From 295986ddf563f528d89554712b10979f5674f06b Mon Sep 17 00:00:00 2001 From: Koen de Laat Date: Thu, 17 Oct 2024 18:05:26 +0200 Subject: [PATCH 1/3] Add ability to enable/disable hooks Signed-off-by: Koen de Laat --- packages/kubevirt/charts/Chart.yaml | 2 +- .../kubevirt/charts/templates/crd-uninstall-hooks.yaml | 2 ++ packages/kubevirt/charts/templates/crd-upgrade-hooks.yaml | 2 ++ .../charts/templates/kubevirt-uninstall-hooks.yaml | 2 ++ packages/kubevirt/charts/templates/namespace-hooks.yaml | 2 ++ packages/kubevirt/charts/values.yaml | 7 +++++++ packages/kubevirt/package.yaml | 2 +- 7 files changed, 17 insertions(+), 2 deletions(-) diff --git a/packages/kubevirt/charts/Chart.yaml b/packages/kubevirt/charts/Chart.yaml index 7350cb0c..a507d719 100644 --- a/packages/kubevirt/charts/Chart.yaml +++ b/packages/kubevirt/charts/Chart.yaml @@ -4,4 +4,4 @@ description: A Helm chart for KubeVirt icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg name: kubevirt type: application -version: 0.4.0 +version: 0.4.1 diff --git a/packages/kubevirt/charts/templates/crd-uninstall-hooks.yaml b/packages/kubevirt/charts/templates/crd-uninstall-hooks.yaml index 2480b377..fed020d3 100644 --- a/packages/kubevirt/charts/templates/crd-uninstall-hooks.yaml +++ b/packages/kubevirt/charts/templates/crd-uninstall-hooks.yaml @@ -1,3 +1,4 @@ +{{- if .Values.hooksEnabled.crd.uninstall }} apiVersion: v1 kind: ServiceAccount metadata: @@ -53,3 +54,4 @@ spec: - kubevirts.kubevirt.io securityContext: {{- toYaml .Values.hookSecurityContext | nindent 12 }} +{{- end }} \ No newline at end of file diff --git a/packages/kubevirt/charts/templates/crd-upgrade-hooks.yaml b/packages/kubevirt/charts/templates/crd-upgrade-hooks.yaml index dab97791..f911e064 100644 --- a/packages/kubevirt/charts/templates/crd-upgrade-hooks.yaml +++ b/packages/kubevirt/charts/templates/crd-upgrade-hooks.yaml @@ -1,3 +1,4 @@ +{{- if .Values.hooksEnabled.crd.upgrade }} apiVersion: v1 kind: ConfigMap metadata: @@ -78,3 +79,4 @@ spec: items: - key: crd path: crd.yaml +{{- end }} \ No newline at end of file diff --git a/packages/kubevirt/charts/templates/kubevirt-uninstall-hooks.yaml b/packages/kubevirt/charts/templates/kubevirt-uninstall-hooks.yaml index 1e2ea4ff..672699ac 100644 --- a/packages/kubevirt/charts/templates/kubevirt-uninstall-hooks.yaml +++ b/packages/kubevirt/charts/templates/kubevirt-uninstall-hooks.yaml @@ -1,3 +1,4 @@ +{{- if .Values.hooksEnabled.kubevirt.uninstall }} apiVersion: v1 kind: ServiceAccount metadata: @@ -69,3 +70,4 @@ spec: - deployments/virt-controller - daemonsets/virt-handler - --timeout=60s + {{- end }} \ No newline at end of file diff --git a/packages/kubevirt/charts/templates/namespace-hooks.yaml b/packages/kubevirt/charts/templates/namespace-hooks.yaml index 2fc43180..6f8eb4ec 100644 --- a/packages/kubevirt/charts/templates/namespace-hooks.yaml +++ b/packages/kubevirt/charts/templates/namespace-hooks.yaml @@ -1,3 +1,4 @@ +{{- if .Values.hooksEnabled.namespace }} apiVersion: v1 kind: ServiceAccount metadata: @@ -58,3 +59,4 @@ spec: - {{ .Release.Namespace }} - kubevirt.io= - pod-security.kubernetes.io/enforce=privileged + {{- end }} \ No newline at end of file diff --git a/packages/kubevirt/charts/values.yaml b/packages/kubevirt/charts/values.yaml index c0fb78c7..2bfcc405 100644 --- a/packages/kubevirt/charts/values.yaml +++ b/packages/kubevirt/charts/values.yaml @@ -21,6 +21,13 @@ kubevirt: monitorAccount: "" monitorNamespace: "" +hooksEnabled: + crd: + upgrade: true + uninstall: true + kubevirt: + uninstall: true + namespace: true hookImage: rancher/kubectl:v1.30.2 hookRestartPolicy: OnFailure hookSecurityContext: diff --git a/packages/kubevirt/package.yaml b/packages/kubevirt/package.yaml index 57030180..7d402674 100644 --- a/packages/kubevirt/package.yaml +++ b/packages/kubevirt/package.yaml @@ -1,2 +1,2 @@ url: local -version: 0.4.0 +version: 0.4.1 From b310afc72eeb4088545dd49fd097b0a9e8631141 Mon Sep 17 00:00:00 2001 From: Koen de Laat Date: Thu, 17 Oct 2024 18:10:33 +0200 Subject: [PATCH 2/3] make charts Signed-off-by: Koen de Laat --- assets/kubevirt/kubevirt-0.4.1.tgz | Bin 0 -> 43935 bytes charts/kubevirt/0.4.1/.helmignore | 23 + charts/kubevirt/0.4.1/Chart.yaml | 7 + charts/kubevirt/0.4.1/app-readme.md | 1 + charts/kubevirt/0.4.1/crds/kubevirt.yaml | 6586 +++++++++++++++++ charts/kubevirt/0.4.1/templates/NOTES.txt | 2 + charts/kubevirt/0.4.1/templates/_helpers.tpl | 62 + charts/kubevirt/0.4.1/templates/_hooks.tpl | 47 + .../0.4.1/templates/crd-uninstall-hooks.yaml | 57 + .../0.4.1/templates/crd-upgrade-hooks.yaml | 82 + .../0.4.1/templates/kubevirt-operator.yaml | 1361 ++++ .../templates/kubevirt-uninstall-hooks.yaml | 73 + charts/kubevirt/0.4.1/templates/kubevirt.yaml | 32 + .../0.4.1/templates/namespace-hooks.yaml | 62 + charts/kubevirt/0.4.1/values.yaml | 41 + index.yaml | 11 + 16 files changed, 8447 insertions(+) create mode 100644 assets/kubevirt/kubevirt-0.4.1.tgz create mode 100644 charts/kubevirt/0.4.1/.helmignore create mode 100644 charts/kubevirt/0.4.1/Chart.yaml create mode 100644 charts/kubevirt/0.4.1/app-readme.md create mode 100644 charts/kubevirt/0.4.1/crds/kubevirt.yaml create mode 100644 charts/kubevirt/0.4.1/templates/NOTES.txt create mode 100644 charts/kubevirt/0.4.1/templates/_helpers.tpl create mode 100644 charts/kubevirt/0.4.1/templates/_hooks.tpl create mode 100644 charts/kubevirt/0.4.1/templates/crd-uninstall-hooks.yaml create mode 100644 charts/kubevirt/0.4.1/templates/crd-upgrade-hooks.yaml create mode 100644 charts/kubevirt/0.4.1/templates/kubevirt-operator.yaml create mode 100644 charts/kubevirt/0.4.1/templates/kubevirt-uninstall-hooks.yaml create mode 100644 charts/kubevirt/0.4.1/templates/kubevirt.yaml create mode 100644 charts/kubevirt/0.4.1/templates/namespace-hooks.yaml create mode 100644 charts/kubevirt/0.4.1/values.yaml diff --git a/assets/kubevirt/kubevirt-0.4.1.tgz b/assets/kubevirt/kubevirt-0.4.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..2ce6ba5a9632e77f55e443a28b0e54048620e39f GIT binary patch literal 43935 zcmV)KK)SyliwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYKcN{mCDA=F%EAZ&vKEtmfiAlZG?$5x5|X9;4NZCpgQBe?FhSoIZaNgNQiEr2gpy{S}fFMG9BY zoN@F+K7)^h%O@mK&zDkW;`s28S3< zYWn=iLxcIzwgTuYoa7+xga8bj{}(U5T|56TzI_qS|9v!;0mqW@<0lA_6ffWyaaa%` z`R!EX0`#F(e;kSg#NqR=r{5gv1L;0|g3zi)F(%KyKKkb9X!`Z^e@>r2K`6_UMa1cP{lP3=M)YxC4zp^A2#gRr4qjR#zxjxQfiY{>q2n!^afb;~+3+FhS zK0)=jkI`?xtKV`VSxSC|QQi&Vl2TuMls9@1%a^CTNNd_ zkiby_D@f3i-KZg#n8pbpoJ*EswG6iglfdlR7vXWqv=N@R;oAOuYhwB1Nw*J3TTABd8z*->195jlTT=G zvWIM6Kx6gi6Ft3C4p;)h#R&6Uv3~lg=q8L)ikW_5*{_IwR;`O^r^)8_cBr=GeO`n|25jRxMbP_Qt zF`>dLNAzz*q8r7I&p=5Qu@Yafp1hrHH)PdIb?B0L0ZjL>0H}SX^SKYe6H)Z@uX^&w z|LMP@hx(^Hzdqko0YSiZ2O7gg6NmDau%L~Ga%5QDQ(+alORh|@DNA(P6+4QDSo`E3=$D*HXsmj@mlRXHfOs;yJ+3h+R&H#Cnv?T~;nrN{q;(EPZ`lebbKIxx zbJy$_jo^5Vz3Ri=CP5c=rPxTVR^!pTDE)zza^H0kr21>q$c)~&7WUVdTvEB|v#!o) zb&VA|;JV$jf9!d6uy)oT`u=_B*2@1ecD+09Z(!i{O=RYMO@^=qS{*>jhN`eM(}E%oQsZKjXo+B*}Y)0|{lC$)EsW-w=67H|9 z(E05*IO?B-(SZ+CzI8hl!QH_nwvaXMG8$A6{F9;>gKIJpR!rBJXbY zR@2!td#$TS90bdG1f`;L^kRN=U*6qn45AKf#l{PW?|KDH$iXFa9teG#`ksWU1k=Lt zRIY#Y`|p$D+ld)-jjd_J@qzg?kbB&OA|5-;ZJEm;#tu%czR~06Rt(nxrSY?gx0#Lx zRoj#v`hE+ozqRmxwY{7eW^gOFfFb_x>oxoTx8Hml^#AwL8j@VqR;g&hv_J$SmsXsG zoIk>=Q)Arzz!F$n_aj&l&l6)gogkc%?>Wmeag6>O z?ct2TCka$&*9x<$J@hxtO}h)tylH$W+;95UAa>aL>v~U1+iWp+F|F9y_w@4>@R{k| zav|t%TLS+(LKR2wxc1N)nj=tM&NkbozI7w$zt{9}oA#ZMu!o^$RU5Y80gOI&sx=UNt$q2b=MLa%6|Cl^6M;HC;^e-d< zG5sDS+KYHxx}a-}->aP4S8W{P{jtDnDvZIaYy^y6+&BAs53A{9eLL7(jm0U>y!qN1 zwl?|N1xVA+V`aS61P{<&rWmn@VZZMb2VOn|>)pPhEgA1FFg;qf`%d@u)ec$iu8D5L zaCi54uk3c;H13L}-4QFVBPJTZP3Das4nanTj`nJPRo~Z@w^l64Q#e<9wl;);o+97o zt=eORQuWaVmdoSDI8Ulwx9mr2k42D5eHQ(kPX(3|(#8TbErVMK z*V`oGM3M+6Pjpai~U& z6&~x1Cb!eQ-Se~+mg=|?0B4-T%sDL%P4!(99)x-(fENo63oKzG*#yTaQDBffhrM=Q zwqW?0T8om6Tzf@SxWMA!0%Y-bO_4G|#*eG`r-{uf{;8SA;$I07Wj{ByN2b?^B?&}2 zHg^*_stV$D$TpC$vNb+j%?4<)h97r1zkUR8sMRhHlm`>9{|28j*6~RH$HeLJNd&yO z|GM5$oKp9zZpFP_;f!=WSBwx>7}VK=Sxd&*r`yUaEvG?1#G(BxG!VXeGRMjz@KDL7d zc92ST5!(i29msZyV}ldDGrXydR-H!g$ldGgIpUiQML{R5C^@69kqKRJ5FMDX+1LRI zN25a59az8bc0IQZ*@!mn*+$&NgtG)@wl`1CqSQ|LXq21|tERkK=W0eM-rAX>J7e3r zxckkxxBFwvy>HJB9(^?Z)SG3)L`3uV@&}-C#z^&*jK$&*K0&m_lKSP2293HCDl~>A znHBH04D)w3+h%hckQlRcoMoLXaLG+`SP@ZJ#T%2n>6Y;BXksyB3A;_9icv9!lu^-f zpWi(o`^aHCbPbVFv{khIXi2oFFh)5b$qgChHd%Z61eeay6+lxPS zFGohj9Wg2-#|3rUQr6jUehpS8a|u)8-K?TI?J+npdg8_HY4ru`4@#o6`=#|@SJ&;* zeiY)A2z3r@jw~N?u)+z6u_SbH1G6P#*Y(U+#d~QkJ>DvNE9PPXrq-xR*PCQ338DWm zj$uD=Mn*spXQak`JoN0#Y*5pPabRK^v2=i+vfosgr6N6*W+flR!n#?ef+ybvyE<}g z#a50Qb<8c{!KtgqIZjd>EeWk$*7e_Al=dC)^JC$qgd!nl#`Py%)RzCajX;o^PtdvNO>7pIg{TK9byye5l?Cs1H z#hF+#x#od9eBkVtT?C1Pkc@ZIEBCog(7VGWMKSSNO^hYBKh}P;P8Rop%3I!Qt)sa! zFK;s#zp2%)yLQfslRmFz9Ol4*Mnj!7U)%{ON&@Wzh~n+7IMut-hcvE}7Iprk5MDSd@UCi=$v7M5o-+f?P&adT`L#-;v9momyVF!U#7sA8*I(toKT#Q zUxD{8Ws|O9MU2D9uIIcVm)diXS-cg#jgy;u^ryYL(tbwl;nc-dAl;Y1Gq@$YGeV4E z@1FkQY1^F5&#k>1o95m0oiUb-=U>!Uoy>@O)}$F-uT_p|=PMCTV5i8~>*cncusnVP zL_RC}*_@FShd7RFuF2hRa!A<@aA=JGDHybcF1#MPxGG4%tF5k$dPHawam#fc~ihxaKa}SqY`=q_*YTw#9$bzU{ zJbW~wc9bx>!Di^sx&g-;`sL1d`X!R>IC7r@v7Nj>vP<{VFFBKV*z0gx?dJ%4M+1U8 z(baW{S>CY-8^QQ~b?e=Ffia4JM|QJ6jAH%KP(*(rt$x7FcaLZv9(2cdBO)1h(Q=#| zgq+{+6gotdh*80kVKHe%BcFE;MZ^K9;tdC1S7M6@QAKDxSozI7G&xeHxOi@L1=ttBG2b9*#rUR&Y<`i$te$N6?!yc&!aVijb_J!Y_ln>1AFAn9({p4 z&ZA*e9tpP*Scb=S?|+8wG}|G@h)uuCEycN90+l54@phK%8tBGe&Uffnz5B`$8|Gr$ zER$VZHHHUEXtxGToMobf+v_4ZmLI&DlQ7e3`*mnyt|EfF@sH7qCkP2hAd-xmp;LwH zZ!2>dn2pZ+0*hPovO0u1uV6yx;z!2~^;dXEYJ&|7XIeW5Oe>SIG*Wk)EZqGaRBJ}y zxpttuEoYXo_=HMwvi3lYsz?im_;t<+U0fC^*v}S}6+gfE1W~SYqgOsP_d@J?y#k)r z9~VHntnF02>3w_iNwIvQtlr*iw&p;4iL`2SP&r0twBr?>5x!#_R1o3y4RTGgj3sPw z`-7ViryxPom?aZZZBgSJQxpCeJ-5HNm(^&iM=_Zw)~fO2-XCARdb!tpbJcw7MfH`4 zr75Oyv;VG@0$nv*~e%0Eu&0^-;H3u9k z(Mw!#HiP0?TFb^!ZV32@PJ#{rpP~qPax~MOm&oNE<&Jv&}Jj_4Uy?sXXhg*@KgW-CVfT zfNw;E6KpDJnBp3>adC!cBq5Tl)8Lr1Z2g!{(8=4kwO<895lgcR&gLY6<`?!Z~J zE%Q-%rLQ(mv-nO8=?^2|lFSvu49)%SN{L)87T}t~wf8i+Jx1zg@0men);CdPsdc=T z7buHi{kpB+QcN79gwXtxeV$c|tGpYir&8=dJ38>3o``pheqc;C7TCROJv-J`0IQwD zRTpytRzR%YtD18-wevrTV@8Dne`WlVX?XLAc$8Wi-e+UguA>*zX-;s`vhU{gj@30f zpCCvxdHb61WAxiPovz`;Ls$11ZhiHiirVj6mVq6r|N8Z}jrvb7j=ufoDAa$tkJeZJ zwcz#(MCdF7d&d<}H>l>lNx}SG6axB;mfKk*wIb%VS0^n@R=(9pI|`5{MCkt;+hbSF z)b*;Y=1C=6xbCD#e&b$mA8)gIr+tM^AN_v6xc`EvooiaFi0V}ewFg9xv=-`}Z|cjP zRYUD9(7$Op)Pbu1_f`*eU>;~p$=|@&u@;z69a{TvaI*kdieis z%f1$Efd7B~&9~n+>c4*d&5LgX|9>B?dMQ@ezVd4PA)moVMO3=0p^mg7DfGV~a#@go zk|I@W9+-n)`^kOnNJxcHymB|IJ6in%>5LcTS2!(e#+u>QAB-HdPt{ujxc<`6bP1hv zY`a%~ZUBdhjJGb@X=CAEb zZvS@7u$FVG4QhYu9kTXaWx%b^e+&ID&hnOOpP~)W|Cir>d(^D|ee~+zQf_33|T z70>Tq?NjvND?rshxHFYce~Iu1TuY}ur(JzgW+NNW;M}$bj;`?n#PrEm=xRv>5_zV*j*wVF zlAuMxX2y+>(8U4bkYGtxpdEB7zhfFd`3g~380mgL<1i9W%F>ik^zrl(#e|C|(*==-`oCuSPo}e9`Jw)=`(e2_ zRR3}R6f1gIb~MA$b)F#|sr2LzQ*o0$`NMREub=#3DpU10<7DyV5C7kjuh2)#3CjgK zd;LZ{nOc_Q$&|!