spec for this API. | false |
| servers | []object | DEPRECATED: For new created APIs, the exposed servers will be available at httpServers. | false |
| workloadSelector | object | false |
API.spec.configResources[index]
| Name | Type | Description | Required |
|---|---|---|---|
| exclusivelyOwned | boolean | false | |
| expectedEtag | string | false | |
| fqn | string | The FQN of the resource this status is computed for. | false |
API.spec.endpoints[index]
| Name | Type | Description | Required |
|---|---|---|---|
| exposedBy | object | The exposer of this endpoint. | false |
| hostnames | []string | The list of hostnames where this endpoint is exposed. | false |
| methods | []string | The list of HTTP methods this endpoint supports. | false |
| path | string | The HTTP path of the endpoint, relative to the hostnames exposed by the API. | false |
| service | string | DEPRECATED: For new created APIs, the exposed servers will be available at httpServers. | false |
API.spec.endpoints[index].exposedBy
The exposer of this endpoint.
| Name | Type | Description | Required |
|---|---|---|---|
| clusterGroup | object | The clusters that are exposing a concrete endpoint. | false |
| service | string | The FQN of the service in the service registry that is exposing a concrete endpoint. | false |
API.spec.endpoints[index].exposedBy.clusterGroup
The clusters that are exposing a concrete endpoint.
| Name | Type | Description | Required |
|---|---|---|---|
| clusters | []object | The clusters that contain gateways exposing the HTTPEndpoint. | false |
API.spec.endpoints[index].exposedBy.clusterGroup.clusters[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labels | map[string]string | Labels associated with the cluster. | false |
| name | string | The name of the cluster exposing the endpoint. | false |
| weight | integer | The weight for traffic to a cluster exposing the endpoint. Minimum: 0 | false |
API.spec.httpServers[index]
| Name | Type | Description | Required |
|---|---|---|---|
| authentication | object | false | |
| authorization | object | Authorization is used to configure authorization of end users. | false |
| hostname | string | Hostname with which the service can be expected to be accessed by clients. | false |
| name | string | A name assigned to the server. | false |
| port | integer | The port where the server is exposed at the gateway workload(pod). Minimum: 0 | false |
| rateLimiting | object | Configuration for rate limiting requests. | false |
| routing | object | Routing rules associated with HTTP traffic to this server. | false |
| tls | object | TLS certificate info. | false |
| transit | boolean | If set to true, the server is configured to be exposed within the mesh. | false |
API.spec.httpServers[index].authentication
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | Authenticate an HTTP request from a JWT Token attached to it. | false |
| rules | object | List of rules how to authenticate an HTTP request. | false |
API.spec.httpServers[index].authentication.jwt
Authenticate an HTTP request from a JWT Token attached to it.
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| fromHeaders | []object | This field specifies the locations to extract JWT token. | false |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false | |
| outputClaimToHeaders | []object | This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. | false |
| outputPayloadToHeader | string | false |
API.spec.httpServers[index].authentication.jwt.fromHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | The HTTP header name. | false |
| prefix | string | The prefix that should be stripped before decoding the token. | false |
API.spec.httpServers[index].authentication.jwt.outputClaimToHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| claim | string | The name of the claim to be copied from. | false |
| header | string | The name of the header to be created. | false |
API.spec.httpServers[index].authentication.rules
List of rules how to authenticate an HTTP request.
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | []object | List of rules how to authenticate an HTTP request from a JWT Token attached to it. | false |
API.spec.httpServers[index].authentication.rules.jwt[index]
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| fromHeaders | []object | This field specifies the locations to extract JWT token. | false |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false | |
| outputClaimToHeaders | []object | This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. | false |
| outputPayloadToHeader | string | false |
API.spec.httpServers[index].authentication.rules.jwt[index].fromHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | The HTTP header name. | false |
| prefix | string | The prefix that should be stripped before decoding the token. | false |
API.spec.httpServers[index].authentication.rules.jwt[index].outputClaimToHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| claim | string | The name of the claim to be copied from. | false |
| header | string | The name of the header to be created. | false |
API.spec.httpServers[index].authorization
Authorization is used to configure authorization of end users.
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| local | object | false |
API.spec.httpServers[index].authorization.external
| Name | Type | Description | Required |
|---|---|---|---|
| includeRequestHeaders | []string | false | |
| tls | object | false | |
| uri | string | false |
API.spec.httpServers[index].authorization.external.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
API.spec.httpServers[index].authorization.external.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
API.spec.httpServers[index].authorization.local
| Name | Type | Description | Required |
|---|---|---|---|
| rules | []object | false |
API.spec.httpServers[index].authorization.local.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | []object | false | |
| name | string | A friendly name to identify the binding. | false |
| to | []object | false |
API.spec.httpServers[index].authorization.local.rules[index].from[index]
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | JWT configuration to identity the subject. | false |
API.spec.httpServers[index].authorization.local.rules[index].from[index].jwt
JWT configuration to identity the subject.
| Name | Type | Description | Required |
|---|---|---|---|
| iss | string | false | |
| other | map[string]string | A set of arbitrary claims that are required to qualify the subject. | false |
| sub | string | false |
API.spec.httpServers[index].authorization.local.rules[index].to[index]
| Name | Type | Description | Required |
|---|---|---|---|
| methods | []string | The HTTP methods that are allowed by this rule. | false |
| paths | []string | The request path where the request is made against. | false |
API.spec.httpServers[index].rateLimiting
Configuration for rate limiting requests.
| Name | Type | Description | Required |
|---|---|---|---|
| externalService | object | Configure ratelimiting using an external ratelimit server. | false |
| settings | object | false |
API.spec.httpServers[index].rateLimiting.externalService
Configure ratelimiting using an external ratelimit server.
| Name | Type | Description | Required |
|---|---|---|---|
| domain | string | The rate limit domain to use when calling the rate limit service. | false |
| failClosed | boolean | false | |
| rateLimitServerUri | string | The URI at which the external rate limit server can be reached. | false |
| rules | []object | A set of rate limit rules. | false |
| timeout | string | The timeout in seconds for the external rate limit server RPC. | false |
| tls | object | false |
API.spec.httpServers[index].rateLimiting.externalService.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| dimensions | []object | A list of dimensions that are to be applied for this rate limit configuration. | false |
API.spec.httpServers[index].rateLimiting.externalService.rules[index].dimensions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| destinationCluster | object | Rate limit on destination envoy cluster. | false |
| headerValueMatch | object | Rate limit on the existence of certain request headers. | false |
| remoteAddress | object | Rate limit on remote address of client. | false |
| requestHeaders | object | Rate limit on the value of certain request headers. | false |
| sourceCluster | object | Rate limit on source envoy cluster. | false |
API.spec.httpServers[index].rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch
Rate limit on the existence of certain request headers.
| Name | Type | Description | Required |
|---|---|---|---|
| descriptorValue | string | The value to use in the descriptor entry. | false |
| headers | map[string]object | false |
API.spec.httpServers[index].rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch.headers[key]
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
API.spec.httpServers[index].rateLimiting.externalService.rules[index].dimensions[index].requestHeaders
Rate limit on the value of certain request headers.
| Name | Type | Description | Required |
|---|---|---|---|
| descriptorKey | string | The key to use in the descriptor entry. | false |
| headerName | string | The header name to be queried from the request headers. | false |
API.spec.httpServers[index].rateLimiting.externalService.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
API.spec.httpServers[index].rateLimiting.externalService.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
API.spec.httpServers[index].rateLimiting.settings
| Name | Type | Description | Required |
|---|---|---|---|
| failClosed | boolean | false | |
| rules | []object | A list of rules for ratelimiting. | false |
| timeout | string | The timeout in seconds for the rate limit server RPC. | false |
API.spec.httpServers[index].rateLimiting.settings.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| dimensions | []object | A list of dimensions to define each ratelimit rule. | false |
| limit | object | The ratelimit value that will be configured for the above rules. | false |
API.spec.httpServers[index].rateLimiting.settings.rules[index].dimensions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| header | object | Rate limit on certain HTTP headers. | false |
| remoteAddress | object | Rate limit on the remote address of client. | false |
API.spec.httpServers[index].rateLimiting.settings.rules[index].dimensions[index].header
Rate limit on certain HTTP headers.
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the header to match on. | false |
| value | object | Value of the header to match on if matching on a specific value. | false |
API.spec.httpServers[index].rateLimiting.settings.rules[index].dimensions[index].header.value
Value of the header to match on if matching on a specific value.
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
API.spec.httpServers[index].rateLimiting.settings.rules[index].dimensions[index].remoteAddress
Rate limit on the remote address of client.
| Name | Type | Description | Required |
|---|---|---|---|
| value | string | Ratelimit on a specific remote address. | false |
API.spec.httpServers[index].rateLimiting.settings.rules[index].limit
The ratelimit value that will be configured for the above rules.
| Name | Type | Description | Required |
|---|---|---|---|
| requestsPerUnit | integer | Specifies the value of the rate limit. Minimum: 0 | false |
| unit | enum | Specifies the unit of time for rate limit. Enum: UNKNOWN, SECOND, MINUTE, HOUR, DAY | false |
API.spec.httpServers[index].routing
Routing rules associated with HTTP traffic to this server.
| Name | Type | Description | Required |
|---|---|---|---|
| corsPolicy | object | Cross origin resource request policy settings for all routes. | false |
| rules | []object | HTTP routes. | false |
API.spec.httpServers[index].routing.corsPolicy
Cross origin resource request policy settings for all routes.
| Name | Type | Description | Required |
|---|---|---|---|
| allowCredentials | boolean | false | |
| allowHeaders | []string | List of HTTP headers that can be used when requesting the resource. | false |
| allowMethods | []string | List of HTTP methods allowed to access the resource. | false |
| allowOrigin | []string | The list of origins that are allowed to perform CORS requests. | false |
| exposeHeaders | []string | A white list of HTTP headers that the browsers are allowed to access. | false |
| maxAge | string | Specifies how long the results of a preflight request can be cached. | false |
API.spec.httpServers[index].routing.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| disableExternalAuthorization | boolean | false | |
| match | []object | One or more match conditions (OR-ed). | false |
| modify | object | One or more mutations to be performed before forwarding. | false |
| redirect | object | Redirect the request to a different host or URL or both. | false |
| route | object | Forward the request to the specified destination(s). | false |
API.spec.httpServers[index].routing.rules[index].match[index]
| Name | Type | Description | Required |
|---|---|---|---|
| headers | map[string]object | The header keys must be lowercase and use hyphen as the separator, e.g. | false |
| uri | object | URI to match. | false |
API.spec.httpServers[index].routing.rules[index].match[index].headers[key]
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
API.spec.httpServers[index].routing.rules[index].match[index].uri
URI to match.
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
API.spec.httpServers[index].routing.rules[index].modify
One or more mutations to be performed before forwarding.
| Name | Type | Description | Required |
|---|---|---|---|
| headers | object | Add/remove/overwrite one or more HTTP headers in a request or response. | false |
| rewrite | object | Rewrite the HTTP Host or URL or both. | false |
API.spec.httpServers[index].routing.rules[index].modify.headers
Add/remove/overwrite one or more HTTP headers in a request or response.
| Name | Type | Description | Required |
|---|---|---|---|
| request | object | Header manipulation rules to apply before forwarding a request to the destination service. | false |
| response | object | Header manipulation rules to apply before returning a response to the caller. | false |
API.spec.httpServers[index].routing.rules[index].modify.headers.request
Header manipulation rules to apply before forwarding a request to the destination service.
| Name | Type | Description | Required |
|---|---|---|---|
| add | map[string]string | false | |
| remove | []string | Remove a the specified headers. | false |
| set | map[string]string | Overwrite the headers specified by key with the given values. | false |
API.spec.httpServers[index].routing.rules[index].modify.headers.response
Header manipulation rules to apply before returning a response to the caller.
| Name | Type | Description | Required |
|---|---|---|---|
| add | map[string]string | false | |
| remove | []string | Remove a the specified headers. | false |
| set | map[string]string | Overwrite the headers specified by key with the given values. | false |
API.spec.httpServers[index].routing.rules[index].modify.rewrite
Rewrite the HTTP Host or URL or both.
| Name | Type | Description | Required |
|---|---|---|---|
| authority | string | Rewrite the Authority/Host header with this value. | false |
| uri | string | Rewrite the path (or the prefix) portion of the URI with this value. | false |
API.spec.httpServers[index].routing.rules[index].redirect
Redirect the request to a different host or URL or both.
| Name | Type | Description | Required |
|---|---|---|---|
| authority | string | On a redirect, overwrite the Authority/Host portion of the URL with this value. | false |
| port | integer | Minimum: 0 | false |
| redirectCode | integer | Minimum: 0 | false |
| scheme | string | On a redirect, overwrite the scheme with this one. | false |
| uri | string | On a redirect, overwrite the Path portion of the URL with this value. | false |
API.spec.httpServers[index].routing.rules[index].route
Forward the request to the specified destination(s).
| Name | Type | Description | Required |
|---|---|---|---|
| clusterDestination | object | false | |
| serviceDestination | object | RouteToService represents the service running in clusters. | false |
API.spec.httpServers[index].routing.rules[index].route.clusterDestination
| Name | Type | Description | Required |
|---|---|---|---|
| clusters | []object | The destination clusters that contain ingress gateways exposing the hostname. | false |
API.spec.httpServers[index].routing.rules[index].route.clusterDestination.clusters[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labels | map[string]string | Labels associated with the cluster. | false |
| name | string | The name of the destination cluster. | false |
| network | string | The network associated with the destination clusters. | false |
| weight | integer | The weight for traffic to a given destination. Minimum: 0 | false |
API.spec.httpServers[index].routing.rules[index].route.serviceDestination
RouteToService represents the service running in clusters.
| Name | Type | Description | Required |
|---|---|---|---|
| host | string | The destination service in | false |
| port | integer | The port on the service to forward the request to. Minimum: 0 | false |
| tls | object | false |
API.spec.httpServers[index].routing.rules[index].route.serviceDestination.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
API.spec.httpServers[index].routing.rules[index].route.serviceDestination.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
API.spec.httpServers[index].tls
TLS certificate info.
| Name | Type | Description | Required |
|---|---|---|---|
| cipherSuites | []string | List of cipher suites to be used for TLS connections. | false |
| files | object | false | |
| maxProtocolVersion | enum | Set the maximum supported TLS protocol version. Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 | false |
| minProtocolVersion | enum | Set the minimum supported TLS protocol version. Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | false | |
| subjectAltNames | []string | false |
API.spec.httpServers[index].tls.files
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| privateKey | string | false | |
| serverCertificate | string | false |
API.spec.servers[index]
| Name | Type | Description | Required |
|---|---|---|---|
| authentication | object | Configuration to authenticate clients. | false |
| authorization | object | Configuration to authorize a request. | false |
| hostname | string | Hostname with which the service can be expected to be accessed by clients. | false |
| name | string | A name assigned to the server. | false |
| port | integer | The port where the server is exposed. Minimum: 0 | false |
| rateLimiting | object | Configuration for rate limiting requests. | false |
| routing | object | Routing rules associated with HTTP traffic to this service. | false |
| tls | object | TLS certificate info. | false |
| xxxOldAuthentication | object | false | |
| xxxOldAuthorization | object | false |
API.spec.servers[index].authentication
Configuration to authenticate clients.
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | Authenticate an HTTP request from a JWT Token attached to it. | false |
| rules | object | List of rules how to authenticate an HTTP request. | false |
API.spec.servers[index].authentication.jwt
Authenticate an HTTP request from a JWT Token attached to it.
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| fromHeaders | []object | This field specifies the locations to extract JWT token. | false |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false | |
| outputClaimToHeaders | []object | This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. | false |
| outputPayloadToHeader | string | false |
API.spec.servers[index].authentication.jwt.fromHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | The HTTP header name. | false |
| prefix | string | The prefix that should be stripped before decoding the token. | false |
API.spec.servers[index].authentication.jwt.outputClaimToHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| claim | string | The name of the claim to be copied from. | false |
| header | string | The name of the header to be created. | false |
API.spec.servers[index].authentication.rules
List of rules how to authenticate an HTTP request.
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | []object | List of rules how to authenticate an HTTP request from a JWT Token attached to it. | false |
API.spec.servers[index].authentication.rules.jwt[index]
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| fromHeaders | []object | This field specifies the locations to extract JWT token. | false |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false | |
| outputClaimToHeaders | []object | This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. | false |
| outputPayloadToHeader | string | false |
API.spec.servers[index].authentication.rules.jwt[index].fromHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | The HTTP header name. | false |
| prefix | string | The prefix that should be stripped before decoding the token. | false |
API.spec.servers[index].authentication.rules.jwt[index].outputClaimToHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| claim | string | The name of the claim to be copied from. | false |
| header | string | The name of the header to be created. | false |
API.spec.servers[index].authorization
Configuration to authorize a request.
