diff --git a/ADOPTERS.md b/ADOPTERS.md
index b689879fe0a..1f1bda7f18a 100644
--- a/ADOPTERS.md
+++ b/ADOPTERS.md
@@ -31,6 +31,7 @@ The companies listed here conform to [CNCF's definition of end-users](https://gi
| [Delivery Hero](https://www.deliveryhero.com/) | Enhancing Resiliency of Our Services | [Our Story](https://github.com/litmuschaos/litmus/issues/2191#issuecomment-1997465958) |
| [Wingie Enuygun Company](https://www.wingie.com/) | Chaos Engineering for an Online Travel and Finance Platform | [Our Story](https://github.com/litmuschaos/litmus/issues/2191#issuecomment-2331265698) |
| [EmiratesNBD](https://www.emiratesnbd.com) | Chaos Engineering for Government Owned Bank | [Our Story](adopters/organizations/emirates-nbd.md) |
+| [PokerBaazi](https://www.pokerbaazi.com/) | Chaos Engineering for Online Gaming | [Our Story](adopters/organizations/pokerbaazi.md) |
### Cloud-Native Vendors
diff --git a/README.md b/README.md
index d675b10c14b..d6890591929 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,7 @@
[](https://www.bestpractices.dev/projects/3202)
[](https://app.fossa.io/projects/git%2Bgithub.com%2Flitmuschaos%2Flitmus?ref=badge_shield)
[](https://www.youtube.com/channel/UCa57PMqmz_j0wnteRa9nCaw)
+[](https://gurubase.io/g/litmuschaos)
#### *Read this in [other languages](translations/TRANSLATIONS.md).*
diff --git a/adopters/organizations/pokerbaazi.md b/adopters/organizations/pokerbaazi.md
new file mode 100644
index 00000000000..820579263fc
--- /dev/null
+++ b/adopters/organizations/pokerbaazi.md
@@ -0,0 +1,32 @@
+## PokerBaazi
+
+[PokerBaazi](https://www.pokerbaazi.com/) is India's biggest online poker platform providing an unparalleled world-class experience. Home Grown and 8 years of calling it our own, today, we have a strong and loyal user base of 40 LAC+ Indians.
+
+### **Applications/Workloads or Infra that are being subjected to chaos by Litmus.**
+
+At PokerBaazi, we leverage Litmus Chaos to subject critical components of our infrastructure to controlled chaos experiments. These include:
+
+- Microservices Infrastructure: Our backend is designed as a microservices architecture, running on Kubernetes. We conduct experiments on inter-service communication, API latencies, and service resilience during node failures or resource constraints.
+- Load Balancers and Networking: We simulate disruptions in networking, such as packet drops or DNS failures, to ensure our applications maintain connectivity and continue serving users.
+- Application Workloads: High-demand applications like our gaming engine and payment/promotions api's are put under stress to evaluate their fault tolerance and recovery mechanisms during peak loads or unexpected outages.
+
+### **Why do we use Litmus.**
+
+We chose Litmus Chaos for several compelling reasons:
+
+- Kubernetes-Native Integration: Since our infrastructure is heavily Kubernetes-based, Litmus seamlessly integrates with our stack, making it a natural fit.
+- Ease of Use and Open-Source: Litmus offers a user-friendly interface along with robust documentation, allowing our teams to adopt it quickly without steep learning curves.
+- Custom Experiment Support: The ability to create tailored chaos experiments aligned with our specific workloads ensures we can target critical failure scenarios unique to our ecosystem.
+- Community Support and Scalability: Being an open-source project with an active community, Litmus evolves rapidly, allowing us to leverage the latest chaos engineering methodologies and tools.
+
+Litmus has been instrumental in identifying hidden weaknesses in our system, such as unexpected dependencies or cascading failures. This has enabled us to proactively address potential issues, enhance system resilience, and meet our uptime commitments.
+
+### **Where are we using Litmus.**
+
+We use Litmus Chaos in various environments to ensure robust testing at every stage of development:
+
+- Development: Initial chaos experiments are conducted in isolated dev environments to identify basic resilience issues and ensure service fault tolerance during early-stage development.
+- Staging/Pre-Production: In staging, we run more comprehensive chaos scenarios simulating real-world failures, such as pod crashes, resource exhaustion, or external API downtime, to ensure the production-like environment is resilient.
+- Production: Selected, low-risk chaos experiments are conducted in production under strict supervision to verify real-time system robustness and validate SLAs in live conditions.
+
+Litmus Chaos has transformed our approach to building and maintaining a highly resilient gaming platform, allowing us to deliver exceptional user experiences while preparing for the unexpected.
diff --git a/chaoscenter/authentication/Dockerfile b/chaoscenter/authentication/Dockerfile
index fa6db11dab0..c074a9bdf04 100644
--- a/chaoscenter/authentication/Dockerfile
+++ b/chaoscenter/authentication/Dockerfile
@@ -16,7 +16,7 @@ RUN CGO_ENABLED=0 go build -o /output/server -v ./api/
# Packaging stage
# Use RedHat UBI minimal image as base
-FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.5
LABEL maintainer="LitmusChaos"
diff --git a/chaoscenter/event-tracker/Dockerfile b/chaoscenter/event-tracker/Dockerfile
index b6cee80d97d..bee216f4929 100644
--- a/chaoscenter/event-tracker/Dockerfile
+++ b/chaoscenter/event-tracker/Dockerfile
@@ -17,7 +17,7 @@ RUN CGO_ENABLED=0 go build -o /output/event-tracker -v
# Packaging stage
# Use RedHat UBI minimal image as base
-FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.5
LABEL maintainer="LitmusChaos"
diff --git a/chaoscenter/graphql/server/Dockerfile b/chaoscenter/graphql/server/Dockerfile
index 7497d22c7e5..0c356be4a62 100644
--- a/chaoscenter/graphql/server/Dockerfile
+++ b/chaoscenter/graphql/server/Dockerfile
@@ -17,7 +17,7 @@ RUN CGO_ENABLED=0 go build -o /output/server -v
# DEPLOY STAGE
# Use Red Hat UBI minimal image as base
-FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.5
LABEL maintainer="LitmusChaos"
diff --git a/chaoscenter/subscriber/Dockerfile b/chaoscenter/subscriber/Dockerfile
index 17b71c3527a..20753cfe238 100644
--- a/chaoscenter/subscriber/Dockerfile
+++ b/chaoscenter/subscriber/Dockerfile
@@ -17,7 +17,7 @@ RUN CGO_ENABLED=0 go build -o /output/subscriber -v
# Packaging stage
# Use RedHat UBI minimal image as base
-FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.5
LABEL maintainer="LitmusChaos"
diff --git a/chaoscenter/upgrade-agents/control-plane/go.mod b/chaoscenter/upgrade-agents/control-plane/go.mod
index cb37ddf9401..a1d20141af2 100644
--- a/chaoscenter/upgrade-agents/control-plane/go.mod
+++ b/chaoscenter/upgrade-agents/control-plane/go.mod
@@ -11,30 +11,24 @@ require (
require (
github.com/jessevdk/go-flags v1.5.0 // indirect
github.com/montanaflynn/stats v0.7.1 // indirect
- golang.org/x/exp v0.0.0-20240529005216-23cca8864a10 // indirect
golang.org/x/net v0.25.0 // indirect
- golang.org/x/term v0.20.0 // indirect
+ golang.org/x/term v0.27.0 // indirect
gopkg.in/tomb.v2 v2.0.0-20161208151619-d5d1b5820637 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
)
require (
- github.com/go-stack/stack v1.8.0 // indirect
github.com/golang/snappy v0.0.4 // indirect
- github.com/google/go-cmp v0.6.0 // indirect
github.com/klauspost/compress v1.17.8 // indirect
github.com/konsorten/go-windows-terminal-sequences v1.0.2 // indirect
github.com/mongodb/mongo-tools v0.0.0-20240711192303-088725fbaf4b
github.com/pkg/errors v0.9.1 // indirect
- github.com/stretchr/testify v1.9.0 // indirect
github.com/xdg-go/pbkdf2 v1.0.0 // indirect
github.com/xdg-go/scram v1.1.2 // indirect
github.com/xdg-go/stringprep v1.0.4 // indirect
github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a // indirect
- golang.org/x/crypto v0.23.0 // indirect
- golang.org/x/sync v0.7.0 // indirect
- golang.org/x/sys v0.20.0 // indirect
- golang.org/x/text v0.15.0 // indirect
- golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
- gopkg.in/yaml.v3 v3.0.1 // indirect
+ golang.org/x/crypto v0.31.0 // indirect
+ golang.org/x/sync v0.10.0 // indirect
+ golang.org/x/sys v0.28.0 // indirect
+ golang.org/x/text v0.21.0 // indirect
)
diff --git a/chaoscenter/upgrade-agents/control-plane/go.sum b/chaoscenter/upgrade-agents/control-plane/go.sum
index 1d8fb9b2637..2cd6dfa5847 100644
--- a/chaoscenter/upgrade-agents/control-plane/go.sum
+++ b/chaoscenter/upgrade-agents/control-plane/go.sum
@@ -1,128 +1,75 @@
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0=
-github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY=
-github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg=
-github.com/gobuffalo/envy v1.6.15/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
-github.com/gobuffalo/envy v1.7.0/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
-github.com/gobuffalo/flect v0.1.0/go.mod h1:d2ehjJqGOH/Kjqcoz+F7jHTBbmDb38yXA598Hb50EGs=
-github.com/gobuffalo/flect v0.1.1/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI=
-github.com/gobuffalo/flect v0.1.3/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI=
-github.com/gobuffalo/genny v0.0.0-20190329151137-27723ad26ef9/go.mod h1:rWs4Z12d1Zbf19rlsn0nurr75KqhYp52EAGGxTbBhNk=
-github.com/gobuffalo/genny v0.0.0-20190403191548-3ca520ef0d9e/go.mod h1:80lIj3kVJWwOrXWWMRzzdhW3DsrdjILVil/SFKBzF28=
-github.com/gobuffalo/genny v0.1.0/go.mod h1:XidbUqzak3lHdS//TPu2OgiFB+51Ur5f7CSnXZ/JDvo=
-github.com/gobuffalo/genny v0.1.1/go.mod h1:5TExbEyY48pfunL4QSXxlDOmdsD44RRq4mVZ0Ex28Xk=
-github.com/gobuffalo/gitgen v0.0.0-20190315122116-cc086187d211/go.mod h1:vEHJk/E9DmhejeLeNt7UVvlSGv3ziL+djtTr3yyzcOw=
-github.com/gobuffalo/gogen v0.0.0-20190315121717-8f38393713f5/go.mod h1:V9QVDIxsgKNZs6L2IYiGR8datgMhB577vzTDqypH360=
-github.com/gobuffalo/gogen v0.1.0/go.mod h1:8NTelM5qd8RZ15VjQTFkAW6qOMx5wBbW4dSCS3BY8gg=
-github.com/gobuffalo/gogen v0.1.1/go.mod h1:y8iBtmHmGc4qa3urIyo1shvOD8JftTtfcKi+71xfDNE=
-github.com/gobuffalo/logger v0.0.0-20190315122211-86e12af44bc2/go.mod h1:QdxcLw541hSGtBnhUc4gaNIXRjiDppFGaDqzbrBd3v8=
-github.com/gobuffalo/mapi v1.0.1/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc=
-github.com/gobuffalo/mapi v1.0.2/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc=
-github.com/gobuffalo/packd v0.0.0-20190315124812-a385830c7fc0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4=
-github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4=
-github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ=
-github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0=
-github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
-github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4=
github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
+github.com/gopherjs/gopherjs v1.17.2 h1:fQnZVsXk8uxXIStYb0N4bGk7jeyTalG/wsZjQ25dO0g=
+github.com/gopherjs/gopherjs v1.17.2/go.mod h1:pRRIvn/QzFLrKfvEz3qUuEhtE/zLCWfreZ6J5gM2i+k=
github.com/jessevdk/go-flags v1.5.0 h1:1jKYvbxEjfUl0fmqTCOfonvskHHXMjBySTLW4y9LFvc=
github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
-github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
-github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4=
-github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA=
+github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
+github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8=
github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg=
-github.com/klauspost/compress v1.9.5 h1:U+CaK85mrNNb4k8BNOfgJtJ/gr6kswUCFj6miSzVC6M=
-github.com/klauspost/compress v1.9.5/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU=
github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s=
github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
-github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
github.com/mongodb/mongo-tools v0.0.0-20240711192303-088725fbaf4b h1:39IJuPXnaNCjLk6tMywL0OheXyx7S+BTIgn1LUwSrq8=
github.com/mongodb/mongo-tools v0.0.0-20240711192303-088725fbaf4b/go.mod h1:ZqxDY87qeUsPRQ/H8DAOhp4iQA2zQtn2zR/KmLSsA7U=
github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
github.com/montanaflynn/stats v0.7.1 h1:etflOAAHORrCC44V+aR6Ftzort912ZU+YLiSTuV8eaE=
github.com/montanaflynn/stats v0.7.1/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow=
-github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4=
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/smarty/assertions v1.15.0 h1:cR//PqUBUiQRakZWqBiFFQ9wb8emQGDb0HeGdqGByCY=
+github.com/smarty/assertions v1.15.0/go.mod h1:yABtdzeQs6l1brC900WlRNwj6ZR55d7B+E8C6HtKdec=
+github.com/smartystreets/goconvey v1.8.1 h1:qGjIddxOk4grTu9JPOU31tVfq3cNdBlNa5sSznIX1xY=
+github.com/smartystreets/goconvey v1.8.1/go.mod h1:+/u4qLyY6x1jReYOp7GOM2FSt8aP9CzCZL03bI28W60=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
github.com/xdg-go/pbkdf2 v1.0.0 h1:Su7DPu48wXMwC3bs7MCNG+z4FhcyEuz5dlvchbq0B0c=
github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
-github.com/xdg-go/scram v1.0.2 h1:akYIkZ28e6A96dkWNJQu3nmCzH3YfwMPQExUYDaRv7w=
-github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs=
github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g=
github.com/xdg-go/scram v1.1.2 h1:FHX5I5B4i4hKRVRBCFRxq1iQRej7WO3hhBuJf+UUySY=
github.com/xdg-go/scram v1.1.2/go.mod h1:RT/sEzTbU5y00aCK8UOx6R7YryM0iF1N2MOmC3kKLN4=
-github.com/xdg-go/stringprep v1.0.2 h1:6iq84/ryjjeRmMJwxutI51F2GIPlP5BfTvXHeYjyhBc=
-github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM=
github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8=
github.com/xdg-go/stringprep v1.0.4 h1:XLI/Ng3O1Atzq0oBs3TWm+5ZVgkq2aqdlvP9JtoZ6c8=
github.com/xdg-go/stringprep v1.0.4/go.mod h1:mPGuuIYwz7CmR2bT9j4GbQqutWS1zV24gijq1dTyGkM=
-github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d h1:splanxYIlg+5LfHAM6xpdFEAYOk8iySO56hMFq6uLyA=
github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a h1:fZHgsYlfvtyqToslyjUt3VOPF4J7aK/3MPcK7xp3PDk=
github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a/go.mod h1:ul22v+Nro/R083muKhosV54bj5niojjWZvU8xrevuH4=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-go.mongodb.org/mongo-driver v1.7.1 h1:jwqTeEM3x6L9xDXrCxN0Hbg7vdGfPBOTIkr0+/LYZDA=
-go.mongodb.org/mongo-driver v1.7.1/go.mod h1:Q4oFMbo1+MSNqICAdYMlC/zSTrwCogR4R8NzkI+yfU8=
go.mongodb.org/mongo-driver v1.11.9 h1:JY1e2WLxwNuwdBAPgQxjf4BWweUGP86lF55n89cGZVA=
go.mongodb.org/mongo-driver v1.11.9/go.mod h1:P8+TlbZtPFgjUrmnIF41z97iDnSMswJJu6cztZSlCTg=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
-golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
-golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
-golang.org/x/exp v0.0.0-20240529005216-23cca8864a10 h1:vpzMC/iZhYFAjJzHU0Cfuq+w1vLLsF2vLkDrPjzKYck=
-golang.org/x/exp v0.0.0-20240529005216-23cca8864a10/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc=
+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
@@ -130,66 +77,45 @@ golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qx
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e h1:vcxGaoTs7kV8m5Np9uUNQin4BrLOthgV7252N8V+FwY=
-golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
-golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190419153524-e8e3143a4f4a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
-golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw=
-golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
+golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
+golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
-golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190329151228-23e29df326fe/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190416151739-9c9e1878f421/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190420181800-aa740d480789/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
gopkg.in/tomb.v2 v2.0.0-20161208151619-d5d1b5820637 h1:yiW+nvdHb9LVqSHQBXfZCieqV4fzYhNBql77zY0ykqs=
gopkg.in/tomb.v2 v2.0.0-20161208151619-d5d1b5820637/go.mod h1:BHsqpu/nsuzkT5BpiH1EMZPLyqSMM8JbIavyFACoFNk=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/chaoscenter/web/yarn.lock b/chaoscenter/web/yarn.lock
index d757c6859af..ad44c0abe52 100644
--- a/chaoscenter/web/yarn.lock
+++ b/chaoscenter/web/yarn.lock
@@ -3159,9 +3159,9 @@ cronstrue@^2.10.0:
integrity sha512-WCCaKuuzjZJl/xTaJiK2KB2lhHqAz+cTAHgSiZQc/pNnF2XUSZX0FBfxAG0qa9CogToNoQw7pEBJExc77QnFBQ==
cross-spawn@^7.0.2, cross-spawn@^7.0.3:
- version "7.0.3"
- resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.3.tgz#f73a85b9d5d41d045551c177e2882d4ac85728a6"
- integrity sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==
+ version "7.0.6"
+ resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.6.tgz#8a58fe78f00dcd70c370451759dfbfaf03e8ee9f"
+ integrity sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==
dependencies:
path-key "^3.1.0"
shebang-command "^2.0.0"
@@ -6261,9 +6261,9 @@ nanoclone@^0.2.1:
integrity sha512-wynEP02LmIbLpcYw8uBKpcfF6dmg2vcpKqxeH5UcoKEYdExslsdUA4ugFauuaeYdTB76ez6gJW8XAZ6CgkXYxA==
nanoid@^3.3.7:
- version "3.3.7"
- resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.7.tgz#d0c301a691bc8d54efa0a2226ccf3fe2fd656bd8"
- integrity sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==
+ version "3.3.8"
+ resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.8.tgz#b1be3030bee36aaff18bacb375e5cce521684baf"
+ integrity sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w==
natural-compare-lite@^1.4.0:
version "1.4.0"
diff --git a/mkdocs/docs/3.14.0/litmus-getting-started.yaml b/mkdocs/docs/3.14.0/litmus-getting-started.yaml
new file mode 100644
index 00000000000..830fa08d7cf
--- /dev/null
+++ b/mkdocs/docs/3.14.0/litmus-getting-started.yaml
@@ -0,0 +1,414 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: litmus-portal-admin-secret
+stringData:
+ DB_USER: "root"
+ DB_PASSWORD: "1234"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: litmus-portal-admin-config
+data:
+ DB_SERVER: mongodb://my-release-mongodb-0.my-release-mongodb-headless:27017,my-release-mongodb-1.my-release-mongodb-headless:27017,my-release-mongodb-2.my-release-mongodb-headless:27017/admin
+ VERSION: "3.14.0"
+ SKIP_SSL_VERIFY: "false"
+ # Configurations if you are using dex for OAuth
+ DEX_ENABLED: "false"
+ OIDC_ISSUER: "http://:32000"
+ DEX_OAUTH_CALLBACK_URL: "http://:8080/auth/dex/callback"
+ DEX_OAUTH_CLIENT_ID: "LitmusPortalAuthBackend"
+ DEX_OAUTH_CLIENT_SECRET: "ZXhhbXBsZS1hcHAtc2VjcmV0"
+ OAuthJwtSecret: "litmus-oauth@123"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: litmusportal-frontend-nginx-configuration
+data:
+ nginx.conf: |
+ pid /tmp/nginx.pid;
+
+ events {
+ worker_connections 1024;
+ }
+
+ http {
+ map $http_upgrade $connection_upgrade {
+ default upgrade;
+ '' close;
+ }
+
+ client_body_temp_path /tmp/client_temp;
+ proxy_temp_path /tmp/proxy_temp_path;
+ fastcgi_temp_path /tmp/fastcgi_temp;
+ uwsgi_temp_path /tmp/uwsgi_temp;
+ scgi_temp_path /tmp/scgi_temp;
+
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+ keepalive_timeout 65;
+ types_hash_max_size 2048;
+ server_tokens off;
+
+ include /etc/nginx/mime.types;
+
+ gzip on;
+ gzip_disable "msie6";
+
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log;
+
+ server {
+ listen 8185 default_server;
+ root /opt/chaos;
+
+ location /health {
+ return 200;
+ }
+
+ location / {
+ proxy_http_version 1.1;
+ add_header Cache-Control "no-cache";
+ try_files $uri /index.html;
+ autoindex on;
+ }
+
+ # redirect server error pages to the static page /50x.html
+ #
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/share/nginx/html;
+ }
+
+ location /auth/ {
+ proxy_http_version 1.1;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass "http://litmusportal-auth-server-service:9003/";
+ }
+
+ location /api/ {
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass "http://litmusportal-server-service:9002/";
+ }
+ }
+ }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: litmusportal-frontend
+ labels:
+ component: litmusportal-frontend
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ component: litmusportal-frontend
+ template:
+ metadata:
+ labels:
+ component: litmusportal-frontend
+ spec:
+ automountServiceAccountToken: false
+ containers:
+ - name: litmusportal-frontend
+ image: litmuschaos/litmusportal-frontend:3.14.0
+ # securityContext:
+ # runAsUser: 2000
+ # allowPrivilegeEscalation: false
+ # runAsNonRoot: true
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8185
+ resources:
+ requests:
+ memory: "250Mi"
+ cpu: "125m"
+ ephemeral-storage: "500Mi"
+ limits:
+ memory: "512Mi"
+ cpu: "550m"
+ ephemeral-storage: "1Gi"
+ volumeMounts:
+ - name: nginx-config
+ mountPath: /etc/nginx/nginx.conf
+ subPath: nginx.conf
+ volumes:
+ - name: nginx-config
+ configMap:
+ name: litmusportal-frontend-nginx-configuration
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: litmusportal-frontend-service
+spec:
+ type: NodePort
+ ports:
+ - name: http
+ port: 9091
+ targetPort: 8185
+ selector:
+ component: litmusportal-frontend
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: litmusportal-server
+ labels:
+ component: litmusportal-server
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ component: litmusportal-server
+ template:
+ metadata:
+ labels:
+ component: litmusportal-server
+ spec:
+ automountServiceAccountToken: false
+ volumes:
+ - name: gitops-storage
+ emptyDir: {}
+ - name: hub-storage
+ emptyDir: {}
+ containers:
+ - name: graphql-server
+ image: litmuschaos/litmusportal-server:3.14.0
+ volumeMounts:
+ - mountPath: /tmp/
+ name: gitops-storage
+ - mountPath: /tmp/version
+ name: hub-storage
+ securityContext:
+ runAsUser: 2000
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
+ readOnlyRootFilesystem: true
+ envFrom:
+ - configMapRef:
+ name: litmus-portal-admin-config
+ - secretRef:
+ name: litmus-portal-admin-secret
+ env:
+ # if self-signed certificate are used pass the base64 tls certificate, to allow agents to use tls for communication
+ - name: TLS_CERT_B64
+ value: ""
+ - name: ENABLE_GQL_INTROSPECTION
+ value: "false"
+ - name: INFRA_DEPLOYMENTS
+ value: '["app=chaos-exporter", "name=chaos-operator", "app=workflow-controller", "app=event-tracker"]'
+ - name: CHAOS_CENTER_UI_ENDPOINT
+ value: ""
+ - name: SUBSCRIBER_IMAGE
+ value: "litmuschaos/litmusportal-subscriber:3.14.0"
+ - name: EVENT_TRACKER_IMAGE
+ value: "litmuschaos/litmusportal-event-tracker:3.14.0"
+ - name: ARGO_WORKFLOW_CONTROLLER_IMAGE
+ value: "litmuschaos/workflow-controller:v3.3.1"
+ - name: ARGO_WORKFLOW_EXECUTOR_IMAGE
+ value: "litmuschaos/argoexec:v3.3.1"
+ - name: LITMUS_CHAOS_OPERATOR_IMAGE
+ value: "litmuschaos/chaos-operator:3.14.0"
+ - name: LITMUS_CHAOS_RUNNER_IMAGE
+ value: "litmuschaos/chaos-runner:3.14.0"
+ - name: LITMUS_CHAOS_EXPORTER_IMAGE
+ value: "litmuschaos/chaos-exporter:3.14.0"
+ - name: CONTAINER_RUNTIME_EXECUTOR
+ value: "k8sapi"
+ - name: DEFAULT_HUB_BRANCH_NAME
+ value: "v3.14.x"
+ - name: LITMUS_AUTH_GRPC_ENDPOINT
+ value: "litmusportal-auth-server-service"
+ - name: LITMUS_AUTH_GRPC_PORT
+ value: "3030"
+ - name: WORKFLOW_HELPER_IMAGE_VERSION
+ value: "3.14.0"
+ - name: REMOTE_HUB_MAX_SIZE
+ value: "5000000"
+ - name: INFRA_COMPATIBLE_VERSIONS
+ value: '["3.14.0"]'
+ - name: ALLOWED_ORIGINS
+ value: ".*" #eg: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-server-service(:[0-9]+|)?