^56$bG{r$;wB_bBX;b&m}FV8>DvIz$qr!Y<9-HtJI{$IR&-aP-W zUIzRBy)>uZLqs6#q92eAe?TRpj&K}L7)5i&wMx)lH0Wvx2$NKOE*Z)=Tag$L*8Z-H zq6KF;jrCWyZ_C~x!4mD!ED)nevJA0#wd2p>?0gBWIR6ok??CmhTi^MA{>{fvNgc3Bw7upV+iOU*=t zB`g>xwJO1h;k_HC3-wc$*42FIx2+!cdu zy}xa56Gb(N@jATVgi7G2EXmWlf8^fYkE{3oe#m?lU$=nA(L**E+uht~yfqmM5{2idUdl7O@2-zZSjg zTT~6JRq+yOoS`@|;R}X|ZuXtxTf{*FFsGFsO`Og8T+S7XPw1Q-Yu9>le0aDZ(w%p8 zap#oC+e2;jCbL{JE)HW@L2@X_VuE?JBoZQ-b2!8qndrq(6BnAsU$yO42UeM;59`Ry z`hn2cuq>uSv)FP^)K3bGAKqME75HQJ&Ei^#f!({MAWP^RxcPF`dKjE1Y1*dGf@!S& z{h{2(-X#$#B;dXi;kD!l8*;SMrR-{Mz~zo+XYRtC&rs-YcST0cB*&1_f{t>Vr?LyN-`Hvtgxcd)UJ6# z@?5jmor5yl|I`>$h)|u+^W*>tLL-anIEnJ45G;+{V!u;gC?Ntzk=hKjO6~wBqADm(bouDOIEP>leq=2a~Q&FFPJQwIjOU*Mt2?&8AmS&u#MD!5q z*{u%6MLMrV&OscYSuSlyY6LUD9BzQ?AtE<~Fey09eq-HB_n|+V>%9;l5A(iwqxg2&;=}?>sEDfs-RJGKz1gc)L(KF@sOqinrtoDV)cJl(QX>0VrS;{N-Xev#Wj7DeAjtxB`RKfz*v+cCCUoub7ZVs>i zb#aLZjZLx#z1Gx1P(86qQk)SZM>y3S@x{cl-6>FMp3b~rYA9m2R;u1628}%5{Uz%s zVATl^$nT?G-JZuqsH(8^x)Xg4KThLsUiCrRmx4fQ*qL*iICNqdn3N3>`6IwD$6}cIz1=MQYG) zHtcE%l?mxt!Y?^abSH*wQj%4v3|*aG{Mey&GW`)H<47&x#0;#CB+HUp#VzW^X-Cr- z3{x4Sz7BoPu3zR%(`tL${LmP()oD^ou0wD@6|1>M9jQJol*jHDt=>L)_qxr>Ts9AC zGLDBoX{?|+Cu_2IPc-h>2mxXJ6%G(a*Kn&{9kfS<^&-+Q4-BnckFB_H4Y#_BE-#2` z^OqQ}q1EhMZ#8(Sc@R-K8|sHbx#hLZrYT$|(C$~zY$IrYk$Y|2vb;pOV(%*MK6-bb z3hO4$s92KBXxbE&VsozzGwmZzNL&nJ@coP)pm$8F|CwBJ8VO!A5bv1Ozw8uxL%D2S z8xK3vvpz7?T+IqNRc{wDRl=**usS#sfzBvm+=9SI>|25x$_$d`LOZBXMkhMaUF#?o zwv5+6yVZbpFiptK6XRr+;0R(A=T={6^F|La8>Xee7hr1D4DY%pTQv$j#;{gfF;~9& z1D%a=@SV=o%hfhY3orzL4VT`MbiA!qy)gYKz2_c}Io6fAnrkq{+Ufl_b=&C^@jJ>e z;bMwTw8LovwP)7Xr_#;9aG4rL;l&Ck>h4uUmLf>ZP0Z$Ne8>U1Su$a+PMw)qb+C60 zw|iPK*3XGoh{N6)-81+1+F>s)dq$I6w5Ol#ZOXdrf?aQ*UW&6}%q!CY1v8Cp!Auj( zG{H<`S}@ZDGmUQlJZ73G%g{OKHAB?J}s|!qT-?!F~Fm2*_J|;e_osB;} zM*r{r|M~ZSOrHJM{{DX-P5$TK{(b-dO!Xgsc=lh<{^9=d@6Vp?@BjA?=igsly!jh> z_K*Ljd3tUB^^g7khBtrn?Bvh%v>o8th*`wQa;aI~zdBWBWx+>OYN< zix8qEyFqClEm5|-6(llW81F*em5y=$cz)J9ei3-GWJ2=>+9^qM%_i=J2*u6JIgW~0 zBs0#E1CG%?<0xVr5TjbIU*0NU>Sqw^&cw5RQmi5H38z^C2MF6y*&IE$-dfKa>oeop zwN-xVALXRd@zGJ~_4WMU%#w;RZ2#B*9ZZ06V~5nhK7(q7gTX$u!~#)zfqLGqX z4Q%hKbE_Lotg=ww)mlL_I18*JEfpzk0)97g1JXRu$;FwU@!ba;s>9PlxwhMW|7ucm z@3zyo)_}g-Uf+9~Op@icD5Hl+zfvW^^$J%X5+yB)4c!KQizVd;RQd30a|aq={mTC36#i zPfMH&wNnRHCrl`kIj6OkBaX!qgo*fzFo$`bB)9zo*V)SL`O1_~lIE#REO~W#`WMY| z)5!nY89+rPquuCm6i#B7Apqx+Db78@Npf3;yTooj=<4zm&D~U-8rha*>m3f$7|qEi zEKN+0>rZ2`&L&{{>;tnAD>U%FX%igp3sqX%&sAyOXge!D9BE^bP(YRdRX9pU4(Z$D8ZO81V5o#06)i#5*o32!5 z2=XhSeaR5EiQsicHJgpl1=tNKadxZ-$OXJfZIt4!fd6BqPiOK|D5n6zbI>+yO~vOp zNoF{@R=)@~mpA$jb)WW*K~&EI&=T`leKx^D5Dn$x`y$42g-Nn5psiO`ZG+#8u>?8| zu!AV?>lWM_z26x>;o|taFlIo=^q@{d!X>PT)>ihVb6Hzo5Bj`m^jD~0v8-O%R`w+3 z9{*_6xE97|R7gxCaA}%m-J6_}1=m_Y3rBsiEps_x^Lc?`T4|}nP-Bh>Ej+2ZMz!)< zx5~mfWvC-Tq+?~Q<*mLzMmtTGgPUi|7zOVJ+k$sP@NNj+4W}S(glDd5>-hS1e?DCY#>s*CHK%qyKPu-gZqZ6s;OP zIV>=b`v|$on}}zLQ@s3edG35#jhwkp<|V`3Da!Z|R@I+Z$kp0%JtXLQd{s+8%bX<~_X_y!K)#X@M$r+`O>1D>S%eeX zQIr$%ckmy7Sv+9G6WSu`35{k`yrQ4bokc*Qkx@`+Y_P_dXehKXUvbA#QRogMqtJMW z`bJ2hjp2Duky7X(qNREVy@QA;G&X7qjftE>ywh)$)cmVaRxX*$ zl6O# zt5uXcpW+xw<%p3CKA!h>YLrXM(yXLr|A!(+inVZ>$;N2EMkfvm4DC-f{l>UX9ixxu zszayHcSZfae*WT|sMQ%dv#?GR z7Ckgt6(?kyYqmC9wI98g?frUVZ=NZkz6XQL>czDd5Dj4&`g}k|Sq$epM}jp+@0KCV z$yh%ULxPt&Fr5cOr}{200qu_9p;^>oisekIj$=kf*;PKJk%!H+&pK1f_@ijrT^vZ$ zK67wZeK3btv6+%$5ERZZa@7B&YM!UU1IoVU-f?j%HH&4dtpY+ht4N&cRdl z@l;p`&*n(A^!Uu?(Dxm+rFL1pWO>XYaTqZgK_>MdC7W=Fg&+$$$yhw0y0-GrXx@r6 z|I|rUO!K(K9x^r3FuMuqcS@XO^ipCeE`Sr(2?8HRc$f(`E^~dhMBj6B?s{rtC5vI4 zw^%oBo*LoGy3xg8${QC~rLI6Kl>GAXTwR1LUo0!#Yg<0)Gs=7{=yPBHZrXcP$_(mPN7$vi~d>L8vXkwjQr|7Tj23EiibjMPlgj|EV zD?r{bevRgsBsmAItcY-~q){77fW?3f>1?w5#iXv4=D(P0m&S~P285~RB5sJz zJIg8%x>>?N=`WUM2}oO9m*w&T`1j;HBsp0ufZqwO%rK2_NGz8ZzzgE_xhpZhYg?3! z%5Q}HI7BJn&_rZycBlkH47jeMwcHoKYDx){U2#g1v{K_Ppg1m7BrsM7%iG~&0} zpw1)XY(?U-j@U$7Q2y#0W`qksGWYzF`-wO zQ29f@L*rQ2;9AEu+pbhUmX42QP=SpPD+10;q}Y)6#XBb9*p`LNtOK@oi?sM07y3b~ z@72RwAB2J!9;2#Ast4W{ycy;=Ngyc*fw%x}L;80G>5HB*9HL4laZ+JCB1Ucb*d~JZ z4&@jU8(KHHA#vmW{`#Kmhb3s==W@n!8rPPuuy5D!?Hs6^zpH?m<#NFkLEHr1ia#_t z?y9ivgW-;0&Dny35SFdo8D#6-4)e*l$sg637DJ!ggoz?d{z=RasLimJG2d%DGYK*qCLVB|s9ZDT|g6UH6XJh+tcj zTg;McZbJ_c?w%5Qdhz3SS!4&8pSlUwyxXQhc3jQ&DM@Dv_H?n^%pm^ORfQ?Jgb&uE z$W^w!ix`;G_Mx0I-6CJ%+f>wq)?}sResCO@5{sRFCH}3#XKU@I0k4noX$4&9)vTW5 zBwOOu^TChC#l}PlCca+qo5eYt>JfAlRmqJDQzgrQRUA}}{tEO{_sD$gA98@DR>^6f zHmxEdl}w$!VJN$O&58GzBE5yyTUuQq)`ll)5r&@KzP_b6C6UA2GLf(2m(jwb?*GWO zj9GHw6i(7KmnIv@nehzNzT7rN%3LS;wL9b)DKsi_qnW#)#4E%>2j@px0@1bRxnHmb zGWl38SbV9lwbrY5wA0vFdt@uv`M=JCC;=J-u(Q`Z{gpI6znvH6vo-;F}IM`;qOwk`55 zmu)iw_tseZ$`l9fp(T!!D;O0g#rjf;t$c@4Oz{FH#o&|jnjH2cLgOidP1_cZO*l3k z&DJ_uJ2*B)Xy3tcm!I#+Ih&WG5rJ4rq$`+Exv>urk+rx8d$6_20c%Yae996M5t-Z; zLS5`DPiTY74H00&AxWBPrJC#CNf{S-i3UbNf!nlA$o@I>tZQZ4L*CB&AMtc%x z138dQyIR89>?*UWrdTVI_HpeUZz-_TJ1BNG!u%}73op5^&@FhY7RCfUvm1JYdF+vB zeY1@&y07SJZq%8-CRC?2)GFXoMFXEQCQ2oZ)xn@F$rpq=*loDgvG!k|sAIc#H%grm zkWYQA`KFDBdub`JrWvp3wk$kd4pcmcWlhrBOZGp0=yE6{#IW~#Gi?&hs0ZpG><$*l920InmS9(ZGRnZUxb z&i25ZQ3-sGqu$;2^QQow68Rk`@dAoo-_r{gzZ-V+@$(omLtG|=XI}FjgP&!b+C|GK zg)*PuGSaBxy3+Q|P=<5&@iF=UDO(v!$m;p@<+iR>gJ{5Jf+ZlqSus0r(QyL*ZsxX1 z=NDKmA6aC%K|KlaUzw0L9MUhlX3K|Nk>toQmEGP6&Y?nKV1|XTu4h}AeH#&;yNn!m zQN!iJ>uKbcOeb0}FAa$n=KFE$_lJUM@JRxvIB}+(3*)-$5vu7&zD!GFSiQsPh(OR0 z_qS66yz{add3Wp|c-UOs;0M(i@9qw~qj>u)A|B@-ZE#pFsy(-ylZ(?cdk6*~`dE+1 zcwX^rZoRji+q`iDGWB<~lYVLcR!m#UD3MHO64a_Yk0IQ09DOm8>`sq+7LkuYW5)f@ zdks`NdPsNhGl`Eg&f+|hKa&{AJWC1>=Zn++vb?Ti4+OeHdNUpet{R@)^^8L%hom_v zP8ng=I7M%)?q}vBYU4Tr6pk9EqRs3UeLNRabak6qr+7OXb$xpY25S4J5lau<{(0F% z?|?k7VdIxYpK~$Wk|+mKcz2}mu8GB2tmr`D!RK;#|9JVGxkD{??IX*>bWsmE5R!3S zFsu6Gj4|!xG|9#60D&A%**ZoQ<5R57G;iOivF=BfT-{m1TtgY}sQa-sBJ5&4-!@bC zczFZ++MTDO@xL%WBl15u0|8OQ(rkQIxXYFgtqgA;)pdxSD^pDQ56;#&SS#A+w60p~ zb6s#YCyBpqti8&Y?WHhlXj5Bee(c4C(gLSVm^yl}9=|!J;-W9nigF=Y>ap~-<)2o+ zEOLP`#{weEXGC)B;V5dMV`?5&S3D#oj3CVFrccy`=DAcfmUQx*N|J)zqS2%HF$4El z6h}a!1ApyS^f@97!bzkv!a6s}XB+1@B}s2Ar`KksnC5e=HJ!Z|sGshB_@4LbM_lJy z_uda1#jrY^)UUq%m5k=Cum|8;fYNb?@9+A!6L=`Vzy7nNEN8LId zTnT_M^@$G^F(Pa(4y`rJl+@r1(}%(qE`1yO*tXm=F9

bC>26j7ER+FaEIX{WKv1LMp(6)2mKA2WlVe%+qA%;`EOl(|xotBI;( z5Jj!`{))RUH3W&(okU|Boo^8aVU#dgsYlPaT3)wo<9EaGp;KU5Ykb9rDk|5#1+8zO zr+ip1qqHM&-8blIgLtz033l2+pwn(%xr5-Q-32!7aEW&m%;YVsj|^f$9@-k!HVt@OwZ{1xt z6lJnOWuL3Jmu>c&tGAasNS+gsYzh6A+Q(8+MnLzOObNYud--u#0XwP?S+!FWn0JG3 z8%n$4TF5w)EMkdM0~h2OM~a~71g(m;t9^?Yr4S7y&POJhS*=r}JDgzwMOw`{Qw$iP z3zRaUZF4E3Zj=&h26k}shp3?DLL?J2<}_u$k|e=X#uxqMdGm+wn6%DRmzQr>FQ-Q? zS_PMsVtrHMT;Fy#kR<4uvYUR*!zxcGaFZ{efYDteEYQXK_pjf+Dep0$(;IS4GKh&; zv-;Ped8=mtpm{o!f83(q)!WPGeF@qcul7f9)L!jNMB}kQWpuQw`fTg%W6T6 zLQA|KgGnG5pI-cU$N?vkq;R;*7aH2)*#RQdmJ(_Mvd&p~gKve~j$RSOFWky>bP1f` zEUQCI+P zxDvytiOn=#6=uh&B5r_FC8BYb)&l>i{`sj+>o~F9P7=0w>RVsIMj#U!lNE`L`K(bf z2XM4RAI}f;GB_l#!c^9AwgyXu5<9|$VZxn$P+UkZFHITzPA7pnaXoK*Rru>H*$s-8 zm@Zt9?8oyVY*i!@FLWIOhLnK(@x05iy#Lyrpi7At-NMwQQnk9{C7LH%Y2K@$7`!l7 z>7~RHE{*@@X@bSpHJv`5uXWj$b=-cia6-#LCKKzV&^LzSua%Y z2c~k()x~)?+Fh-UqAekoant$T3Dw6>+zJUPN_&#W4?^+=W=qDd$BSM)p!@&{!?D`s zQ|ArWCZ*vdK?|V3NrbNdC>jyFR(`W|J?blNqlmp4(O6JR4?OLo#&Ty~*B1@qpo{rz z!%nC!P7?yuKQZ%%;*(k)5Xq3tDWC|r)agQ$^fXWc-6EofnCX$wp?WpGMm|MrwAO0a zs7sw%(Wp@>ggEk3-HpFqg?rrYHf^dQ?hHI-{sLY$PfNd z7(0q;vz+%=kgv8)O{nMAJfR1(pyN!+Azq-`&gO{7rvm*7oE;P{ANp*qc?T(U9%alN zqqhGg+bl`w2zdRki_2!BY70U2#O9j88PW8d8#c%IYItE{+3pmmCWE`jCu1$d8jU>P z{Uz%sVATnGnVs&oFz#=(SF!DnrtPHc7lViWTq&0*L()l z;eHpT9%Cmf_76=<34IH6A(zLfUp+W-K55J_Q)a*-(w|SD(ovY1j zLbFG$U3o+Z^$-z1=I$+vaPnU7#s}w8>82FHEZ1Q;+IG@~V}+Au zY&YC_^=ah*PN7Tz*3J_S6TyBDOMeFUT`k1kh*W)i>PRO9wgSE)aC3OW_%)%6iITP_ z1}NfCL*ei%{lA_uuin3Ye~eDz*mzthG@s{*@xT;Q#c)^~%YjY@d4O^f|JT6r?;&l2 z^r3e4Q=Iu7{Vr-Ul9K4d^8pq_NIpy`h7K#@wx=B&)dIQ8K9_(@<#5KIinT;f?YQ@uI1vQ**6CfKVZE(y0n=g@fuAivcK%UpAd{JhJV$4RlLnaw1hZMY~WNy zUs$c2-`Q)CX<;W}x_GX$QSPjSqwB9ycRenCJj7IzN%2Znzy>~Lm=;#kBEl?UR7j3V z_YzIhIAe8^@G0XUis)Xo2QH;Zzk;Kf77@r)-IGk0Q!*iA?&uVz8JF7EREniVZNc?% zdxyOQ@Vcr>q?y2qXy=kcQx0~Lv3R1!JN(M6VS;HqsR4Tjid8kli3hr%^<;Ps^K~K3 z0??In!1JW{jy26uKaU)nV-%X1<}5hGueEabvY6J{g0kZ0H=iKN{W8jKroz)k6Eik& zqdzk<(=JK&fk8LTdB!fBLtsh7+%I#lRsj}g)SMMfcMI3jB7#dZFb8OsOGG3}@hys$ zjP+KrE1Rv!s^_;NEYT`SMgcL7QpKcMrmivtQw*{EY@isTYuYWU*g|LTQbXy3sO#}* zbCxzhrE1_CAd96G2Z&5PRmp{gwwzuHN`$~kSr58`&ee#+{lQqY&-`i$IKO7B;W4{a;)=R~H2Ez{218;Opx0N#6sZdv$FXlFl|2LOy@K_~Q&)sh z!!kAM7|Ydg4kBabD$q~flxzGC?}B8i<9+e0M1Un(EZzQNtBkDUjSm`(sPwg&3jc&6 zNHcXa7U*0-DhWI-z@_od$SG!-BsE^*7P(QsH(A;C)fq7Ae063gEPFOZC)&pCF%8O! zS=f%$)C4R0@|wo@>SI|U#QJ{G*pw4nG}_+LdRYeu3&A3vyr0!ppjjP%%|`fJRW>QX zhSpBWm~YoW;xbd!K~tq>qk2b*xTwCK3Y6g4Kymiyk!RnNzKa7?suA>Kz5j zXtvWSWlRBv1BB5v+#VP*Nejtp^fYXsW>VPluHja9YQ`A{$W4*UwCnx~?_F(8C8$xL zEa2{6Ub5Z__#4h#aYJLFfi^3eS2nk;Tf=1o1V!3CrILsB8g8EogDZ*xEJ>&Y)6eJuddH;t-B#-GZiVb(Y2#<*c_Y(g3cv@%2hwn<)CY z!B-pJ+#~B8Ha{E>?45yGbCQ42R*T2VL|U6lU?M$RU?RI(U?Kw(+0_CQ8JNhxL>4VD zk%5W4%XyFWS7~cT*Seu9_$Q+=FLl30qpSJhWV~Z^B~93{JFzC1*qPWiCbm7XZD(TJ zwyiy}ZQHhO=iAS`?^)-p@BFCUweDWKdiUh7!Wy6ic+0N{XCzrXe2E6VV=Gn7M4 zAjdEJFEeppBROjpae<>LAB5WtFEI#~m>z{>XcHYzb_m@lK zR}VK)woq9aJWPD+dkQzK)-1Q#@fZSAyGj0=W{x$t0tX;rl*TQ6 zMt7T*1dE2a5=VrDIh}kHSJ&@*#YDm^1@o0jf_1S-C9QBp^zRJWx&SvT9)sd~ODem6UA&_h3)q7exu-slfHqKRj}*8j?}ZfeyLDF_gl9V=U$_&gUw-v!P>CLg}gN# zf7mMTXo23AC2!-zeJ1%;r@mzpgVj~6s=rnXdlTm|%)(-i743Sk!={)^bge?QQHihs z56}OU2dRrZi|KZO`ixj!iI#6(#~Pq2%DqlmVb{28^0$fiEHGg?8V?W=}BsBh||$cYz0#F=Y$Y4lSmEcD#)o-!u+8 z@@#T#Pe>bsSuQr)$F!zvbCq?-*il1V774Mn_tY$u5Oo+lfwhXI=$L4H4bSWM*#4#5 zi85(ZF47tqf6HlsnBwVf6?I9>wn^p?*+%yM!Hkjy$ki!R9L)2*I&(@ zO;vzHa~bnnRDHi}3yGk7uaBL&62l2^2!<%Zw1aea-(8n;5)qV1uUH(;_Azn|h*2d& z&6OeLc+;S4%WxJQGX*M>`!W_sr~5HyhQ*H3<$&3Bn@D0v2rXK?I_mI#a~JD zMn$8Xd(29%^0f|F%!h*bV}`jDYSvRj2ww5fF4N}==&3n=y!z}?xeo$JKVZ8-MWyJ{ zqZ%T;<7w?hnry-<7~H}Zbe3Y?v8v35!fUhOXvF5z1v8k+aCCPOuLLFf!H_QwxBYBl z^4Aha_*=U$XFFUlT|_#TxDdeGS9o?2xuaDYM1Byjcb}9#&)MudTKFgBD`tU z&;yKX7J<=53W1pxKaw;h2!6kdw^8)-@0RhA6uz ztDv;WJ1ZxVTc#IBvEXI7M+x55uuUSU;C~s73Yg#Zd@!g!uU{@}wR~gOgmi&4zSoR= z%rf{&6NDT!`p|DUHYVi~S^LR0d>l>_vnFr1Hrz(kTG1~m^5wT=A`Kp{FIyUxd&pT7 z{$xBK>=>09)uI!r-IJ|Xz&T^NVBpqboit2P83td>hC*1d$W`FY_z{^YZr>~eF>hdO zIQ4+zm0giQCU`|Hi|oSun7w*jZ{2$)Tdwr@X%moPSFt`=fUqUwL$tqhUBl>5_)ADv z!(}fje@rlZZxUS*mv0hv2<uHI6*q$QXd4??S^! zRnrpn2~gr-CB~)g2)4xa{#87gLv$}4}Y*;9)~qnS+rIi^}|1q|VN*Tao1k`cyb?49%l32ype?r#M0^V&V{ zVF1ooDdz3(_O4R}aS7!9>=i&;uZyVdT?%50<>cQGS{n9Y64<`4l*VT($7?4(RN@ad ztY!zmu`#OrCyA-mTD9=|c=!dyUA6f2{o$9Z>Q-IjT;A}Jsrr7MC8AK#)FnEVSFmJG z-mGcqJ=X1wdt+=2`~KdAIU&K{-*7K~gm^b)On%(n1bem<0w)s%{aXwV;oRQXyy%zS zzsPAb(j`W`8H^4D0UMFmD!pG>>ipS?N9E-$QOK?Q`W>7{`SslPU-O*n{>Ju3aLEHb zz%HuuujkGbK#Unw)3gEutq@~Gu*o8*|MgyA&px9CemRL3_zUGvnEzEZHA?T*u_%>a zX@Hd%_1~|R1J2%`2fRb{0Q`nTTzt1^z9c>SM7ujYJXB;yU)Geu-!n&SOJA@;?L6TAZKVge2BBVWg-WB^s;WV6<<#QeA=NH``tOiNz4NFw z4gy!hCRZt-KqpsCP1d3TTTIW%J2YjqD}8yn_KS`o8fKh-zfYevj1<1hOk1*qP4GnB z+Itb5qQw)^Do=23{pp2@ou0XSxEI?Es}u%+iPBCLyFxOpb+Ok(uVcZsfV^vFsH9vq zA)5Y42*)JlRERibE`j-4v~2*RF{-_bmO2`jOoxPxBIJ#&B+o*DWn%CYCj6tgc+UY5 zZmonLNC3e^6zM^x6-T9U3GkE6xJl0$OyW2qF{6GayvA^ILv}$d?hLA^%-FF9-R+@%wcLFNJ#=*Z6dS%OQoINbri3yzZ;-wV@$Xo>5Xn&J` zcBB1q5|`IbElZkM)`?