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| local | object | false |
API.spec.servers[index].authorization.external
| Name | Type | Description | Required |
|---|---|---|---|
| includeRequestHeaders | []string | false | |
| tls | object | false | |
| uri | string | false |
API.spec.servers[index].authorization.external.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
API.spec.servers[index].authorization.external.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
API.spec.servers[index].authorization.local
| Name | Type | Description | Required |
|---|---|---|---|
| rules | []object | false |
API.spec.servers[index].authorization.local.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | []object | false | |
| name | string | A friendly name to identify the binding. | false |
| to | []object | false |
API.spec.servers[index].authorization.local.rules[index].from[index]
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | JWT configuration to identity the subject. | false |
API.spec.servers[index].authorization.local.rules[index].from[index].jwt
JWT configuration to identity the subject.
| Name | Type | Description | Required |
|---|---|---|---|
| iss | string | false | |
| other | map[string]string | A set of arbitrary claims that are required to qualify the subject. | false |
| sub | string | false |
API.spec.servers[index].authorization.local.rules[index].to[index]
| Name | Type | Description | Required |
|---|---|---|---|
| methods | []string | The HTTP methods that are allowed by this rule. | false |
| paths | []string | The request path where the request is made against. | false |
API.spec.servers[index].rateLimiting
Configuration for rate limiting requests.
| Name | Type | Description | Required |
|---|---|---|---|
| externalService | object | Configure ratelimiting using an external ratelimit server. | false |
| settings | object | false |
API.spec.servers[index].rateLimiting.externalService
Configure ratelimiting using an external ratelimit server.
| Name | Type | Description | Required |
|---|---|---|---|
| domain | string | The rate limit domain to use when calling the rate limit service. | false |
| failClosed | boolean | false | |
| rateLimitServerUri | string | The URI at which the external rate limit server can be reached. | false |
| rules | []object | A set of rate limit rules. | false |
| timeout | string | The timeout in seconds for the external rate limit server RPC. | false |
| tls | object | false |
API.spec.servers[index].rateLimiting.externalService.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| dimensions | []object | A list of dimensions that are to be applied for this rate limit configuration. | false |
API.spec.servers[index].rateLimiting.externalService.rules[index].dimensions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| destinationCluster | object | Rate limit on destination envoy cluster. | false |
| headerValueMatch | object | Rate limit on the existence of certain request headers. | false |
| remoteAddress | object | Rate limit on remote address of client. | false |
| requestHeaders | object | Rate limit on the value of certain request headers. | false |
| sourceCluster | object | Rate limit on source envoy cluster. | false |
API.spec.servers[index].rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch
Rate limit on the existence of certain request headers.
| Name | Type | Description | Required |
|---|---|---|---|
| descriptorValue | string | The value to use in the descriptor entry. | false |
| headers | map[string]object | false |
API.spec.servers[index].rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch.headers[key]
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
API.spec.servers[index].rateLimiting.externalService.rules[index].dimensions[index].requestHeaders
Rate limit on the value of certain request headers.
| Name | Type | Description | Required |
|---|---|---|---|
| descriptorKey | string | The key to use in the descriptor entry. | false |
| headerName | string | The header name to be queried from the request headers. | false |
API.spec.servers[index].rateLimiting.externalService.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
API.spec.servers[index].rateLimiting.externalService.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
API.spec.servers[index].rateLimiting.settings
| Name | Type | Description | Required |
|---|---|---|---|
| failClosed | boolean | false | |
| rules | []object | A list of rules for ratelimiting. | false |
| timeout | string | The timeout in seconds for the rate limit server RPC. | false |
API.spec.servers[index].rateLimiting.settings.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| dimensions | []object | A list of dimensions to define each ratelimit rule. | false |
| limit | object | The ratelimit value that will be configured for the above rules. | false |
API.spec.servers[index].rateLimiting.settings.rules[index].dimensions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| header | object | Rate limit on certain HTTP headers. | false |
| remoteAddress | object | Rate limit on the remote address of client. | false |
API.spec.servers[index].rateLimiting.settings.rules[index].dimensions[index].header
Rate limit on certain HTTP headers.
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the header to match on. | false |
| value | object | Value of the header to match on if matching on a specific value. | false |
API.spec.servers[index].rateLimiting.settings.rules[index].dimensions[index].header.value
Value of the header to match on if matching on a specific value.
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
API.spec.servers[index].rateLimiting.settings.rules[index].dimensions[index].remoteAddress
Rate limit on the remote address of client.
| Name | Type | Description | Required |
|---|---|---|---|
| value | string | Ratelimit on a specific remote address. | false |
API.spec.servers[index].rateLimiting.settings.rules[index].limit
The ratelimit value that will be configured for the above rules.
| Name | Type | Description | Required |
|---|---|---|---|
| requestsPerUnit | integer | Specifies the value of the rate limit. Minimum: 0 | false |
| unit | enum | Specifies the unit of time for rate limit. Enum: UNKNOWN, SECOND, MINUTE, HOUR, DAY | false |
API.spec.servers[index].routing
Routing rules associated with HTTP traffic to this service.
| Name | Type | Description | Required |
|---|---|---|---|
| corsPolicy | object | Cross origin resource request policy settings for all routes. | false |
| rules | []object | HTTP routes. | false |
API.spec.servers[index].routing.corsPolicy
Cross origin resource request policy settings for all routes.
| Name | Type | Description | Required |
|---|---|---|---|
| allowCredentials | boolean | false | |
| allowHeaders | []string | List of HTTP headers that can be used when requesting the resource. | false |
| allowMethods | []string | List of HTTP methods allowed to access the resource. | false |
| allowOrigin | []string | The list of origins that are allowed to perform CORS requests. | false |
| exposeHeaders | []string | A white list of HTTP headers that the browsers are allowed to access. | false |
| maxAge | string | Specifies how long the results of a preflight request can be cached. | false |
API.spec.servers[index].routing.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| match | []object | One or more match conditions (OR-ed). | false |
| modify | object | One or more mutations to be performed before forwarding. | false |
| redirect | object | Redirect the request to a different host or URL or both. | false |
| route | object | Forward the request to the specified destination(s). | false |
API.spec.servers[index].routing.rules[index].match[index]
| Name | Type | Description | Required |
|---|---|---|---|
| headers | map[string]object | The header keys must be lowercase and use hyphen as the separator, e.g. | false |
| uri | object | URI to match. | false |
API.spec.servers[index].routing.rules[index].match[index].headers[key]
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
API.spec.servers[index].routing.rules[index].match[index].uri
URI to match.
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
API.spec.servers[index].routing.rules[index].modify
One or more mutations to be performed before forwarding.
| Name | Type | Description | Required |
|---|---|---|---|
| headers | object | Add/remove/overwrite one or more HTTP headers in a request or response. | false |
| rewrite | object | Rewrite the HTTP Host or URL or both. | false |
API.spec.servers[index].routing.rules[index].modify.headers
Add/remove/overwrite one or more HTTP headers in a request or response.
| Name | Type | Description | Required |
|---|---|---|---|
| request | object | Header manipulation rules to apply before forwarding a request to the destination service. | false |
| response | object | Header manipulation rules to apply before returning a response to the caller. | false |
API.spec.servers[index].routing.rules[index].modify.headers.request
Header manipulation rules to apply before forwarding a request to the destination service.
| Name | Type | Description | Required |
|---|---|---|---|
| add | map[string]string | false | |
| remove | []string | Remove a the specified headers. | false |
| set | map[string]string | Overwrite the headers specified by key with the given values. | false |
API.spec.servers[index].routing.rules[index].modify.headers.response
Header manipulation rules to apply before returning a response to the caller.
| Name | Type | Description | Required |
|---|---|---|---|
| add | map[string]string | false | |
| remove | []string | Remove a the specified headers. | false |
| set | map[string]string | Overwrite the headers specified by key with the given values. | false |
API.spec.servers[index].routing.rules[index].modify.rewrite
Rewrite the HTTP Host or URL or both.
| Name | Type | Description | Required |
|---|---|---|---|
| authority | string | Rewrite the Authority/Host header with this value. | false |
| uri | string | Rewrite the path (or the prefix) portion of the URI with this value. | false |
API.spec.servers[index].routing.rules[index].redirect
Redirect the request to a different host or URL or both.
| Name | Type | Description | Required |
|---|---|---|---|
| authority | string | On a redirect, overwrite the Authority/Host portion of the URL with this value. | false |
| port | integer | Minimum: 0 | false |
| redirectCode | integer | Minimum: 0 | false |
| scheme | string | On a redirect, overwrite the scheme with this one. | false |
| uri | string | On a redirect, overwrite the Path portion of the URL with this value. | false |
API.spec.servers[index].routing.rules[index].route
Forward the request to the specified destination(s).
| Name | Type | Description | Required |
|---|---|---|---|
| host | string | false | |
| port | integer | The port on the service to forward the request to. Minimum: 0 | false |
API.spec.servers[index].tls
TLS certificate info.
| Name | Type | Description | Required |
|---|---|---|---|
| cipherSuites | []string | List of cipher suites to be used for TLS connections. | false |
| files | object | false | |
| maxProtocolVersion | enum | Set the maximum supported TLS protocol version. Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 | false |
| minProtocolVersion | enum | Set the minimum supported TLS protocol version. Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | false | |
| subjectAltNames | []string | false |
API.spec.servers[index].tls.files
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| privateKey | string | false | |
| serverCertificate | string | false |
API.spec.servers[index].xxxOldAuthentication
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | false |
API.spec.servers[index].xxxOldAuthentication.jwt
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false |
API.spec.servers[index].xxxOldAuthorization
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| local | object | false |
API.spec.servers[index].xxxOldAuthorization.external
| Name | Type | Description | Required |
|---|---|---|---|
| includeRequestHeaders | []string | false | |
| uri | string | false |
API.spec.servers[index].xxxOldAuthorization.local
| Name | Type | Description | Required |
|---|---|---|---|
| rules | []object | false |
API.spec.servers[index].xxxOldAuthorization.local.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | []object | false | |
| name | string | A friendly name to identify the binding. | false |
| to | []object | false |
API.spec.servers[index].xxxOldAuthorization.local.rules[index].from[index]
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | JWT configuration to identity the subject. | false |
API.spec.servers[index].xxxOldAuthorization.local.rules[index].from[index].jwt
JWT configuration to identity the subject.
| Name | Type | Description | Required |
|---|---|---|---|
| iss | string | false | |
| other | map[string]string | A set of arbitrary claims that are required to qualify the subject. | false |
| sub | string | false |
API.spec.servers[index].xxxOldAuthorization.local.rules[index].to[index]
| Name | Type | Description | Required |
|---|---|---|---|
| methods | []string | The HTTP methods that are allowed by this rule. | false |
| paths | []string | The request path where the request is made against. | false |
API.spec.workloadSelector
| Name | Type | Description | Required |
|---|---|---|---|
| labels | map[string]string | false | |
| namespace | string | The namespace where the workload resides. | false |
Application
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | application.tsb.tetrate.io/v2 | true |
| kind | string | Application | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object | false | |
| status | object | false |
Application.spec
| Name | Type | Description | Required |
|---|---|---|---|
| configResources | []object | The configuration resources that are related to this Application. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
| gatewayGroup | string | Optional FQN of the Gateway Group to be used by the application. | false |
| namespaceSelector | object | Optional set of namespaces this application can configure. | false |
| services | []string | Optional list of services that are part of the application. | false |
| workspace | string | FQN of the workspace this application is part of. | false |
Application.spec.configResources[index]
| Name | Type | Description | Required |
|---|---|---|---|
| exclusivelyOwned | boolean | false | |
| expectedEtag | string | false | |
| fqn | string | The FQN of the resource this status is computed for. | false |
Application.spec.namespaceSelector
Optional set of namespaces this application can configure.
| Name | Type | Description | Required |
|---|---|---|---|
| names | []string | false |
extension.tsb.tetrate.io/v2
Resource Types:
WasmExtension
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | extension.tsb.tetrate.io/v2 | true |
| kind | string | WasmExtension | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object | false | |
| status | object | false |
WasmExtension.spec
| Name | Type | Description | Required |
|---|---|---|---|
| allowedIn | []string | List of fqns where this extension is allowed to run. | false |
| config | object | false | |
| description | string | A description of the extension. | false |
| displayName | string | User friendly name for the extension. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
| image | string | Deprecated. | false |
| imagePullPolicy | enum | Enum: UNSPECIFIED_POLICY, IfNotPresent, Always | false |
| imagePullSecret | string | Credentials to use for OCI image pulling. | false |
| match | object | Specifies the criteria to determine which traffic is passed to WasmExtension. | false |
| phase | enum | The phase in the filter chain where the extension will be injected. Enum: UNSPECIFIED_PHASE, AUTHN, AUTHZ, STATS | false |
| priority | integer | Determines the ordering of WasmExtensions in the same phase. Format: int32 | false |
| source | string | false | |
| url | string | URL of a Wasm module or OCI container. | false |
| vmConfig | object | false |
WasmExtension.spec.match
Specifies the criteria to determine which traffic is passed to WasmExtension.
| Name | Type | Description | Required |
|---|---|---|---|
| mode | enum | Criteria for selecting traffic by their direction. Enum: UNDEFINED, CLIENT, SERVER, CLIENT_AND_SERVER | false |
WasmExtension.spec.vmConfig
| Name | Type | Description | Required |
|---|---|---|---|
| env | []object | Specifies environment variables to be injected to this VM. | false |
WasmExtension.spec.vmConfig.env[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the environment variable. | false |
| value | string | Value for the environment variable. | false |
| valueFrom | enum | Source for the environment variable's value. Enum: INLINE, HOST | false |
gateway.tsb.tetrate.io/v2
Resource Types:
EgressGateway
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | gateway.tsb.tetrate.io/v2 | true |
| kind | string | EgressGateway | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object |
| false |
| status | object | false |
EgressGateway.spec
EgressGateway configures a workload to act as an egress gateway in the mesh.
| Name | Type | Description | Required |
|---|---|---|---|
| authorization | []object | The description of which service accounts can access which hosts. | false |
| configGenerationMetadata | object | Metadata values that will be add into the Istio generated configurations. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| extension | []object | false | |
| fqn | string | Fully-qualified name of the resource. | false |
| workloadSelector | object | false |
EgressGateway.spec.authorization[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | object | The workloads or service accounts this authorization rule applies to. | false |
| to | []string | The external hostnames the workload(s) described in this rule can access. | false |
EgressGateway.spec.authorization[index].from
The workloads or service accounts this authorization rule applies to.
| Name | Type | Description | Required |
|---|---|---|---|
| http | object | This is for configuring HTTP request authorization. | false |
| mode | enum | A short cut for specifying the set of allowed callers. Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, DISABLED, CUSTOM, RULES | false |
| rules | object | false | |
| serviceAccounts | []string | false |
EgressGateway.spec.authorization[index].from.http
This is for configuring HTTP request authorization.