+ - name: ENABLE_INTERNAL_TLS
+ value: "false"
+ - name: TLS_CERT_PATH
+ value: ""
+ - name: TLS_KEY_PATH
+ value: ""
+ - name: CA_CERT_TLS_PATH
+ value: ""
+ - name: REST_PORT
+ value: "8080"
+ - name: GRPC_PORT
+ value: "8000"
+ ports:
+ - containerPort: 8080
+ - containerPort: 8000
+ imagePullPolicy: Always
+ resources:
+ requests:
+ memory: "250Mi"
+ cpu: "225m"
+ ephemeral-storage: "500Mi"
+ limits:
+ memory: "712Mi"
+ cpu: "550m"
+ ephemeral-storage: "1Gi"
+---
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: litmusportal-server
+ namespace: litmus
+ labels:
+ component: litmusportal-server
+spec:
+ policyTypes:
+ - Ingress
+ podSelector:
+ matchLabels:
+ component: litmusportal-server
+ ingress:
+ - from:
+ - podSelector:
+ matchLabels:
+ component: litmusportal-frontend
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: litmusportal-server-service
+spec:
+ type: NodePort
+ ports:
+ - name: graphql-server
+ port: 9002
+ targetPort: 8080
+ - name: graphql-rpc-server
+ port: 8000
+ targetPort: 8000
+ selector:
+ component: litmusportal-server
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: litmusportal-auth-server
+ labels:
+ component: litmusportal-auth-server
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ component: litmusportal-auth-server
+ template:
+ metadata:
+ labels:
+ component: litmusportal-auth-server
+ spec:
+ automountServiceAccountToken: false
+ containers:
+ - name: auth-server
+ image: litmuschaos/litmusportal-auth-server:3.14.0
+ securityContext:
+ runAsUser: 2000
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
+ readOnlyRootFilesystem: true
+ envFrom:
+ - configMapRef:
+ name: litmus-portal-admin-config
+ - secretRef:
+ name: litmus-portal-admin-secret
+ env:
+ - name: STRICT_PASSWORD_POLICY
+ value: "false"
+ - name: ADMIN_USERNAME
+ value: "admin"
+ - name: ADMIN_PASSWORD
+ value: "litmus"
+ - name: LITMUS_GQL_GRPC_ENDPOINT
+ value: "litmusportal-server-service"
+ - name: LITMUS_GQL_GRPC_PORT
+ value: "8000"
+ - name: ALLOWED_ORIGINS
+ value: ".*" #eg: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-server-service(:[0-9]+|)?
+ - name: ENABLE_INTERNAL_TLS
+ value: "false"
+ - name: TLS_CERT_PATH
+ value: ""
+ - name: TLS_KEY_PATH
+ value: ""
+ - name: CA_CERT_TLS_PATH
+ value: ""
+ - name: REST_PORT
+ value: "3000"
+ - name: GRPC_PORT
+ value: "3030"
+ ports:
+ - containerPort: 3000
+ - containerPort: 3030
+ imagePullPolicy: Always
+ resources:
+ requests:
+ memory: "250Mi"
+ cpu: "125m"
+ ephemeral-storage: "500Mi"
+ limits:
+ memory: "712Mi"
+ cpu: "550m"
+ ephemeral-storage: "1Gi"
+---
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: litmusportal-auth-server
+ namespace: litmus
+ labels:
+ component: litmusportal-auth-server
+spec:
+ policyTypes:
+ - Ingress
+ podSelector:
+ matchLabels:
+ component: litmusportal-auth-server
+ ingress:
+ - from:
+ - podSelector:
+ matchLabels:
+ component: litmusportal-frontend
+ - from:
+ - podSelector:
+ matchLabels:
+ component: litmusportal-server
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: litmusportal-auth-server-service
+spec:
+ type: NodePort
+ ports:
+ - name: auth-server
+ port: 9003
+ targetPort: 3000
+ - name: auth-rpc-server
+ port: 3030
+ targetPort: 3030
+ selector:
+ component: litmusportal-auth-server
\ No newline at end of file
diff --git a/mkdocs/docs/3.14.0/litmus-installation.yaml b/mkdocs/docs/3.14.0/litmus-installation.yaml
new file mode 100644
index 00000000000..a431143fa45
--- /dev/null
+++ b/mkdocs/docs/3.14.0/litmus-installation.yaml
@@ -0,0 +1,447 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: litmus-portal-admin-secret
+stringData:
+ DB_USER: "root"
+ DB_PASSWORD: "1234"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: litmus-portal-admin-config
+data:
+ DB_SERVER: mongodb://my-release-mongodb-0.my-release-mongodb-headless:27017,my-release-mongodb-1.my-release-mongodb-headless:27017,my-release-mongodb-2.my-release-mongodb-headless:27017/admin
+ VERSION: "3.14.0"
+ SKIP_SSL_VERIFY: "false"
+ # Configurations if you are using dex for OAuth
+ DEX_ENABLED: "false"
+ OIDC_ISSUER: "http://:32000"
+ DEX_OAUTH_CALLBACK_URL: "http://:8080/auth/dex/callback"
+ DEX_OAUTH_CLIENT_ID: "LitmusPortalAuthBackend"
+ DEX_OAUTH_CLIENT_SECRET: "ZXhhbXBsZS1hcHAtc2VjcmV0"
+ OAuthJwtSecret: "litmus-oauth@123"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: litmusportal-frontend-nginx-configuration
+data:
+ nginx.conf: |
+ pid /tmp/nginx.pid;
+
+ events {
+ worker_connections 1024;
+ }
+
+ http {
+ map $http_upgrade $connection_upgrade {
+ default upgrade;
+ '' close;
+ }
+
+ client_body_temp_path /tmp/client_temp;
+ proxy_temp_path /tmp/proxy_temp_path;
+ fastcgi_temp_path /tmp/fastcgi_temp;
+ uwsgi_temp_path /tmp/uwsgi_temp;
+ scgi_temp_path /tmp/scgi_temp;
+
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+ keepalive_timeout 65;
+ types_hash_max_size 2048;
+ server_tokens off;
+
+ include /etc/nginx/mime.types;
+
+ gzip on;
+ gzip_disable "msie6";
+
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log;
+
+ server {
+ listen 8185 ssl;
+ ssl_certificate /etc/tls/tls.crt;
+ ssl_certificate_key /etc/tls/tls.key;
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_client_certificate /etc/tls/ca.crt;
+ ssl_ciphers HIGH:!aNULL:!MD5;
+ ssl_prefer_server_ciphers on;
+ ssl_session_cache shared:SSL:10m;
+
+ root /opt/chaos;
+
+ location /health {
+ return 200;
+ }
+
+ location / {
+ proxy_http_version 1.1;
+ add_header Cache-Control "no-cache";
+ try_files $uri /index.html;
+ autoindex on;
+ }
+
+ # redirect server error pages to the static page /50x.html
+ #
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/share/nginx/html;
+ }
+
+ location /auth/ {
+ proxy_ssl_verify off;
+ proxy_ssl_session_reuse on;
+ proxy_http_version 1.1;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass "https://litmusportal-auth-server-service:9005/";
+ proxy_ssl_certificate /etc/tls/tls.crt;
+ proxy_ssl_certificate_key /etc/tls/tls.key;
+ }
+
+ location /api/ {
+ proxy_ssl_verify off;
+ proxy_ssl_session_reuse on;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass "https://litmusportal-server-service:9004/";
+ proxy_ssl_certificate /etc/tls/tls.crt;
+ proxy_ssl_certificate_key /etc/tls/tls.key;
+ }
+ }
+ }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: litmusportal-frontend
+ labels:
+ component: litmusportal-frontend
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ component: litmusportal-frontend
+ template:
+ metadata:
+ labels:
+ component: litmusportal-frontend
+ spec:
+ automountServiceAccountToken: false
+ containers:
+ - name: litmusportal-frontend
+ image: litmuschaos/litmusportal-frontend:3.14.0
+ # securityContext:
+ # runAsUser: 2000
+ # allowPrivilegeEscalation: false
+ # runAsNonRoot: true
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8185
+ resources:
+ requests:
+ memory: "250Mi"
+ cpu: "125m"
+ ephemeral-storage: "500Mi"
+ limits:
+ memory: "512Mi"
+ cpu: "550m"
+ ephemeral-storage: "1Gi"
+ volumeMounts:
+ - name: nginx-config
+ mountPath: /etc/nginx/nginx.conf
+ subPath: nginx.conf
+ - mountPath: /etc/tls
+ name: tls-secret
+ volumes:
+ - name: nginx-config
+ configMap:
+ name: litmusportal-frontend-nginx-configuration
+ - name: tls-secret
+ secret:
+ secretName: tls-secret
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: litmusportal-frontend-service
+spec:
+ type: NodePort
+ ports:
+ - name: http
+ port: 9091
+ targetPort: 8185
+ selector:
+ component: litmusportal-frontend
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: litmusportal-server
+ labels:
+ component: litmusportal-server
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ component: litmusportal-server
+ template:
+ metadata:
+ labels:
+ component: litmusportal-server
+ spec:
+ automountServiceAccountToken: false
+ volumes:
+ - name: gitops-storage
+ emptyDir: {}
+ - name: hub-storage
+ emptyDir: {}
+ - name: tls-secret
+ secret:
+ secretName: tls-secret
+ containers:
+ - name: graphql-server
+ image: litmuschaos/litmusportal-server:3.14.0
+ volumeMounts:
+ - mountPath: /tmp/
+ name: gitops-storage
+ - mountPath: /tmp/version
+ name: hub-storage
+ - mountPath: /etc/tls
+ name: tls-secret
+ securityContext:
+ runAsUser: 2000
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
+ readOnlyRootFilesystem: true
+ envFrom:
+ - configMapRef:
+ name: litmus-portal-admin-config
+ - secretRef:
+ name: litmus-portal-admin-secret
+ env:
+ # if self-signed certificate are used pass the base64 tls certificate, to allow agents to use tls for communication
+ - name: TLS_CERT_B64
+ value: ""
+ - name: ENABLE_GQL_INTROSPECTION
+ value: "false"
+ - name: INFRA_DEPLOYMENTS
+ value: '["app=chaos-exporter", "name=chaos-operator", "app=workflow-controller", "app=event-tracker"]'
+ - name: CHAOS_CENTER_UI_ENDPOINT
+ value: ""
+ - name: SUBSCRIBER_IMAGE
+ value: "litmuschaos/litmusportal-subscriber:3.14.0"
+ - name: EVENT_TRACKER_IMAGE
+ value: "litmuschaos/litmusportal-event-tracker:3.14.0"
+ - name: ARGO_WORKFLOW_CONTROLLER_IMAGE
+ value: "litmuschaos/workflow-controller:v3.3.1"
+ - name: ARGO_WORKFLOW_EXECUTOR_IMAGE
+ value: "litmuschaos/argoexec:v3.3.1"
+ - name: LITMUS_CHAOS_OPERATOR_IMAGE
+ value: "litmuschaos/chaos-operator:3.14.0"
+ - name: LITMUS_CHAOS_RUNNER_IMAGE
+ value: "litmuschaos/chaos-runner:3.14.0"
+ - name: LITMUS_CHAOS_EXPORTER_IMAGE
+ value: "litmuschaos/chaos-exporter:3.14.0"
+ - name: CONTAINER_RUNTIME_EXECUTOR
+ value: "k8sapi"
+ - name: DEFAULT_HUB_BRANCH_NAME
+ value: "v3.14.x"
+ - name: LITMUS_AUTH_GRPC_ENDPOINT
+ value: "litmusportal-auth-server-service"
+ - name: LITMUS_AUTH_GRPC_PORT
+ value: "3030"
+ - name: WORKFLOW_HELPER_IMAGE_VERSION
+ value: "3.14.0"
+ - name: REMOTE_HUB_MAX_SIZE
+ value: "5000000"
+ - name: INFRA_COMPATIBLE_VERSIONS
+ value: '["3.14.0"]'
+ - name: ALLOWED_ORIGINS
+ value: "^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-server-service(:[0-9]+|)?"
+ - name: ENABLE_INTERNAL_TLS
+ value: "true"
+ - name: TLS_CERT_PATH
+ value: "/etc/tls/tls.crt"
+ - name: TLS_KEY_PATH
+ value: "/etc/tls/tls.key"
+ - name: CA_CERT_TLS_PATH
+ value: "/etc/tls/ca.crt"
+ - name: REST_PORT
+ value: "8081"
+ - name: GRPC_PORT
+ value: "8001"
+ ports:
+ - containerPort: 8081
+ - containerPort: 8001
+ imagePullPolicy: Always
+ resources:
+ requests:
+ memory: "250Mi"
+ cpu: "225m"
+ ephemeral-storage: "500Mi"
+ limits:
+ memory: "712Mi"
+ cpu: "550m"
+ ephemeral-storage: "1Gi"
+---
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: litmusportal-server
+ namespace: litmus
+ labels:
+ component: litmusportal-server
+spec:
+ policyTypes:
+ - Ingress
+ podSelector:
+ matchLabels:
+ component: litmusportal-server
+ ingress:
+ - from:
+ - podSelector:
+ matchLabels:
+ component: litmusportal-frontend
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: litmusportal-server-service
+spec:
+ type: NodePort
+ ports:
+ - name: graphql-server-https
+ port: 9004
+ targetPort: 8081
+ - name: graphql-rpc-server-https
+ port: 8001
+ targetPort: 8001
+ selector:
+ component: litmusportal-server
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: litmusportal-auth-server
+ labels:
+ component: litmusportal-auth-server
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ component: litmusportal-auth-server
+ template:
+ metadata:
+ labels:
+ component: litmusportal-auth-server
+ spec:
+ volumes:
+ - name: tls-secret
+ secret:
+ secretName: tls-secret
+ automountServiceAccountToken: false
+ containers:
+ - name: auth-server
+ volumeMounts:
+ - mountPath: /etc/tls
+ name: tls-secret
+ image: litmuschaos/litmusportal-auth-server:3.14.0
+ securityContext:
+ runAsUser: 2000
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
+ readOnlyRootFilesystem: true
+ envFrom:
+ - configMapRef:
+ name: litmus-portal-admin-config
+ - secretRef:
+ name: litmus-portal-admin-secret
+ env:
+ - name: STRICT_PASSWORD_POLICY
+ value: "false"
+ - name: ADMIN_USERNAME
+ value: "admin"
+ - name: ADMIN_PASSWORD
+ value: "litmus"
+ - name: LITMUS_GQL_GRPC_ENDPOINT
+ value: "litmusportal-server-service"
+ - name: LITMUS_GQL_GRPC_PORT
+ value: "8000"
+ - name: ALLOWED_ORIGINS
+ value: "^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-server-service(:[0-9]+|)?" #ip needs to added here
+ - name: ENABLE_INTERNAL_TLS
+ value: "true"
+ - name: TLS_CERT_PATH
+ value: "/etc/tls/tls.crt"
+ - name: TLS_KEY_PATH
+ value: "/etc/tls/ctls.key"
+ - name: CA_CERT_TLS_PATH
+ value: "/etc/tls/ca.crt"
+ - name: REST_PORT
+ value: "3001"
+ - name: GRPC_PORT
+ value: "3031"
+ ports:
+ - containerPort: 3001
+ - containerPort: 3031
+ imagePullPolicy: Always
+ resources:
+ requests:
+ memory: "250Mi"
+ cpu: "125m"
+ ephemeral-storage: "500Mi"
+ limits:
+ memory: "712Mi"
+ cpu: "550m"
+ ephemeral-storage: "1Gi"
+---
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: litmusportal-auth-server
+ namespace: litmus
+ labels:
+ component: litmusportal-auth-server
+spec:
+ policyTypes:
+ - Ingress
+ podSelector:
+ matchLabels:
+ component: litmusportal-auth-server
+ ingress:
+ - from:
+ - podSelector:
+ matchLabels:
+ component: litmusportal-frontend
+ - from:
+ - podSelector:
+ matchLabels:
+ component: litmusportal-server
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: litmusportal-auth-server-service
+spec:
+ type: NodePort
+ ports:
+ - name: auth-server-https
+ port: 9005
+ targetPort: 3001
+ - name: auth-rpc-server-https
+ port: 3031
+ targetPort: 3031
+ selector:
+ component: litmusportal-auth-server
diff --git a/mkdocs/docs/3.14.0/litmus-portal-crds.yml b/mkdocs/docs/3.14.0/litmus-portal-crds.yml
new file mode 100644
index 00000000000..0dba567b892
--- /dev/null
+++ b/mkdocs/docs/3.14.0/litmus-portal-crds.yml
@@ -0,0 +1,3596 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: clusterworkflowtemplates.argoproj.io
+spec:
+ group: argoproj.io
+ names:
+ kind: ClusterWorkflowTemplate
+ listKind: ClusterWorkflowTemplateList
+ plural: clusterworkflowtemplates
+ shortNames:
+ - clusterwftmpl
+ - cwft
+ singular: clusterworkflowtemplate
+ scope: Cluster
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ type: string
+ kind:
+ type: string
+ metadata:
+ type: object
+ spec:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: cronworkflows.argoproj.io
+spec:
+ group: argoproj.io
+ names:
+ kind: CronWorkflow
+ listKind: CronWorkflowList
+ plural: cronworkflows
+ shortNames:
+ - cwf
+ - cronwf
+ singular: cronworkflow
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ type: string
+ kind:
+ type: string
+ metadata:
+ type: object
+ spec:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: workflows.argoproj.io
+spec:
+ group: argoproj.io
+ names:
+ kind: Workflow
+ listKind: WorkflowList
+ plural: workflows
+ shortNames:
+ - wf
+ singular: workflow
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Status of the workflow
+ jsonPath: .status.phase
+ name: Status
+ type: string
+ - description: When the workflow was started
+ format: date-time
+ jsonPath: .status.startedAt
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ type: string
+ kind:
+ type: string
+ metadata:
+ type: object
+ spec:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: workflowtasksets.argoproj.io
+spec:
+ group: argoproj.io
+ names:
+ kind: WorkflowTaskSet
+ listKind: WorkflowTaskSetList
+ plural: workflowtasksets
+ shortNames:
+ - wfts
+ singular: workflowtaskset
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ type: string
+ kind:
+ type: string
+ metadata:
+ type: object
+ spec:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: workflowtemplates.argoproj.io
+spec:
+ group: argoproj.io
+ names:
+ kind: WorkflowTemplate
+ listKind: WorkflowTemplateList
+ plural: workflowtemplates
+ shortNames:
+ - wftmpl
+ singular: workflowtemplate
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ type: string
+ kind:
+ type: string
+ metadata:
+ type: object
+ spec:
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-preserve-unknown-fields: true
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: workflowtaskresults.argoproj.io
+spec:
+ group: argoproj.io
+ names:
+ kind: WorkflowTaskResult
+ listKind: WorkflowTaskResultList
+ plural: workflowtaskresults
+ singular: workflowtaskresult
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ type: string
+ kind:
+ type: string
+ message:
+ type: string
+ metadata:
+ type: object
+ outputs:
+ properties:
+ artifacts:
+ items:
+ properties:
+ archive:
+ properties:
+ none:
+ type: object
+ tar:
+ properties:
+ compressionLevel:
+ format: int32
+ type: integer
+ type: object
+ zip:
+ type: object
+ type: object
+ archiveLogs:
+ type: boolean
+ artifactory:
+ properties:
+ passwordSecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ url:
+ type: string
+ usernameSecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - url
+ type: object
+ from:
+ type: string
+ fromExpression:
+ type: string
+ gcs:
+ properties:
+ bucket:
+ type: string
+ key:
+ type: string
+ serviceAccountKeySecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - key
+ type: object
+ git:
+ properties:
+ depth:
+ format: int64
+ type: integer
+ disableSubmodules:
+ type: boolean
+ fetch:
+ items:
+ type: string
+ type: array
+ insecureIgnoreHostKey:
+ type: boolean
+ passwordSecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ repo:
+ type: string
+ revision:
+ type: string
+ sshPrivateKeySecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ usernameSecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ required:
+ - repo
+ type: object
+ globalName:
+ type: string
+ hdfs:
+ properties:
+ addresses:
+ items:
+ type: string
+ type: array
+ force:
+ type: boolean
+ hdfsUser:
+ type: string
+ krbCCacheSecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ krbConfigConfigMap:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ krbKeytabSecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ krbRealm:
+ type: string
+ krbServicePrincipalName:
+ type: string
+ krbUsername:
+ type: string
+ path:
+ type: string
+ required:
+ - path
+ type: object
+ http:
+ properties:
+ headers:
+ items:
+ properties:
+ name:
+ type: string
+ value:
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ url:
+ type: string
+ required:
+ - url
+ type: object
+ mode:
+ format: int32
+ type: integer
+ name:
+ type: string
+ optional:
+ type: boolean
+ oss:
+ properties:
+ accessKeySecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ bucket:
+ type: string
+ createBucketIfNotPresent:
+ type: boolean
+ endpoint:
+ type: string
+ key:
+ type: string
+ lifecycleRule:
+ properties:
+ markDeletionAfterDays:
+ format: int32
+ type: integer
+ markInfrequentAccessAfterDays:
+ format: int32
+ type: integer
+ type: object
+ secretKeySecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ securityToken:
+ type: string
+ required:
+ - key
+ type: object
+ path:
+ type: string
+ raw:
+ properties:
+ data:
+ type: string
+ required:
+ - data
+ type: object
+ recurseMode:
+ type: boolean
+ s3:
+ properties:
+ accessKeySecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ bucket:
+ type: string
+ createBucketIfNotPresent:
+ properties:
+ objectLocking:
+ type: boolean
+ type: object
+ encryptionOptions:
+ properties:
+ enableEncryption:
+ type: boolean
+ kmsEncryptionContext:
+ type: string
+ kmsKeyId:
+ type: string
+ serverSideCustomerKeySecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ endpoint:
+ type: string
+ insecure:
+ type: boolean
+ key:
+ type: string
+ region:
+ type: string
+ roleARN:
+ type: string
+ secretKeySecret:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ useSDKCreds:
+ type: boolean
+ type: object
+ subPath:
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ exitCode:
+ type: string
+ parameters:
+ items:
+ properties:
+ default:
+ type: string
+ description:
+ type: string
+ enum:
+ items:
+ type: string
+ type: array
+ globalName:
+ type: string
+ name:
+ type: string
+ value:
+ type: string
+ valueFrom:
+ properties:
+ configMapKeyRef:
+ properties:
+ key:
+ type: string
+ name:
+ type: string
+ optional:
+ type: boolean
+ required:
+ - key
+ type: object
+ default:
+ type: string
+ event:
+ type: string
+ expression:
+ type: string
+ jqFilter:
+ type: string
+ jsonPath:
+ type: string
+ parameter:
+ type: string
+ path:
+ type: string
+ supplied:
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ result:
+ type: string
+ type: object
+ phase:
+ type: string
+ progress:
+ type: string
+ required:
+ - metadata
+ type: object
+ served: true
+ storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: chaosengines.litmuschaos.io
+spec:
+ group: litmuschaos.io
+ names:
+ kind: ChaosEngine
+ listKind: ChaosEngineList
+ plural: chaosengines
+ singular: chaosengine
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ properties:
+ jobCleanUpPolicy:
+ type: string
+ pattern: ^(delete|retain)$
+ # alternate ways to do this in case of complex pattern matches
+ #oneOf:
+ # - pattern: '^delete$'
+ # - pattern: '^retain$'
+ defaultHealthCheck:
+ type: boolean
+ appinfo:
+ type: object
+ properties:
+ appkind:
+ type: string
+ pattern: ^(^$|deployment|statefulset|daemonset|deploymentconfig|rollout)$
+ applabel:
+ type: string
+ appns:
+ type: string
+ selectors:
+ type: object
+ properties:
+ pods:
+ items:
+ properties:
+ names:
+ type: string
+ namespace:
+ type: string
+ required:
+ - names
+ - namespace
+ type: object
+ type: array
+ workloads:
+ items:
+ properties:
+ kind:
+ type: string
+ pattern: ^(^$|deployment|statefulset|daemonset|deploymentconfig|rollout)$
+ labels:
+ type: string
+ names:
+ type: string
+ namespace:
+ type: string
+ oneOf:
+ - required: [ names ]
+ - required: [ labels ]
+ required:
+ - kind
+ - namespace
+ type: object
+ type: array
+ oneOf:
+ - required: [ pods ]
+ - required: [ workloads ]
+ auxiliaryAppInfo:
+ type: string
+ engineState:
+ type: string
+ pattern: ^(active|stop)$
+ chaosServiceAccount:
+ type: string
+ terminationGracePeriodSeconds:
+ type: integer
+ components:
+ type: object
+ properties:
+ sidecar:
+ type: array
+ items:
+ type: object
+ properties:
+ env:
+ description: ENV contains ENV passed to the sidecar container
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are
+ expanded using the previous defined environment
+ variables in the container and any service environment
+ variables. If a variable cannot be resolved, the
+ reference in the input string will be unchanged.