#&>QrIR^t;i|3LnnVfbrf)rW79^=(1%-Q+UIg!rX zVoa=c8IpOg_VN7kH@;@#iwwCzEE4JcR*}qB%cHFl2EbTevO9w?ukdR?|3OQMmuPl+ zUnENTM!;4ZQ^YJd;WWN&^Y!p-6Ju8Sb;2I^gL~Wd5VH&ZN-UKDRyzzabxj%#?X5pU z*CA7S#!`rmm48BxcWBP3u2`m(Py$yU-*VN40tI>eXA+ENRCNqkY(X5UL)vH$MW0qY zg&c!eI2{e5->-@O(c+oOmJZi@)FY|kMdk3rTdMlHeIhuVqvZ@Nnakj2f)Qm1GiRu4(DDq zX!N6Dao3C+M7GS#7vv=Bp!;`mef`}9S^)~r87CPh+86vhuY_vfLdt${DRG+|EWRJr zl!(EMRpiiHG zSWIFBIIrRftc{&8d{WCtiLL-V`(b3{9a;aKHbX!T>{Xo+JB7-)!A)g;Ol_+6{Q1{^ za{_zOu2}xpoV8&@WMDp6n!oi1(*jvfq$O)78k@g;dKIcLq8|UvN41Mq$LVTLj+|gK ztK;o+c^cgkD*AV-s73i=l-w39)>4`{uyHO&UQ6b3T9mf@pn9g*?flMcF`PTRKTT;{hh1`5nUFFmY>L?Eu?QL) zM#gV}{l!inRE8-O;lrea%20vC{hF2@R79f|!n*9o=*dIa`GyDdCVR?*)O!7g7eEUe zM#LJ@Hf+Ep^dc-~La)bF9$^*wD#-q;FrHzrB9U=h@d{KmfnP+lmNvKV#pwN~xSr+G zDyR;7zmng2BA%yX4Tv4B1aBA0ttrpb_lYK>%G4_2;0ug2Re7z(DH#EgyJf`=Cos7L z@E=r#$vGOLEKOOAgk^7o4|7}&BY+LxG)ua1K`YnOQMy)4_{+@IG#%`v5>?|6#9Vr~ z3HG$#98l8mRw&ah)ts&R?_ByEY(zD&79y&j7Gi=JJ+TIY37S#0dT9t3LNx{?su&z$ zz>MTvOsPm@GSRJO8xy`$E$g-3y^_VvN-X)G6~|%mTH@OjerP1=ONrlU8KV+htmGp# zERf|_KdmiV8W#{wkWE*2ghvbmXPBw{{@T^j!hL9KmK+Od50YKFj!eUoNhW4n8rLJW z%;hOQ&(pFVmsxfV8q*oN2(_^`?GY%iWFJwGvZQF!yywy=2i%apG$^&NLwA<Nr>eiEvti|_JdngQPt^c;D8J1vhb_u&Fh69T{ap!^HFw&|b z-nso*RyDVaYRP2fQvtdPK|CmY&67YnbA~(AlIxOvh3_V}!6mXO%8n;`q}Mh4U%7ayyeIk|}O*ct`Qb zY+(cku>fo@^zmjrh_h9=FbrSYHQE#gb%_ItkTC^`AUtnokdH#pt=@|suuW^6<*`&n zhE?tFMxhbxOkU6d;ZAxB8VB`P#I%a_^|HK0o&dE%xJNyCUG?B>GofRIR80Ll226DQ z)^6i`?qb@91!R8uX`_kff@hm?a@#Lv4a~P_SFg%|$qVz}jTb~U00b0>y@UgAp30-m z3D{*|viaJ1wbV36Q55u#0zrrMGCun%N$H;E{#MMha$>Qr+FBs)H0!Y{Ud8%@wTtGO ztskAx|Dvigbb+_HB&|y{0e`D@#EB+WV~dKi+A zwPYf6Cu}QkWF58HmKY`K0)>TJPf@hv73wa|P*1t4YPsrAl7D67qwKx%^88<{GE|qD zmDJqoSlfH{`bc?I!zU@O}!vhKT!I zArf%Se$h(~delo7Ci8=#oNNGT(f=Si0FV)N3qz9C0>ROD>3!`<4~!PqMyktqC7+JN zAHG_@L4RL#x7OE9KrrRc(O1%W&@pWoU)~oie3{t(S*IhLS z-l_cnNOZNkg<@NHSEuq_C?Y;9QLu)X#|4Z-qg?Sln|{L{fwoTg(-EgIAYwg| zb)>z3nFdF(L9>>P{WMBOS8mfx7Ps1Z?(jkwH&v-zI(@ATCgk74jL8!KpgJxeMR!u^ zpgk`4)cgm=eEtEkTbrKkm72nC;Z@)snZQXGior?mr~dEW%{Fukd&^4i2Vn6G{q;CQ zixDawX+7y)!#{$bvi^DUOIdZXVT0kk0UN9X{lP+7EFgmRROsh#*TPaNKP5v}ZvHMN zSTa=k8H=7-eVv)Yy-Brp`fPYn%b?QLNA!FPA?1sL@N#Vfg{sF*JR?m)n{ZK|M#e_i z5n9kwWoOd=n}pdr!%K4&h6!i}ANHe{mj7LAI$m`cNyh>}DeTj~>(>^T2Wd#tM@8(h@q5lv5nqFB4cb?;sK#i{_7>Lsix`B7!5D^frkJ4*H(Vj3Y=ZJREaK^PRyAsJb^PG`~xP^Zc ze&8aM`Ts#K(0inX@tF=)7O}SFiiw3$vk>kFJ+#T0J$be#**zVqtb&UQU}0%B!#HlQ zGQqgeXp3l^z0QwnXg9-=p7R2=;c}e}$J~@kn)NGUbQ);QqYbXr>78}9rdQ#PcUU{K%2`S# zlt9DXD@#$KUYsH3{KB(*r1mvO9i>^C2SaT#B&STby9`(#-qGfrp_0$WUJIv#{j8jJ zl!+UJqm>+p$pi?Z*}?bdL{=mSLI9*nMpRw{FvdW!C1Itc_C zU~xgXetfflRb9KQ5y~O)$7At`VsM_(&6WKzZPMVB_l-uce&0cbQa{N^N^7P{bC*h5 z$Dm>9f!IfsdbKA1asl*h9;&J_Ds?`J{wBmVk7O4l%*FAVze#MyderFWhVJ(h9q#XK z`J0w_P@tPuIrJd(76QMJHB)Dla9rKlSrsUq;dwTC16G3IEpaQ39;PVu=T{=Bg>Z(OWww4D3EwLx+MY*|A<^kN zGk$*BcJWmll+uMDCJ*STpPK`D(;D!R^>|EA{d=-V*FUhNW(kbW0;AHv2U!hZ(NkX^ z2x+UONj5n4I%O}n2+ZGZXuYc@QAlIUE&UGoau+uiQ(>)vQxQ{ft1UKP6`z|aTcThg zu-rSBKe&-A#!X}+SVuGrn!1RdNP@GgGuAbg7wsA_+oF8Tp)|^sUL;VB&{54-s)siS zhy)DZHp4?SMYU7sw@F$l-xK_?9_&x@UHmc6Q=)v+8M$f)h^u2L`}ehFZ$>6tenGMY~kFK%kgi9?}8Xe#s7sI)q7@h+Hhbe8kO!BSO*FdR^jK=lrd`2FUEF?s1&Eu5(srA7brmL@ z&!O0}5ML%8@rdu|kXe#;^fHNVh2ty7or%VyNkvK7nr60~VM|N`3yPNPqWb<0&A%uG zc2dX~)w4yUtq;ilHW8c{Aubbq)3~E@mc#aYM2kpR*T_j&O_JY>;(=mJKS$#TGZIkc zmtwQf zWRKavT<}iwn$c0`8^by`VvpA~_$oJZv8@?TMav#2%lX#NM2fcSwG2qhjG^;WRA{+B(C-Sz!r5qc}F zeK9WjE2|_V4vsut&GN%xNW)MFKJUFr+BiX6Hr}}SN}+puFt(nkc~Nc9mh0N$ zd&f#Fyhhemn0tFsd^jqz36ixDwb=`O&8lmTc0FXpuzxYb6q2PhX{)M?NFWUXR2MZuv8XjsJp%LWW{0E?{ z|A#}t|07Ved_WTPRYpA+ysLa5e#Y_Ii3QcF^|(PR6L|IpPx{`LQ$FezZ; z)WpEB2(ZF;CYjUFJUP|1e)N10n4SXw(j_3q0n#7~Z$Oj$9kY=rz7-*}!*FE#qM*rs z@(qwVx&IG(g6D$%hoG{72r6WJn2@>lNi6U1$nH(>bTTO4k$BKsOXNrp$gFGtE5OB6 z=pzsjW)gZQ6f0(enP^A&tv{8e0T%Zy-`+ zwE*p@eOOU%{IA73=J|ITNCZ|s0^aEx1#nJa!#Yatk#T0(%y;fG`tdQl9z0veEk%Z* zQqHxq7=#Ohs1WDkND6r%lzJL4N8vt63;uXjz$_ z;SlOhC7O2jJj{nSy8{BuCL7@^&}z2pB6|EA+xofx`Rd45{lR)*GQY!Z#RK&y`lL0D zC`1ikIi3p}?;fV)5ry-q{$*sqPEGG|;_i%U(Ibt=L6(~+1JYs0W`T_`9RwiJ_{?{E za~h z_^VI!vBpWXG%Xry{h|wh>*7b$1K$T3lL6HG1nyqb&IdG#Xdd+qh+{@szCq5PJE`ad zN_XqwBFNI0k)uE9HjDKV>?C2tU0T_x@9)SRqdYf z9=~Vj`rBPc`MTAe)~gl+LP;at-bxA`M4t`_1CVYJ*V`ha$Fc;a>cNa$Fz=CrvK{m= zh^jbbdfttqe7!ql9EWW|%z8O_Tab3c^KEtm1a+Pix16!(5F|BJX0kanbhkIR(2x!L z_4B6cISaUXW(tfZcu!obi4oKViPj|;JYB~hly zn|HGgap6Yp#1Gpuq=jiFFjek7_z0JLf%bivNoYk>tq-6`lT!+Ld+M}lAmY;N^<=-V ztfOiNUtbf^P)3$>lyRdLSX1R zH8M=UtM}R{WG(Qt`LJZ&>hS_s2-_=3ykA!v;-asYUpAn^CHviLzpr* z6PY8HIk9jJB9oosU#JotNcfw=;1ZAAT`uv2MyIc$4Jn)1@pQfv{RG#!mmV!ZL{Pgg z3b{Sb|G1Al73`{YgA#gO3d=G)GGrAz>+_4qzbdZDT!4v57WOAwv%WjiUI#VHF&TO4 z_tAAS99d%JCyU+ZXmuIwaG(ep!;9@@GmRZvR15`U6z+ev+Qk}UeJY`YN+^SfWDJM*UM++X$A*D>D>|m%c{LeNwW+;z~JL zT{~5O3&M;exy=6lWB8VLv7|OaRC>;YmksGBrgMU$i-vUG8djtXjYPJ5CO&^#(1i?AGonv{8dJh)*^zuHy z(+3^0{|5?l^fzI(2*aaxq!m~tTuG0~%Af4$Rs&rN^48a9C&!3`l^{hem0cu-$-3_&)rHgQlh%fXLwm1o6QN{R4h*CZ;0(UeT;(ydIEv_ zRg&6&M_QwKK{4={FRzBe&v1Nlq@1OOED$(lC++J=P$x@cC41jS;@20cn+X(GkRuj} zH>skvN}H-`q_}^gn#g?UsbNxz{4i?RRG4g8G>)%N>N|#r==TJ1uxz(+sRL2Xplcj# za%a!bmx3}kCl5oh_H~9HlIILf;+Y2C{4(yT;DI?IPXpyr z=1FeZxm|Fg^wnDU1?I5GLu$Kai*0IHa^jh)VNIQ@Gb5mj==riT9z!MuN>MGA+S)AM z)*!Bx;J05n9j;f=IKOYfpRQg|F}Jb|%{3^K&Rm{0owqu?v}$b|WYrr7664WpBS;V)jgBkA9lx~2&9(cvk zUE)eoqMKU$`z`)OY<_ODp&W#A>O@W|d8|>bA0p34!4JE{C^y=^4Z`F6)Hx!qQcX64 zGYJC47C^`Qb>qG#FeSUC97`;)`~l~Er@rXD0`RCM5UXoi9e!gT9d!F-BLlAgS$* z(KWcqUP+ATfl|+u*C3)ho><-gwVeBkKbu?Q^V{HybJKwVTut#uAKpohDP|Q}P1G_E zq%g0xPG-;ePw6p$0!mBVUPH7i7KHZIY+9D%3kT89$mtZ}bS(4a(^>6R@8qrkwi>

g-aM@DPuGlhf4c(6__7arXK2i3UO^?D~yxFI5+Kjx<1sjU=yBn{$?Yt=ciJ>?GQd z_A?J@xNR?b#5B3wd-7W4A3{VRqf!nr^Rs%r4x-;|eHWM$)IoO+<^Gl3Yf+Zp!zis*kLd zDl_$5dh5ZpX!0#_vmtV4Vew8F2ibkE{+!IqYjjHAKmjNZ%(7K=DenixzD@|%-42*> zF9M`lTMRD~bsa)^1R6}-Kn^`IDH=Vm&F^c+N$>a4ldx#%##^O^o4Gpf)h z7g95y5R*zJLyb`aAZrwZz4i{%5;x%jUiH>zr9zhOn(KauKG6T7u8UVMUqydY&H8ou z2kA3(H6p>8P3`)CbfX9kZ%txCtjR&F1_pO!m_Dc$j?45 zG4*I5x;h{0Yrr~i+ z_}4=tC%Y^9gjDiIf+pb=`1petk80Gm)bSoqTv2b&H8HLetJm$HTLRd?fm; zw3uz5U5hK8Yk{EJrkt#`z-BC(EO5`%rLwXREBL=-_yaiit-Z4TF z^w?5`$yx9)sSzy=z1k0=&5)EOu9+R|6^$oRv&f?Lj!yk zYNue}%GQLvg3LRa>i|L0#&)^ zC2NWP^9)ve+)-N>!n2c=%QBpJ>iH7H)_u^Km}LvNJGWOOMJ!_yUFYuKBX7&-v-T@4H1SMZC}Zn^kqT zxJ=fqwfx+3n2NcZ_XG2A1wkg?hDVNYL}xxSsOCh}-GrGYMQdsV59!fwzJhDnLjDVB zQR=wVh^9C(K3yFadtnan=gW&;6Jb4J8@4#1d9%W-3^Yq;X!jBCDzjkOxSwqLisB{T zwR3boc)o!`XonkM+i;W_sfsD0Vih(8^?)>!7}Evz$OrLyu#;R?nI^7XG&c~JFXyE; zdV@3|AY}OT{;5+c7<=8q?8{qg+wHd*@_ay=7TUG@g+g%;Cg$i>x?BZPcZ8F|>UoJz zd3ahNrsg&Nr(9r0sY9p=0wM%9tgk-A?x2G2I?U`8tLt7*UW>`=INM$qC_|AA8B7Y@*`Ik${F!7?L_GQpyjpGKB$p8M`S&LW|pJ(~F7jujoQB%$CX zs3NC}ro8T>bwBks?&ve_Dct67F(G-A{_Z38b$0dX=<+@#CieBZasKt$)W!X(TXH?* z!}oc#_vQ5U+_tw@P~h`%ayyh!;rcZg^L3{ylC-tk^?7%!yVB-!SGoWEobx3|fE5Jy zE8*a~7z2_}uT6wp(lpRVho#bSuID8CO;GRIxw-$&<)}n8wd~BUtL{Zt62|8xH z2=g9s?Q{=%=&b^7a86My{|bY%>-DAo-L&8UTM)d)yWB`5e4%3(#@lZ*NFI%{`|H@C z`UCqtMMlq90DPk%PsgjxJqhMsF6Hm09QCkI;NAM9wrKTD zo-xRyUD+<6dNH;TF6gFKKi$A4~-o56C7^x^Fz8jI`5czKBYyo z4i?spHuNpN(JL21{k`vC%_V4DjL9bB+|uYkXZhQMNMVgD>C(Agx@14$pA@E_B!%=; z?d-cJudG7~aL|PvBjVXe|UQbA-Sm z6EUXc30HS#rCHIqWXqopEhO!v{5uCl#Rdb|A3iX&EBT|fapL3JH4Z*4Oh^7lD&E;D zl6AL-ukU|eg0VB5-i@l0^ql%SL7D z(L-ev5Rt-t4nT;wJb<7Hv4ChEO|!f~k|Ct;%6*@=|D7}C(~S7Td(h=|a&^Po*3N62 z!wIzIdIFBzM3hN%DN-49{!MXP<)`oG=ksaX*O`aI{plOuN52oIzZkxY;2M@*b{E90 zP+QaFwmj1uWIFEm97jJpc_f)Oe4T~_NHVJ%-P|8>i)VpUi(ygqlbg&%0C=nqt@UAQ z;2Q>!!Q#t`sUvwW>N7Do=-+2f%Cb?pp!MsSrsVt``=@uD%ZwpzfijYQ5*}=Ft)gjp z&$f}c<`QP{-MqcN??1VhzO^xuPWqvNBpF;eL@4si?|-eA&!xS8A4!9uq#iZ_R}w{M z89QWYVeO)5nRc}cZk2;t+b%X47!FS^d$AHt>YWdGcw!xNka27D640Es`gV7GXiH~2 z=nh|9KmwE*@q}((4ajle`Vb660!KjNR|G9OLJL0d!VAQsTGmdGTel_!-70_QyzT4Z zMpwD$qvy*|R~ep1zXB(91AN|0F^*-`r0kJ_{9*=q4bbnbw3HYPi2%pGJ-Nx|thQ@=_|wV6CL9wXp(n#o4D#RET^tKCPYW&eDcV(}TzA zwWPFjJ-Mq$>~WLKC4XK{UT0tGcYoc5(qsFzJyGrTsmXZh#8y=8xUc87J(uJ8CPPeZ zo9)sO*0zc6rEc(wj!lKyW6#}Lvq$(+miAOquXZg}wiAT?M%F`x=V!N;+3P`)-RGwu z-@V!<@K)m?+zmVTb0_LC2*-F0m zIJ%3ARothXRt$*Z{bmpzm|rXo?GPTAAcyH6ex5PLD-Hc9p!5T%F-ju>;p4E_g3}jy zbV|O?50QVo9uB3xeJ-WG6&|K`n1;hl3+%lu<=V4+WCqtj?0RnB`mnxevZ?|Ry=I$O z_PzWlU(@$t==uYuI~j4RLDnSwhGR{?rrTg+E1NJ=JGRT+rz#PvtDxQz-#T1=;2@7T zQ`_`;^VT6F%lUD;ha~R%++r5oZ0g=-0+}{?!NHYA#->_$^Rvvf{m~U)hj?C!HqUSL znzcze;HmfMScPk)fTcwD6Jp3y{%5yw(<&DZ)_Wi2mA%YH{A)9{U)C@{fm>6g?v_(V zy#Ti-qvvR>M^d4s-eO#``01-7I?jMLb9p5Z*ZH|$LME>-uXro(Y~J$rCH{I)txqws z;TG|4XV<=olX!&q40#}ZI=t@&rd7Z546Y?N`nCtN_{{wCSL|=T+ZtF)rOQ~vVM4d1 zWA%d{_$T@_9R=qT#VT@JwXAZfuzZsAP*m0AictKF1fzCtFOM6h$91)`D9Jp&m8W>M zQ;cgTRq8Q4eUJ7XH6>z_$AF&WYDjbIA=D@ZtQYrU$>Bt8{7mRZ+zwY3KW;-0sYvbi zpF1{NgWdZ&4}{+?q4Cp2nv2y&3NJW$zRfiRB2wwl|W~4|uMVwF^Kae~9P#(R}#Xe`OO zKnjbb(>7XCe7AD^>|3|3_ET3|>r}4T3*_J*f;Emm z1_Imi!vZb1-v_ZH0cO9?GdsUsBq&(7BI+e@c|lRC!2}?~aM#sxPc?TAadt7pkLzWO zg(oYU4ThG-2U0eaGF=-$C20xSg}81tptzAH@um#u6H);bEw_Ic#!5~h-;FIc11btd z5*90RsvA1qrlrZ?V|mYglmMu>)T?t;)n@rT!px*Y^C7S&x;>~>?=B} z`rBYH$TFGfBK<{}=w}!0M^!Suv2@_&`9?rAqb^v%GDzJg>q9C-zLe2`31O1`F(I1R zS1ERjvv)#(BBlI_;-o*FO2O!BbPK#|5zP|%Z4g~UV|W5n22N6b>fp#sZQKAt`ZD*^ z;kMeWA(7fKd%eAj7Zs#gejonJTeHdU&R|X0TYjrUT=XiAsMXV#AujQ0pmef;;vl_5 z2ES%1R;+TQL=_}8A)ZqPMh?phIvW9__{{aHrL?o%)H2x%Rj2Y-=)fkoF{?Yo+F|-L zOzMmeak>YgQff#LO#-C!qNm|7p3L{GtKg=!M@3x(>2D*czrZK?w7(6y1haDpN=S%M zIj#|`apDePj+M|Uw#z5Uz_vJoDvl)nDGSq3h?Qi~9F1S=h6#i%yI|SDOLo)Jw}dfM z;%BTyT-BJKe>_R~N~ttfJwV`0lblPENoAa-$ljoNhwfLmbyz9J4_(-BX;&Z;(!E$h;cK1(mYfh~cEyz75j@VarEy=lUXP>78_;R9v zzgmR*_hUak+aDvfT`i}AxGWs=IrYU518Fw^T6qw#1`Hc)Hp{MFVQns&o@ zO?l+LZAV&}x*zSjs4G8qN-X^cTwTp$vy|(6#AjR5JZgBXjF5cJ%JUK>>*RnMBjZMI z=4pb)m`L%~gZIBt0~onm zmo_L>u&+|0TFO~La(^|I2o1};=-Eur5_`OnY0F`#u^YL!8ZIHXKwC`B`;aR2(F#b- z78BOx`FT3XC#_BoCR4|>OkL2WQddVQJwkQLb%O=%&cm!;nqP94e}k5N3-CgcMawRVdpLwpLuStVOPgGZYMs zx5{yOeYe4h5mC$v2pw;6fkDwAe}vg-4Tz}5!BIv)Wl=eoin|FsJMZkAFY0`PVQ5~r zAE3dFKY{=yVhr(XtM|2ktUs|842n&!riU>syO?DkW(3udHI{ApQ@|>tYVzq>Yc5AP z+r+(E<6V{>o|s&AAz4L}_s~XS>P|Yh+RU%4f?9j8*=p&z^drDsM#oGevY&s@q0T_F z!}6gV&!7rn^|!xk`$4ztm0tf!U@``$w)@7L#fE>A1tIu7%~d}htx^pC*&KQ+ptGo= zh1ugX84lVKnrd5Aq^}cIkyR4AB7jgtmA1vsk=?#b=~_1@&H8OuKamTBIp=w0x=ZB>OtFrn%*APS29MeK`WT;m_tshTfKr`b%toB? z*(N7l;zhJTgHh{YG~!$AK6ucm_Z9e&ygo&BuB7@>-LLUZ9Ox+_q7XcbW~@K#k?WFz zxe%V_=N5ijAyHdC=+)Kq=}G=3ll6{4fHr)28NSCLQn{5^un92VT#zH6z{v9&C@}hc zj>xl)yKxM4flqMx-ScO=SDanUha8zza)rwT_v6UIOV9>5G4rcdlX!FGpPK5;wMlFI z4PS;Y1dbE-M_c0h14TPp!uX%1mptiqefIAVwzW_jmmh5{4P1Y|yh8B^RXJTarkIwD(e3k_s|)s4KE^mw_KcXT zmc78}yYm=XhEffZtK*;p1xE5u#A5(_8a+CPL8x+G7O_CQ%A>Vq=a>}o6Q8GMRl5+?fIf?n;b=jqLzivj>bjjNF;#n;FRwwR;H+xgR-Dxnu6a9*~q<25Ll-2;^i0BRR!-dS4d%P2IMgR^cQl38-IImkYd~q zW#E#d%5hw26XzXk&gGnftjW}gNK#Uur7+`yLX_v*_;}{LQi*A;dIa>PDLht~W>QQS z`dp67%0~X@FM9IY2p~GalP1q~<5r>y7E6R%QXn2<2mBINk?4{QY5azin)5u)Kum{m zIjP!tTezxJGcpAag|$R6Z4mM_eh_l%1eD!WNPcM$oM!7R3~GL;4pAkbJ6QrrW5crxMFcmw?W~0IPYn%e985gU+ThfgrY$0D|@`9+0Ey}O$!7kF|<;f67=r!