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| local | object | false |
EgressGateway.spec.authorization[index].from.http.external
| Name | Type | Description | Required |
|---|---|---|---|
| includeRequestHeaders | []string | false | |
| tls | object | false | |
| uri | string | false |
EgressGateway.spec.authorization[index].from.http.external.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
EgressGateway.spec.authorization[index].from.http.external.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
EgressGateway.spec.authorization[index].from.http.local
| Name | Type | Description | Required |
|---|---|---|---|
| rules | []object | false |
EgressGateway.spec.authorization[index].from.http.local.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | []object | false | |
| name | string | A friendly name to identify the binding. | false |
| to | []object | false |
EgressGateway.spec.authorization[index].from.http.local.rules[index].from[index]
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | JWT configuration to identity the subject. | false |
EgressGateway.spec.authorization[index].from.http.local.rules[index].from[index].jwt
JWT configuration to identity the subject.
| Name | Type | Description | Required |
|---|---|---|---|
| iss | string | false | |
| other | map[string]string | A set of arbitrary claims that are required to qualify the subject. | false |
| sub | string | false |
EgressGateway.spec.authorization[index].from.http.local.rules[index].to[index]
| Name | Type | Description | Required |
|---|---|---|---|
| methods | []string | The HTTP methods that are allowed by this rule. | false |
| paths | []string | The request path where the request is made against. | false |
EgressGateway.spec.authorization[index].from.rules
| Name | Type | Description | Required |
|---|---|---|---|
| allow | []object | Allow specifies a list of rules. | false |
| deny | []object | Deny specifies a list of rules. | false |
| denyAll | boolean | Deny all specifies whether all requests should be rejected. | false |
EgressGateway.spec.authorization[index].from.rules.allow[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | object | From specifies the source of a request. | false |
| to | object | To specifies the destination of a request. | false |
EgressGateway.spec.authorization[index].from.rules.allow[index].from
From specifies the source of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the source of a request. | false |
EgressGateway.spec.authorization[index].from.rules.allow[index].to
To specifies the destination of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the destination of a request. | false |
EgressGateway.spec.authorization[index].from.rules.deny[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | object | From specifies the source of a request. | false |
| to | object | To specifies the destination of a request. | false |
EgressGateway.spec.authorization[index].from.rules.deny[index].from
From specifies the source of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the source of a request. | false |
EgressGateway.spec.authorization[index].from.rules.deny[index].to
To specifies the destination of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the destination of a request. | false |
EgressGateway.spec.configGenerationMetadata
Metadata values that will be add into the Istio generated configurations.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Set of key value paris that will be added into the | false |
| labels | map[string]string | Set of key value paris that will be added into the | false |
EgressGateway.spec.extension[index]
| Name | Type | Description | Required |
|---|---|---|---|
| config | object | Configuration parameters sent to the WASM plugin execution. | false |
| fqn | string | Fqn of the extension to be executed. | false |
| match | []object | Specifies the criteria to determine which traffic is passed to WasmExtension. | false |
EgressGateway.spec.extension[index].match[index]
| Name | Type | Description | Required |
|---|---|---|---|
| mode | enum | Criteria for selecting traffic by their direction. Enum: UNDEFINED, CLIENT, SERVER, CLIENT_AND_SERVER | false |
| ports | []object | Criteria for selecting traffic by their destination port. | false |
EgressGateway.spec.extension[index].match[index].ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| number | integer | Minimum: 0 | false |
EgressGateway.spec.workloadSelector
| Name | Type | Description | Required |
|---|---|---|---|
| labels | map[string]string | false | |
| namespace | string | The namespace where the workload resides. | false |
Gateway
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | gateway.tsb.tetrate.io/v2 | true |
| kind | string | Gateway | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object | false | |
| status | object | false |
Gateway.spec
| Name | Type | Description | Required |
|---|---|---|---|
| configGenerationMetadata | object | Metadata values that will be add into the Istio generated configurations. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
| http | []object | One or more HTTP or HTTPS servers exposed by the gateway. | false |
| tcp | []object | false | |
| tls | []object | One or more TLS servers exposed by the gateway. | false |
| waf | object | WAF settings to be enabled for traffic passing through the HttpServer. | false |
| wasmPlugins | []object | false | |
| workloadSelector | object | false |
Gateway.spec.configGenerationMetadata
Metadata values that will be add into the Istio generated configurations.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Set of key value paris that will be added into the | false |
| labels | map[string]string | Set of key value paris that will be added into the | false |
Gateway.spec.http[index]
| Name | Type | Description | Required |
|---|---|---|---|
| authentication | object | false | |
| authorization | object | Authorization is used to configure authorization of end users. | false |
| hostname | string | Hostname with which the service can be expected to be accessed by clients. | false |
| name | string | A name assigned to the server. | false |
| port | integer | The port where the server is exposed at the gateway workload(pod). Minimum: 0 | false |
| rateLimiting | object | Configuration for rate limiting requests. | false |
| routing | object | Routing rules associated with HTTP traffic to this server. | false |
| tls | object | TLS certificate info. | false |
| transit | boolean | If set to true, the server is configured to be exposed within the mesh. | false |
Gateway.spec.http[index].authentication
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | Authenticate an HTTP request from a JWT Token attached to it. | false |
| rules | object | List of rules how to authenticate an HTTP request. | false |
Gateway.spec.http[index].authentication.jwt
Authenticate an HTTP request from a JWT Token attached to it.
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| fromHeaders | []object | This field specifies the locations to extract JWT token. | false |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false | |
| outputClaimToHeaders | []object | This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. | false |
| outputPayloadToHeader | string | false |
Gateway.spec.http[index].authentication.jwt.fromHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | The HTTP header name. | false |
| prefix | string | The prefix that should be stripped before decoding the token. | false |
Gateway.spec.http[index].authentication.jwt.outputClaimToHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| claim | string | The name of the claim to be copied from. | false |
| header | string | The name of the header to be created. | false |
Gateway.spec.http[index].authentication.rules
List of rules how to authenticate an HTTP request.
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | []object | List of rules how to authenticate an HTTP request from a JWT Token attached to it. | false |
Gateway.spec.http[index].authentication.rules.jwt[index]
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| fromHeaders | []object | This field specifies the locations to extract JWT token. | false |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false | |
| outputClaimToHeaders | []object | This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. | false |
| outputPayloadToHeader | string | false |
Gateway.spec.http[index].authentication.rules.jwt[index].fromHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | The HTTP header name. | false |
| prefix | string | The prefix that should be stripped before decoding the token. | false |
Gateway.spec.http[index].authentication.rules.jwt[index].outputClaimToHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| claim | string | The name of the claim to be copied from. | false |
| header | string | The name of the header to be created. | false |
Gateway.spec.http[index].authorization
Authorization is used to configure authorization of end users.
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| local | object | false |
Gateway.spec.http[index].authorization.external
| Name | Type | Description | Required |
|---|---|---|---|
| includeRequestHeaders | []string | false | |
| tls | object | false | |
| uri | string | false |
Gateway.spec.http[index].authorization.external.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
Gateway.spec.http[index].authorization.external.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
Gateway.spec.http[index].authorization.local
| Name | Type | Description | Required |
|---|---|---|---|
| rules | []object | false |
Gateway.spec.http[index].authorization.local.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | []object | false | |
| name | string | A friendly name to identify the binding. | false |
| to | []object | false |
Gateway.spec.http[index].authorization.local.rules[index].from[index]
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | JWT configuration to identity the subject. | false |
Gateway.spec.http[index].authorization.local.rules[index].from[index].jwt
JWT configuration to identity the subject.
| Name | Type | Description | Required |
|---|---|---|---|
| iss | string | false | |
| other | map[string]string | A set of arbitrary claims that are required to qualify the subject. | false |
| sub | string | false |
Gateway.spec.http[index].authorization.local.rules[index].to[index]
| Name | Type | Description | Required |
|---|---|---|---|
| methods | []string | The HTTP methods that are allowed by this rule. | false |
| paths | []string | The request path where the request is made against. | false |
Gateway.spec.http[index].rateLimiting
Configuration for rate limiting requests.
| Name | Type | Description | Required |
|---|---|---|---|
| externalService | object | Configure ratelimiting using an external ratelimit server. | false |
| settings | object | false |
Gateway.spec.http[index].rateLimiting.externalService
Configure ratelimiting using an external ratelimit server.
| Name | Type | Description | Required |
|---|---|---|---|
| domain | string | The rate limit domain to use when calling the rate limit service. | false |
| failClosed | boolean | false | |
| rateLimitServerUri | string | The URI at which the external rate limit server can be reached. | false |
| rules | []object | A set of rate limit rules. | false |
| timeout | string | The timeout in seconds for the external rate limit server RPC. | false |
| tls | object | false |
Gateway.spec.http[index].rateLimiting.externalService.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| dimensions | []object | A list of dimensions that are to be applied for this rate limit configuration. | false |
Gateway.spec.http[index].rateLimiting.externalService.rules[index].dimensions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| destinationCluster | object | Rate limit on destination envoy cluster. | false |
| headerValueMatch | object | Rate limit on the existence of certain request headers. | false |
| remoteAddress | object | Rate limit on remote address of client. | false |
| requestHeaders | object | Rate limit on the value of certain request headers. | false |
| sourceCluster | object | Rate limit on source envoy cluster. | false |
Gateway.spec.http[index].rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch
Rate limit on the existence of certain request headers.
| Name | Type | Description | Required |
|---|---|---|---|
| descriptorValue | string | The value to use in the descriptor entry. | false |
| headers | map[string]object | false |
Gateway.spec.http[index].rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch.headers[key]
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
Gateway.spec.http[index].rateLimiting.externalService.rules[index].dimensions[index].requestHeaders
Rate limit on the value of certain request headers.
| Name | Type | Description | Required |
|---|---|---|---|
| descriptorKey | string | The key to use in the descriptor entry. | false |
| headerName | string | The header name to be queried from the request headers. | false |
Gateway.spec.http[index].rateLimiting.externalService.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
Gateway.spec.http[index].rateLimiting.externalService.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
Gateway.spec.http[index].rateLimiting.settings
| Name | Type | Description | Required |
|---|---|---|---|
| failClosed | boolean | false | |
| rules | []object | A list of rules for ratelimiting. | false |
| timeout | string | The timeout in seconds for the rate limit server RPC. | false |
Gateway.spec.http[index].rateLimiting.settings.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| dimensions | []object | A list of dimensions to define each ratelimit rule. | false |
| limit | object | The ratelimit value that will be configured for the above rules. | false |
Gateway.spec.http[index].rateLimiting.settings.rules[index].dimensions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| header | object | Rate limit on certain HTTP headers. | false |
| remoteAddress | object | Rate limit on the remote address of client. | false |
Gateway.spec.http[index].rateLimiting.settings.rules[index].dimensions[index].header
Rate limit on certain HTTP headers.
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the header to match on. | false |
| value | object | Value of the header to match on if matching on a specific value. | false |
Gateway.spec.http[index].rateLimiting.settings.rules[index].dimensions[index].header.value
Value of the header to match on if matching on a specific value.
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
Gateway.spec.http[index].rateLimiting.settings.rules[index].dimensions[index].remoteAddress
Rate limit on the remote address of client.
| Name | Type | Description | Required |
|---|---|---|---|
| value | string | Ratelimit on a specific remote address. | false |
Gateway.spec.http[index].rateLimiting.settings.rules[index].limit
The ratelimit value that will be configured for the above rules.
| Name | Type | Description | Required |
|---|---|---|---|
| requestsPerUnit | integer | Specifies the value of the rate limit. Minimum: 0 | false |
| unit | enum | Specifies the unit of time for rate limit. Enum: UNKNOWN, SECOND, MINUTE, HOUR, DAY | false |
Gateway.spec.http[index].routing
Routing rules associated with HTTP traffic to this server.
| Name | Type | Description | Required |
|---|---|---|---|
| corsPolicy | object | Cross origin resource request policy settings for all routes. | false |
| rules | []object | HTTP routes. | false |
Gateway.spec.http[index].routing.corsPolicy
Cross origin resource request policy settings for all routes.
| Name | Type | Description | Required |
|---|---|---|---|
| allowCredentials | boolean | false | |
| allowHeaders | []string | List of HTTP headers that can be used when requesting the resource. | false |
| allowMethods | []string | List of HTTP methods allowed to access the resource. | false |
| allowOrigin | []string | The list of origins that are allowed to perform CORS requests. | false |
| exposeHeaders | []string | A white list of HTTP headers that the browsers are allowed to access. | false |
| maxAge | string | Specifies how long the results of a preflight request can be cached. | false |
Gateway.spec.http[index].routing.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| disableExternalAuthorization | boolean | false | |
| match | []object | One or more match conditions (OR-ed). | false |
| modify | object | One or more mutations to be performed before forwarding. | false |
| redirect | object | Redirect the request to a different host or URL or both. | false |
| route | object | Forward the request to the specified destination(s). | false |
Gateway.spec.http[index].routing.rules[index].match[index]
| Name | Type | Description | Required |
|---|---|---|---|
| headers | map[string]object | The header keys must be lowercase and use hyphen as the separator, e.g. | false |
| uri | object | URI to match. | false |
Gateway.spec.http[index].routing.rules[index].match[index].headers[key]
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
Gateway.spec.http[index].routing.rules[index].match[index].uri
URI to match.
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
Gateway.spec.http[index].routing.rules[index].modify
One or more mutations to be performed before forwarding.
| Name | Type | Description | Required |
|---|---|---|---|
| headers | object | Add/remove/overwrite one or more HTTP headers in a request or response. | false |
| rewrite | object | Rewrite the HTTP Host or URL or both. | false |
Gateway.spec.http[index].routing.rules[index].modify.headers
Add/remove/overwrite one or more HTTP headers in a request or response.
| Name | Type | Description | Required |
|---|---|---|---|
| request | object | Header manipulation rules to apply before forwarding a request to the destination service. | false |
| response | object | Header manipulation rules to apply before returning a response to the caller. | false |
Gateway.spec.http[index].routing.rules[index].modify.headers.request
Header manipulation rules to apply before forwarding a request to the destination service.
| Name | Type | Description | Required |
|---|---|---|---|
| add | map[string]string | false | |
| remove | []string | Remove a the specified headers. | false |
| set | map[string]string | Overwrite the headers specified by key with the given values. | false |
Gateway.spec.http[index].routing.rules[index].modify.headers.response
Header manipulation rules to apply before returning a response to the caller.
| Name | Type | Description | Required |
|---|---|---|---|
| add | map[string]string | false | |
| remove | []string | Remove a the specified headers. | false |
| set | map[string]string | Overwrite the headers specified by key with the given values. | false |
Gateway.spec.http[index].routing.rules[index].modify.rewrite
Rewrite the HTTP Host or URL or both.
| Name | Type | Description | Required |
|---|---|---|---|
| authority | string | Rewrite the Authority/Host header with this value. | false |
| uri | string | Rewrite the path (or the prefix) portion of the URI with this value. | false |
Gateway.spec.http[index].routing.rules[index].redirect
Redirect the request to a different host or URL or both.
| Name | Type | Description | Required |
|---|---|---|---|
| authority | string | On a redirect, overwrite the Authority/Host portion of the URL with this value. | false |
| port | integer | Minimum: 0 | false |
| redirectCode | integer | Minimum: 0 | false |
| scheme | string | On a redirect, overwrite the scheme with this one. | false |
| uri | string | On a redirect, overwrite the Path portion of the URL with this value. | false |
Gateway.spec.http[index].routing.rules[index].route
Forward the request to the specified destination(s).
| Name | Type | Description | Required |
|---|---|---|---|
| clusterDestination | object | false | |
| serviceDestination | object | RouteToService represents the service running in clusters. | false |
Gateway.spec.http[index].routing.rules[index].route.clusterDestination
| Name | Type | Description | Required |
|---|---|---|---|
| clusters | []object | The destination clusters that contain ingress gateways exposing the hostname. | false |
Gateway.spec.http[index].routing.rules[index].route.clusterDestination.clusters[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labels | map[string]string | Labels associated with the cluster. | false |
| name | string | The name of the destination cluster. | false |
| network | string | The network associated with the destination clusters. | false |
| weight | integer | The weight for traffic to a given destination. Minimum: 0 | false |
Gateway.spec.http[index].routing.rules[index].route.serviceDestination
RouteToService represents the service running in clusters.
| Name | Type | Description | Required |
|---|---|---|---|
| host | string | The destination service in | false |
| port | integer | The port on the service to forward the request to. Minimum: 0 | false |
| tls | object | false |
Gateway.spec.http[index].routing.rules[index].route.serviceDestination.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
Gateway.spec.http[index].routing.rules[index].route.serviceDestination.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
Gateway.spec.http[index].tls
TLS certificate info.
| Name | Type | Description | Required |
|---|---|---|---|
| cipherSuites | []string | List of cipher suites to be used for TLS connections. | false |
| files | object | false | |
| maxProtocolVersion | enum | Set the maximum supported TLS protocol version. Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 | false |
| minProtocolVersion | enum | Set the minimum supported TLS protocol version. Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | false | |
| subjectAltNames | []string | false |
Gateway.spec.http[index].tls.files
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| privateKey | string | false | |
| serverCertificate | string | false |
Gateway.spec.tcp[index]
| Name | Type | Description | Required |
|---|---|---|---|
| hostname | string | Hostname to identify the service. | false |
| name | string | A name assigned to the server. | false |
| port | integer | The port where the server is exposed. Minimum: 0 | false |
| route | object | Forward the connection to the specified destination. | false |
| tls | object | TLS certificate info to terminate the TLS connection. | false |
| transit | boolean | If set to true, the server is configured to be exposed within the mesh. | false |
Gateway.spec.tcp[index].route
Forward the connection to the specified destination.
| Name | Type | Description | Required |
|---|---|---|---|
| clusterDestination | object | false | |
| serviceDestination | object | RouteToService represents the service running in clusters. | false |
Gateway.spec.tcp[index].route.clusterDestination
| Name | Type | Description | Required |
|---|---|---|---|
| clusters | []object | The destination clusters that contain ingress gateways exposing the hostname. | false |
Gateway.spec.tcp[index].route.clusterDestination.clusters[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labels | map[string]string | Labels associated with the cluster. | false |
| name | string | The name of the destination cluster. | false |
| network | string | The network associated with the destination clusters. | false |
| weight | integer | The weight for traffic to a given destination. Minimum: 0 | false |
Gateway.spec.tcp[index].route.serviceDestination
RouteToService represents the service running in clusters.
| Name | Type | Description | Required |
|---|---|---|---|
| host | string | The destination service in | false |
| port | integer | The port on the service to forward the request to. Minimum: 0 | false |
| tls | object | false |
Gateway.spec.tcp[index].route.serviceDestination.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
Gateway.spec.tcp[index].route.serviceDestination.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
Gateway.spec.tcp[index].tls
TLS certificate info to terminate the TLS connection.
| Name | Type | Description | Required |
|---|---|---|---|
| cipherSuites | []string | List of cipher suites to be used for TLS connections. | false |
| files | object | false | |
| maxProtocolVersion | enum | Set the maximum supported TLS protocol version. Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 | false |
| minProtocolVersion | enum | Set the minimum supported TLS protocol version. Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | false | |
| subjectAltNames | []string | false |
Gateway.spec.tcp[index].tls.files
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| privateKey | string | false | |
| serverCertificate | string | false |
Gateway.spec.tls[index]
| Name | Type | Description | Required |
|---|---|---|---|
| hostname | string | Hostname with which the service can be expected to be accessed by clients. | false |
| name | string | A name assigned to the server. | false |
| port | integer | The port where the server is exposed. Minimum: 0 | false |
| route | object | Forward the connection to the specified destination. | false |
Gateway.spec.tls[index].route
Forward the connection to the specified destination.