+ The $(VAR_NAME) syntax can be escaped with a double
+ $$, ie: $$(VAR_NAME). Escaped references will never
+ be expanded, regardless of whether the variable
+ exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in the
+ pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: EnvFrom for the sidecar container
+ items:
+ description: EnvFromSource represents the source of a
+ set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must
+ be defined
+ type: boolean
+ type: object
+ prefix:
+ description: An optional identifier to prepend to
+ each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be
+ defined
+ type: boolean
+ type: object
+ type: object
+ type: array
+ image:
+ type: string
+ imagePullPolicy:
+ type: string
+ secrets:
+ items:
+ properties:
+ mountPath:
+ type: string
+ name:
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ runner:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ properties:
+ image:
+ type: string
+ type:
+ type: string
+ pattern: ^(go)$
+ runnerAnnotations:
+ type: object
+ runnerLabels:
+ type: object
+ additionalProperties:
+ type: string
+ properties:
+ key:
+ type: string
+ minLength: 1
+ value:
+ type: string
+ minLength: 1
+ tolerations:
+ description: Pod's tolerations.
+ items:
+ description: The pod with this Toleration tolerates any taint matches the using the matching operator .
+ properties:
+ effect:
+ description: Effect to match. Empty means all effects.
+ type: string
+ key:
+ description: Taint key the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists.
+ type: string
+ operator:
+ description: Operators are Exists or Equal. Defaults to Equal.
+ type: string
+ tolerationSeconds:
+ description: Period of time the toleration tolerates the taint.
+ format: int64
+ type: integer
+ value:
+ description: If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ experiments:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ spec:
+ type: object
+ properties:
+ probe:
+ type: array
+ items:
+ type: object
+ required:
+ - name
+ - type
+ - mode
+ - runProperties
+ properties:
+ name:
+ type: string
+ type:
+ type: string
+ minLength: 1
+ pattern: ^(k8sProbe|httpProbe|cmdProbe|promProbe|sloProbe)$
+ k8sProbe/inputs:
+ type: object
+ required:
+ - version
+ - resource
+ - operation
+ properties:
+ group:
+ type: string
+ version:
+ type: string
+ resource:
+ type: string
+ namespace:
+ type: string
+ resourceNames:
+ type: string
+ fieldSelector:
+ type: string
+ labelSelector:
+ type: string
+ operation:
+ type: string
+ pattern: ^(present|absent|create|delete)$
+ minLength: 1
+ cmdProbe/inputs:
+ type: object
+ required:
+ - command
+ - comparator
+ properties:
+ command:
+ type: string
+ minLength: 1
+ comparator:
+ type: object
+ required:
+ - type
+ - criteria
+ - value
+ properties:
+ type:
+ type: string
+ minLength: 1
+ pattern: ^(int|float|string)$
+ criteria:
+ type: string
+ value:
+ type: string
+ source:
+ description: The external pod where we have to run the
+ probe commands. It will run the commands inside the experiment pod itself(inline mode) if source contains a nil value
+ required:
+ - image
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations for the source pod
+ type: object
+ args:
+ description: Args for the source pod
+ items:
+ type: string
+ type: array
+ command:
+ description: Command for the source pod
+ items:
+ type: string
+ type: array
+ env:
+ description: ENVList contains ENV passed to
+ the source pod
+ items:
+ description: EnvVar represents an environment
+ variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previous defined
+ environment variables in the container
+ and any service environment variables.
+ If a variable cannot be resolved, the
+ reference in the input string will be
+ unchanged. The $(VAR_NAME) syntax can
+ be escaped with a double $$, ie: $$(VAR_NAME).
+ Escaped references will never be expanded,
+ regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment
+ variable's value. Cannot be used if
+ value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the
+ ConfigMap or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the
+ pod: supports metadata.name, metadata.namespace,
+ metadata.labels, metadata.annotations,
+ spec.nodeName, spec.serviceAccountName,
+ status.hostIP, status.podIP.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in
+ terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field
+ to select in the specified API
+ version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of
+ the container: only resources limits
+ and requests (limits.cpu, limits.memory,
+ limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name:
+ required for volumes, optional
+ for env vars'
+ type: string
+ divisor:
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ type: string
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret
+ in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret
+ to select from. Must be a valid
+ secret key.
+ type: string
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the
+ Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ hostNetwork:
+ description: HostNetwork define the hostNetwork
+ of the external pod it supports boolean values
+ and default value is false
+ type: boolean
+ inheritInputs:
+ description: InheritInputs define to inherit experiment
+ details in probe pod it supports boolean values
+ and default value is false.
+ type: boolean
+ image:
+ description: Image for the source pod
+ type: string
+ imagePullPolicy:
+ description: ImagePullPolicy for the source pod
+ type: string
+ imagePullSecrets:
+ description: ImagePullSecrets for source pod
+ items:
+ description: LocalObjectReference contains enough information
+ to let you locate the referenced object inside the same
+ namespace.
+ properties:
+ name:
+ description: 'Name of the referent'
+ type: string
+ type: object
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels for the source pod
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: NodeSelector for the source pod
+ type: object
+ privileged:
+ description: Privileged for the source pod
+ type: boolean
+ volumeMount:
+ description: VolumesMount for the source pod
+ items:
+ description: VolumeMount describes a mounting
+ of a Volume within a container.
+ properties:
+ mountPath:
+ description: Path within the container
+ at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines
+ how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is
+ used. This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name
+ of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true,
+ read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from
+ which the container's volume should
+ be mounted. Defaults to "" (volume's
+ root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the
+ volume from which the container's volume
+ should be mounted. Behaves similarly
+ to SubPath but environment variable
+ references $(VAR_NAME) are expanded
+ using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and
+ SubPath are mutually exclusive. This
+ field is beta in 1.15.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ volumes:
+ description: Volumes for the source pod
+ items:
+ description: Volume represents a named volume
+ in a pod that may be accessed by any container
+ in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'AWSElasticBlockStore represents
+ an AWS Disk resource that is attached
+ to a kubelet''s host machine and then
+ exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'Filesystem type of the
+ volume that you want to mount. Tip:
+ Ensure that the filesystem type
+ is supported by the host operating
+ system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be
+ "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in
+ the filesystem from compromising
+ the machine'
+ type: string
+ partition:
+ description: 'The partition in the
+ volume that you want to mount. If
+ omitted, the default is to mount
+ by volume name. Examples: For volume
+ /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can
+ leave the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Specify "true" to force
+ and set the ReadOnly property in
+ VolumeMounts to "true". If omitted,
+ the default is "false". More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'Unique ID of the persistent
+ disk resource in AWS (Amazon EBS
+ volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: AzureDisk represents an Azure
+ Data Disk mount on the host and bind
+ mount to the pod.
+ properties:
+ cachingMode:
+ description: 'Host Caching mode: None,
+ Read Only, Read Write.'
+ type: string
+ diskName:
+ description: The Name of the data
+ disk in the blob storage
+ type: string
+ diskURI:
+ description: The URI the data disk
+ in the blob storage
+ type: string
+ fsType:
+ description: Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ kind:
+ description: 'Expected values Shared:
+ multiple blob disks per storage
+ account Dedicated: single blob
+ disk per storage account Managed:
+ azure managed data disk (only in
+ managed availability set). defaults
+ to shared'
+ type: string
+ readOnly:
+ description: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly
+ setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: AzureFile represents an Azure
+ File Service mount on the host and bind
+ mount to the pod.
+ properties:
+ readOnly:
+ description: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly
+ setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: the name of secret that
+ contains Azure Storage Account Name
+ and Key
+ type: string
+ shareName:
+ description: Share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: CephFS represents a Ceph
+ FS mount on the host that shares a pod's
+ lifetime
+ properties:
+ monitors:
+ description: 'Required: Monitors is
+ a collection of Ceph monitors More
+ info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'Optional: Used as the
+ mounted root, rather than the full
+ Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to
+ false (read/write). ReadOnly here
+ will force the ReadOnly setting
+ in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'Optional: SecretFile
+ is the path to key ring for User,
+ default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'Optional: SecretRef
+ is reference to the authentication
+ secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'Optional: User is the
+ rados user name, default is admin
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'Cinder represents a cinder
+ volume attached and mounted on kubelets
+ host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to
+ false (read/write). ReadOnly here
+ will force the ReadOnly setting
+ in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'Optional: points to
+ a secret object containing parameters
+ used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ volumeID:
+ description: 'volume id used to identify
+ the volume in cinder. More info:
+ https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: ConfigMap represents a configMap
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits
+ to use on created files by default.
+ Must be a value between 0 and 0777.
+ Defaults to 0644. Directories within
+ the path are not affected by this
+ setting. This might be in conflict
+ with other options that affect the
+ file mode, like fsGroup, and the
+ result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each
+ key-value pair in the Data field
+ of the referenced ConfigMap will
+ be projected into the volume as
+ a file whose name is the key and
+ content is the value. If specified,
+ the listed keys will be projected
+ into the specified paths, and unlisted
+ keys will not be present. If a key
+ is specified which is not present
+ in the ConfigMap, the volume setup
+ will error unless it is marked optional.
+ Paths must be relative and may not
+ contain the '..' path or start with
+ '..'.
+ items:
+ description: Maps a string key to
+ a path within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode
+ bits to use on this file,
+ must be a value between 0
+ and 0777. If not specified,
+ the volume defaultMode will
+ be used. This might be in
+ conflict with other options
+ that affect the file mode,
+ like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path
+ of the file to map the key
+ to. May not be an absolute
+ path. May not contain the
+ path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ csi:
+ description: CSI (Container Storage Interface)
+ represents storage that is handled by
+ an external CSI driver (Alpha feature).
+ properties:
+ driver:
+ description: Driver is the name of
+ the CSI driver that handles this
+ volume. Consult with your admin
+ for the correct name as registered
+ in the cluster.
+ type: string
+ fsType:
+ description: Filesystem type to mount.
+ Ex. "ext4", "xfs", "ntfs". If not
+ provided, the empty value is passed
+ to the associated CSI driver which
+ will determine the default filesystem
+ to apply.
+ type: string
+ nodePublishSecretRef:
+ description: NodePublishSecretRef
+ is a reference to the secret object
+ containing sensitive information
+ to pass to the CSI driver to complete
+ the CSI NodePublishVolume and NodeUnpublishVolume
+ calls. This field is optional, and may
+ be empty if no secret is required.
+ If the secret object contains more
+ than one secret, all secret references
+ are passed.
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ readOnly:
+ description: Specifies a read-only
+ configuration for the volume. Defaults
+ to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: VolumeAttributes stores
+ driver-specific properties that
+ are passed to the CSI driver. Consult
+ your driver's documentation for
+ supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: DownwardAPI represents downward
+ API about the pod that should populate
+ this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits
+ to use on created files by default.
+ Must be a value between 0 and 0777.
+ Defaults to 0644. Directories within
+ the path are not affected by this
+ setting. This might be in conflict
+ with other options that affect the
+ file mode, like fsGroup, and the
+ result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward
+ API volume file
+ items:
+ description: DownwardAPIVolumeFile
+ represents information to create
+ the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects
+ a field of the pod: only annotations,
+ labels, name and namespace
+ are supported.'
+ properties:
+ apiVersion:
+ description: Version of
+ the schema the FieldPath
+ is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the
+ field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode
+ bits to use on this file,
+ must be a value between 0
+ and 0777. If not specified,
+ the volume defaultMode will
+ be used. This might be in
+ conflict with other options
+ that affect the file mode,
+ like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path
+ is the relative path name
+ of the file to be created.
+ Must not be absolute or contain
+ the ''..'' path. Must be utf-8
+ encoded. The first item of
+ the relative path must not
+ start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource
+ of the container: only resources
+ limits and requests (limits.cpu,
+ limits.memory, requests.cpu
+ and requests.memory) are currently
+ supported.'
+ properties:
+ containerName:
+ description: 'Container
+ name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ description: Specifies the
+ output format of the exposed
+ resources, defaults to
+ "1"
+ type: string
+ resource:
+ description: 'Required:
+ resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'EmptyDir represents a temporary
+ directory that shares a pod''s lifetime.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'What type of storage
+ medium should back this directory.
+ The default is "" which means to
+ use the node''s default medium.
+ Must be an empty string (default)
+ or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ description: 'Total amount of local
+ storage required for this EmptyDir
+ volume. The size limit is also applicable
+ for memory medium. The maximum usage
+ on memory medium EmptyDir would
+ be the minimum value between the
+ SizeLimit specified here and the
+ sum of memory limits of all containers
+ in a pod. The default is nil which
+ means that the limit is undefined.
+ More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ type: string
+ type: object
+ fc:
+ description: FC represents a Fibre Channel
+ resource that is attached to a kubelet's
+ host machine and then exposed to the
+ pod.
+ properties:
+ fsType:
+ description: 'Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ TODO: how do we prevent errors in
+ the filesystem from compromising
+ the machine'
+ type: string
+ lun:
+ description: 'Optional: FC target
+ lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Optional: Defaults to
+ false (read/write). ReadOnly here
+ will force the ReadOnly setting
+ in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'Optional: FC target
+ worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'Optional: FC volume
+ world wide identifiers (wwids) Either
+ wwids or combination of targetWWNs
+ and lun must be set, but not both
+ simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: FlexVolume represents a generic
+ volume resource that is provisioned/attached
+ using an exec based plugin.
+ properties:
+ driver:
+ description: Driver is the name of
+ the driver to use for this volume.
+ type: string
+ fsType:
+ description: Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". The default
+ filesystem depends on FlexVolume
+ script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'Optional: Extra command
+ options if any.'
+ type: object
+ readOnly:
+ description: 'Optional: Defaults to
+ false (read/write). ReadOnly here
+ will force the ReadOnly setting
+ in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'Optional: SecretRef
+ is reference to the secret object
+ containing sensitive information
+ to pass to the plugin scripts. This
+ may be empty if no secret object
+ is specified. If the secret object
+ contains more than one secret, all
+ secrets are passed to the plugin
+ scripts.'
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ required:
+ - driver
+ type: object
+ flocker:
+ description: Flocker represents a Flocker
+ volume attached to a kubelet's host
+ machine. This depends on the Flocker
+ control service being running
+ properties:
+ datasetName:
+ description: Name of the dataset stored
+ as metadata -> name on the dataset
+ for Flocker should be considered
+ as deprecated
+ type: string
+ datasetUUID:
+ description: UUID of the dataset.
+ This is unique identifier of a Flocker
+ dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'GCEPersistentDisk represents
+ a GCE Disk resource that is attached
+ to a kubelet''s host machine and then
+ exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'Filesystem type of the
+ volume that you want to mount. Tip:
+ Ensure that the filesystem type
+ is supported by the host operating
+ system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be
+ "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in
+ the filesystem from compromising
+ the machine'
+ type: string
+ partition:
+ description: 'The partition in the
+ volume that you want to mount. If
+ omitted, the default is to mount
+ by volume name. Examples: For volume
+ /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can
+ leave the property empty). More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'Unique name of the PD
+ resource in GCE. Used to identify
+ the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'GitRepo represents a git
+ repository at a particular revision.
+ DEPRECATED: GitRepo is deprecated. To
+ provision a container with a git repo,
+ mount an EmptyDir into an InitContainer
+ that clones the repo using git, then
+ mount the EmptyDir into the Pod''s container.'
+ properties:
+ directory:
+ description: Target directory name.
+ Must not contain or start with '..'. If
+ '.' is supplied, the volume directory
+ will be the git repository. Otherwise,
+ if specified, the volume will contain
+ the git repository in the subdirectory
+ with the given name.
+ type: string
+ repository:
+ description: Repository URL
+ type: string
+ revision:
+ description: Commit hash for the specified
+ revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'Glusterfs represents a Glusterfs
+ mount on the host that shares a pod''s
+ lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'EndpointsName is the
+ endpoint name that details Glusterfs
+ topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'Path is the Glusterfs
+ volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force
+ the Glusterfs volume to be mounted
+ with read-only permissions. Defaults
+ to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'HostPath represents a pre-existing
+ file or directory on the host machine
+ that is directly exposed to the container.
+ This is generally used for system agents
+ or other privileged things that are
+ allowed to see the host machine. Most
+ containers will NOT need this. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ ### TODO(jonesdl) We need to restrict
+ who can use host directory mounts and
+ who can/can not mount host directories
+ as read/write.'
+ properties:
+ path:
+ description: 'Path of the directory
+ on the host. If the path is a symlink,
+ it will follow the link to the real
+ path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'Type for HostPath Volume
+ Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'ISCSI represents an ISCSI
+ Disk resource that is attached to a
+ kubelet''s host machine and then exposed
+ to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: whether support iSCSI
+ Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: whether support iSCSI
+ Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'Filesystem type of the
+ volume that you want to mount. Tip:
+ Ensure that the filesystem type
+ is supported by the host operating
+ system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be
+ "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in
+ the filesystem from compromising
+ the machine'
+ type: string
+ initiatorName:
+ description: Custom iSCSI Initiator
+ Name. If initiatorName is specified
+ with iscsiInterface simultaneously,
+ new iSCSI interface : will be created for the connection.
+ type: string
+ iqn:
+ description: Target iSCSI Qualified
+ Name.
+ type: string
+ iscsiInterface:
+ description: iSCSI Interface Name
+ that uses an iSCSI transport. Defaults
+ to 'default' (tcp).
+ type: string
+ lun:
+ description: iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: iSCSI Target Portal List.
+ The portal is either an IP or ip_addr:port
+ if the port is other than default
+ (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ type: boolean
+ secretRef:
+ description: CHAP Secret for iSCSI
+ target and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ targetPortal:
+ description: iSCSI Target Portal.
+ The Portal is either an IP or ip_addr:port
+ if the port is other than default
+ (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'Volume''s name. Must be
+ a DNS_LABEL and unique within the pod.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'NFS represents an NFS mount
+ on the host that shares a pod''s lifetime
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'Path that is exported
+ by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force
+ the NFS export to be mounted with
+ read-only permissions. Defaults
+ to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'Server is the hostname
+ or IP address of the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'PersistentVolumeClaimVolumeSource
+ represents a reference to a PersistentVolumeClaim
+ in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'ClaimName is the name
+ of a PersistentVolumeClaim in the
+ same namespace as the pod using
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: Will force the ReadOnly
+ setting in VolumeMounts. Default
+ false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: PhotonPersistentDisk represents
+ a PhotonController persistent disk attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ pdID:
+ description: ID that identifies Photon
+ Controller persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: PortworxVolume represents
+ a portworx volume attached and mounted
+ on kubelets host machine
+ properties:
+ fsType:
+ description: FSType represents the
+ filesystem type to mount Must be
+ a filesystem type supported by the
+ host operating system. Ex. "ext4",
+ "xfs". Implicitly inferred to be
+ "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly
+ setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: VolumeID uniquely identifies
+ a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: Items for all in one resources
+ secrets, configmaps, and downward API
+ properties:
+ defaultMode:
+ description: Mode bits to use on created
+ files by default. Must be a value
+ between 0 and 0777. Directories
+ within the path are not affected
+ by this setting. This might be in
+ conflict with other options that
+ affect the file mode, like fsGroup,
+ and the result can be other mode
+ bits set.
+ format: int32
+ type: integer
+ sources:
+ description: list of volume projections
+ items:
+ description: Projection that may
+ be projected along with other
+ supported volume types
+ properties:
+ configMap:
+ description: information about
+ the configMap data to project
+ properties:
+ items:
+ description: If unspecified,
+ each key-value pair in
+ the Data field of the
+ referenced ConfigMap will
+ be projected into the
+ volume as a file whose
+ name is the key and content
+ is the value. If specified,
+ the listed keys will be
+ projected into the specified
+ paths, and unlisted keys
+ will not be present. If
+ a key is specified which
+ is not present in the
+ ConfigMap, the volume
+ setup will error unless
+ it is marked optional.
+ Paths must be relative
+ and may not contain the
+ '..' path or start with
+ '..'.
+ items:
+ description: Maps a string
+ key to a path within
+ a volume.
+ properties:
+ key:
+ description: The key
+ to project.
+ type: string
+ mode:
+ description: 'Optional:
+ mode bits to use
+ on this file, must
+ be a value between
+ 0 and 0777. If not
+ specified, the volume
+ defaultMode will
+ be used. This might
+ be in conflict with
+ other options that
+ affect the file
+ mode, like fsGroup,
+ and the result can
+ be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative
+ path of the file
+ to map the key to.
+ May not be an absolute
+ path. May not contain
+ the path element
+ '..'. May not start
+ with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the
+ referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful
+ fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether
+ the ConfigMap or its keys
+ must be defined
+ type: boolean
+ type: object
+ downwardAPI:
+ description: information about
+ the downwardAPI data to project
+ properties:
+ items:
+ description: Items is a
+ list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile
+ represents information
+ to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required:
+ Selects a field
+ of the pod: only
+ annotations, labels,
+ name and namespace
+ are supported.'
+ properties:
+ apiVersion:
+ description: Version
+ of the schema
+ the FieldPath
+ is written in
+ terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path
+ of the field
+ to select in
+ the specified
+ API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional:
+ mode bits to use
+ on this file, must
+ be a value between
+ 0 and 0777. If not
+ specified, the volume
+ defaultMode will
+ be used. This might
+ be in conflict with
+ other options that
+ affect the file
+ mode, like fsGroup,
+ and the result can
+ be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required:
+ Path is the relative
+ path name of the
+ file to be created.
+ Must not be absolute
+ or contain the ''..''
+ path. Must be utf-8
+ encoded. The first
+ item of the relative
+ path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects
+ a resource of the
+ container: only
+ resources limits
+ and requests (limits.cpu,
+ limits.memory, requests.cpu
+ and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container
+ name: required
+ for volumes,
+ optional for
+ env vars'
+ type: string
+ divisor:
+ description: Specifies
+ the output format
+ of the exposed
+ resources, defaults
+ to "1"
+ type: string
+ resource:
+ description: 'Required:
+ resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: information about
+ the secret data to project
+ properties:
+ items:
+ description: If unspecified,
+ each key-value pair in
+ the Data field of the
+ referenced Secret will
+ be projected into the
+ volume as a file whose
+ name is the key and content
+ is the value. If specified,
+ the listed keys will be
+ projected into the specified
+ paths, and unlisted keys
+ will not be present. If
+ a key is specified which
+ is not present in the
+ Secret, the volume setup
+ will error unless it is
+ marked optional. Paths
+ must be relative and may
+ not contain the '..' path
+ or start with '..'.
+ items:
+ description: Maps a string
+ key to a path within
+ a volume.
+ properties:
+ key:
+ description: The key
+ to project.
+ type: string
+ mode:
+ description: 'Optional:
+ mode bits to use
+ on this file, must
+ be a value between
+ 0 and 0777. If not
+ specified, the volume
+ defaultMode will
+ be used. This might
+ be in conflict with
+ other options that
+ affect the file
+ mode, like fsGroup,
+ and the result can
+ be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative
+ path of the file
+ to map the key to.
+ May not be an absolute
+ path. May not contain
+ the path element
+ '..'. May not start
+ with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the
+ referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful
+ fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether
+ the Secret or its key
+ must be defined
+ type: boolean
+ type: object
+ serviceAccountToken:
+ description: information about
+ the serviceAccountToken data
+ to project
+ properties:
+ audience:
+ description: Audience is
+ the intended audience
+ of the token. A recipient
+ of a token must identify
+ itself with an identifier
+ specified in the audience
+ of the token, and otherwise
+ should reject the token.
+ The audience defaults
+ to the identifier of the
+ apiserver.
+ type: string
+ expirationSeconds:
+ description: ExpirationSeconds
+ is the requested duration
+ of validity of the service
+ account token. As the
+ token approaches expiration,
+ the kubelet volume plugin
+ will proactively rotate
+ the service account token.
+ The kubelet will start
+ trying to rotate the token
+ if the token is older
+ than 80 percent of its
+ time to live or if the
+ token is older than 24
+ hours.Defaults to 1 hour
+ and must be at least 10
+ minutes.
+ format: int64
+ type: integer
+ path:
+ description: Path is the
+ path relative to the mount
+ point of the file to project
+ the token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ required:
+ - sources
+ type: object
+ quobyte:
+ description: Quobyte represents a Quobyte
+ mount on the host that shares a pod's
+ lifetime
+ properties:
+ group:
+ description: Group to map volume access
+ to Default is no group
+ type: string
+ readOnly:
+ description: ReadOnly here will force
+ the Quobyte volume to be mounted
+ with read-only permissions. Defaults
+ to false.
+ type: boolean
+ registry:
+ description: Registry represents a
+ single or multiple Quobyte Registry
+ services specified as a string as
+ host:port pair (multiple entries
+ are separated with commas) which
+ acts as the central registry for
+ volumes
+ type: string
+ tenant:
+ description: Tenant owning the given
+ Quobyte volume in the Backend Used
+ with dynamically provisioned Quobyte
+ volumes, value is set by the plugin
+ type: string
+ user:
+ description: User to map volume access
+ to Defaults to serivceaccount user
+ type: string
+ volume:
+ description: Volume is a string that
+ references an already created Quobyte
+ volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'RBD represents a Rados Block
+ Device mount on the host that shares
+ a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type of the
+ volume that you want to mount. Tip:
+ Ensure that the filesystem type
+ is supported by the host operating
+ system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be
+ "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in
+ the filesystem from compromising
+ the machine'
+ type: string
+ image:
+ description: 'The rados image name.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'Keyring is the path
+ to key ring for RBDUser. Default
+ is /etc/ceph/keyring. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'A collection of Ceph
+ monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'The rados pool name.
+ Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'SecretRef is name of
+ the authentication secret for RBDUser.
+ If provided overrides keyring. Default
+ is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'The rados user name.
+ Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: ScaleIO represents a ScaleIO
+ persistent volume attached and mounted
+ on Kubernetes nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". Default is
+ "xfs".
+ type: string
+ gateway:
+ description: The host address of the
+ ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: The name of the ScaleIO
+ Protection Domain for the configured
+ storage.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly
+ setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef references
+ to the secret for ScaleIO user and
+ other sensitive information. If
+ this is not provided, Login operation
+ will fail.
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ sslEnabled:
+ description: Flag to enable/disable
+ SSL communication with Gateway,
+ default false
+ type: boolean
+ storageMode:
+ description: Indicates whether the
+ storage for a volume should be ThickProvisioned
+ or ThinProvisioned. Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: The ScaleIO Storage Pool
+ associated with the protection domain.
+ type: string
+ system:
+ description: The name of the storage
+ system as configured in ScaleIO.
+ type: string
+ volumeName:
+ description: The name of a volume
+ already created in the ScaleIO system
+ that is associated with this volume
+ source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'Secret represents a secret
+ that should populate this volume. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits
+ to use on created files by default.
+ Must be a value between 0 and 0777.
+ Defaults to 0644. Directories within
+ the path are not affected by this
+ setting. This might be in conflict
+ with other options that affect the
+ file mode, like fsGroup, and the
+ result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each
+ key-value pair in the Data field
+ of the referenced Secret will be
+ projected into the volume as a file
+ whose name is the key and content
+ is the value. If specified, the
+ listed keys will be projected into
+ the specified paths, and unlisted
+ keys will not be present. If a key
+ is specified which is not present
+ in the Secret, the volume setup
+ will error unless it is marked optional.
+ Paths must be relative and may not
+ contain the '..' path or start with
+ '..'.
+ items:
+ description: Maps a string key to
+ a path within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode
+ bits to use on this file,
+ must be a value between 0
+ and 0777. If not specified,
+ the volume defaultMode will
+ be used. This might be in
+ conflict with other options
+ that affect the file mode,
+ like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path
+ of the file to map the key
+ to. May not be an absolute
+ path. May not contain the
+ path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: Specify whether the Secret
+ or its keys must be defined
+ type: boolean
+ secretName:
+ description: 'Name of the secret in
+ the pod''s namespace to use. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: StorageOS represents a StorageOS
+ volume attached and mounted on Kubernetes
+ nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly
+ setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef specifies the
+ secret to use for obtaining the
+ StorageOS API credentials. If not
+ specified, default values will be
+ attempted.
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ volumeName:
+ description: VolumeName is the human-readable
+ name of the StorageOS volume. Volume
+ names are only unique within a namespace.
+ type: string
+ volumeNamespace:
+ description: VolumeNamespace specifies
+ the scope of the volume within StorageOS. If
+ no namespace is specified then the
+ Pod's namespace will be used. This
+ allows the Kubernetes name scoping
+ to be mirrored within StorageOS
+ for tighter integration. Set VolumeName
+ to any name to override the default
+ behaviour. Set to "default" if you
+ are not using namespaces within
+ StorageOS. Namespaces that do not
+ pre-exist within StorageOS will
+ be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: VsphereVolume represents
+ a vSphere volume attached and mounted
+ on kubelets host machine
+ properties:
+ fsType:
+ description: Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ storagePolicyID:
+ description: Storage Policy Based
+ Management (SPBM) profile ID associated
+ with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: Storage Policy Based
+ Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: Path that identifies
+ vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ httpProbe/inputs:
+ type: object
+ required:
+ - url
+ - method
+ properties:
+ url:
+ type: string
+ minLength: 1
+ insecureSkipVerify:
+ type: boolean
+ method:
+ type: object
+ minProperties: 1
+ properties:
+ get:
+ type: object
+ required:
+ - criteria
+ - responseCode
+ properties:
+ criteria:
+ type: string
+ minLength: 1
+ responseCode:
+ type: string
+ minLength: 1
+ post:
+ type: object
+ required:
+ - criteria
+ - responseCode
+ properties:
+ contentType:
+ type: string
+ minLength: 1
+ body:
+ type: string
+ bodyPath:
+ type: string
+ criteria:
+ type: string
+ minLength: 1
+ responseCode:
+ type: string
+ minLength: 1
+ promProbe/inputs:
+ type: object
+ required:
+ - endpoint
+ - comparator
+ properties:
+ endpoint:
+ type: string
+ query:
+ type: string
+ queryPath:
+ type: string
+ comparator:
+ type: object
+ required:
+ - criteria
+ - value
+ properties:
+ criteria:
+ type: string
+ value:
+ type: string
+ runProperties:
+ type: object
+ minProperties: 2
+ required:
+ - probeTimeout
+ - interval
+ properties:
+ evaluationTimeout:
+ type: string
+ probeTimeout:
+ type: string
+ interval:
+ type: string
+ retry:
+ type: integer
+ attempt:
+ type: integer
+ probePollingInterval:
+ type: string
+ initialDelaySeconds:
+ type: integer
+ initialDelay:
+ type: string
+ stopOnFailure:
+ type: boolean
+ sloProbe/inputs:
+ description: inputs needed for the SLO probe
+ required:
+ - platformEndpoint
+ - sloIdentifier
+ - sloSourceMetadata
+ - comparator
+ properties:
+ comparator:
+ description: Comparator check for the correctness
+ of the probe output
+ required:
+ - criteria
+ - value
+ properties:
+ criteria:
+ description: Criteria for matching data it
+ supports >=, <=, ==, >, <, != for int and
+ float it supports equal, notEqual, contains
+ for string
+ type: string
+ type:
+ description: Type of data it can be int, float,
+ string
+ type: string
+ value:
+ description: Value contains relative value
+ for criteria
+ type: string
+ type: object
+ evaluationWindow:
+ description: EvaluationWindow is the time period
+ for which the metrics will be evaluated
+ properties:
+ evaluationEndTime:
+ description: End time of evaluation
+ type: integer
+ evaluationStartTime:
+ description: Start time of evaluation
+ type: integer
+ type: object
+ platformEndpoint:
+ description: PlatformEndpoint for the monitoring
+ service endpoint
+ type: string
+ insecureSkipVerify:
+ description: InsecureSkipVerify flag to skip certificate
+ checks
+ type: boolean
+ sloIdentifier:
+ description: SLOIdentifier for fetching the details
+ of the SLO
+ type: string
+ sloSourceMetadata:
+ description: SLOSourceMetadata consists of required
+ metadata details to fetch metric data
+ required:
+ - apiTokenSecret
+ - scope
+ properties:
+ apiTokenSecret:
+ description: APITokenSecret for authenticating
+ with the platform service
+ type: string
+ scope:
+ description: Scope required for fetching details
+ required:
+ - accountIdentifier
+ - orgIdentifier
+ - projectIdentifier
+ properties:
+ accountIdentifier:
+ description: AccountIdentifier for account
+ ID
+ type: string
+ orgIdentifier:
+ description: OrgIdentifier for organization
+ ID
+ type: string
+ projectIdentifier:
+ description: ProjectIdentifier for project
+ ID
+ type: string
+ type: object
+ type: object
+ type: object
+ mode:
+ type: string
+ pattern: ^(SOT|EOT|Edge|Continuous|OnChaos)$
+ minLength: 1
+ data:
+ type: string
+ components:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ properties:
+ statusCheckTimeouts:
+ type: object
+ properties:
+ delay:
+ type: integer
+ timeout:
+ type: integer
+ nodeSelector:
+ type: object
+ additionalProperties:
+ type: string
+ properties:
+ key:
+ type: string
+ minLength: 1
+ allowEmptyValue: false
+ value:
+ type: string
+ minLength: 1
+ allowEmptyValue: false
+ experimentImage:
+ type: string
+ env:
+ type: array
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previous defined environment
+ variables in the container and any service environment
+ variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged.
+ The $(VAR_NAME) syntax can be escaped with a
+ double $$, ie: $$(VAR_NAME). Escaped references
+ will never be expanded, regardless of whether
+ the variable exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod:
+ supports metadata.name, metadata.namespace,
+ metadata.labels, metadata.annotations, spec.nodeName,
+ spec.serviceAccountName, status.hostIP,
+ status.podIP.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage,
+ requests.cpu, requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ configMaps:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ mountPath:
+ type: string
+ secrets:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ mountPath:
+ type: string
+ experimentAnnotations:
+ type: object
+ additionalProperties:
+ type: string
+ properties:
+ key:
+ type: string
+ minLength: 1
+ allowEmptyValue: false
+ value:
+ type: string
+ minLength: 1
+ allowEmptyValue: false
+ tolerations:
+ description: Pod's tolerations.
+ items:
+ description: The pod with this Toleration tolerates any taint matches the using the matching operator .
+ properties:
+ effect:
+ description: Effect to match. Empty means all effects.
+ type: string
+ key:
+ description: Taint key the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists.
+ type: string
+ operator:
+ description: Operators are Exists or Equal. Defaults to Equal.
+ type: string
+ tolerationSeconds:
+ description: Period of time the toleration tolerates the taint.
+ format: int64
+ type: integer
+ value:
+ description: If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+ conversion:
+ strategy: None
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: chaosexperiments.litmuschaos.io
+spec:
+ group: litmuschaos.io
+ names:
+ kind: ChaosExperiment
+ listKind: ChaosExperimentList
+ plural: chaosexperiments
+ singular: chaosexperiment
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+ type: string
+ description:
+ type: object
+ additionalProperties:
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ spec:
+ type: object
+ properties:
+ definition:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ properties:
+ args:
+ type: array
+ items:
+ type: string
+ command:
+ type: array
+ items:
+ type: string
+ env:
+ type: array
+ items:
+ type: object
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previous defined environment
+ variables in the container and any service environment
+ variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged.
+ The $(VAR_NAME) syntax can be escaped with a
+ double $$, ie: $$(VAR_NAME). Escaped references
+ will never be expanded, regardless of whether
+ the variable exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod:
+ supports metadata.name, metadata.namespace,
+ metadata.labels, metadata.annotations, spec.nodeName,
+ spec.serviceAccountName, status.hostIP,
+ status.podIP.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage,
+ requests.cpu, requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ image:
+ type: string
+ imagePullPolicy:
+ type: string
+ labels:
+ type: object
+ additionalProperties:
+ type: string
+ scope:
+ type: string
+ pattern: ^(Namespaced|Cluster)$
+ permissions:
+ type: array
+ items:
+ type: object
+ minProperties: 3
+ required:
+ - apiGroups
+ - resources
+ - verbs
+ properties:
+ apiGroups:
+ type: array
+ items:
+ type: string
+ resources:
+ type: array
+ items:
+ type: string
+ verbs:
+ type: array
+ items:
+ type: string
+ resourceNames:
+ type: array
+ items:
+ type: string
+ nonResourceURLs:
+ type: array
+ items:
+ type: string
+ configMaps:
+ type: array
+ items:
+ type: object
+ minProperties: 2
+ properties:
+ name:
+ type: string
+ allowEmptyValue: false
+ minLength: 1
+ mountPath:
+ type: string
+ allowEmptyValue: false
+ minLength: 1
+ secrets:
+ type: array
+ items:
+ type: object
+ minProperties: 2
+ properties:
+ name:
+ type: string
+ allowEmptyValue: false
+ minLength: 1
+ mountPath:
+ type: string
+ allowEmptyValue: false
+ minLength: 1
+ hostFileVolumes:
+ type: array
+ items:
+ type: object
+ minProperties: 3
+ properties:
+ name:
+ type: string
+ allowEmptyValue: false
+ minLength: 1
+ mountPath:
+ type: string
+ allowEmptyValue: false
+ minLength: 1
+ nodePath:
+ type: string
+ allowEmptyValue: false
+ minLength: 1
+ securityContext:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ hostPID:
+ type: boolean
+
+ served: true
+ storage: true
+ subresources: {}
+ conversion:
+ strategy: None
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: chaosresults.litmuschaos.io
+spec:
+ group: litmuschaos.io
+ names:
+ kind: ChaosResult
+ listKind: ChaosResultList
+ plural: chaosresults
+ singular: chaosresult
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+ conversion:
+ strategy: None
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.7.0
+ creationTimestamp: null
+ name: eventtrackerpolicies.eventtracker.litmuschaos.io
+spec:
+ group: eventtracker.litmuschaos.io
+ names:
+ kind: EventTrackerPolicy
+ listKind: EventTrackerPolicyList
+ plural: eventtrackerpolicies
+ singular: eventtrackerpolicy
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: EventTrackerPolicy is the Schema for the eventtrackerpolicies
+ API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: EventTrackerPolicySpec defines the desired state of EventTrackerPolicy
+ properties:
+ condition_type:
+ type: string
+ conditions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ value:
+ type: string
+ type: object
+ type: array
+ type: object
+ statuses:
+ items:
+ description: EventTrackerPolicyStatus defines the observed state of
+ EventTrackerPolicy
+ properties:
+ is_triggered:
+ type: string
+ resource:
+ type: string
+ resource_name:
+ type: string
+ result:
+ type: string
+ time_stamp:
+ description: 'INSERT ADDITIONAL STATUS FIELD - define observed state
+ of cluster Important: Run "make" to regenerate code after modifying
+ this file'
+ type: string
+ workflow_id:
+ type: string
+ type: object
+ type: array
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
\ No newline at end of file
diff --git a/mkdocs/docs/3.14.0/litmus-without-resources.yaml b/mkdocs/docs/3.14.0/litmus-without-resources.yaml
new file mode 100644
index 00000000000..66f0f4e8b85
--- /dev/null
+++ b/mkdocs/docs/3.14.0/litmus-without-resources.yaml
@@ -0,0 +1,420 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: litmus-portal-admin-secret
+stringData:
+ DB_USER: "root"
+ DB_PASSWORD: "1234"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: litmus-portal-admin-config
+data:
+ DB_SERVER: mongodb://my-release-mongodb-0.my-release-mongodb-headless:27017,my-release-mongodb-1.my-release-mongodb-headless:27017,my-release-mongodb-2.my-release-mongodb-headless:27017/admin
+ VERSION: "3.14.0"
+ SKIP_SSL_VERIFY: "false"
+ # Configurations if you are using dex for OAuth
+ DEX_ENABLED: "false"
+ OIDC_ISSUER: "http://:32000"
+ DEX_OAUTH_CALLBACK_URL: "http://:8080/auth/dex/callback"
+ DEX_OAUTH_CLIENT_ID: "LitmusPortalAuthBackend"
+ DEX_OAUTH_CLIENT_SECRET: "ZXhhbXBsZS1hcHAtc2VjcmV0"
+ OAuthJwtSecret: "litmus-oauth@123"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: litmusportal-frontend-nginx-configuration
+data:
+ nginx.conf: |
+ pid /tmp/nginx.pid;
+
+ events {
+ worker_connections 1024;
+ }
+
+ http {
+ map $http_upgrade $connection_upgrade {
+ default upgrade;
+ '' close;
+ }
+
+ client_body_temp_path /tmp/client_temp;
+ proxy_temp_path /tmp/proxy_temp_path;
+ fastcgi_temp_path /tmp/fastcgi_temp;
+ uwsgi_temp_path /tmp/uwsgi_temp;
+ scgi_temp_path /tmp/scgi_temp;
+
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+ keepalive_timeout 65;
+ types_hash_max_size 2048;
+ server_tokens off;
+
+ include /etc/nginx/mime.types;
+
+ gzip on;
+ gzip_disable "msie6";
+
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log;
+
+ server {
+ listen 8185 ssl;
+ ssl_certificate /etc/tls/tls.crt;
+ ssl_certificate_key /etc/tls/tls.key;
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_client_certificate /etc/tls/ca.crt;
+ ssl_ciphers HIGH:!aNULL:!MD5;
+ ssl_prefer_server_ciphers on;
+ ssl_session_cache shared:SSL:10m;
+
+ root /opt/chaos;
+
+ location /health {
+ return 200;
+ }
+
+ location / {
+ proxy_http_version 1.1;
+ add_header Cache-Control "no-cache";
+ try_files $uri /index.html;
+ autoindex on;
+ }
+
+ # redirect server error pages to the static page /50x.html
+ #
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/share/nginx/html;
+ }
+
+ location /auth/ {
+ proxy_ssl_verify off;
+ proxy_ssl_session_reuse on;
+ proxy_http_version 1.1;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass "https://litmusportal-auth-server-service:9005/";
+ proxy_ssl_certificate /etc/tls/tls.crt;
+ proxy_ssl_certificate_key /etc/tls/tls.key;
+ }
+
+ location /api/ {
+ proxy_ssl_verify off;
+ proxy_ssl_session_reuse on;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass "https://litmusportal-server-service:9004/";
+ proxy_ssl_certificate /etc/tls/tls.crt;
+ proxy_ssl_certificate_key /etc/tls/tls.key;
+ }
+ }
+ }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: litmusportal-frontend
+ labels:
+ component: litmusportal-frontend
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ component: litmusportal-frontend
+ template:
+ metadata:
+ labels:
+ component: litmusportal-frontend
+ spec:
+ automountServiceAccountToken: false
+ containers:
+ - name: litmusportal-frontend
+ image: litmuschaos/litmusportal-frontend:3.14.0
+ # securityContext:
+ # runAsUser: 2000
+ # allowPrivilegeEscalation: false
+ # runAsNonRoot: true
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8185
+ volumeMounts:
+ - name: nginx-config
+ mountPath: /etc/nginx/nginx.conf
+ subPath: nginx.conf
+ - mountPath: /etc/tls
+ name: tls-secret
+ volumes:
+ - name: nginx-config
+ configMap:
+ name: litmusportal-frontend-nginx-configuration
+ - name: tls-secret
+ secret:
+ secretName: tls-secret
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: litmusportal-frontend-service
+spec:
+ type: NodePort
+ ports:
+ - name: http
+ port: 9091
+ targetPort: 8185
+ selector:
+ component: litmusportal-frontend
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: litmusportal-server
+ labels:
+ component: litmusportal-server
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ component: litmusportal-server
+ template:
+ metadata:
+ labels:
+ component: litmusportal-server
+ spec:
+ automountServiceAccountToken: false
+ volumes:
+ - name: gitops-storage
+ emptyDir: {}
+ - name: hub-storage
+ emptyDir: {}
+ - name: tls-secret
+ secret:
+ secretName: tls-secret
+ containers:
+ - name: graphql-server
+ image: litmuschaos/litmusportal-server:3.14.0
+ volumeMounts:
+ - mountPath: /tmp/
+ name: gitops-storage
+ - mountPath: /tmp/version
+ name: hub-storage
+ - mountPath: /etc/tls
+ name: tls-secret
+ securityContext:
+ runAsUser: 2000
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
+ readOnlyRootFilesystem: true
+ envFrom:
+ - configMapRef:
+ name: litmus-portal-admin-config
+ - secretRef:
+ name: litmus-portal-admin-secret
+ env:
+ # if self-signed certificate are used pass the base64 tls certificate, to allow agents to use tls for communication
+ - name: TLS_CERT_B64
+ value: ""
+ - name: ENABLE_GQL_INTROSPECTION
+ value: "false"
+ - name: INFRA_DEPLOYMENTS
+ value: '["app=chaos-exporter", "name=chaos-operator", "app=workflow-controller", "app=event-tracker"]'
+ - name: CHAOS_CENTER_UI_ENDPOINT
+ value: ""
+ - name: SUBSCRIBER_IMAGE
+ value: "litmuschaos/litmusportal-subscriber:3.14.0"
+ - name: EVENT_TRACKER_IMAGE
+ value: "litmuschaos/litmusportal-event-tracker:3.14.0"
+ - name: ARGO_WORKFLOW_CONTROLLER_IMAGE
+ value: "litmuschaos/workflow-controller:v3.3.1"
+ - name: ARGO_WORKFLOW_EXECUTOR_IMAGE
+ value: "litmuschaos/argoexec:v3.3.1"
+ - name: LITMUS_CHAOS_OPERATOR_IMAGE
+ value: "litmuschaos/chaos-operator:3.14.0"
+ - name: LITMUS_CHAOS_RUNNER_IMAGE
+ value: "litmuschaos/chaos-runner:3.14.0"
+ - name: LITMUS_CHAOS_EXPORTER_IMAGE
+ value: "litmuschaos/chaos-exporter:3.14.0"
+ - name: CONTAINER_RUNTIME_EXECUTOR
+ value: "k8sapi"
+ - name: DEFAULT_HUB_BRANCH_NAME
+ value: "v3.14.x"
+ - name: LITMUS_AUTH_GRPC_ENDPOINT
+ value: "litmusportal-auth-server-service"
+ - name: LITMUS_AUTH_GRPC_PORT
+ value: "3030"
+ - name: WORKFLOW_HELPER_IMAGE_VERSION
+ value: "3.14.0"
+ - name: REMOTE_HUB_MAX_SIZE
+ value: "5000000"
+ - name: INFRA_COMPATIBLE_VERSIONS
+ value: '["3.14.0"]'
+ - name: ALLOWED_ORIGINS
+ value: ".*" #eg: ^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-server-service(:[0-9]+|)?