_#=20z>6NPXpuHNUgl@{D2>uL z{gc09=fY$InG#$|6!Zw?yUAi1s&j~Axf-6TBVp9H!GZXFML%o0l-`C}`H5jzSs!r= z8-OxfADf)x3(gdiJJr|$gGct~b-?^$+Ue`-$7@W<7H2)IHOIhXej!?>i!068a8;~p zUwVjh5{#-ryXU05t4t};ZvwtfuP*@SP%1~qUQ@dsg2DiER=f z$5s|kYo5lH!?(tql4_HaiNXebuM70t9LIYZEIv9gq)NzrWF5~%#4{@X{7+pp^Pjp1 z7o~`UoUW;kW*3GHO_okDNA@?@)Ti&(Z9E`@l{dR@My=(0f%a+HNa=TBQI z+L=Np^&=a5PY9xWRyQBV%Y@%En`DF%&CTT0omvej4)Yqj1&R9KdhXv(kLu!Qr0+7b zs>(^n8@YH1wU(6y+sLpCR5xcl4w4P8VRxaLdcy(gBjzr2LGf4~^oTNY84GPDXe0X$ zCyy|YO~FC>=GF~L*RWY>~J?wA%mduREFv+8X$2{lzR0?FHpL!<_LM4{BM(9f`z zpFW-Ejx+?kE~fh$bH-oB7K@`A8+Y-gO!Dc778Ih0*W8(I~h@vG*|FKx4KKK8$ca}kMblUdv+nae1$Ky0mB1bQFRiTJou(|d2*mPWwN(+I-^6X`LG-cIJ z`l0$u6ZTRJ^Hmku1l2mbmTE-?L=^tNUszc-N_HB3K%VEozmHG5Eb+Pj0&3YMw;B-| z$s{gneQn7kpyM^`ei@#-wkdEB3EPW~=aWIheCm?rLJH>VVrpQ<60RibTis6igvOQl zpI24{1L!rY<{V8k#r|oS;_~WNFNU5KCv;<6F7+b^f7JEeZ5d1`HHad$2B3SX_*q?1 zy_y^H@&NXsL=ra@z0vSZ9v%6Iyvz|5kFc;L_fbmEdP$ zji^WR)Tv)m@=z?*@piw-LCqf~DdyK^X5-tN7nrM;#Y^jEm5A%-vLs+(9{#&6E&VHb zH>I#z>5bxQmhn2PUn#k5uWWXAa<|!E!&Adz0Rq9`QtqhXIcfBfVA-*XTsX9RW9`qEdmfmLc!FI1z zY(P=NmJ`kP^OskQX8)^;li~RtRbbI@1of3%S|L)IFyEV~mWCWj!4X`|i@*5_t*>y7 zq`O$Tp!}JB*W+9F6iKx=+55PL9;M^%@?5O|MSDl#UftU0&PvZAWE;$kUF8=1gLqcE zKP=(p?scRcT7?w+C_r|B7O%1&C&U}l_Q30^P~VBL%Jixv05WB(eyW$(Z@x&fxifA{ z?~XEEZc+n0;t!x$_IgjZsiHsD2$@ahe~*avak#DZh*f*l9ZbnB${W+$vXpc`)N-Tc zI2@uaXI%w4*3z<(y(?2D#E!o-V2TmU8#RRx4WQ4{nIT+CX#$irn zXFj8(At)fOPO&nLNv|of2}|&Re9K(Ic#F^yGOYO}qAg-Z?lV#1 z*h6qvmyoQ}F!CDo$!@Q{H4qm~eUNNq0z43;cFudZv8PKzBzhkElgBuUpuG4LM5^`9 zx50o1@|9t>$S$pj_(MOIT@`??ECpf55*L9 zH8E`(9Am(vsLzI;SznbjQRS@^J!ne+g>`cXDv=98{K@Fk_-?UP8B>d$Dq8jLsVONl zn|k5WvLnxkOzWD3sh?)G(u@r4vQKw^8&TUqcEVheJW1XCcw<_e36C}0G)+wfqCNI6 zr4ln{EPIUJO#H~|5Bhxu_8!WS>kfyM>)0t?RMpU zWY4T(;a^I8)}z|g7ffFm&wyMnDZbL&S{F&eF34s>8LVwDvn;foUfVK=@LAnumFMfo z{g?eYaeP8;-;|oTf0UygV4g7xs^k@C{G@l`hN?nRX`7Hf<+|QLRS1U5cQ6)yigi$1 zt)dww9Rib8jZIdOC&hJVGxXOv_z8C7RY{yD?T8>Kg-WA?jHkApvsRE&QzPWh)nlo6 zPF9W?;X$2z^z7U^z79((A1Zt-GGi-`OKFI6zth>SvrAQ8`(QG2j^{9EhfkA$z-t;Q z=-+bHn8Q$r)R5`hpfB$hODbG-`&R2E!8NVBtBrvbc*`i+Bb9>@yFP*gfu@U^C~r`B zQC6O3lzo)NUYW8;?U}szN199gRo%xsZo5>dKD{|*t`)3-~?1cCE{OE#+{x&wQ^zd*6d)7NWZ7XzWCg%4m=# z@Mg{qn;ZdggMso5eJdVYWQq|oE&8^KnnN9bCCl;$K>#@3jNXRoBh-nI5Zt_K()!l7 zu;-q##r^>#ZXYaKd7>M(ajYD@Wsx-(dK`V->5+$QWT#6&A4bH5P2d0Es-K|KRbT1Pn6N$b-+&#IQ9!$uogMJcY>5{3xJe+hD6?%F^gW_mXZSv=x3$gPcK8p5 zyp^y1m;w^$`Oq*`o{!0&5vqqg@o8#R=~0vNU=a)pjc-s^jc;+%R(LeWI1wXEvf@@f zGS50b__Hl)+6b?qBvT{ z1fvlz+nn#ZW?s$oWe(DTExfmD`5Q+Mivj~ooK8K^cIAf;0pA^MTFdR7<)8~Jfi=BU zjVLJgl_=MS(XFH3_MwA-(+eiPG%#tPuTn`pqBIvAf@tqY9C`cf?J68r%Y) zed*4DMf8aFAsPj!m;X_}`X?zCxI~KWiuXGQw%{^suKA})l_c+AOGgIY{>Z-j;ymTv zbGOELgf$) zj64lJd~Y4q=#HvB9B-X&`lG6%I)|UK#yYb){uy@XP-0Cy8s})~9h+$B5`}1KtB

P_-1^oimzC*ji@r# zh~SOyH9a=&E{^G#Z8acuS56p6YkDVaaVj}(lbd<1g^;cF79X+m$Sy{1fj5xWL z4$YvFA; z-k*<2BYM|8E!6zyvVU;`U$LTphWRh%jzx0}%eY#79md#?_D~Fci##NL9%G5teEfVT z_5mC33Qu0m({R>IqXoXD%JGP|-qN+XGmgozi0Pw*%V7r&h&DD@VjNwfl`>H?*U4hn zAghjv45zvT;%NMKvu;L+qOij@8~*u@L3w4u=u1`Fv-Zf2WOl(SmZo^JTGriBnmL-6 z_PBbB?#$fS&KFi|{91mFCt4QZ=+!5FES~|NK0{WKcBDWD&(RPPV-IAHHN7Tf%-U7@ zKzqMYD>jZrg&F0W>6>IR!p(viEbjfl^Go#n=gQGifpHUUkVLFA7(V8+5F2{nGZyVG z{O~;~GZRNzyP$!L)?=2Ad23bHZ1kH;x>th>K5!gejQE}IoW(m2NZu_+8`M%fpTH(Vtpf$)e-&H;4tI}u*Y{noj;E+~_#2~O3B^3O_S zk9U+5J?MOob1BiN)&TfhGx?>4TDQC`ol;7-4y6Gi{%)-+lcUWvMEqw;qLZ|XEF z@i_QyrY|`3q$&b6K#1|}_$3*2S2+Q`I4~dTcw%-srX`?vh<$IxM1FvXk#L zEFwmRc|$~-4+XN48M9lK-d%Yjia=e4WZT~Nr)8N9g}Sm+{W6e}VAX9dHEjE>V{T;8 z1X*SKOl`2#And%KeDuXg%c?3-_#XRn0HIP{UZTA#KgGQd_Bw&40^}K7e_9K6V>$)t zxLa*x?;cxkc$a0^TA;~@@pa5})>X<^Noo*yzi_L|NiYPUIh)lHuKw$y< zPbSEZY23mSBUt5G-Z0+mE0tT)wDwgA3hBmLe@~v~;Y}L0Swipj=^a^SXpPjx*eOwJ*PzzX;F8_jI zAuX$CVZ8!VkIAjg9n?jVV7%H|mk%2yrLz5$eCG{7F}E^h{*c33FW}czVBB|VHk;F{ zziF`c!4U0U=Ii1obK3Vx=CwR~gf)!ywAXvT&?~M-q;Ic97A8;BJQ0qSnpD;z^0ZQX zmhk|-kkiInUtG0*kOe7{b9d*aDvHanVPS@y4E(q3THIbS72M!h21s;2{`e>Q*7}1p_9z~)qS3MH_INOsv-A@l z0untl?hS=OX^uoQTEUUs`v__@*6!|1t+AXVF$bN|@otG8ur2MB8kj<%l~xwsWQ%k#eQ*`;xi!vmLq3m*SuON_QlIeve*kZ`;I?x0@x1(?ED1Qr{niH)v7HrAp&g05y2FXXByE3M3m2Cz#1{cjA zJO{>A+#UQn8iq;7hTh}n!=z*Aaeveu6BDG+ET>@7v3%jnYrMBt)N$h}%-#}^yB)+` zMgay1ESbv^<0~t7{_>*ivYDf8X^niiiN8Tq73$y21C*Zr3|MC5A$vT0bDLq5XF))V zNx@uY_8610N)~BMmkhv9szI+oe+R!?HV&I^o7b zLJ39{Ja{W5m5++}Ac;L?w|Mzsx)GnvaJsQYqsZE^UUpp9FFL)}ZZRgEZ4#^4n$@7S z$od#wLO9&o5tYtEI9Hq;@AASt5$o;OAd9ZI#eFYnK0@;acKxpb zDUvW>4M8h5ykB=g7q(K&Vi9{$ACDK;;tbox6p-RFSvt~1>E%kDTYER3@`}@1uRi~J z%0n7ITLc_t?p#%?TrRdna?RL&j?NOdEStR};MaEih2QNHr_IBYv29%J;Z}E+mpd$%3LYU(FlL(TH`ig6 z{B@k;ge-B|x8JkGqm+ODCFTiE$gl&T!|sKkK@m(dCOdA?{2}0<4JxNsWc?ntWs~gy zbpPz(>BgVN7XNEf|1&>N1=vgt*@jf|y;-xGU= z{L0B+rr&#tOG;8uj*BCsrFBgsBKB8!d8yp$o;=T+=wXoWOjTQWJ>Jb+Qeb)GW zFJ#i4)aA)_Xe7Bj$$Dr6%QXXbPS3o$V%-99?eEXSy1hu&7BR$Q~_KT8`bjLl|fnrqDpo0E_PEJw#CEa~Cb zgvmEMM4ll5-iJao(=fT^HL#G5a>)1R%0YVx_3zSEKsj1yZGGWrrFwU=wUcTDLz__v z<{sC=V8kieiteCOTqKoQcO8afWE=IHc;`l!`Zl4l2BDRo z7}h0`*&UwsBnDa^z3dq%@-v^APf=9j!3{BtyF|CVp&lqO#n^n?0B);(z3gj*_E_Ju z1JpG5_@U|Xm}4LXW==G$J3LwMh5{v@HM+vuNfXptsK`}Ac z>ac!*$oQDP8VGKl>otf)UP)CW;r4#e)E;|Dk-HfUnn3VDBK1ASI_c!YVSbwVK?~0c zvnE0|jr@;Ns<|em|u$xO?Fy@~`&pFwrocg6RG^>1VqqU_` zqS2ss;wu!#luS_IAB@NfQ$a|M|*D`RD3e~ECZcmdLDmQeT}p5yl{I+cL_ zQl&Q}8-C-MT-@^!ZS*g8&-ZI)Buub}JRQDM|1DCdFTwz?H!*tn(_3whY%BH2?QBAi z@)&vkRK7G*-2J}p?a!wgg|JYz_di^SrB7lJ zg{C+69?6CJzaWTC0>&zB7N5BuqB%(~&2owixYS@>NW~5(Ia*P?o~XZ_HeG2sGLY?F zU>sGQ9h)3=npiF=4pbW~;SL`=EiDxl#EZTZpSfj zZp@{pu6zR+6-g#FZwP_>Q2>n9dEUHggBNX0NEYoiG)u=>rgau48E~=)HHlt=Q!fnV zAziaP25uIDKkr47q%*k3_5D}G*t*Y5%T3pU9^5WAhv!EOYsdwSwURRH3 zE8+m6bBpRG``7frEuDm>Y23B}Lo9N5tn;Gg;TC9utf5?j_;$j@iv4)MeL;;XCD?E_ zw>pI&S-I5-=#6@(3FXR1A1Gyxf&2P&F}Q%wXG)PEs|$(m<-pFWFOIHxif6fL3Ld{y zrCK&$!~iH<(57-x>Q+w3hU$HUJZBV<%@z@$Ap^eNYC-n5U6o*Mt>Eq_tj%@GluFiN z&NGuoZ2W_rVCySKh{iLQdjTnT_Z;u5H(z~mY3H90%NE>>45hHE16%!eI0KdE+4D^0 zDW3YwqA+mp8=OISA61~Xx>b4l#z>jVe2^EFJxGH0@ZSyw6PB$G=w6#9F2j7|&N!0! z=Y#er(e=iLj6GNIDIv%NyB-%=sUXpTT#UM`!! z))M(Zw=OD@MKzCtkFngjmtOzPUlQYd9~O}yhKCMF(3PCBN5PwYeoHeX!$c9lnoV+< zAHD8U+{jvw4{o6h=T2%Yl;UGLpzv)F6C}BO4{o0s7idFQ3QSh1+Q6N^hT49cYds5k zYHZ?nMARN+2}rKd1g6nhI;MZEsiX&JB-wOU_8~h6Ar>@WFHd=N%8QgK=Y$PJw|{qM zW)HX71=>8uOi4hiQiG1x8rmO?l|2;N+m$#ZiEFiYy(&V34}16|=lg!R>l|vYMTdZ$ z@4{Lau3~nKv^&(pDM4u7dw0NBNFXSOx2LQh+>Wm!Zd;m_4f_ZQ^4GC#Q#ySQ^9x=| zvc-n9lS61(-O0NF%|A6J9Z|ruGX@hn{@XM98P>%g(wDiXran3bXBK7yH*GhvBAgau zIsp6*^8nC^AmQxVvzXgDPq`X-+qCzvo1QWue>iQiQYXblOCWAR=<_r8Z&>+3hn^&F z#HU+E3_k?&wUq&hQ2o9C`}rB?@;#&_eXx^f86?H>pw6bdYAp*om#AdyXu%p|x%%ike;GlnB^qTmf?AIy z;s4VaF3S+N1!QM22{(V{G%xAm7G5%;gH=o(_yDXmK+c1lwcI^%T%%X@(buJ-Cd8&(5RT~B=xssq8Gu70-Kf8U}+o*_3 zM7ZMW5lEIpNk*Ek*3?zb;Ukgu05XO`wyIK_CihKUlom&+-&JxNc0r>5F*meHAVi>m>Fve)CEs+{b@lHMZWn>CZF0^1@n8NWhQ;iXDzzv_n1ksx$Iuip+-%7s=gq%(9m< zjItlb^9-{}G?{sctpsO>Tz?sj;l%zSfv=#ihwHM)&xqk63Re;iGk*hDJw$-%2VHYi zp_pWN^Qd(bv9$>(47{wd$$&F%mYfj3CCGUKCU(-x`@^&6O)c8zSBF!-N!@SZq;_~T zAZ0w7M;Hq##$MDb!Y2L?j)VNe=z>NLMntJ+h2k+J%!EoJKde%FH_7jJ@~8ivI}Ht;42^?s_p?6S#teY{F3eVP%! z{vr{@9V}RDnYd}awaxg7EcrEbO8o1*z?(SdEK*;64d20us|g2{bGWf`xn-V{wS``} z69gmz6o@t9`1cA27uSeLbP1}V7G~8A17H=^B<%mtur+!T z(ZEQ&h>wOv*zJHK>_ZLMm1+LZ)pfv-;}6AeLEK@scRz0_V7)!Tt^Wu30(Q0Hn*VS{ z|4VR$uc}ZSR(mCbo#9(D!6N0^49rbjFEK+#;O#OP4KmUlbX)mDOPXD)$( z;vR#zT51pFFW6Oe)Kp}F4xk|YfI0Gp{ln-OqKtXC0cvof6FtB!yP!(MWU}f+B>*G_ z&$LW_Dm(7G{AFDT498DO%Ix#)Z^;HnRG1%YG2MSkemC|c(9^wTc zb?8%77-|E2LcN_og@Ey$dU38q>$46Y8lG$JcKRA)aeL6WaUH~DrDYo@hi<4kfcvTL zIb^)Yf{R+~%4Nqvqxy)K(cZ}}d5JJ{qW=qNeG!%8_q?ni29Huh96AiL$lOZvJ`4!? zQ;hBPxri#2c{YA-^=!u+*!GstREPVnHb`b3-> zW-56uRC(^PX@PMvRV`1Z)$7uUyDa6|nHg7HG+ZjotKyK+r{}x68Yi2nkAaT>vGaBy zzc^6=oxIRe739Az@C_B^tj+b)EnZv@7uQ{pS`TD+ngLGWuZ#U!0O|Q=Hs9NE6z+vO_9yfdO&;QUR zfm%FWKtmDRYKL_l>NZYx%c;vf+Vr1_FCDF}q#HGy!g;$&V?F7F#K&o`&!4IT@^!m>dkMI<@? zb^YUAM*m`*p(<_4veyQ()4VZ4so7W=i~Cdg9NsLMFdZDR05CYor9UD20lxf;P_U^W zV^Kzx|F#@wnA=6w@y+*_ZP(#kqB+&8f9lV-Fsg*4-25RSn3yegy72&3pK=)xh`>gD zVFfEX^K|0^EMTxH>hAng`p_Q9L*_$#D@mc6pYw!hmH(e`j0&Ex0aNu#s9iM!X5oqoC?MY8s$p&dUWcNGXSbmBVj~0<6m;6=>_XNHE(^|WLVQk7rY&EP;2)$a zITd$e1UVII^&)an7qK>QpGJl*)0{bY>B+=LzBV<^Se|N1z76fD3FmD5fk!Zbzd$N# zGF4~h%juwIR^!IznqC|6RM_iOQJ;id>c*Tr1giZPEd2|X{sl|_f~9}K(!XHoU$FH5 z3oNC#-X{Ig)-!Zm1z5IW&!0PF4`n|lY*N~E5-VnVm|JE}Jyh3*l+}#v1Wyd6^YkTl zxg-#-1x}Lvd~-rJ)?Qu9T0I-TLA)vw4*m)aGJm>B(kT6*BxEZfN@HSSp3(!40xb&f)VQj`^G_5y&^0kBonF=% zR-&1n2`9=x%4`B3aWWyMNHr2x0EjsSe;$3|rtSp;(`9rp(Pq?l_*Gxea&ex`GJ>X~ zWVBZ6luwn|;53Wb!4k3Ej_ul;${Ix>UsX5*|KsO9w_YZljhHo#mAz(;=2^j8I5-)J zT`wE>K1^Mksw6Bb&aV!;Cb}G8DH|K>k2n_v`}jJnlO|buCs{0L)o3yo#$1`h47`{* z-y2DAf(@#_>}SqBzsN8Tyh^OAJ3P*-&D2bMpD ze#EhMi(O!;tE134nV;ghMw{{U(DG;+x@Td7vqaaXF{v8o%V4_Ep+~vqe05V@5zLKN zOpKy#*kqpZv#GtOQh6B`KA7FUaVyjqxfG0XMmX-_OVKyLqf=9{)IQ{EqEPpH8M1(Y ziQEFfrHC_?2Ua6D7@U=`C{I~m29<|%39HLpZIhe1VG-^S@LXRHP!;k zIbY%TdeB4S4GTO8H4W1D3}gs+wXVObu7P literal 0 HcmV?d00001 diff --git a/charts/kubevirt/0.4.1/.helmignore b/charts/kubevirt/0.4.1/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/charts/kubevirt/0.4.1/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/kubevirt/0.4.1/Chart.yaml b/charts/kubevirt/0.4.1/Chart.yaml new file mode 100644 index 00000000..a507d719 --- /dev/null +++ b/charts/kubevirt/0.4.1/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +appVersion: 1.3.1 +description: A Helm chart for KubeVirt +icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg +name: kubevirt +type: application +version: 0.4.1 diff --git a/charts/kubevirt/0.4.1/app-readme.md b/charts/kubevirt/0.4.1/app-readme.md new file mode 100644 index 00000000..631869cb --- /dev/null +++ b/charts/kubevirt/0.4.1/app-readme.md @@ -0,0 +1 @@ +KubeVirt is a virtual machine management add-on for Kubernetes. The aim is to provide a common ground for virtualization solutions on top of Kubernetes. diff --git a/charts/kubevirt/0.4.1/crds/kubevirt.yaml b/charts/kubevirt/0.4.1/crds/kubevirt.yaml new file mode 100644 index 00000000..49c5e663 --- /dev/null +++ b/charts/kubevirt/0.4.1/crds/kubevirt.yaml @@ -0,0 +1,6586 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + operator.kubevirt.io: "" + name: kubevirts.kubevirt.io +spec: + group: kubevirt.io + names: + categories: + - all + kind: KubeVirt + plural: kubevirts + shortNames: + - kv + - kvs + singular: kubevirt + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.phase + name: Phase + type: string + name: v1 + schema: + openAPIV3Schema: + description: KubeVirt represents the object deploying all KubeVirt resources + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + certificateRotateStrategy: + properties: + selfSigned: + properties: + ca: + description: |- + CA configuration + CA certs are kept in the CA bundle as long as they are valid + properties: + duration: + description: The requested 'duration' (i.e. lifetime) + of the Certificate. + type: string + renewBefore: + description: |- + The