| Name | Type | Description | Required |
|---|---|---|---|
| clusterDestination | object | false | |
| serviceDestination | object | RouteToService represents the service running in clusters. | false |
Gateway.spec.tls[index].route.clusterDestination
| Name | Type | Description | Required |
|---|---|---|---|
| clusters | []object | The destination clusters that contain ingress gateways exposing the hostname. | false |
Gateway.spec.tls[index].route.clusterDestination.clusters[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labels | map[string]string | Labels associated with the cluster. | false |
| name | string | The name of the destination cluster. | false |
| network | string | The network associated with the destination clusters. | false |
| weight | integer | The weight for traffic to a given destination. Minimum: 0 | false |
Gateway.spec.tls[index].route.serviceDestination
RouteToService represents the service running in clusters.
| Name | Type | Description | Required |
|---|---|---|---|
| host | string | The destination service in | false |
| port | integer | The port on the service to forward the request to. Minimum: 0 | false |
| tls | object | false |
Gateway.spec.tls[index].route.serviceDestination.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
Gateway.spec.tls[index].route.serviceDestination.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
Gateway.spec.waf
WAF settings to be enabled for traffic passing through the HttpServer.
| Name | Type | Description | Required |
|---|---|---|---|
| rules | []string | Rules to be leveraged by WAF. | false |
Gateway.spec.wasmPlugins[index]
| Name | Type | Description | Required |
|---|---|---|---|
| config | object | Configuration parameters sent to the WASM plugin execution. | false |
| fqn | string | Fqn of the extension to be executed. | false |
| match | []object | Specifies the criteria to determine which traffic is passed to WasmExtension. | false |
Gateway.spec.wasmPlugins[index].match[index]
| Name | Type | Description | Required |
|---|---|---|---|
| mode | enum | Criteria for selecting traffic by their direction. Enum: UNDEFINED, CLIENT, SERVER, CLIENT_AND_SERVER | false |
| ports | []object | Criteria for selecting traffic by their destination port. | false |
Gateway.spec.wasmPlugins[index].match[index].ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| number | integer | Minimum: 0 | false |
Gateway.spec.workloadSelector
| Name | Type | Description | Required |
|---|---|---|---|
| labels | map[string]string | false | |
| namespace | string | The namespace where the workload resides. | false |
Group
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | gateway.tsb.tetrate.io/v2 | true |
| kind | string | Group | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object | false | |
| status | object | false |
Group.spec
| Name | Type | Description | Required |
|---|---|---|---|
| configGenerationMetadata | object | Default metadata values that will be propagated to the children Istio generated configurations. | false |
| configMode | enum | Enum: BRIDGED, DIRECT | false |
| deletionProtectionEnabled | boolean | When set, prevents the resource from being deleted. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
| namespaceSelector | object | Set of namespaces owned exclusively by this group. | false |
Group.spec.configGenerationMetadata
Default metadata values that will be propagated to the children Istio generated configurations.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Set of key value paris that will be added into the | false |
| labels | map[string]string | Set of key value paris that will be added into the | false |
Group.spec.namespaceSelector
Set of namespaces owned exclusively by this group.
| Name | Type | Description | Required |
|---|---|---|---|
| names | []string | false |
IngressGateway
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | gateway.tsb.tetrate.io/v2 | true |
| kind | string | IngressGateway | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object |
| false |
| status | object | false |
IngressGateway.spec
IngressGateway configures a workload to act as an ingress gateway into the mesh.
| Name | Type | Description | Required |
|---|---|---|---|
| configGenerationMetadata | object | Metadata values that will be add into the Istio generated configurations. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| extension | []object | false | |
| fqn | string | Fully-qualified name of the resource. | false |
| http | []object | One or more HTTP or HTTPS servers exposed by the gateway. | false |
| tcp | []object | false | |
| tlsPassthrough | []object | One or more TLS servers exposed by the gateway. | false |
| waf | object | WAF settings to be enabled for traffic passing through the HttpServer. | false |
| workloadSelector | object | false |
IngressGateway.spec.configGenerationMetadata
Metadata values that will be add into the Istio generated configurations.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Set of key value paris that will be added into the | false |
| labels | map[string]string | Set of key value paris that will be added into the | false |
IngressGateway.spec.extension[index]
| Name | Type | Description | Required |
|---|---|---|---|
| config | object | Configuration parameters sent to the WASM plugin execution. | false |
| fqn | string | Fqn of the extension to be executed. | false |
| match | []object | Specifies the criteria to determine which traffic is passed to WasmExtension. | false |
IngressGateway.spec.extension[index].match[index]
| Name | Type | Description | Required |
|---|---|---|---|
| mode | enum | Criteria for selecting traffic by their direction. Enum: UNDEFINED, CLIENT, SERVER, CLIENT_AND_SERVER | false |
| ports | []object | Criteria for selecting traffic by their destination port. | false |
IngressGateway.spec.extension[index].match[index].ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| number | integer | Minimum: 0 | false |
IngressGateway.spec.http[index]
| Name | Type | Description | Required |
|---|---|---|---|
| authentication | object | Configuration to authenticate clients. | false |
| authorization | object | Configuration to authorize a request. | false |
| hostname | string | Hostname with which the service can be expected to be accessed by clients. | false |
| name | string | A name assigned to the server. | false |
| port | integer | The port where the server is exposed. Minimum: 0 | false |
| rateLimiting | object | Configuration for rate limiting requests. | false |
| routing | object | Routing rules associated with HTTP traffic to this service. | false |
| tls | object | TLS certificate info. | false |
| xxxOldAuthentication | object | false | |
| xxxOldAuthorization | object | false |
IngressGateway.spec.http[index].authentication
Configuration to authenticate clients.
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | Authenticate an HTTP request from a JWT Token attached to it. | false |
| rules | object | List of rules how to authenticate an HTTP request. | false |
IngressGateway.spec.http[index].authentication.jwt
Authenticate an HTTP request from a JWT Token attached to it.
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| fromHeaders | []object | This field specifies the locations to extract JWT token. | false |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false | |
| outputClaimToHeaders | []object | This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. | false |
| outputPayloadToHeader | string | false |
IngressGateway.spec.http[index].authentication.jwt.fromHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | The HTTP header name. | false |
| prefix | string | The prefix that should be stripped before decoding the token. | false |
IngressGateway.spec.http[index].authentication.jwt.outputClaimToHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| claim | string | The name of the claim to be copied from. | false |
| header | string | The name of the header to be created. | false |
IngressGateway.spec.http[index].authentication.rules
List of rules how to authenticate an HTTP request.
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | []object | List of rules how to authenticate an HTTP request from a JWT Token attached to it. | false |
IngressGateway.spec.http[index].authentication.rules.jwt[index]
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| fromHeaders | []object | This field specifies the locations to extract JWT token. | false |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false | |
| outputClaimToHeaders | []object | This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. | false |
| outputPayloadToHeader | string | false |
IngressGateway.spec.http[index].authentication.rules.jwt[index].fromHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | The HTTP header name. | false |
| prefix | string | The prefix that should be stripped before decoding the token. | false |
IngressGateway.spec.http[index].authentication.rules.jwt[index].outputClaimToHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| claim | string | The name of the claim to be copied from. | false |
| header | string | The name of the header to be created. | false |
IngressGateway.spec.http[index].authorization
Configuration to authorize a request.
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| local | object | false |
IngressGateway.spec.http[index].authorization.external
| Name | Type | Description | Required |
|---|---|---|---|
| includeRequestHeaders | []string | false | |
| tls | object | false | |
| uri | string | false |
IngressGateway.spec.http[index].authorization.external.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
IngressGateway.spec.http[index].authorization.external.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
IngressGateway.spec.http[index].authorization.local
| Name | Type | Description | Required |
|---|---|---|---|
| rules | []object | false |
IngressGateway.spec.http[index].authorization.local.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | []object | false | |
| name | string | A friendly name to identify the binding. | false |
| to | []object | false |
IngressGateway.spec.http[index].authorization.local.rules[index].from[index]
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | JWT configuration to identity the subject. | false |
IngressGateway.spec.http[index].authorization.local.rules[index].from[index].jwt
JWT configuration to identity the subject.
| Name | Type | Description | Required |
|---|---|---|---|
| iss | string | false | |
| other | map[string]string | A set of arbitrary claims that are required to qualify the subject. | false |
| sub | string | false |
IngressGateway.spec.http[index].authorization.local.rules[index].to[index]
| Name | Type | Description | Required |
|---|---|---|---|
| methods | []string | The HTTP methods that are allowed by this rule. | false |
| paths | []string | The request path where the request is made against. | false |
IngressGateway.spec.http[index].rateLimiting
Configuration for rate limiting requests.
| Name | Type | Description | Required |
|---|---|---|---|
| externalService | object | Configure ratelimiting using an external ratelimit server. | false |
| settings | object | false |
IngressGateway.spec.http[index].rateLimiting.externalService
Configure ratelimiting using an external ratelimit server.
| Name | Type | Description | Required |
|---|---|---|---|
| domain | string | The rate limit domain to use when calling the rate limit service. | false |
| failClosed | boolean | false | |
| rateLimitServerUri | string | The URI at which the external rate limit server can be reached. | false |
| rules | []object | A set of rate limit rules. | false |
| timeout | string | The timeout in seconds for the external rate limit server RPC. | false |
| tls | object | false |
IngressGateway.spec.http[index].rateLimiting.externalService.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| dimensions | []object | A list of dimensions that are to be applied for this rate limit configuration. | false |
IngressGateway.spec.http[index].rateLimiting.externalService.rules[index].dimensions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| destinationCluster | object | Rate limit on destination envoy cluster. | false |
| headerValueMatch | object | Rate limit on the existence of certain request headers. | false |
| remoteAddress | object | Rate limit on remote address of client. | false |
| requestHeaders | object | Rate limit on the value of certain request headers. | false |
| sourceCluster | object | Rate limit on source envoy cluster. | false |
IngressGateway.spec.http[index].rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch
Rate limit on the existence of certain request headers.
| Name | Type | Description | Required |
|---|---|---|---|
| descriptorValue | string | The value to use in the descriptor entry. | false |
| headers | map[string]object | false |
IngressGateway.spec.http[index].rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch.headers[key]
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
IngressGateway.spec.http[index].rateLimiting.externalService.rules[index].dimensions[index].requestHeaders
Rate limit on the value of certain request headers.
| Name | Type | Description | Required |
|---|---|---|---|
| descriptorKey | string | The key to use in the descriptor entry. | false |
| headerName | string | The header name to be queried from the request headers. | false |
IngressGateway.spec.http[index].rateLimiting.externalService.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
IngressGateway.spec.http[index].rateLimiting.externalService.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
IngressGateway.spec.http[index].rateLimiting.settings
| Name | Type | Description | Required |
|---|---|---|---|
| failClosed | boolean | false | |
| rules | []object | A list of rules for ratelimiting. | false |
| timeout | string | The timeout in seconds for the rate limit server RPC. | false |
IngressGateway.spec.http[index].rateLimiting.settings.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| dimensions | []object | A list of dimensions to define each ratelimit rule. | false |
| limit | object | The ratelimit value that will be configured for the above rules. | false |
IngressGateway.spec.http[index].rateLimiting.settings.rules[index].dimensions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| header | object | Rate limit on certain HTTP headers. | false |
| remoteAddress | object | Rate limit on the remote address of client. | false |
IngressGateway.spec.http[index].rateLimiting.settings.rules[index].dimensions[index].header
Rate limit on certain HTTP headers.
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the header to match on. | false |
| value | object | Value of the header to match on if matching on a specific value. | false |
IngressGateway.spec.http[index].rateLimiting.settings.rules[index].dimensions[index].header.value
Value of the header to match on if matching on a specific value.
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
IngressGateway.spec.http[index].rateLimiting.settings.rules[index].dimensions[index].remoteAddress
Rate limit on the remote address of client.
| Name | Type | Description | Required |
|---|---|---|---|
| value | string | Ratelimit on a specific remote address. | false |
IngressGateway.spec.http[index].rateLimiting.settings.rules[index].limit
The ratelimit value that will be configured for the above rules.
| Name | Type | Description | Required |
|---|---|---|---|
| requestsPerUnit | integer | Specifies the value of the rate limit. Minimum: 0 | false |
| unit | enum | Specifies the unit of time for rate limit. Enum: UNKNOWN, SECOND, MINUTE, HOUR, DAY | false |
IngressGateway.spec.http[index].routing
Routing rules associated with HTTP traffic to this service.
| Name | Type | Description | Required |
|---|---|---|---|
| corsPolicy | object | Cross origin resource request policy settings for all routes. | false |
| rules | []object | HTTP routes. | false |
IngressGateway.spec.http[index].routing.corsPolicy
Cross origin resource request policy settings for all routes.
| Name | Type | Description | Required |
|---|---|---|---|
| allowCredentials | boolean | false | |
| allowHeaders | []string | List of HTTP headers that can be used when requesting the resource. | false |
| allowMethods | []string | List of HTTP methods allowed to access the resource. | false |
| allowOrigin | []string | The list of origins that are allowed to perform CORS requests. | false |
| exposeHeaders | []string | A white list of HTTP headers that the browsers are allowed to access. | false |
| maxAge | string | Specifies how long the results of a preflight request can be cached. | false |
IngressGateway.spec.http[index].routing.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| match | []object | One or more match conditions (OR-ed). | false |
| modify | object | One or more mutations to be performed before forwarding. | false |
| redirect | object | Redirect the request to a different host or URL or both. | false |
| route | object | Forward the request to the specified destination(s). | false |
IngressGateway.spec.http[index].routing.rules[index].match[index]
| Name | Type | Description | Required |
|---|---|---|---|
| headers | map[string]object | The header keys must be lowercase and use hyphen as the separator, e.g. | false |
| uri | object | URI to match. | false |
IngressGateway.spec.http[index].routing.rules[index].match[index].headers[key]
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
IngressGateway.spec.http[index].routing.rules[index].match[index].uri
URI to match.
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
IngressGateway.spec.http[index].routing.rules[index].modify
One or more mutations to be performed before forwarding.
| Name | Type | Description | Required |
|---|---|---|---|
| headers | object | Add/remove/overwrite one or more HTTP headers in a request or response. | false |
| rewrite | object | Rewrite the HTTP Host or URL or both. | false |
IngressGateway.spec.http[index].routing.rules[index].modify.headers
Add/remove/overwrite one or more HTTP headers in a request or response.
| Name | Type | Description | Required |
|---|---|---|---|
| request | object | Header manipulation rules to apply before forwarding a request to the destination service. | false |
| response | object | Header manipulation rules to apply before returning a response to the caller. | false |
IngressGateway.spec.http[index].routing.rules[index].modify.headers.request
Header manipulation rules to apply before forwarding a request to the destination service.
| Name | Type | Description | Required |
|---|---|---|---|
| add | map[string]string | false | |
| remove | []string | Remove a the specified headers. | false |
| set | map[string]string | Overwrite the headers specified by key with the given values. | false |
IngressGateway.spec.http[index].routing.rules[index].modify.headers.response
Header manipulation rules to apply before returning a response to the caller.
| Name | Type | Description | Required |
|---|---|---|---|
| add | map[string]string | false | |
| remove | []string | Remove a the specified headers. | false |
| set | map[string]string | Overwrite the headers specified by key with the given values. | false |
IngressGateway.spec.http[index].routing.rules[index].modify.rewrite
Rewrite the HTTP Host or URL or both.
| Name | Type | Description | Required |
|---|---|---|---|
| authority | string | Rewrite the Authority/Host header with this value. | false |
| uri | string | Rewrite the path (or the prefix) portion of the URI with this value. | false |
IngressGateway.spec.http[index].routing.rules[index].redirect
Redirect the request to a different host or URL or both.
| Name | Type | Description | Required |
|---|---|---|---|
| authority | string | On a redirect, overwrite the Authority/Host portion of the URL with this value. | false |
| port | integer | Minimum: 0 | false |
| redirectCode | integer | Minimum: 0 | false |
| scheme | string | On a redirect, overwrite the scheme with this one. | false |
| uri | string | On a redirect, overwrite the Path portion of the URL with this value. | false |
IngressGateway.spec.http[index].routing.rules[index].route
Forward the request to the specified destination(s).
| Name | Type | Description | Required |
|---|---|---|---|
| host | string | false | |
| port | integer | The port on the service to forward the request to. Minimum: 0 | false |
IngressGateway.spec.http[index].tls
TLS certificate info.