+ - name: ENABLE_INTERNAL_TLS
+ value: "true"
+ - name: TLS_CERT_PATH
+ value: "/etc/tls/tls.crt"
+ - name: TLS_KEY_PATH
+ value: "/etc/tls/tls.key"
+ - name: CA_CERT_TLS_PATH
+ value: "/etc/tls/ca.crt"
+ - name: REST_PORT
+ value: "8081"
+ - name: GRPC_PORT
+ value: "8001"
+ ports:
+ - containerPort: 8081
+ - containerPort: 8001
+ imagePullPolicy: Always
+---
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: litmusportal-server
+ namespace: litmus
+ labels:
+ component: litmusportal-server
+spec:
+ policyTypes:
+ - Ingress
+ podSelector:
+ matchLabels:
+ component: litmusportal-server
+ ingress:
+ - from:
+ - podSelector:
+ matchLabels:
+ component: litmusportal-frontend
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: litmusportal-server-service
+spec:
+ type: NodePort
+ ports:
+ - name: graphql-server-https
+ port: 9004
+ targetPort: 8081
+ - name: graphql-rpc-server-https
+ port: 8001
+ targetPort: 8001
+ selector:
+ component: litmusportal-server
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: litmusportal-auth-server
+ labels:
+ component: litmusportal-auth-server
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ component: litmusportal-auth-server
+ template:
+ metadata:
+ labels:
+ component: litmusportal-auth-server
+ spec:
+ volumes:
+ - name: tls-secret
+ secret:
+ secretName: tls-secret
+ automountServiceAccountToken: false
+ containers:
+ - name: auth-server
+ volumeMounts:
+ - mountPath: /etc/tls
+ name: tls-secret
+ image: litmuschaos/litmusportal-auth-server:3.14.0
+ securityContext:
+ runAsUser: 2000
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
+ readOnlyRootFilesystem: true
+ envFrom:
+ - configMapRef:
+ name: litmus-portal-admin-config
+ - secretRef:
+ name: litmus-portal-admin-secret
+ env:
+ - name: STRICT_PASSWORD_POLICY
+ value: "false"
+ - name: ADMIN_USERNAME
+ value: "admin"
+ - name: ADMIN_PASSWORD
+ value: "litmus"
+ - name: LITMUS_GQL_GRPC_ENDPOINT
+ value: "litmusportal-server-service"
+ - name: LITMUS_GQL_GRPC_PORT
+ value: "8000"
+ - name: ALLOWED_ORIGINS
+ value: "^(http://|https://|)litmuschaos.io(:[0-9]+|)?,^(http://|https://|)litmusportal-server-service(:[0-9]+|)?" #ip needs to added here
+ - name: ENABLE_INTERNAL_TLS
+ value: "true"
+ - name: TLS_CERT_PATH
+ value: "/etc/tls/tls.crt"
+ - name: TLS_KEY_PATH
+ value: "/etc/tls/ctls.key"
+ - name: CA_CERT_TLS_PATH
+ value: "/etc/tls/ca.crt"
+ - name: REST_PORT
+ value: "3001"
+ - name: GRPC_PORT
+ value: "3031"
+ ports:
+ - containerPort: 3001
+ - containerPort: 3031
+ imagePullPolicy: Always
+---
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: litmusportal-auth-server
+ namespace: litmus
+ labels:
+ component: litmusportal-auth-server
+spec:
+ policyTypes:
+ - Ingress
+ podSelector:
+ matchLabels:
+ component: litmusportal-auth-server
+ ingress:
+ - from:
+ - podSelector:
+ matchLabels:
+ component: litmusportal-frontend
+ - from:
+ - podSelector:
+ matchLabels:
+ component: litmusportal-server
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: litmusportal-auth-server-service
+spec:
+ type: NodePort
+ ports:
+ - name: auth-server-https
+ port: 9005
+ targetPort: 3001
+ - name: auth-rpc-server-https
+ port: 3031
+ targetPort: 3031
+ selector:
+ component: litmusportal-auth-server
diff --git a/mkdocs/docs/chaos-scheduler-v3.14.0.yaml b/mkdocs/docs/chaos-scheduler-v3.14.0.yaml
new file mode 100644
index 00000000000..84c38ffc321
--- /dev/null
+++ b/mkdocs/docs/chaos-scheduler-v3.14.0.yaml
@@ -0,0 +1,2750 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: litmus
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: scheduler
+ namespace: litmus
+ labels:
+ name: scheduler
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: scheduler
+ labels:
+ name: scheduler
+rules:
+- apiGroups: [""]
+ resources: ["pods","events", "configmaps","services"]
+ verbs: ["create","get","list","delete","update","patch"]
+- apiGroups: ["apps"]
+ resources: ["replicasets","deployments"]
+ verbs: ["get","list"]
+- apiGroups: ["litmuschaos.io"]
+ resources: ["chaosengines","chaosschedules"]
+ verbs: ["get","create","update","patch","delete","list","watch","deletecollection"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: scheduler
+ labels:
+ name: scheduler
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: scheduler
+subjects:
+- kind: ServiceAccount
+ name: scheduler
+ namespace: litmus
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: chaos-scheduler
+ namespace: litmus
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ name: chaos-scheduler
+ template:
+ metadata:
+ labels:
+ name: chaos-scheduler
+ spec:
+ serviceAccountName: scheduler
+ containers:
+ - name: chaos-scheduler
+ image: litmuschaos.docker.scarf.sh/litmuschaos/chaos-scheduler:3.14.0
+ command:
+ - chaos-scheduler
+ imagePullPolicy: Always
+ env:
+ - name: WATCH_NAMESPACE
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: OPERATOR_NAME
+ value: "chaos-scheduler"
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: chaosschedules.litmuschaos.io
+spec:
+ group: litmuschaos.io
+ names:
+ kind: ChaosSchedule
+ listKind: ChaosScheduleList
+ plural: chaosschedules
+ singular: chaosschedule
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ properties:
+ engineTemplateSpec:
+ type: object
+ properties:
+ jobCleanUpPolicy:
+ type: string
+ pattern: ^(delete|retain)$
+ # alternate ways to do this in case of complex pattern matches
+ #oneOf:
+ # - pattern: '^delete$'
+ # - pattern: '^retain$'
+ defaultHealthCheck:
+ type: boolean
+ appinfo:
+ type: object
+ properties:
+ appkind:
+ type: string
+ pattern: ^(^$|deployment|statefulset|daemonset|deploymentconfig|rollout)$
+ applabel:
+ type: string
+ appns:
+ type: string
+ selectors:
+ type: object
+ properties:
+ pods:
+ items:
+ properties:
+ names:
+ type: string
+ namespace:
+ type: string
+ required:
+ - names
+ - namespace
+ type: object
+ type: array
+ workloads:
+ items:
+ properties:
+ kind:
+ type: string
+ pattern: ^(^$|deployment|statefulset|daemonset|deploymentconfig|rollout)$
+ labels:
+ type: string
+ names:
+ type: string
+ namespace:
+ type: string
+ oneOf:
+ - required: [ names ]
+ - required: [ labels ]
+ required:
+ - kind
+ - namespace
+ type: object
+ type: array
+ oneOf:
+ - required: [ pods ]
+ - required: [ workloads ]
+ auxiliaryAppInfo:
+ type: string
+ engineState:
+ type: string
+ pattern: ^(active|stop)$
+ chaosServiceAccount:
+ type: string
+ terminationGracePeriodSeconds:
+ type: integer
+ components:
+ type: object
+ properties:
+ sidecar:
+ type: array
+ items:
+ type: object
+ properties:
+ env:
+ description: ENV contains ENV passed to the sidecar container
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are
+ expanded using the previous defined environment
+ variables in the container and any service environment
+ variables. If a variable cannot be resolved, the
+ reference in the input string will be unchanged.
+ The $(VAR_NAME) syntax can be escaped with a double
+ $$, ie: $$(VAR_NAME). Escaped references will never
+ be expanded, regardless of whether the variable
+ exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in the
+ pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: EnvFrom for the sidecar container
+ items:
+ description: EnvFromSource represents the source of a
+ set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must
+ be defined
+ type: boolean
+ type: object
+ prefix:
+ description: An optional identifier to prepend to
+ each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be
+ defined
+ type: boolean
+ type: object
+ type: object
+ type: array
+ image:
+ type: string
+ imagePullPolicy:
+ type: string
+ secrets:
+ items:
+ properties:
+ mountPath:
+ type: string
+ name:
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ runner:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ properties:
+ image:
+ type: string
+ type:
+ type: string
+ pattern: ^(go)$
+ runnerAnnotations:
+ type: object
+ runnerLabels:
+ type: object
+ additionalProperties:
+ type: string
+ properties:
+ key:
+ type: string
+ minLength: 1
+ value:
+ type: string
+ minLength: 1
+ tolerations:
+ description: Pod's tolerations.
+ items:
+ description: The pod with this Toleration tolerates any taint matches the using the matching operator .
+ properties:
+ effect:
+ description: Effect to match. Empty means all effects.
+ type: string
+ key:
+ description: Taint key the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists.
+ type: string
+ operator:
+ description: Operators are Exists or Equal. Defaults to Equal.
+ type: string
+ tolerationSeconds:
+ description: Period of time the toleration tolerates the taint.
+ format: int64
+ type: integer
+ value:
+ description: If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ experiments:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ spec:
+ type: object
+ properties:
+ probe:
+ type: array
+ items:
+ type: object
+ required:
+ - name
+ - type
+ - mode
+ - runProperties
+ properties:
+ name:
+ type: string
+ type:
+ type: string
+ minLength: 1
+ pattern: ^(k8sProbe|httpProbe|cmdProbe|promProbe|sloProbe)$
+ k8sProbe/inputs:
+ type: object
+ required:
+ - version
+ - resource
+ - operation
+ properties:
+ group:
+ type: string
+ version:
+ type: string
+ resource:
+ type: string
+ namespace:
+ type: string
+ resourceNames:
+ type: string
+ fieldSelector:
+ type: string
+ labelSelector:
+ type: string
+ operation:
+ type: string
+ pattern: ^(present|absent|create|delete)$
+ minLength: 1
+ cmdProbe/inputs:
+ type: object
+ required:
+ - command
+ - comparator
+ properties:
+ command:
+ type: string
+ minLength: 1
+ comparator:
+ type: object
+ required:
+ - type
+ - criteria
+ - value
+ properties:
+ type:
+ type: string
+ minLength: 1
+ pattern: ^(int|float|string)$
+ criteria:
+ type: string
+ value:
+ type: string
+ source:
+ description: The external pod where we have to run the
+ probe commands. It will run the commands inside the experiment pod itself(inline mode) if source contains a nil value
+ required:
+ - image
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations for the source pod
+ type: object
+ args:
+ description: Args for the source pod
+ items:
+ type: string
+ type: array
+ command:
+ description: Command for the source pod
+ items:
+ type: string
+ type: array
+ env:
+ description: ENVList contains ENV passed to
+ the source pod
+ items:
+ description: EnvVar represents an environment
+ variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previous defined
+ environment variables in the container
+ and any service environment variables.
+ If a variable cannot be resolved, the
+ reference in the input string will be
+ unchanged. The $(VAR_NAME) syntax can
+ be escaped with a double $$, ie: $$(VAR_NAME).
+ Escaped references will never be expanded,
+ regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment
+ variable's value. Cannot be used if
+ value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the
+ ConfigMap or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the
+ pod: supports metadata.name, metadata.namespace,
+ metadata.labels, metadata.annotations,
+ spec.nodeName, spec.serviceAccountName,
+ status.hostIP, status.podIP.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in
+ terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field
+ to select in the specified API
+ version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of
+ the container: only resources limits
+ and requests (limits.cpu, limits.memory,
+ limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name:
+ required for volumes, optional
+ for env vars'
+ type: string
+ divisor:
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ type: string
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret
+ in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret
+ to select from. Must be a valid
+ secret key.
+ type: string
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the
+ Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ hostNetwork:
+ description: HostNetwork define the hostNetwork
+ of the external pod it supports boolean values
+ and default value is false
+ type: boolean
+ inheritInputs:
+ description: InheritInputs define to inherit experiment
+ details in probe pod it supports boolean values
+ and default value is false.
+ type: boolean
+ image:
+ description: Image for the source pod
+ type: string
+ imagePullPolicy:
+ description: ImagePullPolicy for the source pod
+ type: string
+ imagePullSecrets:
+ description: ImagePullSecrets for source pod
+ items:
+ description: LocalObjectReference contains enough information
+ to let you locate the referenced object inside the same
+ namespace.
+ properties:
+ name:
+ description: 'Name of the referent'
+ type: string
+ type: object
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels for the source pod
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: NodeSelector for the source pod
+ type: object
+ tolerations:
+ description: Tolerations for the source pod
+ items:
+ description: The pod with this Toleration tolerates any taint matches the using the matching operator .
+ properties:
+ effect:
+ description: Effect to match. Empty means all effects.
+ type: string
+ key:
+ description: Taint key the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists.
+ type: string
+ operator:
+ description: Operators are Exists or Equal. Defaults to Equal.
+ type: string
+ tolerationSeconds:
+ description: Period of time the toleration tolerates the taint.
+ format: int64
+ type: integer
+ value:
+ description: If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ privileged:
+ description: Privileged for the source pod
+ type: boolean
+ volumeMount:
+ description: VolumesMount for the source pod
+ items:
+ description: VolumeMount describes a mounting
+ of a Volume within a container.
+ properties:
+ mountPath:
+ description: Path within the container
+ at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines
+ how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is
+ used. This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name
+ of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true,
+ read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from
+ which the container's volume should
+ be mounted. Defaults to "" (volume's
+ root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the
+ volume from which the container's volume
+ should be mounted. Behaves similarly
+ to SubPath but environment variable
+ references $(VAR_NAME) are expanded
+ using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and
+ SubPath are mutually exclusive. This
+ field is beta in 1.15.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ volumes:
+ description: Volumes for the source pod
+ items:
+ description: Volume represents a named volume
+ in a pod that may be accessed by any container
+ in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'AWSElasticBlockStore represents
+ an AWS Disk resource that is attached
+ to a kubelet''s host machine and then
+ exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'Filesystem type of the
+ volume that you want to mount. Tip:
+ Ensure that the filesystem type
+ is supported by the host operating
+ system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be
+ "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in
+ the filesystem from compromising
+ the machine'
+ type: string
+ partition:
+ description: 'The partition in the
+ volume that you want to mount. If
+ omitted, the default is to mount
+ by volume name. Examples: For volume
+ /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can
+ leave the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Specify "true" to force
+ and set the ReadOnly property in
+ VolumeMounts to "true". If omitted,
+ the default is "false". More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'Unique ID of the persistent
+ disk resource in AWS (Amazon EBS
+ volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: AzureDisk represents an Azure
+ Data Disk mount on the host and bind
+ mount to the pod.
+ properties:
+ cachingMode:
+ description: 'Host Caching mode: None,
+ Read Only, Read Write.'
+ type: string
+ diskName:
+ description: The Name of the data
+ disk in the blob storage
+ type: string
+ diskURI:
+ description: The URI the data disk
+ in the blob storage
+ type: string
+ fsType:
+ description: Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ kind:
+ description: 'Expected values Shared:
+ multiple blob disks per storage
+ account Dedicated: single blob
+ disk per storage account Managed:
+ azure managed data disk (only in
+ managed availability set). defaults
+ to shared'
+ type: string
+ readOnly:
+ description: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly
+ setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: AzureFile represents an Azure
+ File Service mount on the host and bind
+ mount to the pod.
+ properties:
+ readOnly:
+ description: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly
+ setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: the name of secret that
+ contains Azure Storage Account Name
+ and Key
+ type: string
+ shareName:
+ description: Share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: CephFS represents a Ceph
+ FS mount on the host that shares a pod's
+ lifetime
+ properties:
+ monitors:
+ description: 'Required: Monitors is
+ a collection of Ceph monitors More
+ info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'Optional: Used as the
+ mounted root, rather than the full
+ Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to
+ false (read/write). ReadOnly here
+ will force the ReadOnly setting
+ in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'Optional: SecretFile
+ is the path to key ring for User,
+ default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'Optional: SecretRef
+ is reference to the authentication
+ secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'Optional: User is the
+ rados user name, default is admin
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'Cinder represents a cinder
+ volume attached and mounted on kubelets
+ host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to
+ false (read/write). ReadOnly here
+ will force the ReadOnly setting
+ in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'Optional: points to
+ a secret object containing parameters
+ used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ volumeID:
+ description: 'volume id used to identify
+ the volume in cinder. More info:
+ https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: ConfigMap represents a configMap
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits
+ to use on created files by default.
+ Must be a value between 0 and 0777.
+ Defaults to 0644. Directories within
+ the path are not affected by this
+ setting. This might be in conflict
+ with other options that affect the
+ file mode, like fsGroup, and the
+ result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each
+ key-value pair in the Data field
+ of the referenced ConfigMap will
+ be projected into the volume as
+ a file whose name is the key and
+ content is the value. If specified,
+ the listed keys will be projected
+ into the specified paths, and unlisted
+ keys will not be present. If a key
+ is specified which is not present
+ in the ConfigMap, the volume setup
+ will error unless it is marked optional.
+ Paths must be relative and may not
+ contain the '..' path or start with
+ '..'.
+ items:
+ description: Maps a string key to
+ a path within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode
+ bits to use on this file,
+ must be a value between 0
+ and 0777. If not specified,
+ the volume defaultMode will
+ be used. This might be in
+ conflict with other options
+ that affect the file mode,
+ like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path
+ of the file to map the key
+ to. May not be an absolute
+ path. May not contain the
+ path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ csi:
+ description: CSI (Container Storage Interface)
+ represents storage that is handled by
+ an external CSI driver (Alpha feature).
+ properties:
+ driver:
+ description: Driver is the name of
+ the CSI driver that handles this
+ volume. Consult with your admin
+ for the correct name as registered
+ in the cluster.
+ type: string
+ fsType:
+ description: Filesystem type to mount.
+ Ex. "ext4", "xfs", "ntfs". If not
+ provided, the empty value is passed
+ to the associated CSI driver which
+ will determine the default filesystem
+ to apply.
+ type: string
+ nodePublishSecretRef:
+ description: NodePublishSecretRef
+ is a reference to the secret object
+ containing sensitive information
+ to pass to the CSI driver to complete
+ the CSI NodePublishVolume and NodeUnpublishVolume
+ calls. This field is optional, and may
+ be empty if no secret is required.
+ If the secret object contains more
+ than one secret, all secret references
+ are passed.
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ readOnly:
+ description: Specifies a read-only
+ configuration for the volume. Defaults
+ to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: VolumeAttributes stores
+ driver-specific properties that
+ are passed to the CSI driver. Consult
+ your driver's documentation for
+ supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: DownwardAPI represents downward
+ API about the pod that should populate
+ this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits
+ to use on created files by default.
+ Must be a value between 0 and 0777.
+ Defaults to 0644. Directories within
+ the path are not affected by this
+ setting. This might be in conflict
+ with other options that affect the
+ file mode, like fsGroup, and the
+ result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward
+ API volume file
+ items:
+ description: DownwardAPIVolumeFile
+ represents information to create
+ the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects
+ a field of the pod: only annotations,
+ labels, name and namespace
+ are supported.'
+ properties:
+ apiVersion:
+ description: Version of
+ the schema the FieldPath
+ is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the
+ field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode
+ bits to use on this file,
+ must be a value between 0
+ and 0777. If not specified,
+ the volume defaultMode will
+ be used. This might be in
+ conflict with other options
+ that affect the file mode,
+ like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path
+ is the relative path name
+ of the file to be created.
+ Must not be absolute or contain
+ the ''..'' path. Must be utf-8
+ encoded. The first item of
+ the relative path must not
+ start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource
+ of the container: only resources
+ limits and requests (limits.cpu,
+ limits.memory, requests.cpu
+ and requests.memory) are currently
+ supported.'
+ properties:
+ containerName:
+ description: 'Container
+ name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ description: Specifies the
+ output format of the exposed
+ resources, defaults to
+ "1"
+ type: string
+ resource:
+ description: 'Required:
+ resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'EmptyDir represents a temporary
+ directory that shares a pod''s lifetime.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'What type of storage
+ medium should back this directory.
+ The default is "" which means to
+ use the node''s default medium.
+ Must be an empty string (default)
+ or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ description: 'Total amount of local
+ storage required for this EmptyDir
+ volume. The size limit is also applicable
+ for memory medium. The maximum usage
+ on memory medium EmptyDir would
+ be the minimum value between the
+ SizeLimit specified here and the
+ sum of memory limits of all containers
+ in a pod. The default is nil which
+ means that the limit is undefined.
+ More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ type: string
+ type: object
+ fc:
+ description: FC represents a Fibre Channel
+ resource that is attached to a kubelet's
+ host machine and then exposed to the
+ pod.
+ properties:
+ fsType:
+ description: 'Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ TODO: how do we prevent errors in
+ the filesystem from compromising
+ the machine'
+ type: string
+ lun:
+ description: 'Optional: FC target
+ lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Optional: Defaults to
+ false (read/write). ReadOnly here
+ will force the ReadOnly setting
+ in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'Optional: FC target
+ worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'Optional: FC volume
+ world wide identifiers (wwids) Either
+ wwids or combination of targetWWNs
+ and lun must be set, but not both
+ simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: FlexVolume represents a generic
+ volume resource that is provisioned/attached
+ using an exec based plugin.
+ properties:
+ driver:
+ description: Driver is the name of
+ the driver to use for this volume.
+ type: string
+ fsType:
+ description: Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". The default
+ filesystem depends on FlexVolume
+ script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'Optional: Extra command
+ options if any.'
+ type: object
+ readOnly:
+ description: 'Optional: Defaults to
+ false (read/write). ReadOnly here
+ will force the ReadOnly setting
+ in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'Optional: SecretRef
+ is reference to the secret object
+ containing sensitive information
+ to pass to the plugin scripts. This
+ may be empty if no secret object
+ is specified. If the secret object
+ contains more than one secret, all
+ secrets are passed to the plugin
+ scripts.'
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ required:
+ - driver
+ type: object
+ flocker:
+ description: Flocker represents a Flocker
+ volume attached to a kubelet's host
+ machine. This depends on the Flocker
+ control service being running
+ properties:
+ datasetName:
+ description: Name of the dataset stored
+ as metadata -> name on the dataset
+ for Flocker should be considered
+ as deprecated
+ type: string
+ datasetUUID:
+ description: UUID of the dataset.
+ This is unique identifier of a Flocker
+ dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'GCEPersistentDisk represents
+ a GCE Disk resource that is attached
+ to a kubelet''s host machine and then
+ exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'Filesystem type of the
+ volume that you want to mount. Tip:
+ Ensure that the filesystem type
+ is supported by the host operating
+ system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be
+ "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in
+ the filesystem from compromising
+ the machine'
+ type: string
+ partition:
+ description: 'The partition in the
+ volume that you want to mount. If
+ omitted, the default is to mount
+ by volume name. Examples: For volume
+ /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can
+ leave the property empty). More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'Unique name of the PD
+ resource in GCE. Used to identify
+ the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'GitRepo represents a git
+ repository at a particular revision.
+ DEPRECATED: GitRepo is deprecated. To
+ provision a container with a git repo,
+ mount an EmptyDir into an InitContainer
+ that clones the repo using git, then
+ mount the EmptyDir into the Pod''s container.'
+ properties:
+ directory:
+ description: Target directory name.
+ Must not contain or start with '..'. If
+ '.' is supplied, the volume directory
+ will be the git repository. Otherwise,
+ if specified, the volume will contain
+ the git repository in the subdirectory
+ with the given name.
+ type: string
+ repository:
+ description: Repository URL
+ type: string
+ revision:
+ description: Commit hash for the specified
+ revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'Glusterfs represents a Glusterfs
+ mount on the host that shares a pod''s
+ lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'EndpointsName is the
+ endpoint name that details Glusterfs
+ topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'Path is the Glusterfs
+ volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force
+ the Glusterfs volume to be mounted
+ with read-only permissions. Defaults
+ to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'HostPath represents a pre-existing
+ file or directory on the host machine
+ that is directly exposed to the container.
+ This is generally used for system agents
+ or other privileged things that are
+ allowed to see the host machine. Most
+ containers will NOT need this. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict
+ who can use host directory mounts and
+ who can/can not mount host directories
+ as read/write.'
+ properties:
+ path:
+ description: 'Path of the directory
+ on the host. If the path is a symlink,
+ it will follow the link to the real
+ path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'Type for HostPath Volume
+ Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'ISCSI represents an ISCSI
+ Disk resource that is attached to a
+ kubelet''s host machine and then exposed
+ to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: whether support iSCSI
+ Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: whether support iSCSI
+ Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'Filesystem type of the
+ volume that you want to mount. Tip:
+ Ensure that the filesystem type
+ is supported by the host operating
+ system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be
+ "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in
+ the filesystem from compromising
+ the machine'
+ type: string
+ initiatorName:
+ description: Custom iSCSI Initiator
+ Name. If initiatorName is specified
+ with iscsiInterface simultaneously,
+ new iSCSI interface : will be created for the connection.
+ type: string
+ iqn:
+ description: Target iSCSI Qualified
+ Name.
+ type: string
+ iscsiInterface:
+ description: iSCSI Interface Name
+ that uses an iSCSI transport. Defaults
+ to 'default' (tcp).
+ type: string
+ lun:
+ description: iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: iSCSI Target Portal List.
+ The portal is either an IP or ip_addr:port
+ if the port is other than default
+ (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ type: boolean
+ secretRef:
+ description: CHAP Secret for iSCSI
+ target and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ targetPortal:
+ description: iSCSI Target Portal.
+ The Portal is either an IP or ip_addr:port
+ if the port is other than default
+ (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'Volume''s name. Must be
+ a DNS_LABEL and unique within the pod.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'NFS represents an NFS mount
+ on the host that shares a pod''s lifetime
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'Path that is exported
+ by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force
+ the NFS export to be mounted with
+ read-only permissions. Defaults
+ to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'Server is the hostname
+ or IP address of the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'PersistentVolumeClaimVolumeSource
+ represents a reference to a PersistentVolumeClaim
+ in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'ClaimName is the name
+ of a PersistentVolumeClaim in the
+ same namespace as the pod using
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: Will force the ReadOnly
+ setting in VolumeMounts. Default
+ false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: PhotonPersistentDisk represents
+ a PhotonController persistent disk attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ pdID:
+ description: ID that identifies Photon
+ Controller persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: PortworxVolume represents
+ a portworx volume attached and mounted
+ on kubelets host machine
+ properties:
+ fsType:
+ description: FSType represents the
+ filesystem type to mount Must be
+ a filesystem type supported by the
+ host operating system. Ex. "ext4",
+ "xfs". Implicitly inferred to be
+ "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly
+ setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: VolumeID uniquely identifies
+ a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: Items for all in one resources
+ secrets, configmaps, and downward API
+ properties:
+ defaultMode:
+ description: Mode bits to use on created
+ files by default. Must be a value
+ between 0 and 0777. Directories
+ within the path are not affected
+ by this setting. This might be in
+ conflict with other options that
+ affect the file mode, like fsGroup,
+ and the result can be other mode
+ bits set.
+ format: int32
+ type: integer
+ sources:
+ description: list of volume projections
+ items:
+ description: Projection that may
+ be projected along with other
+ supported volume types
+ properties:
+ configMap:
+ description: information about
+ the configMap data to project
+ properties:
+ items:
+ description: If unspecified,
+ each key-value pair in
+ the Data field of the
+ referenced ConfigMap will
+ be projected into the
+ volume as a file whose
+ name is the key and content
+ is the value. If specified,
+ the listed keys will be
+ projected into the specified
+ paths, and unlisted keys
+ will not be present. If
+ a key is specified which
+ is not present in the
+ ConfigMap, the volume
+ setup will error unless
+ it is marked optional.
+ Paths must be relative
+ and may not contain the
+ '..' path or start with
+ '..'.
+ items:
+ description: Maps a string
+ key to a path within
+ a volume.
+ properties:
+ key:
+ description: The key
+ to project.
+ type: string
+ mode:
+ description: 'Optional:
+ mode bits to use
+ on this file, must
+ be a value between
+ 0 and 0777. If not
+ specified, the volume
+ defaultMode will
+ be used. This might
+ be in conflict with
+ other options that
+ affect the file
+ mode, like fsGroup,
+ and the result can
+ be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative
+ path of the file
+ to map the key to.
+ May not be an absolute
+ path. May not contain
+ the path element
+ '..'. May not start
+ with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the
+ referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful
+ fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether
+ the ConfigMap or its keys
+ must be defined
+ type: boolean
+ type: object
+ downwardAPI:
+ description: information about
+ the downwardAPI data to project
+ properties:
+ items:
+ description: Items is a
+ list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile
+ represents information
+ to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required:
+ Selects a field
+ of the pod: only
+ annotations, labels,
+ name and namespace
+ are supported.'