| Name | Type | Description | Required |
|---|---|---|---|
| cipherSuites | []string | List of cipher suites to be used for TLS connections. | false |
| files | object | false | |
| maxProtocolVersion | enum | Set the maximum supported TLS protocol version. Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 | false |
| minProtocolVersion | enum | Set the minimum supported TLS protocol version. Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | false | |
| subjectAltNames | []string | false |
IngressGateway.spec.http[index].tls.files
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| privateKey | string | false | |
| serverCertificate | string | false |
IngressGateway.spec.http[index].xxxOldAuthentication
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | false |
IngressGateway.spec.http[index].xxxOldAuthentication.jwt
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false |
IngressGateway.spec.http[index].xxxOldAuthorization
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| local | object | false |
IngressGateway.spec.http[index].xxxOldAuthorization.external
| Name | Type | Description | Required |
|---|---|---|---|
| includeRequestHeaders | []string | false | |
| uri | string | false |
IngressGateway.spec.http[index].xxxOldAuthorization.local
| Name | Type | Description | Required |
|---|---|---|---|
| rules | []object | false |
IngressGateway.spec.http[index].xxxOldAuthorization.local.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | []object | false | |
| name | string | A friendly name to identify the binding. | false |
| to | []object | false |
IngressGateway.spec.http[index].xxxOldAuthorization.local.rules[index].from[index]
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | JWT configuration to identity the subject. | false |
IngressGateway.spec.http[index].xxxOldAuthorization.local.rules[index].from[index].jwt
JWT configuration to identity the subject.
| Name | Type | Description | Required |
|---|---|---|---|
| iss | string | false | |
| other | map[string]string | A set of arbitrary claims that are required to qualify the subject. | false |
| sub | string | false |
IngressGateway.spec.http[index].xxxOldAuthorization.local.rules[index].to[index]
| Name | Type | Description | Required |
|---|---|---|---|
| methods | []string | The HTTP methods that are allowed by this rule. | false |
| paths | []string | The request path where the request is made against. | false |
IngressGateway.spec.tcp[index]
| Name | Type | Description | Required |
|---|---|---|---|
| hostname | string | Hostname to identify the service. | false |
| name | string | A name assigned to the server. | false |
| port | integer | The port where the server is exposed. Minimum: 0 | false |
| route | object | Forward the connection to the specified destination. | false |
| tls | object | false |
IngressGateway.spec.tcp[index].route
Forward the connection to the specified destination.
| Name | Type | Description | Required |
|---|---|---|---|
| host | string | false | |
| port | integer | The port on the service to forward the request to. Minimum: 0 | false |
IngressGateway.spec.tcp[index].tls
| Name | Type | Description | Required |
|---|---|---|---|
| cipherSuites | []string | List of cipher suites to be used for TLS connections. | false |
| files | object | false | |
| maxProtocolVersion | enum | Set the maximum supported TLS protocol version. Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 | false |
| minProtocolVersion | enum | Set the minimum supported TLS protocol version. Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | false | |
| subjectAltNames | []string | false |
IngressGateway.spec.tcp[index].tls.files
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| privateKey | string | false | |
| serverCertificate | string | false |
IngressGateway.spec.tlsPassthrough[index]
| Name | Type | Description | Required |
|---|---|---|---|
| hostname | string | Hostname with which the service can be expected to be accessed by clients. | false |
| name | string | A name assigned to the server. | false |
| port | integer | The port where the server is exposed. Minimum: 0 | false |
| route | object | Forward the connection to the specified destination. | false |
IngressGateway.spec.tlsPassthrough[index].route
Forward the connection to the specified destination.
| Name | Type | Description | Required |
|---|---|---|---|
| host | string | false | |
| port | integer | The port on the service to forward the request to. Minimum: 0 | false |
IngressGateway.spec.waf
WAF settings to be enabled for traffic passing through the HttpServer.
| Name | Type | Description | Required |
|---|---|---|---|
| rules | []string | Rules to be leveraged by WAF. | false |
IngressGateway.spec.workloadSelector
| Name | Type | Description | Required |
|---|---|---|---|
| labels | map[string]string | false | |
| namespace | string | The namespace where the workload resides. | false |
Tier1Gateway
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | gateway.tsb.tetrate.io/v2 | true |
| kind | string | Tier1Gateway | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object |
| false |
| status | object | false |
Tier1Gateway.spec
Tier1Gateway configures a workload to act as a tier1 gateway into the mesh.
| Name | Type | Description | Required |
|---|---|---|---|
| configGenerationMetadata | object | Metadata values that will be add into the Istio generated configurations. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| extension | []object | false | |
| externalServers | []object | One or more servers exposed by the gateway externally. | false |
| fqn | string | Fully-qualified name of the resource. | false |
| internalServers | []object | One or more servers exposed by the gateway internally for cross cluster forwarding. | false |
| passthroughServers | []object | One or more tls passthrough servers exposed by the gateway externally. | false |
| tcpExternalServers | []object | One or more tcp servers exposed by the gateway externally. | false |
| tcpInternalServers | []object | One or more tcp servers exposed by the gateway for mesh internal traffic. | false |
| waf | object | WAF settings to be enabled for traffic passing through this Tier1 gateway. | false |
| workloadSelector | object | false |
Tier1Gateway.spec.configGenerationMetadata
Metadata values that will be add into the Istio generated configurations.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Set of key value paris that will be added into the | false |
| labels | map[string]string | Set of key value paris that will be added into the | false |
Tier1Gateway.spec.extension[index]
| Name | Type | Description | Required |
|---|---|---|---|
| config | object | Configuration parameters sent to the WASM plugin execution. | false |
| fqn | string | Fqn of the extension to be executed. | false |
| match | []object | Specifies the criteria to determine which traffic is passed to WasmExtension. | false |
Tier1Gateway.spec.extension[index].match[index]
| Name | Type | Description | Required |
|---|---|---|---|
| mode | enum | Criteria for selecting traffic by their direction. Enum: UNDEFINED, CLIENT, SERVER, CLIENT_AND_SERVER | false |
| ports | []object | Criteria for selecting traffic by their destination port. | false |
Tier1Gateway.spec.extension[index].match[index].ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| number | integer | Minimum: 0 | false |
Tier1Gateway.spec.externalServers[index]
| Name | Type | Description | Required |
|---|---|---|---|
| authentication | object | false | |
| authorization | object | Authorization is used to configure authorization of end users. | false |
| clusters | []object | false | |
| hostname | string | false | |
| name | string | A name assigned to the server. | false |
| port | integer | The port where the server is exposed. Minimum: 0 | false |
| rateLimiting | object | Configuration for rate limiting requests. | false |
| redirect | object | Redirect allows configuring HTTP redirect. | false |
| tls | object | TLS certificate info. | false |
Tier1Gateway.spec.externalServers[index].authentication
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | Authenticate an HTTP request from a JWT Token attached to it. | false |
| rules | object | List of rules how to authenticate an HTTP request. | false |
Tier1Gateway.spec.externalServers[index].authentication.jwt
Authenticate an HTTP request from a JWT Token attached to it.
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| fromHeaders | []object | This field specifies the locations to extract JWT token. | false |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false | |
| outputClaimToHeaders | []object | This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. | false |
| outputPayloadToHeader | string | false |
Tier1Gateway.spec.externalServers[index].authentication.jwt.fromHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | The HTTP header name. | false |
| prefix | string | The prefix that should be stripped before decoding the token. | false |
Tier1Gateway.spec.externalServers[index].authentication.jwt.outputClaimToHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| claim | string | The name of the claim to be copied from. | false |
| header | string | The name of the header to be created. | false |
Tier1Gateway.spec.externalServers[index].authentication.rules
List of rules how to authenticate an HTTP request.
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | []object | List of rules how to authenticate an HTTP request from a JWT Token attached to it. | false |
Tier1Gateway.spec.externalServers[index].authentication.rules.jwt[index]
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| fromHeaders | []object | This field specifies the locations to extract JWT token. | false |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false | |
| outputClaimToHeaders | []object | This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. | false |
| outputPayloadToHeader | string | false |
Tier1Gateway.spec.externalServers[index].authentication.rules.jwt[index].fromHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | The HTTP header name. | false |
| prefix | string | The prefix that should be stripped before decoding the token. | false |
Tier1Gateway.spec.externalServers[index].authentication.rules.jwt[index].outputClaimToHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| claim | string | The name of the claim to be copied from. | false |
| header | string | The name of the header to be created. | false |
Tier1Gateway.spec.externalServers[index].authorization
Authorization is used to configure authorization of end users.
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| local | object | false |
Tier1Gateway.spec.externalServers[index].authorization.external
| Name | Type | Description | Required |
|---|---|---|---|
| includeRequestHeaders | []string | false | |
| tls | object | false | |
| uri | string | false |
Tier1Gateway.spec.externalServers[index].authorization.external.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
Tier1Gateway.spec.externalServers[index].authorization.external.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
Tier1Gateway.spec.externalServers[index].authorization.local
| Name | Type | Description | Required |
|---|---|---|---|
| rules | []object | false |
Tier1Gateway.spec.externalServers[index].authorization.local.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | []object | false | |
| name | string | A friendly name to identify the binding. | false |
| to | []object | false |
Tier1Gateway.spec.externalServers[index].authorization.local.rules[index].from[index]
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | JWT configuration to identity the subject. | false |
Tier1Gateway.spec.externalServers[index].authorization.local.rules[index].from[index].jwt
JWT configuration to identity the subject.
| Name | Type | Description | Required |
|---|---|---|---|
| iss | string | false | |
| other | map[string]string | A set of arbitrary claims that are required to qualify the subject. | false |
| sub | string | false |
Tier1Gateway.spec.externalServers[index].authorization.local.rules[index].to[index]
| Name | Type | Description | Required |
|---|---|---|---|
| methods | []string | The HTTP methods that are allowed by this rule. | false |
| paths | []string | The request path where the request is made against. | false |
Tier1Gateway.spec.externalServers[index].clusters[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labels | map[string]string | Labels associated with the cluster. | false |
| name | string | The name of the destination cluster. | false |
| network | string | The network associated with the destination clusters. | false |
| weight | integer | The weight for traffic to a given destination. Minimum: 0 | false |
Tier1Gateway.spec.externalServers[index].rateLimiting
Configuration for rate limiting requests.
| Name | Type | Description | Required |
|---|---|---|---|
| externalService | object | Configure ratelimiting using an external ratelimit server. | false |
| settings | object | false |
Tier1Gateway.spec.externalServers[index].rateLimiting.externalService
Configure ratelimiting using an external ratelimit server.
| Name | Type | Description | Required |
|---|---|---|---|
| domain | string | The rate limit domain to use when calling the rate limit service. | false |
| failClosed | boolean | false | |
| rateLimitServerUri | string | The URI at which the external rate limit server can be reached. | false |
| rules | []object | A set of rate limit rules. | false |
| timeout | string | The timeout in seconds for the external rate limit server RPC. | false |
| tls | object | false |
Tier1Gateway.spec.externalServers[index].rateLimiting.externalService.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| dimensions | []object | A list of dimensions that are to be applied for this rate limit configuration. | false |
Tier1Gateway.spec.externalServers[index].rateLimiting.externalService.rules[index].dimensions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| destinationCluster | object | Rate limit on destination envoy cluster. | false |
| headerValueMatch | object | Rate limit on the existence of certain request headers. | false |
| remoteAddress | object | Rate limit on remote address of client. | false |
| requestHeaders | object | Rate limit on the value of certain request headers. | false |
| sourceCluster | object | Rate limit on source envoy cluster. | false |
Tier1Gateway.spec.externalServers[index].rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch
Rate limit on the existence of certain request headers.
| Name | Type | Description | Required |
|---|---|---|---|
| descriptorValue | string | The value to use in the descriptor entry. | false |
| headers | map[string]object | false |
Tier1Gateway.spec.externalServers[index].rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch.headers[key]
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
Tier1Gateway.spec.externalServers[index].rateLimiting.externalService.rules[index].dimensions[index].requestHeaders
Rate limit on the value of certain request headers.
| Name | Type | Description | Required |
|---|---|---|---|
| descriptorKey | string | The key to use in the descriptor entry. | false |
| headerName | string | The header name to be queried from the request headers. | false |
Tier1Gateway.spec.externalServers[index].rateLimiting.externalService.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
Tier1Gateway.spec.externalServers[index].rateLimiting.externalService.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
Tier1Gateway.spec.externalServers[index].rateLimiting.settings
| Name | Type | Description | Required |
|---|---|---|---|
| failClosed | boolean | false | |
| rules | []object | A list of rules for ratelimiting. | false |
| timeout | string | The timeout in seconds for the rate limit server RPC. | false |
Tier1Gateway.spec.externalServers[index].rateLimiting.settings.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| dimensions | []object | A list of dimensions to define each ratelimit rule. | false |
| limit | object | The ratelimit value that will be configured for the above rules. | false |
Tier1Gateway.spec.externalServers[index].rateLimiting.settings.rules[index].dimensions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| header | object | Rate limit on certain HTTP headers. | false |
| remoteAddress | object | Rate limit on the remote address of client. | false |
Tier1Gateway.spec.externalServers[index].rateLimiting.settings.rules[index].dimensions[index].header
Rate limit on certain HTTP headers.
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the header to match on. | false |
| value | object | Value of the header to match on if matching on a specific value. | false |
Tier1Gateway.spec.externalServers[index].rateLimiting.settings.rules[index].dimensions[index].header.value
Value of the header to match on if matching on a specific value.
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
Tier1Gateway.spec.externalServers[index].rateLimiting.settings.rules[index].dimensions[index].remoteAddress
Rate limit on the remote address of client.
| Name | Type | Description | Required |
|---|---|---|---|
| value | string | Ratelimit on a specific remote address. | false |
Tier1Gateway.spec.externalServers[index].rateLimiting.settings.rules[index].limit
The ratelimit value that will be configured for the above rules.
| Name | Type | Description | Required |
|---|---|---|---|
| requestsPerUnit | integer | Specifies the value of the rate limit. Minimum: 0 | false |
| unit | enum | Specifies the unit of time for rate limit. Enum: UNKNOWN, SECOND, MINUTE, HOUR, DAY | false |
Tier1Gateway.spec.externalServers[index].redirect
Redirect allows configuring HTTP redirect.
| Name | Type | Description | Required |
|---|---|---|---|
| authority | string | On a redirect, overwrite the Authority/Host portion of the URL with this value. | false |
| port | integer | Minimum: 0 | false |
| redirectCode | integer | Minimum: 0 | false |
| scheme | string | On a redirect, overwrite the scheme with this one. | false |
| uri | string | On a redirect, overwrite the Path portion of the URL with this value. | false |
Tier1Gateway.spec.externalServers[index].tls
TLS certificate info.
| Name | Type | Description | Required |
|---|---|---|---|
| cipherSuites | []string | List of cipher suites to be used for TLS connections. | false |
| files | object | false | |
| maxProtocolVersion | enum | Set the maximum supported TLS protocol version. Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 | false |
| minProtocolVersion | enum | Set the minimum supported TLS protocol version. Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | false | |
| subjectAltNames | []string | false |
Tier1Gateway.spec.externalServers[index].tls.files
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| privateKey | string | false | |
| serverCertificate | string | false |
Tier1Gateway.spec.internalServers[index]
| Name | Type | Description | Required |
|---|---|---|---|
| authentication | object | false | |
| authorization | object | Authorization is used to configure authorization of end user and traffic. | false |
| clusters | []object | false | |
| hostname | string | false | |
| name | string | A name assigned to the server. | false |
Tier1Gateway.spec.internalServers[index].authentication
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | Authenticate an HTTP request from a JWT Token attached to it. | false |
| rules | object | List of rules how to authenticate an HTTP request. | false |
Tier1Gateway.spec.internalServers[index].authentication.jwt
Authenticate an HTTP request from a JWT Token attached to it.
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| fromHeaders | []object | This field specifies the locations to extract JWT token. | false |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false | |
| outputClaimToHeaders | []object | This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. | false |
| outputPayloadToHeader | string | false |
Tier1Gateway.spec.internalServers[index].authentication.jwt.fromHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | The HTTP header name. | false |
| prefix | string | The prefix that should be stripped before decoding the token. | false |
Tier1Gateway.spec.internalServers[index].authentication.jwt.outputClaimToHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| claim | string | The name of the claim to be copied from. | false |
| header | string | The name of the header to be created. | false |
Tier1Gateway.spec.internalServers[index].authentication.rules
List of rules how to authenticate an HTTP request.
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | []object | List of rules how to authenticate an HTTP request from a JWT Token attached to it. | false |
Tier1Gateway.spec.internalServers[index].authentication.rules.jwt[index]
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| fromHeaders | []object | This field specifies the locations to extract JWT token. | false |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false | |
| outputClaimToHeaders | []object | This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. | false |
| outputPayloadToHeader | string | false |
Tier1Gateway.spec.internalServers[index].authentication.rules.jwt[index].fromHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | The HTTP header name. | false |
| prefix | string | The prefix that should be stripped before decoding the token. | false |
Tier1Gateway.spec.internalServers[index].authentication.rules.jwt[index].outputClaimToHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| claim | string | The name of the claim to be copied from. | false |
| header | string | The name of the header to be created. | false |
Tier1Gateway.spec.internalServers[index].authorization
Authorization is used to configure authorization of end user and traffic.
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| local | object | false |
Tier1Gateway.spec.internalServers[index].authorization.external
| Name | Type | Description | Required |
|---|---|---|---|
| includeRequestHeaders | []string | false | |
| tls | object | false | |
| uri | string | false |
Tier1Gateway.spec.internalServers[index].authorization.external.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
Tier1Gateway.spec.internalServers[index].authorization.external.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
Tier1Gateway.spec.internalServers[index].authorization.local
| Name | Type | Description | Required |
|---|---|---|---|
| rules | []object | false |
Tier1Gateway.spec.internalServers[index].authorization.local.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | []object | false | |
| name | string | A friendly name to identify the binding. | false |
| to | []object | false |
Tier1Gateway.spec.internalServers[index].authorization.local.rules[index].from[index]
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | JWT configuration to identity the subject. | false |
Tier1Gateway.spec.internalServers[index].authorization.local.rules[index].from[index].jwt
JWT configuration to identity the subject.
| Name | Type | Description | Required |
|---|---|---|---|
| iss | string | false | |
| other | map[string]string | A set of arbitrary claims that are required to qualify the subject. | false |
| sub | string | false |
Tier1Gateway.spec.internalServers[index].authorization.local.rules[index].to[index]
| Name | Type | Description | Required |
|---|---|---|---|
| methods | []string | The HTTP methods that are allowed by this rule. | false |
| paths | []string | The request path where the request is made against. | false |
Tier1Gateway.spec.internalServers[index].clusters[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labels | map[string]string | Labels associated with the cluster. | false |
| name | string | The name of the destination cluster. | false |
| network | string | The network associated with the destination clusters. | false |
| weight | integer | The weight for traffic to a given destination. Minimum: 0 | false |
Tier1Gateway.spec.passthroughServers[index]
| Name | Type | Description | Required |
|---|---|---|---|
| clusters | []object | false | |
| hostname | string | false | |
| name | string | A name assigned to the server. | false |
| port | integer | The port where the server is exposed. Minimum: 0 | false |
Tier1Gateway.spec.passthroughServers[index].clusters[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labels | map[string]string | Labels associated with the cluster. | false |
| name | string | The name of the destination cluster. | false |
| network | string | The network associated with the destination clusters. | false |
| weight | integer | The weight for traffic to a given destination. Minimum: 0 | false |
Tier1Gateway.spec.tcpExternalServers[index]
| Name | Type | Description | Required |
|---|---|---|---|
| clusters | []object | The destination clusters contain ingress gateways exposing the service. | false |
| hostname | string | false | |
| name | string | A name assigned to the server. | false |
| port | integer | The port where the server is exposed. Minimum: 0 | false |
| tls | object | TLS certificate information to terminate TLS. | false |
Tier1Gateway.spec.tcpExternalServers[index].clusters[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labels | map[string]string | Labels associated with the cluster. | false |
| name | string | The name of the destination cluster. | false |
| network | string | The network associated with the destination clusters. | false |
| weight | integer | The weight for traffic to a given destination. Minimum: 0 | false |
Tier1Gateway.spec.tcpExternalServers[index].tls
TLS certificate information to terminate TLS.
| Name | Type | Description | Required |
|---|---|---|---|
| cipherSuites | []string | List of cipher suites to be used for TLS connections. | false |
| files | object | false | |
| maxProtocolVersion | enum | Set the maximum supported TLS protocol version. Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 | false |
| minProtocolVersion | enum | Set the minimum supported TLS protocol version. Enum: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | false | |
| subjectAltNames | []string | false |
Tier1Gateway.spec.tcpExternalServers[index].tls.files
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| privateKey | string | false | |
| serverCertificate | string | false |
Tier1Gateway.spec.tcpInternalServers[index]
| Name | Type | Description | Required |
|---|---|---|---|
| clusters | []object | The destination clusters contain ingress gateways exposing the service. | false |
| hostname | string | The name of the service used. | false |
| name | string | A name assigned to the server. | false |
Tier1Gateway.spec.tcpInternalServers[index].clusters[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labels | map[string]string | Labels associated with the cluster. | false |
| name | string | The name of the destination cluster. | false |
| network | string | The network associated with the destination clusters. | false |
| weight | integer | The weight for traffic to a given destination. Minimum: 0 | false |
Tier1Gateway.spec.waf
WAF settings to be enabled for traffic passing through this Tier1 gateway.
| Name | Type | Description | Required |
|---|---|---|---|
| rules | []string | Rules to be leveraged by WAF. | false |
Tier1Gateway.spec.workloadSelector
| Name | Type | Description | Required |
|---|---|---|---|
| labels | map[string]string | false | |
| namespace | string | The namespace where the workload resides. | false |
istiointernal.tsb.tetrate.io/v2
Resource Types:
Group
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | istiointernal.tsb.tetrate.io/v2 | true |
| kind | string | Group | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object | false | |
| status | object | false |
Group.spec
| Name | Type | Description | Required |
|---|---|---|---|
| configGenerationMetadata | object | Default metadata values that will be propagated to the children Istio generated configurations. | false |
| deletionProtectionEnabled | boolean | When set, prevents the resource from being deleted. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
| namespaceSelector | object | Set of namespaces owned exclusively by this group. | false |
Group.spec.configGenerationMetadata
Default metadata values that will be propagated to the children Istio generated configurations.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Set of key value paris that will be added into the | false |
| labels | map[string]string | Set of key value paris that will be added into the | false |
Group.spec.namespaceSelector
Set of namespaces owned exclusively by this group.
| Name | Type | Description | Required |
|---|---|---|---|
| names | []string | false |
rbac.tsb.tetrate.io/v2
Resource Types:
APIAccessBindings
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | rbac.tsb.tetrate.io/v2 | true |
| kind | string | APIAccessBindings | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object |
| false |
| status | object | false |
APIAccessBindings.spec
APIAccessBindings assigns permissions to users of APIs.
| Name | Type | Description | Required |
|---|---|---|---|
| allow | []object | false | |
| description | string | A description of the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
APIAccessBindings.spec.allow[index]
| Name | Type | Description | Required |
|---|---|---|---|
| role | string | false | |
| subjects | []object | false |
APIAccessBindings.spec.allow[index].subjects[index]
| Name | Type | Description | Required |
|---|---|---|---|
| serviceAccount | string | A service account in TSB. | false |
| team | string | A team in TSB, created through LDAP sync or API. | false |
| user | string | A user in TSB, created through LDAP sync or API. | false |
AccessBindings
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | rbac.tsb.tetrate.io/v2 | true |
| kind | string | AccessBindings | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object |
| false |
| status | object | false |
AccessBindings.spec
AccessBindings assigns permissions to users of any TSB resource.
| Name | Type | Description | Required |
|---|---|---|---|
| allow | []object | false | |
| description | string | A description of the resource. | false |
| etag | string | The etag for the resource. | false |
AccessBindings.spec.allow[index]
| Name | Type | Description | Required |
|---|---|---|---|
| role | string | false | |
| subjects | []object | false |
AccessBindings.spec.allow[index].subjects[index]
| Name | Type | Description | Required |
|---|---|---|---|
| serviceAccount | string | A service account in TSB. | false |
| team | string | A team in TSB, created through LDAP sync or API. | false |
| user | string | A user in TSB, created through LDAP sync or API. | false |
ApplicationAccessBindings
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | rbac.tsb.tetrate.io/v2 | true |
| kind | string | ApplicationAccessBindings | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object |
| false |
| status | object | false |
ApplicationAccessBindings.spec
ApplicationAccessBindings assigns permissions to users of applications.
| Name | Type | Description | Required |
|---|---|---|---|
| allow | []object | false | |
| description | string | A description of the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
ApplicationAccessBindings.spec.allow[index]
| Name | Type | Description | Required |
|---|---|---|---|
| role | string | false | |
| subjects | []object | false |
ApplicationAccessBindings.spec.allow[index].subjects[index]
| Name | Type | Description | Required |
|---|---|---|---|
| serviceAccount | string | A service account in TSB. | false |
| team | string | A team in TSB, created through LDAP sync or API. | false |
| user | string | A user in TSB, created through LDAP sync or API. | false |
GatewayAccessBindings
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | rbac.tsb.tetrate.io/v2 | true |
| kind | string | GatewayAccessBindings | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object |
| false |
| status | object | false |
GatewayAccessBindings.spec
GatewayAccessBindings assigns permissions to users of gateway groups.
| Name | Type | Description | Required |
|---|---|---|---|
| allow | []object | false | |
| description | string | A description of the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
GatewayAccessBindings.spec.allow[index]
| Name | Type | Description | Required |
|---|---|---|---|
| role | string | false | |
| subjects | []object | false |
GatewayAccessBindings.spec.allow[index].subjects[index]
| Name | Type | Description | Required |
|---|---|---|---|
| serviceAccount | string | A service account in TSB. | false |
| team | string | A team in TSB, created through LDAP sync or API. | false |
| user | string | A user in TSB, created through LDAP sync or API. | false |
IstioInternalAccessBindings
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | rbac.tsb.tetrate.io/v2 | true |
| kind | string | IstioInternalAccessBindings | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object |
| false |
| status | object | false |
IstioInternalAccessBindings.spec
IstioInternalAccessBindings assigns permissions to users of istio internal groups.
| Name | Type | Description | Required |
|---|---|---|---|
| allow | []object | false | |
| description | string | A description of the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
IstioInternalAccessBindings.spec.allow[index]
| Name | Type | Description | Required |
|---|---|---|---|
| role | string | false | |
| subjects | []object | false |
IstioInternalAccessBindings.spec.allow[index].subjects[index]
| Name | Type | Description | Required |
|---|---|---|---|
| serviceAccount | string | A service account in TSB. | false |
| team | string | A team in TSB, created through LDAP sync or API. | false |
| user | string | A user in TSB, created through LDAP sync or API. | false |
OrganizationAccessBindings
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | rbac.tsb.tetrate.io/v2 | true |
| kind | string | OrganizationAccessBindings | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object |
| false |
| status | object | false |
OrganizationAccessBindings.spec
OrganizationAccessBindings assigns permissions to users of organizations.
| Name | Type | Description | Required |
|---|---|---|---|
| allow | []object | false | |
| description | string | A description of the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
OrganizationAccessBindings.spec.allow[index]
| Name | Type | Description | Required |
|---|---|---|---|
| role | string | false | |
| subjects | []object | false |
OrganizationAccessBindings.spec.allow[index].subjects[index]
| Name | Type | Description | Required |
|---|---|---|---|
| serviceAccount | string | A service account in TSB. | false |
| team | string | A team in TSB, created through LDAP sync or API. | false |
| user | string | A user in TSB, created through LDAP sync or API. | false |
Role
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | rbac.tsb.tetrate.io/v2 | true |
| kind | string | Role | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object | false | |
| status | object | false |
Role.spec
| Name | Type | Description | Required |
|---|---|---|---|
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
| rules | []object | A set of rules that define the permissions associated with each API group. | false |
Role.spec.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| permissions | []enum | The set of actions allowed for these APIs. | false |
| types | []object | The set of API groups and the api Kinds within the group on which this rule is applicable. | false |
Role.spec.rules[index].types[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiGroup | string | A specific API group such as traffic.tsb.tetrate.io/v2. | false |
| kinds | []string | Specific kinds of APIs under the API group. | false |
SecurityAccessBindings
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | rbac.tsb.tetrate.io/v2 | true |
| kind | string | SecurityAccessBindings | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object |
| false |
| status | object | false |
SecurityAccessBindings.spec
SecurityAccessBindings assigns permissions to users of security groups.
| Name | Type | Description | Required |
|---|---|---|---|
| allow | []object | false | |
| description | string | A description of the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
SecurityAccessBindings.spec.allow[index]
| Name | Type | Description | Required |
|---|---|---|---|
| role | string | false | |
| subjects | []object | false |
SecurityAccessBindings.spec.allow[index].subjects[index]
| Name | Type | Description | Required |
|---|---|---|---|
| serviceAccount | string | A service account in TSB. | false |
| team | string | A team in TSB, created through LDAP sync or API. | false |
| user | string | A user in TSB, created through LDAP sync or API. | false |
TenantAccessBindings
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | rbac.tsb.tetrate.io/v2 | true |
| kind | string | TenantAccessBindings | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object |
| false |
| status | object | false |
TenantAccessBindings.spec
TenantAccessBindings assigns permissions to users of tenants.
| Name | Type | Description | Required |
|---|---|---|---|
| allow | []object | false | |
| description | string | A description of the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
TenantAccessBindings.spec.allow[index]
| Name | Type | Description | Required |
|---|---|---|---|
| role | string | false | |
| subjects | []object | false |
TenantAccessBindings.spec.allow[index].subjects[index]
| Name | Type | Description | Required |
|---|---|---|---|
| serviceAccount | string | A service account in TSB. | false |
| team | string | A team in TSB, created through LDAP sync or API. | false |
| user | string | A user in TSB, created through LDAP sync or API. | false |
TrafficAccessBindings
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | rbac.tsb.tetrate.io/v2 | true |
| kind | string | TrafficAccessBindings | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object |
| false |
| status | object | false |
TrafficAccessBindings.spec
TrafficAccessBindings assigns permissions to users of traffic groups.
| Name | Type | Description | Required |
|---|---|---|---|
| allow | []object | false | |
| description | string | A description of the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
TrafficAccessBindings.spec.allow[index]
| Name | Type | Description | Required |
|---|---|---|---|
| role | string | false | |
| subjects | []object | false |
TrafficAccessBindings.spec.allow[index].subjects[index]
| Name | Type | Description | Required |
|---|---|---|---|
| serviceAccount | string | A service account in TSB. | false |
| team | string | A team in TSB, created through LDAP sync or API. | false |
| user | string | A user in TSB, created through LDAP sync or API. | false |
WorkspaceAccessBindings
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | rbac.tsb.tetrate.io/v2 | true |
| kind | string | WorkspaceAccessBindings | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object |
| false |
| status | object | false |
WorkspaceAccessBindings.spec
WorkspaceAccessBindings assigns permissions to users of workspaces.
| Name | Type | Description | Required |
|---|---|---|---|
| allow | []object | false | |
| description | string | A description of the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
WorkspaceAccessBindings.spec.allow[index]
| Name | Type | Description | Required |
|---|---|---|---|
| role | string | false | |
| subjects | []object | false |
WorkspaceAccessBindings.spec.allow[index].subjects[index]
| Name | Type | Description | Required |
|---|---|---|---|
| serviceAccount | string | A service account in TSB. | false |
| team | string | A team in TSB, created through LDAP sync or API. | false |
| user | string | A user in TSB, created through LDAP sync or API. | false |
security.tsb.tetrate.io/v2
Resource Types:
Group
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | security.tsb.tetrate.io/v2 | true |
| kind | string | Group | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object | false | |
| status | object | false |
Group.spec
| Name | Type | Description | Required |
|---|---|---|---|
| configGenerationMetadata | object | Default metadata values that will be propagated to the children Istio generated configurations. | false |
| configMode | enum | Enum: BRIDGED, DIRECT | false |
| deletionProtectionEnabled | boolean | When set, prevents the resource from being deleted. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
| namespaceSelector | object | Set of namespaces owned exclusively by this group. | false |
| securityDomain | string | Security domains can be used to group different resources under the same security domain. | false |
Group.spec.configGenerationMetadata
Default metadata values that will be propagated to the children Istio generated configurations.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Set of key value paris that will be added into the | false |
| labels | map[string]string | Set of key value paris that will be added into the | false |
Group.spec.namespaceSelector
Set of namespaces owned exclusively by this group.
| Name | Type | Description | Required |
|---|---|---|---|
| names | []string | false |
SecuritySetting
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | security.tsb.tetrate.io/v2 | true |
| kind | string | SecuritySetting | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object | false | |
| status | object | false |
SecuritySetting.spec
| Name | Type | Description | Required |
|---|---|---|---|
| authentication | enum | Enum: UNSET, OPTIONAL, REQUIRED | false |
| authenticationSettings | object | false | |
| authorization | object | false | |
| configGenerationMetadata | object | Metadata values that will be add into the Istio generated configurations. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| extension | []object | false | |
| fqn | string | Fully-qualified name of the resource. | false |
| propagationStrategy | enum | Enum: REPLACE, STRICTER | false |
| waf | object | NOTICE: this feature is in alpha stage and under active development. | false |
SecuritySetting.spec.authenticationSettings
| Name | Type | Description | Required |
|---|---|---|---|
| http | object | false | |
| trafficMode | enum | Enum: UNSET, OPTIONAL, REQUIRED | false |
SecuritySetting.spec.authenticationSettings.http
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | Authenticate an HTTP request from a JWT Token attached to it. | false |
| rules | object | List of rules how to authenticate an HTTP request. | false |
SecuritySetting.spec.authenticationSettings.http.jwt
Authenticate an HTTP request from a JWT Token attached to it.
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| fromHeaders | []object | This field specifies the locations to extract JWT token. | false |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false | |
| outputClaimToHeaders | []object | This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. | false |
| outputPayloadToHeader | string | false |
SecuritySetting.spec.authenticationSettings.http.jwt.fromHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | The HTTP header name. | false |
| prefix | string | The prefix that should be stripped before decoding the token. | false |
SecuritySetting.spec.authenticationSettings.http.jwt.outputClaimToHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| claim | string | The name of the claim to be copied from. | false |
| header | string | The name of the header to be created. | false |
SecuritySetting.spec.authenticationSettings.http.rules
List of rules how to authenticate an HTTP request.