+ properties:
+ apiVersion:
+ description: Version
+ of the schema
+ the FieldPath
+ is written in
+ terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path
+ of the field
+ to select in
+ the specified
+ API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional:
+ mode bits to use
+ on this file, must
+ be a value between
+ 0 and 0777. If not
+ specified, the volume
+ defaultMode will
+ be used. This might
+ be in conflict with
+ other options that
+ affect the file
+ mode, like fsGroup,
+ and the result can
+ be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required:
+ Path is the relative
+ path name of the
+ file to be created.
+ Must not be absolute
+ or contain the ''..''
+ path. Must be utf-8
+ encoded. The first
+ item of the relative
+ path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects
+ a resource of the
+ container: only
+ resources limits
+ and requests (limits.cpu,
+ limits.memory, requests.cpu
+ and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container
+ name: required
+ for volumes,
+ optional for
+ env vars'
+ type: string
+ divisor:
+ description: Specifies
+ the output format
+ of the exposed
+ resources, defaults
+ to "1"
+ type: string
+ resource:
+ description: 'Required:
+ resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: information about
+ the secret data to project
+ properties:
+ items:
+ description: If unspecified,
+ each key-value pair in
+ the Data field of the
+ referenced Secret will
+ be projected into the
+ volume as a file whose
+ name is the key and content
+ is the value. If specified,
+ the listed keys will be
+ projected into the specified
+ paths, and unlisted keys
+ will not be present. If
+ a key is specified which
+ is not present in the
+ Secret, the volume setup
+ will error unless it is
+ marked optional. Paths
+ must be relative and may
+ not contain the '..' path
+ or start with '..'.
+ items:
+ description: Maps a string
+ key to a path within
+ a volume.
+ properties:
+ key:
+ description: The key
+ to project.
+ type: string
+ mode:
+ description: 'Optional:
+ mode bits to use
+ on this file, must
+ be a value between
+ 0 and 0777. If not
+ specified, the volume
+ defaultMode will
+ be used. This might
+ be in conflict with
+ other options that
+ affect the file
+ mode, like fsGroup,
+ and the result can
+ be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative
+ path of the file
+ to map the key to.
+ May not be an absolute
+ path. May not contain
+ the path element
+ '..'. May not start
+ with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the
+ referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful
+ fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether
+ the Secret or its key
+ must be defined
+ type: boolean
+ type: object
+ serviceAccountToken:
+ description: information about
+ the serviceAccountToken data
+ to project
+ properties:
+ audience:
+ description: Audience is
+ the intended audience
+ of the token. A recipient
+ of a token must identify
+ itself with an identifier
+ specified in the audience
+ of the token, and otherwise
+ should reject the token.
+ The audience defaults
+ to the identifier of the
+ apiserver.
+ type: string
+ expirationSeconds:
+ description: ExpirationSeconds
+ is the requested duration
+ of validity of the service
+ account token. As the
+ token approaches expiration,
+ the kubelet volume plugin
+ will proactively rotate
+ the service account token.
+ The kubelet will start
+ trying to rotate the token
+ if the token is older
+ than 80 percent of its
+ time to live or if the
+ token is older than 24
+ hours.Defaults to 1 hour
+ and must be at least 10
+ minutes.
+ format: int64
+ type: integer
+ path:
+ description: Path is the
+ path relative to the mount
+ point of the file to project
+ the token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ required:
+ - sources
+ type: object
+ quobyte:
+ description: Quobyte represents a Quobyte
+ mount on the host that shares a pod's
+ lifetime
+ properties:
+ group:
+ description: Group to map volume access
+ to Default is no group
+ type: string
+ readOnly:
+ description: ReadOnly here will force
+ the Quobyte volume to be mounted
+ with read-only permissions. Defaults
+ to false.
+ type: boolean
+ registry:
+ description: Registry represents a
+ single or multiple Quobyte Registry
+ services specified as a string as
+ host:port pair (multiple entries
+ are separated with commas) which
+ acts as the central registry for
+ volumes
+ type: string
+ tenant:
+ description: Tenant owning the given
+ Quobyte volume in the Backend Used
+ with dynamically provisioned Quobyte
+ volumes, value is set by the plugin
+ type: string
+ user:
+ description: User to map volume access
+ to Defaults to serivceaccount user
+ type: string
+ volume:
+ description: Volume is a string that
+ references an already created Quobyte
+ volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'RBD represents a Rados Block
+ Device mount on the host that shares
+ a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type of the
+ volume that you want to mount. Tip:
+ Ensure that the filesystem type
+ is supported by the host operating
+ system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be
+ "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in
+ the filesystem from compromising
+ the machine'
+ type: string
+ image:
+ description: 'The rados image name.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'Keyring is the path
+ to key ring for RBDUser. Default
+ is /etc/ceph/keyring. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'A collection of Ceph
+ monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'The rados pool name.
+ Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'SecretRef is name of
+ the authentication secret for RBDUser.
+ If provided overrides keyring. Default
+ is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'The rados user name.
+ Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: ScaleIO represents a ScaleIO
+ persistent volume attached and mounted
+ on Kubernetes nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". Default is
+ "xfs".
+ type: string
+ gateway:
+ description: The host address of the
+ ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: The name of the ScaleIO
+ Protection Domain for the configured
+ storage.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly
+ setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef references
+ to the secret for ScaleIO user and
+ other sensitive information. If
+ this is not provided, Login operation
+ will fail.
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ sslEnabled:
+ description: Flag to enable/disable
+ SSL communication with Gateway,
+ default false
+ type: boolean
+ storageMode:
+ description: Indicates whether the
+ storage for a volume should be ThickProvisioned
+ or ThinProvisioned. Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: The ScaleIO Storage Pool
+ associated with the protection domain.
+ type: string
+ system:
+ description: The name of the storage
+ system as configured in ScaleIO.
+ type: string
+ volumeName:
+ description: The name of a volume
+ already created in the ScaleIO system
+ that is associated with this volume
+ source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'Secret represents a secret
+ that should populate this volume. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits
+ to use on created files by default.
+ Must be a value between 0 and 0777.
+ Defaults to 0644. Directories within
+ the path are not affected by this
+ setting. This might be in conflict
+ with other options that affect the
+ file mode, like fsGroup, and the
+ result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each
+ key-value pair in the Data field
+ of the referenced Secret will be
+ projected into the volume as a file
+ whose name is the key and content
+ is the value. If specified, the
+ listed keys will be projected into
+ the specified paths, and unlisted
+ keys will not be present. If a key
+ is specified which is not present
+ in the Secret, the volume setup
+ will error unless it is marked optional.
+ Paths must be relative and may not
+ contain the '..' path or start with
+ '..'.
+ items:
+ description: Maps a string key to
+ a path within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode
+ bits to use on this file,
+ must be a value between 0
+ and 0777. If not specified,
+ the volume defaultMode will
+ be used. This might be in
+ conflict with other options
+ that affect the file mode,
+ like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path
+ of the file to map the key
+ to. May not be an absolute
+ path. May not contain the
+ path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: Specify whether the Secret
+ or its keys must be defined
+ type: boolean
+ secretName:
+ description: 'Name of the secret in
+ the pod''s namespace to use. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: StorageOS represents a StorageOS
+ volume attached and mounted on Kubernetes
+ nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly
+ setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef specifies the
+ secret to use for obtaining the
+ StorageOS API credentials. If not
+ specified, default values will be
+ attempted.
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ volumeName:
+ description: VolumeName is the human-readable
+ name of the StorageOS volume. Volume
+ names are only unique within a namespace.
+ type: string
+ volumeNamespace:
+ description: VolumeNamespace specifies
+ the scope of the volume within StorageOS. If
+ no namespace is specified then the
+ Pod's namespace will be used. This
+ allows the Kubernetes name scoping
+ to be mirrored within StorageOS
+ for tighter integration. Set VolumeName
+ to any name to override the default
+ behaviour. Set to "default" if you
+ are not using namespaces within
+ StorageOS. Namespaces that do not
+ pre-exist within StorageOS will
+ be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: VsphereVolume represents
+ a vSphere volume attached and mounted
+ on kubelets host machine
+ properties:
+ fsType:
+ description: Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ storagePolicyID:
+ description: Storage Policy Based
+ Management (SPBM) profile ID associated
+ with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: Storage Policy Based
+ Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: Path that identifies
+ vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ httpProbe/inputs:
+ type: object
+ required:
+ - url
+ - method
+ properties:
+ url:
+ type: string
+ minLength: 1
+ insecureSkipVerify:
+ type: boolean
+ method:
+ type: object
+ minProperties: 1
+ properties:
+ get:
+ type: object
+ required:
+ - criteria
+ - responseCode
+ properties:
+ criteria:
+ type: string
+ minLength: 1
+ responseCode:
+ type: string
+ minLength: 1
+ post:
+ type: object
+ required:
+ - criteria
+ - responseCode
+ properties:
+ contentType:
+ type: string
+ minLength: 1
+ body:
+ type: string
+ bodyPath:
+ type: string
+ criteria:
+ type: string
+ minLength: 1
+ responseCode:
+ type: string
+ minLength: 1
+ promProbe/inputs:
+ type: object
+ required:
+ - endpoint
+ - comparator
+ properties:
+ endpoint:
+ type: string
+ query:
+ type: string
+ queryPath:
+ type: string
+ comparator:
+ type: object
+ required:
+ - criteria
+ - value
+ properties:
+ criteria:
+ type: string
+ value:
+ type: string
+ runProperties:
+ type: object
+ minProperties: 2
+ required:
+ - probeTimeout
+ - interval
+ properties:
+ evaluationTimeout:
+ type: string
+ probeTimeout:
+ type: string
+ interval:
+ type: string
+ retry:
+ type: integer
+ attempt:
+ type: integer
+ probePollingInterval:
+ type: string
+ initialDelaySeconds:
+ type: integer
+ initialDelay:
+ type: string
+ verbosity:
+ type: string
+ stopOnFailure:
+ type: boolean
+ sloProbe/inputs:
+ description: inputs needed for the SLO probe
+ required:
+ - platformEndpoint
+ - sloIdentifier
+ - sloSourceMetadata
+ - comparator
+ properties:
+ comparator:
+ description: Comparator check for the correctness
+ of the probe output
+ required:
+ - criteria
+ - value
+ properties:
+ criteria:
+ description: Criteria for matching data it
+ supports >=, <=, ==, >, <, != for int and
+ float it supports equal, notEqual, contains
+ for string
+ type: string
+ type:
+ description: Type of data it can be int, float,
+ string
+ type: string
+ value:
+ description: Value contains relative value
+ for criteria
+ type: string
+ type: object
+ evaluationWindow:
+ description: EvaluationWindow is the time period
+ for which the metrics will be evaluated
+ properties:
+ evaluationEndTime:
+ description: End time of evaluation
+ type: integer
+ evaluationStartTime:
+ description: Start time of evaluation
+ type: integer
+ type: object
+ platformEndpoint:
+ description: PlatformEndpoint for the monitoring
+ service endpoint
+ type: string
+ insecureSkipVerify:
+ description: InsecureSkipVerify flag to skip certificate
+ checks
+ type: boolean
+ sloIdentifier:
+ description: SLOIdentifier for fetching the details
+ of the SLO
+ type: string
+ sloSourceMetadata:
+ description: SLOSourceMetadata consists of required
+ metadata details to fetch metric data
+ required:
+ - apiTokenSecret
+ - scope
+ properties:
+ apiTokenSecret:
+ description: APITokenSecret for authenticating
+ with the platform service
+ type: string
+ scope:
+ description: Scope required for fetching details
+ required:
+ - accountIdentifier
+ - orgIdentifier
+ - projectIdentifier
+ properties:
+ accountIdentifier:
+ description: AccountIdentifier for account
+ ID
+ type: string
+ orgIdentifier:
+ description: OrgIdentifier for organization
+ ID
+ type: string
+ projectIdentifier:
+ description: ProjectIdentifier for project
+ ID
+ type: string
+ type: object
+ type: object
+ type: object
+ mode:
+ type: string
+ pattern: ^(SOT|EOT|Edge|Continuous|OnChaos)$
+ minLength: 1
+ data:
+ type: string
+ components:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ properties:
+ statusCheckTimeouts:
+ type: object
+ properties:
+ delay:
+ type: integer
+ timeout:
+ type: integer
+ nodeSelector:
+ type: object
+ additionalProperties:
+ type: string
+ properties:
+ key:
+ type: string
+ minLength: 1
+ allowEmptyValue: false
+ value:
+ type: string
+ minLength: 1
+ allowEmptyValue: false
+ experimentImage:
+ type: string
+ env:
+ type: array
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previous defined environment
+ variables in the container and any service environment
+ variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged.
+ The $(VAR_NAME) syntax can be escaped with a
+ double $$, ie: $$(VAR_NAME). Escaped references
+ will never be expanded, regardless of whether
+ the variable exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod:
+ supports metadata.name, metadata.namespace,
+ metadata.labels, metadata.annotations, spec.nodeName,
+ spec.serviceAccountName, status.hostIP,
+ status.podIP.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage,
+ requests.cpu, requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ configMaps:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ mountPath:
+ type: string
+ secrets:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ mountPath:
+ type: string
+ experimentAnnotations:
+ type: object
+ additionalProperties:
+ type: string
+ properties:
+ key:
+ type: string
+ minLength: 1
+ allowEmptyValue: false
+ value:
+ type: string
+ minLength: 1
+ allowEmptyValue: false
+ tolerations:
+ description: Pod's tolerations.
+ items:
+ description: The pod with this Toleration tolerates any taint matches the using the matching operator .
+ properties:
+ effect:
+ description: Effect to match. Empty means all effects.
+ type: string
+ key:
+ description: Taint key the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists.
+ type: string
+ operator:
+ description: Operators are Exists or Equal. Defaults to Equal.
+ type: string
+ tolerationSeconds:
+ description: Period of time the toleration tolerates the taint.
+ format: int64
+ type: integer
+ value:
+ description: If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ concurrencyPolicy:
+ type: string
+ scheduleState:
+ type: string
+ schedule:
+ oneOf:
+ - required:
+ - now
+ - required:
+ - once
+ - required:
+ - repeat
+ properties:
+ now:
+ type: boolean
+ once:
+ properties:
+ executionTime:
+ format: date-time
+ type: string
+ type: object
+ repeat:
+ properties:
+ timeRange:
+ properties:
+ endTime:
+ format: date-time
+ type: string
+ startTime:
+ format: date-time
+ type: string
+ type: object
+ workHours:
+ properties:
+ includedHours:
+ type: string
+ type: object
+ required:
+ - includedHours
+ workDays:
+ properties:
+ includedDays:
+ pattern: ((Mon|Tue|Wed|Thu|Fri|Sat|Sun)(,))*(Mon|Tue|Wed|Thu|Fri|Sat|Sun)
+ type: string
+ type: object
+ required:
+ - includedDays
+ properties:
+ properties:
+ minChaosInterval:
+ properties:
+ hour:
+ properties:
+ everyNthHour:
+ type: integer
+ minuteOfTheHour:
+ type: integer
+ type: object
+ minute:
+ properties:
+ everyNthMinute:
+ type: integer
+ type: object
+ type: object
+ minProperties: 1
+ maxProperties: 1
+ random:
+ type: boolean
+ type: object
+ required:
+ - minChaosInterval
+ type: object
+ required:
+ - properties
+ type: object
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+ conversion:
+ strategy: None
diff --git a/mkdocs/docs/litmus-namespaced-scope/litmus-namespaced-operator.yaml b/mkdocs/docs/litmus-namespaced-scope/litmus-namespaced-operator.yaml
index 73886cd3369..9e6125e84ec 100644
--- a/mkdocs/docs/litmus-namespaced-scope/litmus-namespaced-operator.yaml
+++ b/mkdocs/docs/litmus-namespaced-scope/litmus-namespaced-operator.yaml
@@ -7,7 +7,7 @@ metadata:
app.kubernetes.io/name: litmus
# provide unique instance-id if applicable
# app.kubernetes.io/instance: litmus-abcxzy
- app.kubernetes.io/version: v3.13.0
+ app.kubernetes.io/version: v3.14.0
app.kubernetes.io/component: operator-serviceaccount
app.kubernetes.io/part-of: litmus
app.kubernetes.io/managed-by: kubectl
@@ -22,7 +22,7 @@ metadata:
app.kubernetes.io/name: litmus
# provide unique instance-id if applicable
# app.kubernetes.io/instance: litmus-abcxzy
- app.kubernetes.io/version: v3.13.0
+ app.kubernetes.io/version: v3.14.0
app.kubernetes.io/component: operator-role
app.kubernetes.io/part-of: litmus
app.kubernetes.io/managed-by: kubectl
@@ -59,7 +59,7 @@ metadata:
app.kubernetes.io/name: litmus
# provide unique instance-id if applicable
# app.kubernetes.io/instance: litmus-abcxzy
- app.kubernetes.io/version: v3.13.0
+ app.kubernetes.io/version: v3.14.0
app.kubernetes.io/component: operator-rolebinding
app.kubernetes.io/part-of: litmus
app.kubernetes.io/managed-by: kubectl
@@ -81,7 +81,7 @@ metadata:
app.kubernetes.io/name: litmus
# provide unique instance-id if applicable
# app.kubernetes.io/instance: litmus-abcxzy
- app.kubernetes.io/version: v3.13.0
+ app.kubernetes.io/version: v3.14.0
app.kubernetes.io/component: operator
app.kubernetes.io/part-of: litmus
app.kubernetes.io/managed-by: kubectl
@@ -97,7 +97,7 @@ spec:
app.kubernetes.io/name: litmus
# provide unique instance-id if applicable
# app.kubernetes.io/instance: litmus-abcxzy
- app.kubernetes.io/version: v3.13.0
+ app.kubernetes.io/version: v3.14.0
app.kubernetes.io/component: operator
app.kubernetes.io/part-of: litmus
app.kubernetes.io/managed-by: kubectl
@@ -106,13 +106,13 @@ spec:
serviceAccountName: litmus
containers:
- name: chaos-operator
- image: litmuschaos.docker.scarf.sh/litmuschaos/chaos-operator:3.13.0
+ image: litmuschaos.docker.scarf.sh/litmuschaos/chaos-operator:3.14.0
command:
- chaos-operator
imagePullPolicy: Always
env:
- name: CHAOS_RUNNER_IMAGE
- value: "litmuschaos.docker.scarf.sh/litmuschaos/chaos-runner:3.13.0"
+ value: "litmuschaos.docker.scarf.sh/litmuschaos/chaos-runner:3.14.0"
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
diff --git a/mkdocs/docs/litmus-namespaced-scope/litmus-namespaced-scheduler.yaml b/mkdocs/docs/litmus-namespaced-scope/litmus-namespaced-scheduler.yaml
index a63ff9539fb..5cefe6ef13a 100644
--- a/mkdocs/docs/litmus-namespaced-scope/litmus-namespaced-scheduler.yaml
+++ b/mkdocs/docs/litmus-namespaced-scope/litmus-namespaced-scheduler.yaml
@@ -16,7 +16,7 @@ spec:
containers:
- name: chaos-scheduler
# Replace this with the built image name
- image: litmuschaos.docker.scarf.sh/litmuschaos/chaos-scheduler:3.13.0
+ image: litmuschaos.docker.scarf.sh/litmuschaos/chaos-scheduler:3.14.0
command:
- chaos-scheduler
imagePullPolicy: IfNotPresent
diff --git a/mkdocs/docs/litmus-namespaced-scope/litmus-ns-experiment-rbac.yaml b/mkdocs/docs/litmus-namespaced-scope/litmus-ns-experiment-rbac.yaml
index cd7b81d0beb..e8633da7950 100644
--- a/mkdocs/docs/litmus-namespaced-scope/litmus-ns-experiment-rbac.yaml
+++ b/mkdocs/docs/litmus-namespaced-scope/litmus-ns-experiment-rbac.yaml
@@ -7,7 +7,7 @@ metadata:
app.kubernetes.io/name: litmus
# provide unique instance-id if applicable
# app.kubernetes.io/instance: litmus-abcxzy
- app.kubernetes.io/version: v3.13.0
+ app.kubernetes.io/version: v3.14.0
app.kubernetes.io/component: operator-serviceaccount
app.kubernetes.io/part-of: litmus
app.kubernetes.io/managed-by: kubectl
@@ -22,7 +22,7 @@ metadata:
app.kubernetes.io/name: litmus
# provide unique instance-id if applicable
# app.kubernetes.io/instance: litmus-abcxzy
- app.kubernetes.io/version: v3.13.0
+ app.kubernetes.io/version: v3.14.0
app.kubernetes.io/component: operator-role
app.kubernetes.io/part-of: litmus
app.kubernetes.io/managed-by: kubectl
@@ -59,7 +59,7 @@ metadata:
app.kubernetes.io/name: litmus
# provide unique instance-id if applicable
# app.kubernetes.io/instance: litmus-abcxzy
- app.kubernetes.io/version: v3.13.0
+ app.kubernetes.io/version: v3.14.0
app.kubernetes.io/component: operator-rolebinding
app.kubernetes.io/part-of: litmus
app.kubernetes.io/managed-by: kubectl
diff --git a/mkdocs/docs/litmus-namespaced-scope/litmus-ns-rbac.yaml b/mkdocs/docs/litmus-namespaced-scope/litmus-ns-rbac.yaml
index db76c69f3c6..d3c19d84ec3 100644
--- a/mkdocs/docs/litmus-namespaced-scope/litmus-ns-rbac.yaml
+++ b/mkdocs/docs/litmus-namespaced-scope/litmus-ns-rbac.yaml
@@ -7,7 +7,7 @@ metadata:
app.kubernetes.io/name: litmus
# provide unique instance-id if applicable
# app.kubernetes.io/instance: litmus-abcxzy
- app.kubernetes.io/version: v3.13.0
+ app.kubernetes.io/version: v3.14.0
app.kubernetes.io/component: operator-serviceaccount
app.kubernetes.io/part-of: litmus
app.kubernetes.io/managed-by: kubectl
@@ -22,7 +22,7 @@ metadata:
app.kubernetes.io/name: litmus
# provide unique instance-id if applicable
# app.kubernetes.io/instance: litmus-abcxzy
- app.kubernetes.io/version: v3.13.0
+ app.kubernetes.io/version: v3.14.0
app.kubernetes.io/component: operator-role
app.kubernetes.io/part-of: litmus
app.kubernetes.io/managed-by: kubectl
@@ -62,7 +62,7 @@ metadata:
app.kubernetes.io/name: litmus
# provide unique instance-id if applicable
# app.kubernetes.io/instance: litmus-abcxzy
- app.kubernetes.io/version: v3.13.0
+ app.kubernetes.io/version: v3.14.0
app.kubernetes.io/component: operator-rolebinding
app.kubernetes.io/part-of: litmus
app.kubernetes.io/managed-by: kubectl
diff --git a/mkdocs/docs/litmus-operator-v3.14.0.yaml b/mkdocs/docs/litmus-operator-v3.14.0.yaml
new file mode 100644
index 00000000000..79942077f2e
--- /dev/null
+++ b/mkdocs/docs/litmus-operator-v3.14.0.yaml
@@ -0,0 +1,3004 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: litmus
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: litmus
+ namespace: litmus
+ labels:
+ app.kubernetes.io/name: litmus
+ # provide unique instance-id if applicable
+ # app.kubernetes.io/instance: litmus-abcxzy
+ app.kubernetes.io/version: v3.14.0
+ app.kubernetes.io/component: operator-serviceaccount
+ app.kubernetes.io/part-of: litmus
+ app.kubernetes.io/managed-by: kubectl
+ name: litmus
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: litmus
+ labels:
+ app.kubernetes.io/name: litmus
+ # provide unique instance-id if applicable
+ # app.kubernetes.io/instance: litmus-abcxzy
+ app.kubernetes.io/version: v3.14.0
+ app.kubernetes.io/component: operator-clusterrole
+ app.kubernetes.io/part-of: litmus
+ app.kubernetes.io/managed-by: kubectl
+ name: litmus
+rules:
+ # *******************************************************************
+ # Permissions needed for creation and discovery of chaos component
+ # *******************************************************************
+
+# for checking app parent resources if they are eligible chaos candidates
+- apiGroups: [""]
+ resources: ["replicationcontrollers"]
+ verbs: ["get","list"]
+
+# for checking app parent resources if they are eligible chaos candidates
+- apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["get","list"]
+
+# for checking (openshift) app parent resources if they are eligible chaos candidates
+- apiGroups: ["apps.openshift.io"]
+ resources: ["deploymentconfigs"]
+ verbs: ["get","list"]
+
+# for operator to perform asset discovery of available resources on the cluster which can be picked as a target for chaos
+- apiGroups: ["apps"]
+ resources: ["deployments", "daemonsets", "replicasets", "statefulsets"]
+ verbs: ["get","list"]
+
+# for operator to perform asset discovery of experiment jobs
+- apiGroups: ["batch"]
+ resources: ["jobs"]
+ verbs: ["get","list"]
+
+# for checking (argo) app parent resources if they are eligible chaos candidates
+- apiGroups: ["argoproj.io"]
+ resources: ["rollouts"]
+ verbs: ["get","list"]
+
+# for creating and monitoring the chaos-runner pods
+- apiGroups: [""]
+ resources: ["pods","events"]
+ verbs: ["get","create","update","patch","delete","list","watch","deletecollection"]
+
+# for operator to create or get the service for mertics
+- apiGroups: [""]
+ resources: ["services"]
+ verbs: ["create","update","get","list","watch","delete"]
+
+# for operator to create and manage configmap to handle race condition
+- apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["create","update","get","list","watch","delete"]
+
+# for operator to perform removal of experiment jobs
+- apiGroups: ["batch"]
+ resources: ["jobs"]
+ verbs: ["delete","deletecollection"]
+
+# for creation, status polling and deletion of litmus chaos resources used within an experiment
+- apiGroups: ["litmuschaos.io"]
+ resources: ["chaosengines","chaosexperiments","chaosresults"]
+ verbs: ["get","create","update","patch","delete","list","watch","deletecollection"]
+
+# for validation of existance of chaosresult crd
+- apiGroups: ["apiextensions.k8s.io"]
+ resources: ["customresourcedefinitions"]
+ verbs: ["list","get"]
+
+# for managing litmus resource deletion
+- apiGroups: ["litmuschaos.io"]
+ resources: ["chaosengines/finalizers"]
+ verbs: ["update"]
+
+# for leader election in case of multireplica
+- apiGroups: ["coordination.k8s.io"]
+ resources: ["leases"]
+ verbs: ["get","create","list","update","delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: litmus
+ labels:
+ app.kubernetes.io/name: litmus
+ # provide unique instance-id if applicable
+ # app.kubernetes.io/instance: litmus-abcxzy
+ app.kubernetes.io/version: v3.14.0
+ app.kubernetes.io/component: operator-clusterrolebinding
+ app.kubernetes.io/part-of: litmus
+ app.kubernetes.io/managed-by: kubectl
+ name: litmus
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: litmus
+subjects:
+- kind: ServiceAccount
+ name: litmus
+ namespace: litmus
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app.kubernetes.io/name: litmus
+ # provide unique instance-id if applicable
+ # app.kubernetes.io/instance: litmus-abcxzy
+ app.kubernetes.io/version: v3.14.0
+ app.kubernetes.io/component: operator
+ app.kubernetes.io/part-of: litmus
+ app.kubernetes.io/managed-by: kubectl
+ name: litmus
+ name: chaos-operator-ce
+ namespace: litmus
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ name: chaos-operator
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: litmus
+ # provide unique instance-id if applicable
+ # app.kubernetes.io/instance: litmus-abcxzy
+ app.kubernetes.io/version: v3.14.0
+ app.kubernetes.io/component: operator
+ app.kubernetes.io/part-of: litmus
+ app.kubernetes.io/managed-by: kubectl
+ name: chaos-operator
+ spec:
+ serviceAccountName: litmus
+ containers:
+ - name: chaos-operator
+ image: litmuschaos.docker.scarf.sh/litmuschaos/chaos-operator:3.14.0
+ command:
+ - chaos-operator
+ args:
+ - -leader-elect=true
+ imagePullPolicy: Always
+ env:
+ - name: CHAOS_RUNNER_IMAGE
+ value: "litmuschaos.docker.scarf.sh/litmuschaos/chaos-runner:3.14.0"
+ - name: WATCH_NAMESPACE
+ value: ""
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: OPERATOR_NAME
+ value: "chaos-operator"
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: chaosengines.litmuschaos.io
+spec:
+ group: litmuschaos.io
+ names:
+ kind: ChaosEngine
+ listKind: ChaosEngineList
+ plural: chaosengines
+ singular: chaosengine
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ properties:
+ jobCleanUpPolicy:
+ type: string
+ pattern: ^(delete|retain)$
+ # alternate ways to do this in case of complex pattern matches
+ #oneOf:
+ # - pattern: '^delete$'
+ # - pattern: '^retain$'
+ defaultHealthCheck:
+ type: boolean
+ appinfo:
+ type: object
+ properties:
+ appkind:
+ type: string
+ pattern: ^(^$|deployment|statefulset|daemonset|deploymentconfig|rollout)$
+ applabel:
+ type: string
+ appns:
+ type: string
+ selectors:
+ type: object
+ properties:
+ pods:
+ items:
+ properties:
+ names:
+ type: string
+ namespace:
+ type: string
+ required:
+ - names
+ - namespace
+ type: object
+ type: array
+ workloads:
+ items:
+ properties:
+ kind:
+ type: string
+ pattern: ^(^$|deployment|statefulset|daemonset|deploymentconfig|rollout)$
+ labels:
+ type: string
+ names:
+ type: string
+ namespace:
+ type: string
+ oneOf:
+ - required: [ names ]
+ - required: [ labels ]
+ required:
+ - kind
+ - namespace
+ type: object
+ type: array
+ oneOf:
+ - required: [ pods ]
+ - required: [ workloads ]
+ auxiliaryAppInfo:
+ type: string
+ engineState:
+ type: string
+ pattern: ^(active|stop)$
+ chaosServiceAccount:
+ type: string
+ terminationGracePeriodSeconds:
+ type: integer
+ components:
+ type: object
+ properties:
+ sidecar:
+ type: array
+ items:
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ properties:
+ env:
+ description: ENV contains ENV passed to the sidecar container
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are
+ expanded using the previous defined environment
+ variables in the container and any service environment
+ variables. If a variable cannot be resolved, the
+ reference in the input string will be unchanged.