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | []object | List of rules how to authenticate an HTTP request from a JWT Token attached to it. | false |
SecuritySetting.spec.authenticationSettings.http.rules.jwt[index]
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| fromHeaders | []object | This field specifies the locations to extract JWT token. | false |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false | |
| outputClaimToHeaders | []object | This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. | false |
| outputPayloadToHeader | string | false |
SecuritySetting.spec.authenticationSettings.http.rules.jwt[index].fromHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | The HTTP header name. | false |
| prefix | string | The prefix that should be stripped before decoding the token. | false |
SecuritySetting.spec.authenticationSettings.http.rules.jwt[index].outputClaimToHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| claim | string | The name of the claim to be copied from. | false |
| header | string | The name of the header to be created. | false |
SecuritySetting.spec.authorization
| Name | Type | Description | Required |
|---|---|---|---|
| http | object | This is for configuring HTTP request authorization. | false |
| mode | enum | A short cut for specifying the set of allowed callers. Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, DISABLED, CUSTOM, RULES | false |
| rules | object | false | |
| serviceAccounts | []string | false |
SecuritySetting.spec.authorization.http
This is for configuring HTTP request authorization.
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| local | object | false |
SecuritySetting.spec.authorization.http.external
| Name | Type | Description | Required |
|---|---|---|---|
| includeRequestHeaders | []string | false | |
| tls | object | false | |
| uri | string | false |
SecuritySetting.spec.authorization.http.external.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
SecuritySetting.spec.authorization.http.external.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
SecuritySetting.spec.authorization.http.local
| Name | Type | Description | Required |
|---|---|---|---|
| rules | []object | false |
SecuritySetting.spec.authorization.http.local.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | []object | false | |
| name | string | A friendly name to identify the binding. | false |
| to | []object | false |
SecuritySetting.spec.authorization.http.local.rules[index].from[index]
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | JWT configuration to identity the subject. | false |
SecuritySetting.spec.authorization.http.local.rules[index].from[index].jwt
JWT configuration to identity the subject.
| Name | Type | Description | Required |
|---|---|---|---|
| iss | string | false | |
| other | map[string]string | A set of arbitrary claims that are required to qualify the subject. | false |
| sub | string | false |
SecuritySetting.spec.authorization.http.local.rules[index].to[index]
| Name | Type | Description | Required |
|---|---|---|---|
| methods | []string | The HTTP methods that are allowed by this rule. | false |
| paths | []string | The request path where the request is made against. | false |
SecuritySetting.spec.authorization.rules
| Name | Type | Description | Required |
|---|---|---|---|
| allow | []object | Allow specifies a list of rules. | false |
| deny | []object | Deny specifies a list of rules. | false |
| denyAll | boolean | Deny all specifies whether all requests should be rejected. | false |
SecuritySetting.spec.authorization.rules.allow[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | object | From specifies the source of a request. | false |
| to | object | To specifies the destination of a request. | false |
SecuritySetting.spec.authorization.rules.allow[index].from
From specifies the source of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the source of a request. | false |
SecuritySetting.spec.authorization.rules.allow[index].to
To specifies the destination of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the destination of a request. | false |
SecuritySetting.spec.authorization.rules.deny[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | object | From specifies the source of a request. | false |
| to | object | To specifies the destination of a request. | false |
SecuritySetting.spec.authorization.rules.deny[index].from
From specifies the source of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the source of a request. | false |
SecuritySetting.spec.authorization.rules.deny[index].to
To specifies the destination of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the destination of a request. | false |
SecuritySetting.spec.configGenerationMetadata
Metadata values that will be add into the Istio generated configurations.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Set of key value paris that will be added into the | false |
| labels | map[string]string | Set of key value paris that will be added into the | false |
SecuritySetting.spec.extension[index]
| Name | Type | Description | Required |
|---|---|---|---|
| config | object | Configuration parameters sent to the WASM plugin execution. | false |
| fqn | string | Fqn of the extension to be executed. | false |
| match | []object | Specifies the criteria to determine which traffic is passed to WasmExtension. | false |
SecuritySetting.spec.extension[index].match[index]
| Name | Type | Description | Required |
|---|---|---|---|
| mode | enum | Criteria for selecting traffic by their direction. Enum: UNDEFINED, CLIENT, SERVER, CLIENT_AND_SERVER | false |
| ports | []object | Criteria for selecting traffic by their destination port. | false |
SecuritySetting.spec.extension[index].match[index].ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| number | integer | Minimum: 0 | false |
SecuritySetting.spec.waf
NOTICE: this feature is in alpha stage and under active development.
| Name | Type | Description | Required |
|---|---|---|---|
| rules | []string | Rules to be leveraged by WAF. | false |
ServiceSecuritySetting
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | security.tsb.tetrate.io/v2 | true |
| kind | string | ServiceSecuritySetting | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object | false | |
| status | object | false |
ServiceSecuritySetting.spec
| Name | Type | Description | Required |
|---|---|---|---|
| configGenerationMetadata | object | Metadata values that will be add into the Istio generated configurations. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
| service | string | The service on which the configuration is being applied. | false |
| settings | object | Security settings to apply to this service. | false |
| subsets | []object | false |
ServiceSecuritySetting.spec.configGenerationMetadata
Metadata values that will be add into the Istio generated configurations.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Set of key value paris that will be added into the | false |
| labels | map[string]string | Set of key value paris that will be added into the | false |
ServiceSecuritySetting.spec.settings
Security settings to apply to this service.
| Name | Type | Description | Required |
|---|---|---|---|
| authentication | enum | Enum: UNSET, OPTIONAL, REQUIRED | false |
| authenticationSettings | object | false | |
| authorization | object | false | |
| configGenerationMetadata | object | Metadata values that will be add into the Istio generated configurations. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| extension | []object | false | |
| fqn | string | Fully-qualified name of the resource. | false |
| propagationStrategy | enum | Enum: REPLACE, STRICTER | false |
| waf | object | NOTICE: this feature is in alpha stage and under active development. | false |
ServiceSecuritySetting.spec.settings.authenticationSettings
| Name | Type | Description | Required |
|---|---|---|---|
| http | object | false | |
| trafficMode | enum | Enum: UNSET, OPTIONAL, REQUIRED | false |
ServiceSecuritySetting.spec.settings.authenticationSettings.http
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | Authenticate an HTTP request from a JWT Token attached to it. | false |
| rules | object | List of rules how to authenticate an HTTP request. | false |
ServiceSecuritySetting.spec.settings.authenticationSettings.http.jwt
Authenticate an HTTP request from a JWT Token attached to it.
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| fromHeaders | []object | This field specifies the locations to extract JWT token. | false |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false | |
| outputClaimToHeaders | []object | This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. | false |
| outputPayloadToHeader | string | false |
ServiceSecuritySetting.spec.settings.authenticationSettings.http.jwt.fromHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | The HTTP header name. | false |
| prefix | string | The prefix that should be stripped before decoding the token. | false |
ServiceSecuritySetting.spec.settings.authenticationSettings.http.jwt.outputClaimToHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| claim | string | The name of the claim to be copied from. | false |
| header | string | The name of the header to be created. | false |
ServiceSecuritySetting.spec.settings.authenticationSettings.http.rules
List of rules how to authenticate an HTTP request.
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | []object | List of rules how to authenticate an HTTP request from a JWT Token attached to it. | false |
ServiceSecuritySetting.spec.settings.authenticationSettings.http.rules.jwt[index]
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| fromHeaders | []object | This field specifies the locations to extract JWT token. | false |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false | |
| outputClaimToHeaders | []object | This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. | false |
| outputPayloadToHeader | string | false |
ServiceSecuritySetting.spec.settings.authenticationSettings.http.rules.jwt[index].fromHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | The HTTP header name. | false |
| prefix | string | The prefix that should be stripped before decoding the token. | false |
ServiceSecuritySetting.spec.settings.authenticationSettings.http.rules.jwt[index].outputClaimToHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| claim | string | The name of the claim to be copied from. | false |
| header | string | The name of the header to be created. | false |
ServiceSecuritySetting.spec.settings.authorization
| Name | Type | Description | Required |
|---|---|---|---|
| http | object | This is for configuring HTTP request authorization. | false |
| mode | enum | A short cut for specifying the set of allowed callers. Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, DISABLED, CUSTOM, RULES | false |
| rules | object | false | |
| serviceAccounts | []string | false |
ServiceSecuritySetting.spec.settings.authorization.http
This is for configuring HTTP request authorization.
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| local | object | false |
ServiceSecuritySetting.spec.settings.authorization.http.external
| Name | Type | Description | Required |
|---|---|---|---|
| includeRequestHeaders | []string | false | |
| tls | object | false | |
| uri | string | false |
ServiceSecuritySetting.spec.settings.authorization.http.external.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
ServiceSecuritySetting.spec.settings.authorization.http.external.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
ServiceSecuritySetting.spec.settings.authorization.http.local
| Name | Type | Description | Required |
|---|---|---|---|
| rules | []object | false |
ServiceSecuritySetting.spec.settings.authorization.http.local.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | []object | false | |
| name | string | A friendly name to identify the binding. | false |
| to | []object | false |
ServiceSecuritySetting.spec.settings.authorization.http.local.rules[index].from[index]
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | JWT configuration to identity the subject. | false |
ServiceSecuritySetting.spec.settings.authorization.http.local.rules[index].from[index].jwt
JWT configuration to identity the subject.
| Name | Type | Description | Required |
|---|---|---|---|
| iss | string | false | |
| other | map[string]string | A set of arbitrary claims that are required to qualify the subject. | false |
| sub | string | false |
ServiceSecuritySetting.spec.settings.authorization.http.local.rules[index].to[index]
| Name | Type | Description | Required |
|---|---|---|---|
| methods | []string | The HTTP methods that are allowed by this rule. | false |
| paths | []string | The request path where the request is made against. | false |
ServiceSecuritySetting.spec.settings.authorization.rules
| Name | Type | Description | Required |
|---|---|---|---|
| allow | []object | Allow specifies a list of rules. | false |
| deny | []object | Deny specifies a list of rules. | false |
| denyAll | boolean | Deny all specifies whether all requests should be rejected. | false |
ServiceSecuritySetting.spec.settings.authorization.rules.allow[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | object | From specifies the source of a request. | false |
| to | object | To specifies the destination of a request. | false |
ServiceSecuritySetting.spec.settings.authorization.rules.allow[index].from
From specifies the source of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the source of a request. | false |
ServiceSecuritySetting.spec.settings.authorization.rules.allow[index].to
To specifies the destination of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the destination of a request. | false |
ServiceSecuritySetting.spec.settings.authorization.rules.deny[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | object | From specifies the source of a request. | false |
| to | object | To specifies the destination of a request. | false |
ServiceSecuritySetting.spec.settings.authorization.rules.deny[index].from
From specifies the source of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the source of a request. | false |
ServiceSecuritySetting.spec.settings.authorization.rules.deny[index].to
To specifies the destination of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the destination of a request. | false |
ServiceSecuritySetting.spec.settings.configGenerationMetadata
Metadata values that will be add into the Istio generated configurations.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Set of key value paris that will be added into the | false |
| labels | map[string]string | Set of key value paris that will be added into the | false |
ServiceSecuritySetting.spec.settings.extension[index]
| Name | Type | Description | Required |
|---|---|---|---|
| config | object | Configuration parameters sent to the WASM plugin execution. | false |
| fqn | string | Fqn of the extension to be executed. | false |
| match | []object | Specifies the criteria to determine which traffic is passed to WasmExtension. | false |
ServiceSecuritySetting.spec.settings.extension[index].match[index]
| Name | Type | Description | Required |
|---|---|---|---|
| mode | enum | Criteria for selecting traffic by their direction. Enum: UNDEFINED, CLIENT, SERVER, CLIENT_AND_SERVER | false |
| ports | []object | Criteria for selecting traffic by their destination port. | false |
ServiceSecuritySetting.spec.settings.extension[index].match[index].ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| number | integer | Minimum: 0 | false |
ServiceSecuritySetting.spec.settings.waf
NOTICE: this feature is in alpha stage and under active development.
| Name | Type | Description | Required |
|---|---|---|---|
| rules | []string | Rules to be leveraged by WAF. | false |
ServiceSecuritySetting.spec.subsets[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name used to refer to the subset. | false |
| settings | object | Security settings to apply to this service subset. | false |
ServiceSecuritySetting.spec.subsets[index].settings
Security settings to apply to this service subset.
| Name | Type | Description | Required |
|---|---|---|---|
| authentication | enum | Enum: UNSET, OPTIONAL, REQUIRED | false |
| authenticationSettings | object | false | |
| authorization | object | false | |
| configGenerationMetadata | object | Metadata values that will be add into the Istio generated configurations. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| extension | []object | false | |
| fqn | string | Fully-qualified name of the resource. | false |
| propagationStrategy | enum | Enum: REPLACE, STRICTER | false |
| waf | object | NOTICE: this feature is in alpha stage and under active development. | false |
ServiceSecuritySetting.spec.subsets[index].settings.authenticationSettings
| Name | Type | Description | Required |
|---|---|---|---|
| http | object | false | |
| trafficMode | enum | Enum: UNSET, OPTIONAL, REQUIRED | false |
ServiceSecuritySetting.spec.subsets[index].settings.authenticationSettings.http
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | Authenticate an HTTP request from a JWT Token attached to it. | false |
| rules | object | List of rules how to authenticate an HTTP request. | false |
ServiceSecuritySetting.spec.subsets[index].settings.authenticationSettings.http.jwt
Authenticate an HTTP request from a JWT Token attached to it.
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| fromHeaders | []object | This field specifies the locations to extract JWT token. | false |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false | |
| outputClaimToHeaders | []object | This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. | false |
| outputPayloadToHeader | string | false |
ServiceSecuritySetting.spec.subsets[index].settings.authenticationSettings.http.jwt.fromHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | The HTTP header name. | false |
| prefix | string | The prefix that should be stripped before decoding the token. | false |
ServiceSecuritySetting.spec.subsets[index].settings.authenticationSettings.http.jwt.outputClaimToHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| claim | string | The name of the claim to be copied from. | false |
| header | string | The name of the header to be created. | false |
ServiceSecuritySetting.spec.subsets[index].settings.authenticationSettings.http.rules
List of rules how to authenticate an HTTP request.
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | []object | List of rules how to authenticate an HTTP request from a JWT Token attached to it. | false |
ServiceSecuritySetting.spec.subsets[index].settings.authenticationSettings.http.rules.jwt[index]
| Name | Type | Description | Required |
|---|---|---|---|
| audiences | []string | false | |
| fromHeaders | []object | This field specifies the locations to extract JWT token. | false |
| issuer | string | Identifies the issuer that issued the JWT. | false |
| jwks | string | JSON Web Key Set of public keys to validate signature of the JWT. | false |
| jwksUri | string | false | |
| outputClaimToHeaders | []object | This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. | false |
| outputPayloadToHeader | string | false |
ServiceSecuritySetting.spec.subsets[index].settings.authenticationSettings.http.rules.jwt[index].fromHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | The HTTP header name. | false |
| prefix | string | The prefix that should be stripped before decoding the token. | false |
ServiceSecuritySetting.spec.subsets[index].settings.authenticationSettings.http.rules.jwt[index].outputClaimToHeaders[index]
| Name | Type | Description | Required |
|---|---|---|---|
| claim | string | The name of the claim to be copied from. | false |
| header | string | The name of the header to be created. | false |
ServiceSecuritySetting.spec.subsets[index].settings.authorization
| Name | Type | Description | Required |
|---|---|---|---|
| http | object | This is for configuring HTTP request authorization. | false |
| mode | enum | A short cut for specifying the set of allowed callers. Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, DISABLED, CUSTOM, RULES | false |
| rules | object | false | |
| serviceAccounts | []string | false |
ServiceSecuritySetting.spec.subsets[index].settings.authorization.http
This is for configuring HTTP request authorization.
| Name | Type | Description | Required |
|---|---|---|---|
| external | object | false | |
| local | object | false |
ServiceSecuritySetting.spec.subsets[index].settings.authorization.http.external
| Name | Type | Description | Required |
|---|---|---|---|
| includeRequestHeaders | []string | false | |
| tls | object | false | |
| uri | string | false |
ServiceSecuritySetting.spec.subsets[index].settings.authorization.http.external.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
ServiceSecuritySetting.spec.subsets[index].settings.authorization.http.external.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
ServiceSecuritySetting.spec.subsets[index].settings.authorization.http.local
| Name | Type | Description | Required |
|---|---|---|---|
| rules | []object | false |
ServiceSecuritySetting.spec.subsets[index].settings.authorization.http.local.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | []object | false | |
| name | string | A friendly name to identify the binding. | false |
| to | []object | false |
ServiceSecuritySetting.spec.subsets[index].settings.authorization.http.local.rules[index].from[index]
| Name | Type | Description | Required |
|---|---|---|---|
| jwt | object | JWT configuration to identity the subject. | false |
ServiceSecuritySetting.spec.subsets[index].settings.authorization.http.local.rules[index].from[index].jwt
JWT configuration to identity the subject.
| Name | Type | Description | Required |
|---|---|---|---|
| iss | string | false | |
| other | map[string]string | A set of arbitrary claims that are required to qualify the subject. | false |
| sub | string | false |
ServiceSecuritySetting.spec.subsets[index].settings.authorization.http.local.rules[index].to[index]
| Name | Type | Description | Required |
|---|---|---|---|
| methods | []string | The HTTP methods that are allowed by this rule. | false |
| paths | []string | The request path where the request is made against. | false |
ServiceSecuritySetting.spec.subsets[index].settings.authorization.rules
| Name | Type | Description | Required |
|---|---|---|---|
| allow | []object | Allow specifies a list of rules. | false |
| deny | []object | Deny specifies a list of rules. | false |
| denyAll | boolean | Deny all specifies whether all requests should be rejected. | false |
ServiceSecuritySetting.spec.subsets[index].settings.authorization.rules.allow[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | object | From specifies the source of a request. | false |
| to | object | To specifies the destination of a request. | false |
ServiceSecuritySetting.spec.subsets[index].settings.authorization.rules.allow[index].from
From specifies the source of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the source of a request. | false |
ServiceSecuritySetting.spec.subsets[index].settings.authorization.rules.allow[index].to
To specifies the destination of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the destination of a request. | false |
ServiceSecuritySetting.spec.subsets[index].settings.authorization.rules.deny[index]
| Name | Type | Description | Required |
|---|---|---|---|
| from | object | From specifies the source of a request. | false |
| to | object | To specifies the destination of a request. | false |
ServiceSecuritySetting.spec.subsets[index].settings.authorization.rules.deny[index].from
From specifies the source of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the source of a request. | false |
ServiceSecuritySetting.spec.subsets[index].settings.authorization.rules.deny[index].to
To specifies the destination of a request.
| Name | Type | Description | Required |
|---|---|---|---|
| fqn | string | The target resource identified by FQN which will be the destination of a request. | false |
ServiceSecuritySetting.spec.subsets[index].settings.configGenerationMetadata
Metadata values that will be add into the Istio generated configurations.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Set of key value paris that will be added into the | false |
| labels | map[string]string | Set of key value paris that will be added into the | false |
ServiceSecuritySetting.spec.subsets[index].settings.extension[index]
| Name | Type | Description | Required |
|---|---|---|---|
| config | object | Configuration parameters sent to the WASM plugin execution. | false |
| fqn | string | Fqn of the extension to be executed. | false |
| match | []object | Specifies the criteria to determine which traffic is passed to WasmExtension. | false |
ServiceSecuritySetting.spec.subsets[index].settings.extension[index].match[index]
| Name | Type | Description | Required |
|---|---|---|---|
| mode | enum | Criteria for selecting traffic by their direction. Enum: UNDEFINED, CLIENT, SERVER, CLIENT_AND_SERVER | false |
| ports | []object | Criteria for selecting traffic by their destination port. | false |
ServiceSecuritySetting.spec.subsets[index].settings.extension[index].match[index].ports[index]
| Name | Type | Description | Required |
|---|---|---|---|
| number | integer | Minimum: 0 | false |
ServiceSecuritySetting.spec.subsets[index].settings.waf
NOTICE: this feature is in alpha stage and under active development.
| Name | Type | Description | Required |
|---|---|---|---|
| rules | []string | Rules to be leveraged by WAF. | false |
traffic.tsb.tetrate.io/v2
Resource Types:
Group
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | traffic.tsb.tetrate.io/v2 | true |
| kind | string | Group | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object | false | |
| status | object | false |
Group.spec
| Name | Type | Description | Required |
|---|---|---|---|
| configGenerationMetadata | object | Default metadata values that will be propagated to the children Istio generated configurations. | false |
| configMode | enum | Enum: BRIDGED, DIRECT | false |
| deletionProtectionEnabled | boolean | When set, prevents the resource from being deleted. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
| namespaceSelector | object | Set of namespaces owned exclusively by this group. | false |
Group.spec.configGenerationMetadata
Default metadata values that will be propagated to the children Istio generated configurations.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Set of key value paris that will be added into the | false |
| labels | map[string]string | Set of key value paris that will be added into the | false |
Group.spec.namespaceSelector
Set of namespaces owned exclusively by this group.
| Name | Type | Description | Required |
|---|---|---|---|
| names | []string | false |
ServiceRoute
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | traffic.tsb.tetrate.io/v2 | true |
| kind | string | ServiceRoute | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object | false | |
| status | object | false |
ServiceRoute.spec
| Name | Type | Description | Required |
|---|---|---|---|
| configGenerationMetadata | object | Metadata values that will be add into the Istio generated configurations. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
| httpRoutes | []object | false | |
| portLevelSettings | []object | In order to support multi-protocol routing, a list of all port/protocol combinations is needed. | false |
| service | string | The service on which the configuration is being applied. | false |
| stickySession | object | false | |
| subsets | []object | false | |
| tcpRoutes | []object | TCPRoutes match TCP traffic based on port number. | false |
ServiceRoute.spec.configGenerationMetadata
Metadata values that will be add into the Istio generated configurations.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Set of key value paris that will be added into the | false |
| labels | map[string]string | Set of key value paris that will be added into the | false |
ServiceRoute.spec.httpRoutes[index]
| Name | Type | Description | Required |
|---|---|---|---|
| destination | []object | false | |
| match | []object | false | |
| name | string | false |
ServiceRoute.spec.httpRoutes[index].destination[index]
| Name | Type | Description | Required |
|---|---|---|---|
| destinationHost | string | Service host where traffic should be routed to. | false |
| port | integer | Minimum: 0 | false |
| subset | string | false | |
| weight | integer | Minimum: 0 | false |
ServiceRoute.spec.httpRoutes[index].match[index]
| Name | Type | Description | Required |
|---|---|---|---|
| headers | map[string]object | false | |
| name | string | false | |
| port | integer | Minimum: 0 | false |
| uri | object | false |
ServiceRoute.spec.httpRoutes[index].match[index].headers[key]
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
ServiceRoute.spec.httpRoutes[index].match[index].uri
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
ServiceRoute.spec.portLevelSettings[index]
| Name | Type | Description | Required |
|---|---|---|---|
| port | integer | Minimum: 0 | false |
| stickySession | object | false | |
| trafficType | enum | Enum: HTTP, TCP, TLS_PASSTHROUGH | false |
ServiceRoute.spec.portLevelSettings[index].stickySession
| Name | Type | Description | Required |
|---|---|---|---|
| cookie | object | Hash based on HTTP cookie. | false |
| header | string | Hash based on a specific HTTP header. | false |
| useSourceIp | boolean | Hash based on the source IP address. | false |
ServiceRoute.spec.portLevelSettings[index].stickySession.cookie
Hash based on HTTP cookie.
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the cookie. | false |
| path | string | Path to set for the cookie. | false |
| ttl | string | Lifetime of the cookie. | false |
ServiceRoute.spec.stickySession
| Name | Type | Description | Required |
|---|---|---|---|
| cookie | object | Hash based on HTTP cookie. | false |
| header | string | Hash based on a specific HTTP header. | false |
| useSourceIp | boolean | Hash based on the source IP address. | false |
ServiceRoute.spec.stickySession.cookie
Hash based on HTTP cookie.
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the cookie. | false |
| path | string | Path to set for the cookie. | false |
| ttl | string | Lifetime of the cookie. | false |
ServiceRoute.spec.subsets[index]
| Name | Type | Description | Required |
|---|---|---|---|
| labels | map[string]string | Labels apply a filter over the endpoints of a service in the service registry. | false |
| name | string | Name used to refer to the subset. | false |
| portLevelSettings | []object | false | |
| weight | integer | Percentage of traffic to be sent to this subset. Minimum: 0 | false |
ServiceRoute.spec.subsets[index].portLevelSettings[index]
| Name | Type | Description | Required |
|---|---|---|---|
| port | integer | Minimum: 0 | false |
| stickySession | object | false | |
| trafficType | enum | Enum: HTTP, TCP, TLS_PASSTHROUGH | false |
ServiceRoute.spec.subsets[index].portLevelSettings[index].stickySession
| Name | Type | Description | Required |
|---|---|---|---|
| cookie | object | Hash based on HTTP cookie. | false |
| header | string | Hash based on a specific HTTP header. | false |
| useSourceIp | boolean | Hash based on the source IP address. | false |
ServiceRoute.spec.subsets[index].portLevelSettings[index].stickySession.cookie
Hash based on HTTP cookie.
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the cookie. | false |
| path | string | Path to set for the cookie. | false |
| ttl | string | Lifetime of the cookie. | false |
ServiceRoute.spec.tcpRoutes[index]
| Name | Type | Description | Required |
|---|---|---|---|
| destination | []object | false | |
| match | []object | false | |
| name | string | false |
ServiceRoute.spec.tcpRoutes[index].destination[index]
| Name | Type | Description | Required |
|---|---|---|---|
| destinationHost | string | Service host where traffic should be routed to. | false |
| port | integer | Minimum: 0 | false |
| subset | string | false | |
| weight | integer | Minimum: 0 | false |
ServiceRoute.spec.tcpRoutes[index].match[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | false | |
| port | integer | Minimum: 0 | false |
TrafficSetting
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | traffic.tsb.tetrate.io/v2 | true |
| kind | string | TrafficSetting | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object | false | |
| status | object | false |
TrafficSetting.spec
| Name | Type | Description | Required |
|---|---|---|---|
| configGenerationMetadata | object | Metadata values that will be add into the Istio generated configurations. | false |
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| egress | object | false | |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
| rateLimiting | object | Configuration for rate limiting requests. | false |
| reachability | object | false | |
| resilience | object | false |
TrafficSetting.spec.configGenerationMetadata
Metadata values that will be add into the Istio generated configurations.
| Name | Type | Description | Required |
|---|---|---|---|
| annotations | map[string]string | Set of key value paris that will be added into the | false |
| labels | map[string]string | Set of key value paris that will be added into the | false |
TrafficSetting.spec.egress
| Name | Type | Description | Required |
|---|---|---|---|
| host | string | Specifies the egress gateway hostname. | false |
| port | integer | Deprecated. Format: int32 | false |
TrafficSetting.spec.rateLimiting
Configuration for rate limiting requests.
| Name | Type | Description | Required |
|---|---|---|---|
| externalService | object | Configure ratelimiting using an external ratelimit server. | false |
| settings | object | false |
TrafficSetting.spec.rateLimiting.externalService
Configure ratelimiting using an external ratelimit server.
| Name | Type | Description | Required |
|---|---|---|---|
| domain | string | The rate limit domain to use when calling the rate limit service. | false |
| failClosed | boolean | false | |
| rateLimitServerUri | string | The URI at which the external rate limit server can be reached. | false |
| rules | []object | A set of rate limit rules. | false |
| timeout | string | The timeout in seconds for the external rate limit server RPC. | false |
| tls | object | false |
TrafficSetting.spec.rateLimiting.externalService.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| dimensions | []object | A list of dimensions that are to be applied for this rate limit configuration. | false |
TrafficSetting.spec.rateLimiting.externalService.rules[index].dimensions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| destinationCluster | object | Rate limit on destination envoy cluster. | false |
| headerValueMatch | object | Rate limit on the existence of certain request headers. | false |
| remoteAddress | object | Rate limit on remote address of client. | false |
| requestHeaders | object | Rate limit on the value of certain request headers. | false |
| sourceCluster | object | Rate limit on source envoy cluster. | false |
TrafficSetting.spec.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch
Rate limit on the existence of certain request headers.
| Name | Type | Description | Required |
|---|---|---|---|
| descriptorValue | string | The value to use in the descriptor entry. | false |
| headers | map[string]object | false |
TrafficSetting.spec.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch.headers[key]
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
TrafficSetting.spec.rateLimiting.externalService.rules[index].dimensions[index].requestHeaders
Rate limit on the value of certain request headers.
| Name | Type | Description | Required |
|---|---|---|---|
| descriptorKey | string | The key to use in the descriptor entry. | false |
| headerName | string | The header name to be queried from the request headers. | false |
TrafficSetting.spec.rateLimiting.externalService.tls
| Name | Type | Description | Required |
|---|---|---|---|
| files | object | TLS key source from files. | false |
| mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
| secretName | string | TLS key source from a Kubernetes Secret. | false |
| subjectAltNames | []string | false |
TrafficSetting.spec.rateLimiting.externalService.tls.files
TLS key source from files.
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificates | string | false | |
| clientCertificate | string | Certificate file to authenticate the client. | false |
| privateKey | string | Private key file associated with the client certificate. | false |
TrafficSetting.spec.rateLimiting.settings
| Name | Type | Description | Required |
|---|---|---|---|
| failClosed | boolean | false | |
| rules | []object | A list of rules for ratelimiting. | false |
| timeout | string | The timeout in seconds for the rate limit server RPC. | false |
TrafficSetting.spec.rateLimiting.settings.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| dimensions | []object | A list of dimensions to define each ratelimit rule. | false |
| limit | object | The ratelimit value that will be configured for the above rules. | false |
TrafficSetting.spec.rateLimiting.settings.rules[index].dimensions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| header | object | Rate limit on certain HTTP headers. | false |
| remoteAddress | object | Rate limit on the remote address of client. | false |
TrafficSetting.spec.rateLimiting.settings.rules[index].dimensions[index].header
Rate limit on certain HTTP headers.
| Name | Type | Description | Required |
|---|---|---|---|
| name | string | Name of the header to match on. | false |
| value | object | Value of the header to match on if matching on a specific value. | false |
TrafficSetting.spec.rateLimiting.settings.rules[index].dimensions[index].header.value
Value of the header to match on if matching on a specific value.
| Name | Type | Description | Required |
|---|---|---|---|
| exact | string | Exact string match. | false |
| prefix | string | Prefix-based match. | false |
| regex | string | ECMAscript style regex-based match. | false |
TrafficSetting.spec.rateLimiting.settings.rules[index].dimensions[index].remoteAddress
Rate limit on the remote address of client.
| Name | Type | Description | Required |
|---|---|---|---|
| value | string | Ratelimit on a specific remote address. | false |
TrafficSetting.spec.rateLimiting.settings.rules[index].limit
The ratelimit value that will be configured for the above rules.
| Name | Type | Description | Required |
|---|---|---|---|
| requestsPerUnit | integer | Specifies the value of the rate limit. Minimum: 0 | false |
| unit | enum | Specifies the unit of time for rate limit. Enum: UNKNOWN, SECOND, MINUTE, HOUR, DAY | false |
TrafficSetting.spec.reachability
| Name | Type | Description | Required |
|---|---|---|---|
| hosts | []string | false | |
| mode | enum | A short cut for specifying the set of services accessed by the workload. Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, CUSTOM | false |
TrafficSetting.spec.resilience
| Name | Type | Description | Required |
|---|---|---|---|
| circuitBreakerSensitivity | enum | Enum: UNSET, LOW, MEDIUM, HIGH | false |
| httpRequestTimeout | string | Timeout for HTTP requests. | false |
| httpRetries | object | Retry policy for HTTP requests. | false |
| keepAlive | object | Keep Alive Settings. | false |
| tcpKeepalive | boolean | Deprecated. | false |
TrafficSetting.spec.resilience.httpRetries
Retry policy for HTTP requests.
| Name | Type | Description | Required |
|---|---|---|---|
| attempts | integer | Number of retries for a given request. Format: int32 | false |
| perTryTimeout | string | Timeout per retry attempt for a given request. | false |
| retryOn | string | Specifies the conditions under which retry takes place. | false |
TrafficSetting.spec.resilience.keepAlive
Keep Alive Settings.
| Name | Type | Description | Required |
|---|---|---|---|
| tcp | object | TCP Keep Alive settings associated with the upstream and downstream TCP connections. | false |
TrafficSetting.spec.resilience.keepAlive.tcp
TCP Keep Alive settings associated with the upstream and downstream TCP connections.
| Name | Type | Description | Required |
|---|---|---|---|
| downstream | object | TCP Keep Alive Settings associated with the downstream (client) connection. | false |
| upstream | object | TCP Keep Alive Settings associated with the upstream (backend) connection. | false |
TrafficSetting.spec.resilience.keepAlive.tcp.downstream
TCP Keep Alive Settings associated with the downstream (client) connection.
| Name | Type | Description | Required |
|---|---|---|---|
| idleTime | integer | Minimum: 0 | false |
| interval | integer | The number of seconds between keep-alive probes. Minimum: 0 | false |
| probes | integer | Minimum: 0 | false |
TrafficSetting.spec.resilience.keepAlive.tcp.upstream
TCP Keep Alive Settings associated with the upstream (backend) connection.
| Name | Type | Description | Required |
|---|---|---|---|
| idleTime | integer | Minimum: 0 | false |
| interval | integer | The number of seconds between keep-alive probes. Minimum: 0 | false |
| probes | integer | Minimum: 0 | false |