+ The $(VAR_NAME) syntax can be escaped with a double
+ $$, ie: $$(VAR_NAME). Escaped references will never
+ be expanded, regardless of whether the variable
+ exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in the
+ pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: EnvFrom for the sidecar container
+ items:
+ description: EnvFromSource represents the source of a
+ set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must
+ be defined
+ type: boolean
+ type: object
+ prefix:
+ description: An optional identifier to prepend to
+ each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret must be
+ defined
+ type: boolean
+ type: object
+ type: object
+ type: array
+ image:
+ type: string
+ imagePullPolicy:
+ type: string
+ secrets:
+ items:
+ properties:
+ mountPath:
+ type: string
+ name:
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ runner:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ properties:
+ image:
+ type: string
+ type:
+ type: string
+ pattern: ^(go)$
+ runnerAnnotations:
+ type: object
+ runnerLabels:
+ type: object
+ additionalProperties:
+ type: string
+ properties:
+ key:
+ type: string
+ minLength: 1
+ value:
+ type: string
+ minLength: 1
+ tolerations:
+ description: Pod's tolerations.
+ items:
+ description: The pod with this Toleration tolerates any taint matches the using the matching operator .
+ properties:
+ effect:
+ description: Effect to match. Empty means all effects.
+ type: string
+ key:
+ description: Taint key the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists.
+ type: string
+ operator:
+ description: Operators are Exists or Equal. Defaults to Equal.
+ type: string
+ tolerationSeconds:
+ description: Period of time the toleration tolerates the taint.
+ format: int64
+ type: integer
+ value:
+ description: If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ experiments:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ spec:
+ type: object
+ properties:
+ probe:
+ type: array
+ items:
+ type: object
+ required:
+ - name
+ - type
+ - mode
+ - runProperties
+ properties:
+ name:
+ type: string
+ type:
+ type: string
+ minLength: 1
+ pattern: ^(k8sProbe|httpProbe|cmdProbe|promProbe)$
+ k8sProbe/inputs:
+ type: object
+ required:
+ - version
+ - resource
+ - operation
+ properties:
+ group:
+ type: string
+ version:
+ type: string
+ resource:
+ type: string
+ namespace:
+ type: string
+ resourceNames:
+ type: string
+ fieldSelector:
+ type: string
+ labelSelector:
+ type: string
+ operation:
+ type: string
+ pattern: ^(present|absent|create|delete)$
+ minLength: 1
+ cmdProbe/inputs:
+ type: object
+ required:
+ - command
+ - comparator
+ properties:
+ command:
+ type: string
+ minLength: 1
+ comparator:
+ type: object
+ required:
+ - type
+ - criteria
+ - value
+ properties:
+ type:
+ type: string
+ minLength: 1
+ pattern: ^(int|float|string)$
+ criteria:
+ type: string
+ value:
+ type: string
+ source:
+ description: The external pod where we have to run the
+ probe commands. It will run the commands inside the experiment pod itself(inline mode) if source contains a nil value
+ required:
+ - image
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ description: Annotations for the source pod
+ type: object
+ args:
+ description: Args for the source pod
+ items:
+ type: string
+ type: array
+ command:
+ description: Command for the source pod
+ items:
+ type: string
+ type: array
+ env:
+ description: ENVList contains ENV passed to
+ the source pod
+ items:
+ description: EnvVar represents an environment
+ variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previous defined
+ environment variables in the container
+ and any service environment variables.
+ If a variable cannot be resolved, the
+ reference in the input string will be
+ unchanged. The $(VAR_NAME) syntax can
+ be escaped with a double $$, ie: $$(VAR_NAME).
+ Escaped references will never be expanded,
+ regardless of whether the variable exists
+ or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment
+ variable's value. Cannot be used if
+ value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the
+ ConfigMap or its key must be
+ defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the
+ pod: supports metadata.name, metadata.namespace,
+ metadata.labels, metadata.annotations,
+ spec.nodeName, spec.serviceAccountName,
+ status.hostIP, status.podIP.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in
+ terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field
+ to select in the specified API
+ version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of
+ the container: only resources limits
+ and requests (limits.cpu, limits.memory,
+ limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name:
+ required for volumes, optional
+ for env vars'
+ type: string
+ divisor:
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ type: string
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret
+ in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret
+ to select from. Must be a valid
+ secret key.
+ type: string
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the
+ Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ hostNetwork:
+ description: HostNetwork define the hostNetwork
+ of the external pod it supports boolean values
+ and default value is false
+ type: boolean
+ inheritInputs:
+ description: InheritInputs define to inherit experiment
+ details in probe pod it supports boolean values
+ and default value is false.
+ type: boolean
+ image:
+ description: Image for the source pod
+ type: string
+ imagePullPolicy:
+ description: ImagePullPolicy for the source pod
+ type: string
+ imagePullSecrets:
+ description: ImagePullSecrets for source pod
+ items:
+ description: LocalObjectReference contains enough information
+ to let you locate the referenced object inside the same
+ namespace.
+ properties:
+ name:
+ description: 'Name of the referent'
+ type: string
+ type: object
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ description: Labels for the source pod
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: NodeSelector for the source pod
+ type: object
+ tolerations:
+ description: Tolerations for the source pod
+ items:
+ description: The pod with this Toleration tolerates any taint matches the using the matching operator .
+ properties:
+ effect:
+ description: Effect to match. Empty means all effects.
+ type: string
+ key:
+ description: Taint key the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists.
+ type: string
+ operator:
+ description: Operators are Exists or Equal. Defaults to Equal.
+ type: string
+ tolerationSeconds:
+ description: Period of time the toleration tolerates the taint.
+ format: int64
+ type: integer
+ value:
+ description: If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ privileged:
+ description: Privileged for the source pod
+ type: boolean
+ volumeMount:
+ description: VolumesMount for the source pod
+ items:
+ description: VolumeMount describes a mounting
+ of a Volume within a container.
+ properties:
+ mountPath:
+ description: Path within the container
+ at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines
+ how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is
+ used. This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name
+ of a Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true,
+ read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from
+ which the container's volume should
+ be mounted. Defaults to "" (volume's
+ root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the
+ volume from which the container's volume
+ should be mounted. Behaves similarly
+ to SubPath but environment variable
+ references $(VAR_NAME) are expanded
+ using the container's environment. Defaults
+ to "" (volume's root). SubPathExpr and
+ SubPath are mutually exclusive. This
+ field is beta in 1.15.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ volumes:
+ description: Volumes for the source pod
+ items:
+ description: Volume represents a named volume
+ in a pod that may be accessed by any container
+ in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'AWSElasticBlockStore represents
+ an AWS Disk resource that is attached
+ to a kubelet''s host machine and then
+ exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'Filesystem type of the
+ volume that you want to mount. Tip:
+ Ensure that the filesystem type
+ is supported by the host operating
+ system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be
+ "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in
+ the filesystem from compromising
+ the machine'
+ type: string
+ partition:
+ description: 'The partition in the
+ volume that you want to mount. If
+ omitted, the default is to mount
+ by volume name. Examples: For volume
+ /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can
+ leave the property empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Specify "true" to force
+ and set the ReadOnly property in
+ VolumeMounts to "true". If omitted,
+ the default is "false". More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'Unique ID of the persistent
+ disk resource in AWS (Amazon EBS
+ volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: AzureDisk represents an Azure
+ Data Disk mount on the host and bind
+ mount to the pod.
+ properties:
+ cachingMode:
+ description: 'Host Caching mode: None,
+ Read Only, Read Write.'
+ type: string
+ diskName:
+ description: The Name of the data
+ disk in the blob storage
+ type: string
+ diskURI:
+ description: The URI the data disk
+ in the blob storage
+ type: string
+ fsType:
+ description: Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ kind:
+ description: 'Expected values Shared:
+ multiple blob disks per storage
+ account Dedicated: single blob
+ disk per storage account Managed:
+ azure managed data disk (only in
+ managed availability set). defaults
+ to shared'
+ type: string
+ readOnly:
+ description: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly
+ setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: AzureFile represents an Azure
+ File Service mount on the host and bind
+ mount to the pod.
+ properties:
+ readOnly:
+ description: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly
+ setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: the name of secret that
+ contains Azure Storage Account Name
+ and Key
+ type: string
+ shareName:
+ description: Share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: CephFS represents a Ceph
+ FS mount on the host that shares a pod's
+ lifetime
+ properties:
+ monitors:
+ description: 'Required: Monitors is
+ a collection of Ceph monitors More
+ info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'Optional: Used as the
+ mounted root, rather than the full
+ Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to
+ false (read/write). ReadOnly here
+ will force the ReadOnly setting
+ in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'Optional: SecretFile
+ is the path to key ring for User,
+ default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'Optional: SecretRef
+ is reference to the authentication
+ secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'Optional: User is the
+ rados user name, default is admin
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'Cinder represents a cinder
+ volume attached and mounted on kubelets
+ host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Examples:
+ "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'Optional: Defaults to
+ false (read/write). ReadOnly here
+ will force the ReadOnly setting
+ in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'Optional: points to
+ a secret object containing parameters
+ used to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ volumeID:
+ description: 'volume id used to identify
+ the volume in cinder. More info:
+ https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: ConfigMap represents a configMap
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits
+ to use on created files by default.
+ Must be a value between 0 and 0777.
+ Defaults to 0644. Directories within
+ the path are not affected by this
+ setting. This might be in conflict
+ with other options that affect the
+ file mode, like fsGroup, and the
+ result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each
+ key-value pair in the Data field
+ of the referenced ConfigMap will
+ be projected into the volume as
+ a file whose name is the key and
+ content is the value. If specified,
+ the listed keys will be projected
+ into the specified paths, and unlisted
+ keys will not be present. If a key
+ is specified which is not present
+ in the ConfigMap, the volume setup
+ will error unless it is marked optional.
+ Paths must be relative and may not
+ contain the '..' path or start with
+ '..'.
+ items:
+ description: Maps a string key to
+ a path within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode
+ bits to use on this file,
+ must be a value between 0
+ and 0777. If not specified,
+ the volume defaultMode will
+ be used. This might be in
+ conflict with other options
+ that affect the file mode,
+ like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path
+ of the file to map the key
+ to. May not be an absolute
+ path. May not contain the
+ path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ csi:
+ description: CSI (Container Storage Interface)
+ represents storage that is handled by
+ an external CSI driver (Alpha feature).
+ properties:
+ driver:
+ description: Driver is the name of
+ the CSI driver that handles this
+ volume. Consult with your admin
+ for the correct name as registered
+ in the cluster.
+ type: string
+ fsType:
+ description: Filesystem type to mount.
+ Ex. "ext4", "xfs", "ntfs". If not
+ provided, the empty value is passed
+ to the associated CSI driver which
+ will determine the default filesystem
+ to apply.
+ type: string
+ nodePublishSecretRef:
+ description: NodePublishSecretRef
+ is a reference to the secret object
+ containing sensitive information
+ to pass to the CSI driver to complete
+ the CSI NodePublishVolume and NodeUnpublishVolume
+ calls. This field is optional, and may
+ be empty if no secret is required.
+ If the secret object contains more
+ than one secret, all secret references
+ are passed.
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ readOnly:
+ description: Specifies a read-only
+ configuration for the volume. Defaults
+ to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: VolumeAttributes stores
+ driver-specific properties that
+ are passed to the CSI driver. Consult
+ your driver's documentation for
+ supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: DownwardAPI represents downward
+ API about the pod that should populate
+ this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits
+ to use on created files by default.
+ Must be a value between 0 and 0777.
+ Defaults to 0644. Directories within
+ the path are not affected by this
+ setting. This might be in conflict
+ with other options that affect the
+ file mode, like fsGroup, and the
+ result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward
+ API volume file
+ items:
+ description: DownwardAPIVolumeFile
+ represents information to create
+ the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects
+ a field of the pod: only annotations,
+ labels, name and namespace
+ are supported.'
+ properties:
+ apiVersion:
+ description: Version of
+ the schema the FieldPath
+ is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the
+ field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional: mode
+ bits to use on this file,
+ must be a value between 0
+ and 0777. If not specified,
+ the volume defaultMode will
+ be used. This might be in
+ conflict with other options
+ that affect the file mode,
+ like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path
+ is the relative path name
+ of the file to be created.
+ Must not be absolute or contain
+ the ''..'' path. Must be utf-8
+ encoded. The first item of
+ the relative path must not
+ start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource
+ of the container: only resources
+ limits and requests (limits.cpu,
+ limits.memory, requests.cpu
+ and requests.memory) are currently
+ supported.'
+ properties:
+ containerName:
+ description: 'Container
+ name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ description: Specifies the
+ output format of the exposed
+ resources, defaults to
+ "1"
+ type: string
+ resource:
+ description: 'Required:
+ resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'EmptyDir represents a temporary
+ directory that shares a pod''s lifetime.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'What type of storage
+ medium should back this directory.
+ The default is "" which means to
+ use the node''s default medium.
+ Must be an empty string (default)
+ or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ description: 'Total amount of local
+ storage required for this EmptyDir
+ volume. The size limit is also applicable
+ for memory medium. The maximum usage
+ on memory medium EmptyDir would
+ be the minimum value between the
+ SizeLimit specified here and the
+ sum of memory limits of all containers
+ in a pod. The default is nil which
+ means that the limit is undefined.
+ More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
+ type: string
+ type: object
+ fc:
+ description: FC represents a Fibre Channel
+ resource that is attached to a kubelet's
+ host machine and then exposed to the
+ pod.
+ properties:
+ fsType:
+ description: 'Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ TODO: how do we prevent errors in
+ the filesystem from compromising
+ the machine'
+ type: string
+ lun:
+ description: 'Optional: FC target
+ lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'Optional: Defaults to
+ false (read/write). ReadOnly here
+ will force the ReadOnly setting
+ in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'Optional: FC target
+ worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'Optional: FC volume
+ world wide identifiers (wwids) Either
+ wwids or combination of targetWWNs
+ and lun must be set, but not both
+ simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: FlexVolume represents a generic
+ volume resource that is provisioned/attached
+ using an exec based plugin.
+ properties:
+ driver:
+ description: Driver is the name of
+ the driver to use for this volume.
+ type: string
+ fsType:
+ description: Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". The default
+ filesystem depends on FlexVolume
+ script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'Optional: Extra command
+ options if any.'
+ type: object
+ readOnly:
+ description: 'Optional: Defaults to
+ false (read/write). ReadOnly here
+ will force the ReadOnly setting
+ in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'Optional: SecretRef
+ is reference to the secret object
+ containing sensitive information
+ to pass to the plugin scripts. This
+ may be empty if no secret object
+ is specified. If the secret object
+ contains more than one secret, all
+ secrets are passed to the plugin
+ scripts.'
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ required:
+ - driver
+ type: object
+ flocker:
+ description: Flocker represents a Flocker
+ volume attached to a kubelet's host
+ machine. This depends on the Flocker
+ control service being running
+ properties:
+ datasetName:
+ description: Name of the dataset stored
+ as metadata -> name on the dataset
+ for Flocker should be considered
+ as deprecated
+ type: string
+ datasetUUID:
+ description: UUID of the dataset.
+ This is unique identifier of a Flocker
+ dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'GCEPersistentDisk represents
+ a GCE Disk resource that is attached
+ to a kubelet''s host machine and then
+ exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'Filesystem type of the
+ volume that you want to mount. Tip:
+ Ensure that the filesystem type
+ is supported by the host operating
+ system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be
+ "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in
+ the filesystem from compromising
+ the machine'
+ type: string
+ partition:
+ description: 'The partition in the
+ volume that you want to mount. If
+ omitted, the default is to mount
+ by volume name. Examples: For volume
+ /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition
+ for /dev/sda is "0" (or you can
+ leave the property empty). More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'Unique name of the PD
+ resource in GCE. Used to identify
+ the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'GitRepo represents a git
+ repository at a particular revision.
+ DEPRECATED: GitRepo is deprecated. To
+ provision a container with a git repo,
+ mount an EmptyDir into an InitContainer
+ that clones the repo using git, then
+ mount the EmptyDir into the Pod''s container.'
+ properties:
+ directory:
+ description: Target directory name.
+ Must not contain or start with '..'. If
+ '.' is supplied, the volume directory
+ will be the git repository. Otherwise,
+ if specified, the volume will contain
+ the git repository in the subdirectory
+ with the given name.
+ type: string
+ repository:
+ description: Repository URL
+ type: string
+ revision:
+ description: Commit hash for the specified
+ revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'Glusterfs represents a Glusterfs
+ mount on the host that shares a pod''s
+ lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'EndpointsName is the
+ endpoint name that details Glusterfs
+ topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'Path is the Glusterfs
+ volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force
+ the Glusterfs volume to be mounted
+ with read-only permissions. Defaults
+ to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'HostPath represents a pre-existing
+ file or directory on the host machine
+ that is directly exposed to the container.
+ This is generally used for system agents
+ or other privileged things that are
+ allowed to see the host machine. Most
+ containers will NOT need this. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict
+ who can use host directory mounts and
+ who can/can not mount host directories
+ as read/write.'
+ properties:
+ path:
+ description: 'Path of the directory
+ on the host. If the path is a symlink,
+ it will follow the link to the real
+ path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'Type for HostPath Volume
+ Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'ISCSI represents an ISCSI
+ Disk resource that is attached to a
+ kubelet''s host machine and then exposed
+ to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: whether support iSCSI
+ Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: whether support iSCSI
+ Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'Filesystem type of the
+ volume that you want to mount. Tip:
+ Ensure that the filesystem type
+ is supported by the host operating
+ system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be
+ "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in
+ the filesystem from compromising
+ the machine'
+ type: string
+ initiatorName:
+ description: Custom iSCSI Initiator
+ Name. If initiatorName is specified
+ with iscsiInterface simultaneously,
+ new iSCSI interface : will be created for the connection.
+ type: string
+ iqn:
+ description: Target iSCSI Qualified
+ Name.
+ type: string
+ iscsiInterface:
+ description: iSCSI Interface Name
+ that uses an iSCSI transport. Defaults
+ to 'default' (tcp).
+ type: string
+ lun:
+ description: iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: iSCSI Target Portal List.
+ The portal is either an IP or ip_addr:port
+ if the port is other than default
+ (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ type: boolean
+ secretRef:
+ description: CHAP Secret for iSCSI
+ target and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ targetPortal:
+ description: iSCSI Target Portal.
+ The Portal is either an IP or ip_addr:port
+ if the port is other than default
+ (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'Volume''s name. Must be
+ a DNS_LABEL and unique within the pod.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'NFS represents an NFS mount
+ on the host that shares a pod''s lifetime
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'Path that is exported
+ by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force
+ the NFS export to be mounted with
+ read-only permissions. Defaults
+ to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'Server is the hostname
+ or IP address of the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'PersistentVolumeClaimVolumeSource
+ represents a reference to a PersistentVolumeClaim
+ in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'ClaimName is the name
+ of a PersistentVolumeClaim in the
+ same namespace as the pod using
+ this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: Will force the ReadOnly
+ setting in VolumeMounts. Default
+ false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: PhotonPersistentDisk represents
+ a PhotonController persistent disk attached
+ and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ pdID:
+ description: ID that identifies Photon
+ Controller persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: PortworxVolume represents
+ a portworx volume attached and mounted
+ on kubelets host machine
+ properties:
+ fsType:
+ description: FSType represents the
+ filesystem type to mount Must be
+ a filesystem type supported by the
+ host operating system. Ex. "ext4",
+ "xfs". Implicitly inferred to be
+ "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly
+ setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: VolumeID uniquely identifies
+ a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: Items for all in one resources
+ secrets, configmaps, and downward API
+ properties:
+ defaultMode:
+ description: Mode bits to use on created
+ files by default. Must be a value
+ between 0 and 0777. Directories
+ within the path are not affected
+ by this setting. This might be in
+ conflict with other options that
+ affect the file mode, like fsGroup,
+ and the result can be other mode
+ bits set.
+ format: int32
+ type: integer
+ sources:
+ description: list of volume projections
+ items:
+ description: Projection that may
+ be projected along with other
+ supported volume types
+ properties:
+ configMap:
+ description: information about
+ the configMap data to project
+ properties:
+ items:
+ description: If unspecified,
+ each key-value pair in
+ the Data field of the
+ referenced ConfigMap will
+ be projected into the
+ volume as a file whose
+ name is the key and content
+ is the value. If specified,
+ the listed keys will be
+ projected into the specified
+ paths, and unlisted keys
+ will not be present. If
+ a key is specified which
+ is not present in the
+ ConfigMap, the volume
+ setup will error unless
+ it is marked optional.
+ Paths must be relative
+ and may not contain the
+ '..' path or start with
+ '..'.
+ items:
+ description: Maps a string
+ key to a path within
+ a volume.
+ properties:
+ key:
+ description: The key
+ to project.
+ type: string
+ mode:
+ description: 'Optional:
+ mode bits to use
+ on this file, must
+ be a value between
+ 0 and 0777. If not
+ specified, the volume
+ defaultMode will
+ be used. This might
+ be in conflict with
+ other options that
+ affect the file
+ mode, like fsGroup,
+ and the result can
+ be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative
+ path of the file
+ to map the key to.
+ May not be an absolute
+ path. May not contain
+ the path element
+ '..'. May not start
+ with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the
+ referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful
+ fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether
+ the ConfigMap or its keys
+ must be defined
+ type: boolean
+ type: object
+ downwardAPI:
+ description: information about
+ the downwardAPI data to project
+ properties:
+ items:
+ description: Items is a
+ list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile
+ represents information
+ to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required:
+ Selects a field
+ of the pod: only
+ annotations, labels,
+ name and namespace
+ are supported.'
+ properties:
+ apiVersion:
+ description: Version
+ of the schema
+ the FieldPath
+ is written in
+ terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path
+ of the field
+ to select in
+ the specified
+ API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ mode:
+ description: 'Optional:
+ mode bits to use
+ on this file, must
+ be a value between
+ 0 and 0777. If not
+ specified, the volume
+ defaultMode will
+ be used. This might
+ be in conflict with
+ other options that
+ affect the file
+ mode, like fsGroup,
+ and the result can
+ be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required:
+ Path is the relative
+ path name of the
+ file to be created.
+ Must not be absolute
+ or contain the ''..''
+ path. Must be utf-8
+ encoded. The first
+ item of the relative
+ path must not start
+ with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects
+ a resource of the
+ container: only
+ resources limits
+ and requests (limits.cpu,
+ limits.memory, requests.cpu
+ and requests.memory)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container
+ name: required
+ for volumes,
+ optional for
+ env vars'
+ type: string
+ divisor:
+ description: Specifies
+ the output format
+ of the exposed
+ resources, defaults
+ to "1"
+ type: string
+ resource:
+ description: 'Required:
+ resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: information about
+ the secret data to project
+ properties:
+ items:
+ description: If unspecified,
+ each key-value pair in
+ the Data field of the
+ referenced Secret will
+ be projected into the
+ volume as a file whose
+ name is the key and content
+ is the value. If specified,
+ the listed keys will be
+ projected into the specified
+ paths, and unlisted keys
+ will not be present. If
+ a key is specified which
+ is not present in the
+ Secret, the volume setup
+ will error unless it is
+ marked optional. Paths
+ must be relative and may
+ not contain the '..' path
+ or start with '..'.
+ items:
+ description: Maps a string
+ key to a path within
+ a volume.
+ properties:
+ key:
+ description: The key
+ to project.
+ type: string
+ mode:
+ description: 'Optional:
+ mode bits to use
+ on this file, must
+ be a value between
+ 0 and 0777. If not
+ specified, the volume
+ defaultMode will
+ be used. This might
+ be in conflict with
+ other options that
+ affect the file
+ mode, like fsGroup,
+ and the result can
+ be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative
+ path of the file
+ to map the key to.
+ May not be an absolute
+ path. May not contain
+ the path element
+ '..'. May not start
+ with the string
+ '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the
+ referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful
+ fields. apiVersion, kind,
+ uid?'
+ type: string
+ optional:
+ description: Specify whether
+ the Secret or its key
+ must be defined
+ type: boolean
+ type: object
+ serviceAccountToken:
+ description: information about
+ the serviceAccountToken data
+ to project
+ properties:
+ audience:
+ description: Audience is
+ the intended audience
+ of the token. A recipient
+ of a token must identify
+ itself with an identifier
+ specified in the audience
+ of the token, and otherwise
+ should reject the token.
+ The audience defaults
+ to the identifier of the
+ apiserver.
+ type: string
+ expirationSeconds:
+ description: ExpirationSeconds
+ is the requested duration
+ of validity of the service
+ account token. As the
+ token approaches expiration,
+ the kubelet volume plugin
+ will proactively rotate
+ the service account token.
+ The kubelet will start
+ trying to rotate the token
+ if the token is older
+ than 80 percent of its
+ time to live or if the
+ token is older than 24
+ hours.Defaults to 1 hour
+ and must be at least 10
+ minutes.
+ format: int64
+ type: integer
+ path:
+ description: Path is the
+ path relative to the mount
+ point of the file to project
+ the token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ required:
+ - sources
+ type: object
+ quobyte:
+ description: Quobyte represents a Quobyte
+ mount on the host that shares a pod's
+ lifetime
+ properties:
+ group:
+ description: Group to map volume access
+ to Default is no group
+ type: string
+ readOnly:
+ description: ReadOnly here will force
+ the Quobyte volume to be mounted
+ with read-only permissions. Defaults
+ to false.
+ type: boolean
+ registry:
+ description: Registry represents a
+ single or multiple Quobyte Registry
+ services specified as a string as
+ host:port pair (multiple entries
+ are separated with commas) which
+ acts as the central registry for
+ volumes
+ type: string
+ tenant:
+ description: Tenant owning the given
+ Quobyte volume in the Backend Used
+ with dynamically provisioned Quobyte
+ volumes, value is set by the plugin
+ type: string
+ user:
+ description: User to map volume access
+ to Defaults to serivceaccount user
+ type: string
+ volume:
+ description: Volume is a string that
+ references an already created Quobyte
+ volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'RBD represents a Rados Block
+ Device mount on the host that shares
+ a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'Filesystem type of the
+ volume that you want to mount. Tip:
+ Ensure that the filesystem type
+ is supported by the host operating
+ system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be
+ "ext4" if unspecified. More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in
+ the filesystem from compromising
+ the machine'
+ type: string
+ image:
+ description: 'The rados image name.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'Keyring is the path
+ to key ring for RBDUser. Default
+ is /etc/ceph/keyring. More info:
+ https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'A collection of Ceph
+ monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'The rados pool name.
+ Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'SecretRef is name of
+ the authentication secret for RBDUser.
+ If provided overrides keyring. Default
+ is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ user:
+ description: 'The rados user name.
+ Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: ScaleIO represents a ScaleIO
+ persistent volume attached and mounted
+ on Kubernetes nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". Default is
+ "xfs".
+ type: string
+ gateway:
+ description: The host address of the
+ ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: The name of the ScaleIO
+ Protection Domain for the configured
+ storage.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly
+ setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef references
+ to the secret for ScaleIO user and
+ other sensitive information. If
+ this is not provided, Login operation
+ will fail.
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ sslEnabled:
+ description: Flag to enable/disable
+ SSL communication with Gateway,
+ default false
+ type: boolean
+ storageMode:
+ description: Indicates whether the
+ storage for a volume should be ThickProvisioned
+ or ThinProvisioned. Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: The ScaleIO Storage Pool
+ associated with the protection domain.
+ type: string
+ system:
+ description: The name of the storage
+ system as configured in ScaleIO.
+ type: string
+ volumeName:
+ description: The name of a volume
+ already created in the ScaleIO system
+ that is associated with this volume
+ source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'Secret represents a secret
+ that should populate this volume. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits
+ to use on created files by default.
+ Must be a value between 0 and 0777.
+ Defaults to 0644. Directories within
+ the path are not affected by this
+ setting. This might be in conflict
+ with other options that affect the
+ file mode, like fsGroup, and the
+ result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: If unspecified, each
+ key-value pair in the Data field
+ of the referenced Secret will be
+ projected into the volume as a file
+ whose name is the key and content
+ is the value. If specified, the
+ listed keys will be projected into
+ the specified paths, and unlisted
+ keys will not be present. If a key
+ is specified which is not present
+ in the Secret, the volume setup
+ will error unless it is marked optional.
+ Paths must be relative and may not
+ contain the '..' path or start with
+ '..'.
+ items:
+ description: Maps a string key to
+ a path within a volume.
+ properties:
+ key:
+ description: The key to project.
+ type: string
+ mode:
+ description: 'Optional: mode
+ bits to use on this file,
+ must be a value between 0
+ and 0777. If not specified,
+ the volume defaultMode will
+ be used. This might be in
+ conflict with other options
+ that affect the file mode,
+ like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: The relative path
+ of the file to map the key
+ to. May not be an absolute
+ path. May not contain the
+ path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: Specify whether the Secret
+ or its keys must be defined
+ type: boolean
+ secretName:
+ description: 'Name of the secret in
+ the pod''s namespace to use. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: StorageOS represents a StorageOS
+ volume attached and mounted on Kubernetes
+ nodes.
+ properties:
+ fsType:
+ description: Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly
+ setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: SecretRef specifies the
+ secret to use for obtaining the
+ StorageOS API credentials. If not
+ specified, default values will be
+ attempted.
+ properties:
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields.
+ apiVersion, kind, uid?'
+ type: string
+ type: object
+ volumeName:
+ description: VolumeName is the human-readable
+ name of the StorageOS volume. Volume
+ names are only unique within a namespace.
+ type: string
+ volumeNamespace:
+ description: VolumeNamespace specifies
+ the scope of the volume within StorageOS. If
+ no namespace is specified then the
+ Pod's namespace will be used. This
+ allows the Kubernetes name scoping
+ to be mirrored within StorageOS
+ for tighter integration. Set VolumeName
+ to any name to override the default
+ behaviour. Set to "default" if you
+ are not using namespaces within
+ StorageOS. Namespaces that do not
+ pre-exist within StorageOS will
+ be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: VsphereVolume represents
+ a vSphere volume attached and mounted
+ on kubelets host machine
+ properties:
+ fsType:
+ description: Filesystem type to mount.
+ Must be a filesystem type supported
+ by the host operating system. Ex.
+ "ext4", "xfs", "ntfs". Implicitly
+ inferred to be "ext4" if unspecified.
+ type: string
+ storagePolicyID:
+ description: Storage Policy Based
+ Management (SPBM) profile ID associated
+ with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: Storage Policy Based
+ Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: Path that identifies
+ vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ httpProbe/inputs:
+ type: object
+ required:
+ - url
+ - method
+ properties:
+ url:
+ type: string
+ minLength: 1
+ insecureSkipVerify:
+ type: boolean
+ method:
+ type: object
+ minProperties: 1
+ properties:
+ get:
+ type: object
+ required:
+ - criteria
+ - responseCode
+ properties:
+ criteria:
+ type: string
+ minLength: 1
+ responseCode:
+ type: string
+ minLength: 1
+ post:
+ type: object
+ required:
+ - criteria
+ - responseCode
+ properties:
+ contentType:
+ type: string
+ minLength: 1
+ body:
+ type: string
+ bodyPath:
+ type: string
+ criteria:
+ type: string
+ minLength: 1
+ responseCode:
+ type: string
+ minLength: 1
+ promProbe/inputs:
+ type: object
+ required:
+ - endpoint
+ - comparator
+ properties:
+ endpoint:
+ type: string
+ query:
+ type: string
+ queryPath:
+ type: string
+ comparator:
+ type: object
+ required:
+ - criteria
+ - value
+ properties:
+ criteria:
+ type: string
+ value:
+ type: string
+ runProperties:
+ type: object
+ minProperties: 2
+ required:
+ - probeTimeout
+ - interval
+ properties:
+ probeTimeout:
+ type: string
+ interval:
+ type: string
+ retry:
+ type: integer
+ attempt:
+ type: integer
+ probePollingInterval:
+ type: string
+ initialDelay:
+ type: string
+ verbosity:
+ type: string
+ initialDelaySeconds:
+ type: integer
+ stopOnFailure:
+ type: boolean
+ mode:
+ type: string
+ pattern: ^(SOT|EOT|Edge|Continuous|OnChaos)$
+ minLength: 1
+ data:
+ type: string
+ components:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ properties:
+ statusCheckTimeouts:
+ type: object
+ properties:
+ delay:
+ type: integer
+ timeout:
+ type: integer
+ nodeSelector:
+ type: object
+ additionalProperties:
+ type: string
+ properties:
+ key:
+ type: string
+ minLength: 1
+ allowEmptyValue: false
+ value:
+ type: string
+ minLength: 1
+ allowEmptyValue: false
+ experimentImage:
+ type: string
+ env:
+ type: array
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previous defined environment
+ variables in the container and any service environment
+ variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged.
+ The $(VAR_NAME) syntax can be escaped with a
+ double $$, ie: $$(VAR_NAME). Escaped references
+ will never be expanded, regardless of whether
+ the variable exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod:
+ supports metadata.name, metadata.namespace,
+ metadata.labels, metadata.annotations, spec.nodeName,
+ spec.serviceAccountName, status.hostIP,
+ status.podIP.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage,
+ requests.cpu, requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ configMaps:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ mountPath:
+ type: string
+ secrets:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ mountPath:
+ type: string
+ experimentAnnotations:
+ type: object
+ additionalProperties:
+ type: string
+ properties:
+ key:
+ type: string
+ minLength: 1
+ allowEmptyValue: false
+ value:
+ type: string
+ minLength: 1
+ allowEmptyValue: false
+ tolerations:
+ description: Pod's tolerations.
+ items:
+ description: The pod with this Toleration tolerates any taint matches the using the matching operator .
+ properties:
+ effect:
+ description: Effect to match. Empty means all effects.
+ type: string
+ key:
+ description: Taint key the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists.
+ type: string
+ operator:
+ description: Operators are Exists or Equal. Defaults to Equal.
+ type: string
+ tolerationSeconds:
+ description: Period of time the toleration tolerates the taint.
+ format: int64
+ type: integer
+ value:
+ description: If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+ conversion:
+ strategy: None
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: chaosexperiments.litmuschaos.io
+spec:
+ group: litmuschaos.io
+ names:
+ kind: ChaosExperiment
+ listKind: ChaosExperimentList
+ plural: chaosexperiments
+ singular: chaosexperiment
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+ type: string
+ description:
+ type: object
+ additionalProperties:
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ spec:
+ type: object
+ properties:
+ definition:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ properties:
+ args:
+ type: array
+ items:
+ type: string
+ command:
+ type: array
+ items:
+ type: string
+ env:
+ type: array
+ items:
+ type: object
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previous defined environment
+ variables in the container and any service environment
+ variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged.
+ The $(VAR_NAME) syntax can be escaped with a
+ double $$, ie: $$(VAR_NAME). Escaped references
+ will never be expanded, regardless of whether
+ the variable exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ fieldRef:
+ description: 'Selects a field of the pod:
+ supports metadata.name, metadata.namespace,
+ metadata.labels, metadata.annotations, spec.nodeName,
+ spec.serviceAccountName, status.hostIP,
+ status.podIP.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage,
+ requests.cpu, requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ type: object
+ required:
+ - name
+ image:
+ type: string
+ imagePullPolicy:
+ type: string
+ labels:
+ type: object
+ additionalProperties:
+ type: string
+ scope:
+ type: string
+ pattern: ^(Namespaced|Cluster)$
+ permissions:
+ type: array
+ items:
+ type: object
+ minProperties: 3
+ required:
+ - apiGroups
+ - resources
+ - verbs
+ properties:
+ apiGroups:
+ type: array
+ items:
+ type: string
+ resources:
+ type: array
+ items:
+ type: string
+ verbs:
+ type: array
+ items:
+ type: string
+ resourceNames:
+ type: array
+ items:
+ type: string
+ nonResourceURLs:
+ type: array
+ items:
+ type: string
+ configMaps:
+ type: array
+ items:
+ type: object
+ minProperties: 2
+ properties:
+ name:
+ type: string
+ allowEmptyValue: false
+ minLength: 1
+ mountPath:
+ type: string
+ allowEmptyValue: false
+ minLength: 1
+ secrets:
+ type: array
+ items:
+ type: object
+ minProperties: 2
+ properties:
+ name:
+ type: string
+ allowEmptyValue: false
+ minLength: 1
+ mountPath:
+ type: string
+ allowEmptyValue: false
+ minLength: 1
+ hostFileVolumes:
+ type: array
+ items:
+ type: object
+ minProperties: 3
+ properties:
+ name:
+ type: string
+ allowEmptyValue: false
+ minLength: 1
+ mountPath:
+ type: string
+ allowEmptyValue: false
+ minLength: 1
+ nodePath:
+ type: string
+ allowEmptyValue: false
+ minLength: 1
+ securityContext:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ hostPID:
+ type: boolean
+
+ served: true
+ storage: true
+ subresources: {}
+ conversion:
+ strategy: None
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: chaosresults.litmuschaos.io
+spec:
+ group: litmuschaos.io
+ names:
+ kind: ChaosResult
+ listKind: ChaosResultList
+ plural: chaosresults
+ singular: chaosresult
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+ conversion:
+ strategy: None
\ No newline at end of file
diff --git a/proposals/images/locust-fault-scenario.png b/proposals/images/locust-fault-scenario.png
new file mode 100644
index 00000000000..0fba4287016
Binary files /dev/null and b/proposals/images/locust-fault-scenario.png differ
diff --git a/proposals/jvm-fault-injection.md b/proposals/jvm-fault-injection.md
new file mode 100644
index 00000000000..c4ac89e54b6
--- /dev/null
+++ b/proposals/jvm-fault-injection.md
@@ -0,0 +1,105 @@
+| title | authors | creation-date | last-updated |
+|-------|------------------------------------------|---------------|--------------|
+| JVM fault injection | [@bjoky](https://github.com/bjoky) | 2024-12-05 | 2024-12-05 |
+
+# JVM Fault Injection
+
+- [Summary](#summary)
+- [Motivation](#motivation)
+ - [Goals](#goals)
+ - [Non-Goals](#non-goals)
+- [Proposal](#proposal)
+ - [Use Cases](#use-cases)
+ - [Implementation Details](#implementation-details)
+- [Risks and Mitigations](#risks-and-mitigations)
+- [Upgrade / Downgrade Strategy](#upgrade--downgrade-strategy)
+- [Drawbacks](#drawbacks)
+- [Alternatives](#alternatives)
+- [References](#references)
+
+## Summary
+
+This is a proposal to add a new type of fault to Litmus that can be used to perform experiments on a Java Virtual Machine (JVM). The proposed two faults, to begin with, are a CPU hog and a memory hog.
+
+## Motivation
+
+Java applications run in a virtual machine. They may behave in upredictable ways with high CPU or memory consumption, which may be different from only high CPU or memory usage in the container it is running. For example, high memory consumption of the JVM can trigger the garbage collection mechanisms.
+
+This makes it interesting to be able to run experiments in Litmus that targets applications running in a JVM.
+
+### Goals
+
+The JVM fault injection should support two different faults: CPU hog/consumption and memory hog/consumption.
+
+Target Java versions will be 17 and above.
+
+### Non-Goals
+
+The first version of this JVM fault injection will not support anything other than CPU and memory consumption.
+
+It will for example not use Byteman (see [Alternatives](#alternatives)) or any other tools that could inject any type change or error in the JVM. This could be expanded on in the future.
+
+## Proposal
+
+### Use Cases
+
+#### Use case 1 - Memory consumption
+
+The memory consumption fault will make it possible to consume memory in iterations.
+
+It will be possible to tune the experiment for amount of memory allocated for each iteration, how long to wait between iterations and how long the total duration will be.
+
+It will also be possible the configure if the experiment should keep the references to the allocated memory for the total duration of the experiment. If references are kept, it will not be possible for the JVM to garbage collection the memory, which means that the memory will fill up gradually, until an OutOfMemoryError exception is thrown or the experiment ends. After the duration of the experiment, all references will be freed up for garabage collection.
+
+#### Use case 2 CPU consumption
+
+The CPU consumption fault will make it possible to run CPU intensive operations for a duration of time.
+
+It will be possible to tune the experiment for the number of threads that will run in parallell and for how long the total duration will be.
+
+The operation used to consume CPU will be a Fibonacci number calculation.
+
+### Implementation Details
+
+The JVM fault injection will use the Java Instrumentation API. Using that it will run a Java agent that can alter the existing byte code loaded into the JVM in runtime.
+
+In the case of the memory consumption fault, it will start one thread for that. In the case of the cpu consumption fault, it will start a number of threads, depending on how the experiment was tuned.
+
+The Java agent will be initiated through a Litmus helper, using the litmus-go image. The image will need to include the jar file with the agent, but should be able to use the Java runtime of the target container to initiate the agent.
+
+If the experiment is stopped or interrupted, there must be a way to stop any ongoing agent threads in the target JVMs.
+
+The implementation will be done in several phases, rather than everything at once, so that each step can be properly reviewed. This is a rough outline of the phases:
+
+##### Phase 1
+The first phase will be to add the Java agent code to the litmus-go repository.
+
+#### Phase 2
+The second phase will be to build the Java code as part of the litmus-go build, and include it in the image.
+
+#### Phase 3
+The third phase will be to add the new fault to the litmus-go library and the command call to start the agent. This should include being able to lookup runtime IDs such as process, group and user IDs that are necessary to inject the agent.
+
+#### Phase 4
+The fourth phase will be to make the faults available, add to chaos-charts and what else is needed to be able to select it in the Chaos Studio.
+
+## Risks and Mitigations
+
+## Upgrade / Downgrade Strategy
+
+## Drawbacks
+
+## Alternatives
+
+An alternative to this would be to use something like [Byteman](https://byteman.jboss.org/). Byteman is also running as an agent using the Java instrumentation API. The difference is that it allows the user to make any type of change to JVM. This means that it supports other types of use cases than fault injection, such as monitoring and tracing, that may be outside the scope of chaos engineering.
+
+This means that it brings more complexity and a higher threshold to begin using it. It might be overkill for just the simple use cases outlined above.
+
+I think Byteman can be intersting in the long run. And I imagine this JVM Fault Injection could be enhanced in the future to use Byteman instead or Byteman could be added as an additional fault.
+
+## References
+
+- [Java instrumentation API](https://docs.oracle.com/en/java/javase/21/docs/api/java.instrument/java/lang/instrument/Instrumentation.html)
+- [Java instrumentation API introduction](https://medium.com/o11y/what-is-java-instrumentation-why-is-it-needed-1f9aa467433)
+- [Byteman](https://byteman.jboss.org/)
+- [Byteman source](https://github.com/bytemanproject/byteman)
diff --git a/proposals/locust-load-test.md b/proposals/locust-load-test.md
new file mode 100644
index 00000000000..70890248491
--- /dev/null
+++ b/proposals/locust-load-test.md
@@ -0,0 +1,65 @@
+| title | authors | creation-date | last-updated |
+|-------|------------------------------------------|---------------|--------------|
+| Adding a New Chaos Fault - Load Testing with locust | [@kwx4957](https://github.com/kwx4957) | 2024-11-21 | 2024-11-21 |
+
+# Adding a New Chaos Fault - Load Testing with locust
+
+- [Summary](#summary)
+- [Motivation](#motivation)
+ - [Goals](#goals)
+ - [Non-Goals](#non-goals)
+- [Proposal](#proposal)
+ - [Use Cases](#use-cases)
+ - [Implementation Details](#implementation-details)
+- [Risks and Mitigations](#risks-and-mitigations)
+- [Upgrade / Downgrade Strategy](#upgrade--downgrade-strategy)
+- [Drawbacks](#drawbacks)
+- [Alternatives](#alternatives)
+- [References](#references)
+
+## Summary
+[locust](https://locust.io/) is an open-source load testing. LitmuChaos already supports k6 load testing, but only for the JavaScript language. On the other hand, locust supports writing scripts for Python code, giving users a wider choice.
+
+## Motivation
+Locust is a load testing tool that supports Python code. It supports various [protocols (HTTP, GRPC)](https://docs.locust.io/en/stable/testing-other-systems.html
+) and [plugins](https://github.com/SvenskaSpel/locust-plugins?tab=readme-ov-file#users
+). Having a wide range of choices when it comes to choosing a load test will help users a lot.
+
+
+### Goals
+
+- Adding a 'locust' Chaos Fault to [Litmus ChaosHub](https://hub.litmuschaos.io/)
+- Fixing [litmus-go](https://github.com/litmuschaos/litmus-go) and [chaos-charts](https://github.com/litmuschaos/chaos-charts) codes
+
+### Non-Goals
+
+## Proposal
+
+### Use Cases
+
+Detail the things that people will be able to do if this is `implemented`.
+
+#### Use case 1
+
+### Implementation Details
+
+This is a Locust Chaos Fault Scenario.
+
+
+
+1. Add scenario to the litmus-go repository
+2. Add a new Chaos Fault to the Litmus ChaosHub
+
+## Risks and Mitigations
+
+We need to grant proper RBAC permissions to the runner container. Granting override permissions may affect other systems.
+
+## Upgrade / Downgrade Strategy
+
+## Drawbacks
+
+## Alternatives
+
+## References
+
+- [locust](https://locust.io/)
\ No newline at end of file