amount of time before the currently issued certificate's "notAfter" + time that we will begin to attempt to renew the certificate. + type: string + type: object + caOverlapInterval: + description: Deprecated. Use CA.Duration and CA.RenewBefore + instead + type: string + caRotateInterval: + description: Deprecated. Use CA.Duration instead + type: string + certRotateInterval: + description: Deprecated. Use Server.Duration instead + type: string + server: + description: |- + Server configuration + Certs are rotated and discarded + properties: + duration: + description: The requested 'duration' (i.e. lifetime) + of the Certificate. + type: string + renewBefore: + description: |- + The amount of time before the currently issued certificate's "notAfter" + time that we will begin to attempt to renew the certificate. + type: string + type: object + type: object + type: object + configuration: + description: |- + holds kubevirt configurations. + same as the virt-configMap + properties: + additionalGuestMemoryOverheadRatio: + description: |- + AdditionalGuestMemoryOverheadRatio can be used to increase the virtualization infrastructure + overhead. This is useful, since the calculation of this overhead is not accurate and cannot + be entirely known in advance. The ratio that is being set determines by which factor to increase + the overhead calculated by Kubevirt. A higher ratio means that the VMs would be less compromised + by node pressures, but would mean that fewer VMs could be scheduled to a node. + If not set, the default is 1. + type: string + apiConfiguration: + description: |- + ReloadableComponentConfiguration holds all generic k8s configuration options which can + be reloaded by components without requiring a restart. + properties: + restClient: + description: RestClient can be used to tune certain aspects + of the k8s client in use. + properties: + rateLimiter: + description: RateLimiter allows selecting and configuring + different rate limiters for the k8s client. + properties: + tokenBucketRateLimiter: + properties: + burst: + description: |- + Maximum burst for throttle. + If it's zero, the component default will be used + type: integer + qps: + description: |- + QPS indicates the maximum QPS to the apiserver from this client. + If it's zero, the component default will be used + type: number + required: + - burst + - qps + type: object + type: object + type: object + type: object + architectureConfiguration: + properties: + amd64: + properties: + emulatedMachines: + items: + type: string + type: array + x-kubernetes-list-type: atomic + machineType: + type: string + ovmfPath: + type: string + type: object + arm64: + properties: + emulatedMachines: + items: + type: string + type: array + x-kubernetes-list-type: atomic + machineType: + type: string + ovmfPath: + type: string + type: object + defaultArchitecture: + type: string + ppc64le: + properties: + emulatedMachines: + items: + type: string + type: array + x-kubernetes-list-type: atomic + machineType: + type: string + ovmfPath: + type: string + type: object + type: object + autoCPULimitNamespaceLabelSelector: + description: |- + When set, AutoCPULimitNamespaceLabelSelector will set a CPU limit on virt-launcher for VMIs running inside + namespaces that match the label selector. + The CPU limit will equal the number of requested vCPUs. + This setting does not apply to VMIs with dedicated CPUs. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + controllerConfiguration: + description: |- + ReloadableComponentConfiguration holds all generic k8s configuration options which can + be reloaded by components without requiring a restart. + properties: + restClient: + description: RestClient can be used to tune certain aspects + of the k8s client in use. + properties: + rateLimiter: + description: RateLimiter allows selecting and configuring + different rate limiters for the k8s client. + properties: + tokenBucketRateLimiter: + properties: + burst: + description: |- + Maximum burst for throttle. + If it's zero, the component default will be used + type: integer + qps: + description: |- + QPS indicates the maximum QPS to the apiserver from this client. + If it's zero, the component default will be used + type: number + required: + - burst + - qps + type: object + type: object + type: object + type: object + cpuModel: + type: string + cpuRequest: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + defaultRuntimeClass: + type: string + developerConfiguration: + description: DeveloperConfiguration holds developer options + properties: + cpuAllocationRatio: + description: |- + For each requested virtual CPU, CPUAllocationRatio defines how much physical CPU to request per VMI + from the hosting node. The value is in fraction of a CPU thread (or core on non-hyperthreaded nodes). + For example, a value of 1 means 1 physical CPU thread per VMI CPU thread. + A value of 100 would be 1% of a physical thread allocated for each requested VMI thread. + This option has no effect on VMIs that request dedicated CPUs. More information at: + https://kubevirt.io/user-guide/operations/node_overcommit/#node-cpu-allocation-ratio + Defaults to 10 + type: integer + diskVerification: + description: DiskVerification holds container disks verification + limits + properties: + memoryLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - memoryLimit + type: object + featureGates: + description: FeatureGates is the list of experimental features + to enable. Defaults to none + items: + type: string + type: array + logVerbosity: + description: LogVerbosity sets log verbosity level of various + components + properties: + nodeVerbosity: + additionalProperties: + type: integer + description: NodeVerbosity represents a map of nodes with + a specific verbosity level + type: object + virtAPI: + type: integer + virtController: + type: integer + virtHandler: + type: integer + virtLauncher: + type: integer + virtOperator: + type: integer + type: object + memoryOvercommit: + description: |- + MemoryOvercommit is the percentage of memory we want to give VMIs compared to the amount + given to its parent pod (virt-launcher). For example, a value of 102 means the VMI will + "see" 2% more memory than its parent pod. Values under 100 are effectively "undercommits". + Overcommits can lead to memory exhaustion, which in turn can lead to crashes. Use carefully. + Defaults to 100 + type: integer + minimumClusterTSCFrequency: + description: |- + Allow overriding the automatically determined minimum TSC frequency of the cluster + and fixate the minimum to this frequency. + format: int64 + type: integer + minimumReservePVCBytes: + description: |- + MinimumReservePVCBytes is the amount of space, in bytes, to leave unused on disks. + Defaults to 131072 (128KiB) + format: int64 + type: integer + nodeSelectors: + additionalProperties: + type: string + description: |- + NodeSelectors allows restricting VMI creation to nodes that match a set of labels. + Defaults to none + type: object + pvcTolerateLessSpaceUpToPercent: + description: |- + LessPVCSpaceToleration determines how much smaller, in percentage, disk PVCs are + allowed to be compared to the requested size (to account for various overheads). + Defaults to 10 + type: integer + useEmulation: + description: |- + UseEmulation can be set to true to allow fallback to software emulation + in case hardware-assisted emulation is not available. Defaults to false + type: boolean + type: object + emulatedMachines: + description: Deprecated. Use architectureConfiguration instead. + items: + type: string + type: array + evictionStrategy: + description: |- + EvictionStrategy defines at the cluster level if the VirtualMachineInstance should be + migrated instead of shut-off in case of a node drain. If the VirtualMachineInstance specific + field is set it overrides the cluster level one. + type: string + handlerConfiguration: + description: |- + ReloadableComponentConfiguration holds all generic k8s configuration options which can + be reloaded by components without requiring a restart. + properties: + restClient: + description: RestClient can be used to tune certain aspects + of the k8s client in use. + properties: + rateLimiter: + description: RateLimiter allows selecting and configuring + different rate limiters for the k8s client. + properties: + tokenBucketRateLimiter: + properties: + burst: + description: |- + Maximum burst for throttle. + If it's zero, the component default will be used + type: integer + qps: + description: |- + QPS indicates the maximum QPS to the apiserver from this client. + If it's zero, the component default will be used + type: number + required: + - burst + - qps + type: object + type: object + type: object + type: object + imagePullPolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + ksmConfiguration: + description: KSMConfiguration holds the information regarding + the enabling the KSM in the nodes (if available). + properties: + nodeLabelSelector: + description: |- + NodeLabelSelector is a selector that filters in which nodes the KSM will be enabled. + Empty NodeLabelSelector will enable ksm for every node. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + liveUpdateConfiguration: + description: LiveUpdateConfiguration holds defaults for live update + features + properties: + maxCpuSockets: + description: MaxCpuSockets holds the maximum amount of sockets + that can be hotplugged + format: int32 + type: integer + maxGuest: + anyOf: + - type: integer + - type: string + description: |- + MaxGuest defines the maximum amount memory that can be allocated + to the guest using hotplug. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + maxHotplugRatio: + description: |- + MaxHotplugRatio is the ratio used to define the max amount + of a hotplug resource that can be made available to a VM + when the specific Max* setting is not defined (MaxCpuSockets, MaxGuest) + Example: VM is configured with 512Mi of guest memory, if MaxGuest is not + defined and MaxHotplugRatio is 2 then MaxGuest = 1Gi + defaults to 4 + format: int32 + type: integer + type: object + machineType: + description: Deprecated. Use architectureConfiguration instead. + type: string + mediatedDevicesConfiguration: + description: MediatedDevicesConfiguration holds information about + MDEV types to be defined, if available + properties: + mediatedDeviceTypes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mediatedDevicesTypes: + description: Deprecated. Use mediatedDeviceTypes instead. + items: + type: string + type: array + x-kubernetes-list-type: atomic + nodeMediatedDeviceTypes: + items: + description: NodeMediatedDeviceTypesConfig holds information + about MDEV types to be defined in a specific node that + matches the NodeSelector field. + properties: + mediatedDeviceTypes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mediatedDevicesTypes: + description: Deprecated. Use mediatedDeviceTypes instead. + items: + type: string + type: array + x-kubernetes-list-type: atomic + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the vmi to fit on a node. + Selector which must match a node's labels for the vmi to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + required: + - nodeSelector + type: object + type: array + x-kubernetes-list-type: atomic + type: object + memBalloonStatsPeriod: + format: int32 + type: integer + migrations: + description: |- + MigrationConfiguration holds migration options. + Can be overridden for specific groups of VMs though migration policies. + Visit https://kubevirt.io/user-guide/operations/migration_policies/ for more information. + properties: + allowAutoConverge: + description: |- + AllowAutoConverge allows the platform to compromise performance/availability of VMIs to + guarantee successful VMI live migrations. Defaults to false + type: boolean + allowPostCopy: + description: |- + AllowPostCopy enables post-copy live migrations. Such migrations allow even the busiest VMIs + to successfully live-migrate. However, events like a network failure can cause a VMI crash. + If set to true, migrations will still start in pre-copy, but switch to post-copy when + CompletionTimeoutPerGiB triggers. Defaults to false + type: boolean + bandwidthPerMigration: + anyOf: + - type: integer + - type: string + description: |- + BandwidthPerMigration limits the amount of network bandwidth live migrations are allowed to use. + The value is in quantity per second. Defaults to 0 (no limit) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + completionTimeoutPerGiB: + description: |- + CompletionTimeoutPerGiB is the maximum number of seconds per GiB a migration is allowed to take. + If a live-migration takes longer to migrate than this value multiplied by the size of the VMI, + the migration will be cancelled, unless AllowPostCopy is true. Defaults to 800 + format: int64 + type: integer + disableTLS: + description: |- + When set to true, DisableTLS will disable the additional layer of live migration encryption + provided by KubeVirt. This is usually a bad idea. Defaults to false + type: boolean + matchSELinuxLevelOnMigration: + description: |- + By default, the SELinux level of target virt-launcher pods is forced to the level of the source virt-launcher. + When set to true, MatchSELinuxLevelOnMigration lets the CRI auto-assign a random level to the target. + That will ensure the target virt-launcher doesn't share categories with another pod on the node. + However, migrations will fail when using RWX volumes that don't automatically deal with SELinux levels. + type: boolean + network: + description: |- + Network is the name of the CNI network to use for live migrations. By default, migrations go + through the pod network. + type: string + nodeDrainTaintKey: + description: |- + NodeDrainTaintKey defines the taint key that indicates a node should be drained. + Note: this option relies on the deprecated node taint feature. Default: kubevirt.io/drain + type: string + parallelMigrationsPerCluster: + description: |- + ParallelMigrationsPerCluster is the total number of concurrent live migrations + allowed cluster-wide. Defaults to 5 + format: int32 + type: integer + parallelOutboundMigrationsPerNode: + description: |- + ParallelOutboundMigrationsPerNode is the maximum number of concurrent outgoing live migrations + allowed per node. Defaults to 2 + format: int32 + type: integer + progressTimeout: + description: |- + ProgressTimeout is the maximum number of seconds a live migration is allowed to make no progress. + Hitting this timeout means a migration transferred 0 data for that many seconds. The migration is + then considered stuck and therefore cancelled. Defaults to 150 + format: int64 + type: integer + unsafeMigrationOverride: + description: |- + UnsafeMigrationOverride allows live migrations to occur even if the compatibility check + indicates the migration will be unsafe to the guest. Defaults to false + type: boolean + type: object + minCPUModel: + type: string + network: + description: NetworkConfiguration holds network options + properties: + binding: + additionalProperties: + properties: + computeResourceOverhead: + description: |- + ComputeResourceOverhead specifies the resource overhead that should be added to the compute container when using the binding. + version: v1alphav1 + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + domainAttachmentType: + description: |- + DomainAttachmentType is a standard domain network attachment method kubevirt supports. + Supported values: "tap". + The standard domain attachment can be used instead or in addition to the sidecarImage. + version: 1alphav1 + type: string + downwardAPI: + description: |- + DownwardAPI specifies what kind of data should be exposed to the binding plugin sidecar. + Supported values: "device-info" + version: v1alphav1 + type: string + migration: + description: |- + Migration means the VM using the plugin can be safely migrated + version: 1alphav1 + properties: + method: + description: |- + Method defines a pre-defined migration methodology + version: 1alphav1 + type: string + type: object + networkAttachmentDefinition: + description: |- + NetworkAttachmentDefinition references to a NetworkAttachmentDefinition CR object. + Format: , /. + If namespace is not specified, VMI namespace is assumed. + version: 1alphav1 + type: string + sidecarImage: + description: |- + SidecarImage references a container image that runs in the virt-launcher pod. + The sidecar handles (libvirt) domain configuration and optional services. + version: 1alphav1 + type: string + type: object + type: object + defaultNetworkInterface: + type: string + permitBridgeInterfaceOnPodNetwork: + type: boolean + permitSlirpInterface: + description: |- + DeprecatedPermitSlirpInterface is an alias for the deprecated PermitSlirpInterface. + Deprecated: Removed in v1.3. + type: boolean + type: object + obsoleteCPUModels: + additionalProperties: + type: boolean + type: object + ovmfPath: + description: Deprecated. Use architectureConfiguration instead. + type: string + permittedHostDevices: + description: PermittedHostDevices holds information about devices + allowed for passthrough + properties: + mediatedDevices: + items: + description: MediatedHostDevice represents a host mediated + device allowed for passthrough + properties: + externalResourceProvider: + type: boolean + mdevNameSelector: + type: string + resourceName: + type: string + required: + - mdevNameSelector + - resourceName + type: object + type: array + x-kubernetes-list-type: atomic + pciHostDevices: + items: + description: PciHostDevice represents a host PCI device + allowed for passthrough + properties: + externalResourceProvider: + description: |- + If true, KubeVirt will leave the allocation and monitoring to an + external device plugin + type: boolean + pciVendorSelector: + description: The vendor_id:product_id tuple of the PCI + device + type: string + resourceName: + description: |- + The name of the resource that is representing the device. Exposed by + a device plugin and requested by VMs. Typically of the form + vendor.com/product_name + type: string + required: + - pciVendorSelector + - resourceName + type: object + type: array + x-kubernetes-list-type: atomic + usb: + items: + properties: + externalResourceProvider: + description: |- + If true, KubeVirt will leave the allocation and monitoring to an + external device plugin + type: boolean + resourceName: + description: |- + Identifies the list of USB host devices. + e.g: kubevirt.io/storage, kubevirt.io/bootable-usb, etc + type: string + selectors: + items: + properties: + product: + type: string + vendor: + type: string + required: + - product + - vendor + type: object + type: array + x-kubernetes-list-type: atomic + required: + - resourceName + type: object + type: array + x-kubernetes-list-type: atomic + type: object + seccompConfiguration: + description: SeccompConfiguration holds Seccomp configuration + for Kubevirt components + properties: + virtualMachineInstanceProfile: + description: VirtualMachineInstanceProfile defines what profile + should be used with virt-launcher. Defaults to none + properties: + customProfile: + description: CustomProfile allows to request arbitrary + profile for virt-launcher + properties: + localhostProfile: + type: string + runtimeDefaultProfile: + type: boolean + type: object + type: object + type: object + selinuxLauncherType: + type: string + smbios: + properties: + family: + type: string + manufacturer: + type: string + product: + type: string + sku: + type: string + version: + type: string + type: object + supportContainerResources: + description: SupportContainerResources specifies the resource + requirements for various types of supporting containers such + as container disks/virtiofs/sidecars and hotplug attachment + pods. If omitted a sensible default will be supplied. + items: + description: SupportContainerResources are used to specify the + cpu/memory request and limits for the containers that support + various features of Virtual Machines. These containers are + usually idle and don't require a lot of memory or cpu. + properties: + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: + type: string + required: + - resources + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + supportedGuestAgentVersions: + description: deprecated + items: + type: string + type: array + tlsConfiguration: + description: TLSConfiguration holds TLS options + properties: + ciphers: + items: + type: string + type: array + x-kubernetes-list-type: set + minTLSVersion: + description: |- + MinTLSVersion is a way to specify the minimum protocol version that is acceptable for TLS connections. + Protocol versions are based on the following most common TLS configurations: + + + https://ssl-config.mozilla.org/ + + + Note that SSLv3.0 is not a supported protocol version due to well known + vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + virtualMachineInstancesPerNode: + type: integer + virtualMachineOptions: + description: VirtualMachineOptions holds the cluster level information + regarding the virtual machine. + properties: + disableFreePageReporting: + description: |- + DisableFreePageReporting disable the free page reporting of + memory balloon device https://libvirt.org/formatdomain.html#memory-balloon-device. + This will have effect only if AutoattachMemBalloon is not false and the vmi is not + requesting any high performance feature (dedicatedCPU/realtime/hugePages), in which free page reporting is always disabled. + type: object + disableSerialConsoleLog: + description: |- + DisableSerialConsoleLog disables logging the auto-attached default serial console. + If not set, serial console logs will be written to a file and then streamed from a container named 'guest-console-log'. + The value can be individually overridden for each VM, not relevant if AutoattachSerialConsole is disabled. + type: object + type: object + vmRolloutStrategy: + description: VMRolloutStrategy defines how changes to a VM object + propagate to its VMI + enum: + - Stage + - LiveUpdate + nullable: true + type: string + vmStateStorageClass: + description: |- + VMStateStorageClass is the name of the storage class to use for the PVCs created to preserve VM state, like TPM. + The storage class must support RWX in filesystem mode. + type: string + webhookConfiguration: + description: |- + ReloadableComponentConfiguration holds all generic k8s configuration options which can + be reloaded by components without requiring a restart. + properties: + restClient: + description: RestClient can be used to tune certain aspects + of the k8s client in use. + properties: + rateLimiter: + description: RateLimiter allows selecting and configuring + different rate limiters for the k8s client. + properties: + tokenBucketRateLimiter: + properties: + burst: + description: |- + Maximum burst for throttle. + If it's zero, the component default will be used + type: integer + qps: + description: |- + QPS indicates the maximum QPS to the apiserver from this client. + If it's zero, the component default will be used + type: number + required: + - burst + - qps + type: object + type: object + type: object + type: object + type: object + customizeComponents: + properties: + flags: + description: Configure the value used for deployment and daemonset + resources + properties: + api: + additionalProperties: + type: string + type: object + controller: + additionalProperties: + type: string + type: object + handler: + additionalProperties: + type: string + type: object + type: object + patches: + items: + properties: + patch: + type: string + resourceName: + minLength: 1 + type: string + resourceType: + minLength: 1 + type: string + type: + type: string + required: + - patch + - resourceName + - resourceType + - type + type: object + type: array + x-kubernetes-list-type: atomic + type: object + imagePullPolicy: + description: The ImagePullPolicy to use. + type: string + imagePullSecrets: + description: |- + The imagePullSecrets to pull the container images from + Defaults to none + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + imageRegistry: + description: |- + The image registry to pull the container images from + Defaults to the same registry the operator's container image is pulled from. + type: string + imageTag: + description: |- + The image tag to use for the continer images installed. + Defaults to the same tag as the operator's container image. + type: string + infra: + description: selectors and tolerations that should apply to KubeVirt + infrastructure components + properties: + nodePlacement: + description: |- + nodePlacement describes scheduling configuration for specific + KubeVirt components + properties: + affinity: + description: |- + affinity enables pod affinity/anti-affinity placement expanding the types of constraints + that can be expressed with nodeSelector. + affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector + See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector is the node selector applied to the relevant kind of pods + It specifies a map of key-value pairs: for the pod to be eligible to run on a node, + the node must have each of the indicated key-value pairs as labels + (it can have additional labels as well). + See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + type: object + tolerations: + description: |- + tolerations is a list of tolerations applied to the relevant kind of pods + See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info. + These are additional tolerations other than default ones. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: |- + replicas indicates how many replicas should be created for each KubeVirt infrastructure + component (like virt-api or virt-controller). Defaults to 2. + WARNING: this is an advanced feature that prevents auto-scaling for core kubevirt components. Please use with caution! + type: integer + type: object + monitorAccount: + description: |- + The name of the Prometheus service account that needs read-access to KubeVirt endpoints + Defaults to prometheus-k8s + type: string + monitorNamespace: + description: |- + The namespace Prometheus is deployed in + Defaults to openshift-monitor + type: string + productComponent: + description: |- + Designate the apps.kubevirt.io/component label for KubeVirt components. + Useful if KubeVirt is included as part of a product. + If ProductComponent is not specified, the component label default value is kubevirt. + type: string + productName: + description: |- + Designate the apps.kubevirt.io/part-of label for KubeVirt components. + Useful if KubeVirt is included as part of a product. + If ProductName is not specified, the part-of label will be omitted. + type: string + productVersion: + description: |- + Designate the apps.kubevirt.io/version label for KubeVirt components. + Useful if KubeVirt is included as part of a product. + If ProductVersion is not specified, KubeVirt's version will be used. + type: string + serviceMonitorNamespace: + description: |- + The namespace the service monitor will be deployed + When ServiceMonitorNamespace is set, then we'll install the service monitor object in that namespace + otherwise we will use the monitoring namespace. + type: string + uninstallStrategy: + description: |- + Specifies if kubevirt can be deleted if workloads are still present. + This is mainly a precaution to avoid accidental data loss + type: string + workloadUpdateStrategy: + description: |- + WorkloadUpdateStrategy defines at the cluster level how to handle + automated workload updates + properties: + batchEvictionInterval: + description: |- + BatchEvictionInterval Represents the interval to wait before issuing the next + batch of shutdowns + + + Defaults to 1 minute + type: string + batchEvictionSize: + description: |- + BatchEvictionSize Represents the number of VMIs that can be forced updated per + the BatchShutdownInteral interval + + + Defaults to 10 + type: integer + workloadUpdateMethods: + description: |- + WorkloadUpdateMethods defines the methods that can be used to disrupt workloads + during automated workload updates. + When multiple methods are present, the least disruptive method takes + precedence over more disruptive methods. For example if both LiveMigrate and Shutdown + methods are listed, only VMs which are not live migratable will be restarted/shutdown + + + An empty list defaults to no automated workload updating + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + workloads: + description: selectors and tolerations that should apply to KubeVirt + workloads + properties: + nodePlacement: + description: |- + nodePlacement describes scheduling configuration for specific + KubeVirt components + properties: + affinity: + description: |- + affinity enables pod affinity/anti-affinity placement expanding the types of constraints + that can be expressed with nodeSelector. + affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector + See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector is the node selector applied to the relevant kind of pods + It specifies a map of key-value pairs: for the pod to be eligible to run on a node, + the node must have each of the indicated key-value pairs as labels + (it can have additional labels as well). + See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + type: object + tolerations: + description: |- + tolerations is a list of tolerations applied to the relevant kind of pods + See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info. + These are additional tolerations other than default ones. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: |- + replicas indicates how many replicas should be created for each KubeVirt infrastructure + component (like virt-api or virt-controller). Defaults to 2. + WARNING: this is an advanced feature that prevents auto-scaling for core kubevirt components. Please use with caution! + type: integer + type: object + type: object + status: + description: KubeVirtStatus represents information pertaining to a KubeVirt + deployment. + properties: + conditions: + items: + description: KubeVirtCondition represents a condition of a KubeVirt + deployment + properties: + lastProbeTime: + format: date-time + nullable: true + type: string + lastTransitionTime: + format: date-time + nullable: true + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + defaultArchitecture: + type: string + generations: + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - lastGeneration + - name + - resource + type: object + type: array + x-kubernetes-list-type: atomic + observedDeploymentConfig: + type: string + observedDeploymentID: + type: string + observedGeneration: + format: int64 + type: integer + observedKubeVirtRegistry: + type: string + observedKubeVirtVersion: + type: string + operatorVersion: + type: string + outdatedVirtualMachineInstanceWorkloads: + type: integer + phase: + description: KubeVirtPhase is a label for the phase of a KubeVirt + deployment at the current time. + type: string + targetDeploymentConfig: + type: string + targetDeploymentID: + type: string + targetKubeVirtRegistry: + type: string + targetKubeVirtVersion: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.phase + name: Phase + type: string + deprecated: true + deprecationWarning: kubevirt.io/v1alpha3 is now deprecated and will be removed + in a future release. + name: v1alpha3 + schema: + openAPIV3Schema: + description: KubeVirt represents the object deploying all KubeVirt resources + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + certificateRotateStrategy: + properties: + selfSigned: + properties: + ca: + description: |- + CA configuration + CA certs are kept in the CA bundle as long as they are valid + properties: + duration: + description: The requested 'duration' (i.e. lifetime) + of the Certificate. + type: string + renewBefore: + description: |- + The amount of time before the currently issued certificate's "notAfter" + time that we will begin to attempt to renew the certificate. + type: string + type: object + caOverlapInterval: + description: Deprecated. Use CA.Duration and CA.RenewBefore + instead + type: string + caRotateInterval: + description: Deprecated. Use CA.Duration instead + type: string + certRotateInterval: + description: Deprecated. Use Server.Duration instead + type: string + server: + description: |- + Server configuration + Certs are rotated and discarded + properties: + duration: + description: The requested 'duration' (i.e. lifetime) + of the Certificate. + type: string + renewBefore: + description: |- + The amount of time before the currently issued certificate's "notAfter" + time that we will begin to attempt to renew the certificate. + type: string + type: object + type: object + type: object + configuration: + description: |- + holds kubevirt configurations. + same as the virt-configMap + properties: + additionalGuestMemoryOverheadRatio: + description: |- + AdditionalGuestMemoryOverheadRatio can be used to increase the virtualization infrastructure + overhead. This is useful, since the calculation of this overhead is not accurate and cannot + be entirely known in advance. The ratio that is being set determines by which factor to increase + the overhead calculated by Kubevirt. A higher ratio means that the VMs would be less compromised + by node pressures, but would mean that fewer VMs could be scheduled to a node. + If not set, the default is 1. + type: string + apiConfiguration: + description: |- + ReloadableComponentConfiguration holds all generic k8s configuration options which can + be reloaded by components without requiring a restart. + properties: + restClient: + description: RestClient can be used to tune certain aspects + of the k8s client in use. + properties: + rateLimiter: + description: RateLimiter allows selecting and configuring + different rate limiters for the k8s client. + properties: + tokenBucketRateLimiter: + properties: + burst: + description: |- + Maximum burst for throttle. + If it's zero, the component default will be used + type: integer + qps: + description: |- + QPS indicates the maximum QPS to the apiserver from this client. + If it's zero, the component default will be used + type: number + required: + - burst + - qps + type: object + type: object + type: object + type: object + architectureConfiguration: + properties: + amd64: + properties: + emulatedMachines: + items: + type: string + type: array + x-kubernetes-list-type: atomic + machineType: + type: string + ovmfPath: + type: string + type: object + arm64: + properties: + emulatedMachines: + items: + type: string + type: array + x-kubernetes-list-type: atomic + machineType: + type: string + ovmfPath: + type: string + type: object + defaultArchitecture: + type: string + ppc64le: + properties: + emulatedMachines: + items: + type: string + type: array + x-kubernetes-list-type: atomic + machineType: + type: string + ovmfPath: + type: string + type: object + type: object + autoCPULimitNamespaceLabelSelector: + description: |- + When set, AutoCPULimitNamespaceLabelSelector will set a CPU limit on virt-launcher for VMIs running inside + namespaces that match the label selector. + The CPU limit will equal the number of requested vCPUs. + This setting does not apply to VMIs with dedicated CPUs. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + controllerConfiguration: + description: |- + ReloadableComponentConfiguration holds all generic k8s configuration options which can + be reloaded by components without requiring a restart. + properties: + restClient: + description: RestClient can be used to tune certain aspects + of the k8s client in use. + properties: + rateLimiter: + description: RateLimiter allows selecting and configuring + different rate limiters for the k8s client. + properties: + tokenBucketRateLimiter: + properties: + burst: + description: |- + Maximum burst for throttle. + If it's zero, the component default will be used + type: integer + qps: + description: |- + QPS indicates the maximum QPS to the apiserver from this client. + If it's zero, the component default will be used + type: number + required: + - burst + - qps + type: object + type: object + type: object + type: object + cpuModel: + type: string + cpuRequest: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + defaultRuntimeClass: + type: string + developerConfiguration: + description: DeveloperConfiguration holds developer options + properties: + cpuAllocationRatio: + description: |- + For each requested virtual CPU, CPUAllocationRatio defines how much physical CPU to request per VMI + from the hosting node. The value is in fraction of a CPU thread (or core on non-hyperthreaded nodes). + For example, a value of 1 means 1 physical CPU thread per VMI CPU thread. + A value of 100 would be 1% of a physical thread allocated for each requested VMI thread. + This option has no effect on VMIs that request dedicated CPUs. More information at: + https://kubevirt.io/user-guide/operations/node_overcommit/#node-cpu-allocation-ratio + Defaults to 10 + type: integer + diskVerification: + description: DiskVerification holds container disks verification + limits + properties: + memoryLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - memoryLimit + type: object + featureGates: + description: FeatureGates is the list of experimental features + to enable. Defaults to none + items: + type: string + type: array + logVerbosity: + description: LogVerbosity sets log verbosity level of various + components + properties: + nodeVerbosity: + additionalProperties: + type: integer + description: NodeVerbosity represents a map of nodes with + a specific verbosity level + type: object + virtAPI: + type: integer + virtController: + type: integer + virtHandler: + type: integer + virtLauncher: + type: integer + virtOperator: + type: integer + type: object + memoryOvercommit: + description: |- + MemoryOvercommit is the percentage of memory we want to give VMIs compared to the amount + given to its parent pod (virt-launcher). For example, a value of 102 means the VMI will + "see" 2% more memory than its parent pod. Values under 100 are effectively "undercommits". + Overcommits can lead to memory exhaustion, which in turn can lead to crashes. Use carefully. + Defaults to 100 + type: integer + minimumClusterTSCFrequency: + description: |- + Allow overriding the automatically determined minimum TSC frequency of the cluster + and fixate the minimum to this frequency. + format: int64 + type: integer + minimumReservePVCBytes: + description: |- + MinimumReservePVCBytes is the amount of space, in bytes, to leave unused on disks. + Defaults to 131072 (128KiB) + format: int64 + type: integer + nodeSelectors: + additionalProperties: + type: string + description: |- + NodeSelectors allows restricting VMI creation to nodes that match a set of labels. + Defaults to none + type: object + pvcTolerateLessSpaceUpToPercent: + description: |- + LessPVCSpaceToleration determines how much smaller, in percentage, disk PVCs are + allowed to be compared to the requested size (to account for various overheads). + Defaults to 10 + type: integer + useEmulation: + description: |- + UseEmulation can be set to true to allow fallback to software emulation + in case hardware-assisted emulation is not available. Defaults to false + type: boolean + type: object + emulatedMachines: + description: Deprecated. Use architectureConfiguration instead. + items: + type: string + type: array + evictionStrategy: + description: |- + EvictionStrategy defines at the cluster level if the VirtualMachineInstance should be + migrated instead of shut-off in case of a node drain. If the VirtualMachineInstance specific + field is set it overrides the cluster level one. + type: string + handlerConfiguration: + description: |- + ReloadableComponentConfiguration holds all generic k8s configuration options which can + be reloaded by components without requiring a restart. + properties: + restClient: + description: RestClient can be used to tune certain aspects + of the k8s client in use. + properties: + rateLimiter: + description: RateLimiter allows selecting and configuring + different rate limiters for the k8s client. + properties: + tokenBucketRateLimiter: + properties: + burst: + description: |- + Maximum burst for throttle. + If it's zero, the component default will be used + type: integer + qps: + description: |- + QPS indicates the maximum QPS to the apiserver from this client. + If it's zero, the component default will be used + type: number + required: + - burst + - qps + type: object + type: object + type: object + type: object + imagePullPolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + ksmConfiguration: + description: KSMConfiguration holds the information regarding + the enabling the KSM in the nodes (if available). + properties: + nodeLabelSelector: + description: |- + NodeLabelSelector is a selector that filters in which nodes the KSM will be enabled. + Empty NodeLabelSelector will enable ksm for every node. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + liveUpdateConfiguration: + description: LiveUpdateConfiguration holds defaults for live update + features + properties: + maxCpuSockets: + description: MaxCpuSockets holds the maximum amount of sockets + that can be hotplugged + format: int32 + type: integer + maxGuest: + anyOf: + - type: integer + - type: string + description: |- + MaxGuest defines the maximum amount memory that can be allocated + to the guest using hotplug. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + maxHotplugRatio: + description: |- + MaxHotplugRatio is the ratio used to define the max amount + of a hotplug resource that can be made available to a VM + when the specific Max* setting is not defined (MaxCpuSockets, MaxGuest) + Example: VM is configured with 512Mi of guest memory, if MaxGuest is not + defined and MaxHotplugRatio is 2 then MaxGuest = 1Gi + defaults to 4 + format: int32 + type: integer + type: object + machineType: + description: Deprecated. Use architectureConfiguration instead. + type: string + mediatedDevicesConfiguration: + description: MediatedDevicesConfiguration holds information about + MDEV types to be defined, if available + properties: + mediatedDeviceTypes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mediatedDevicesTypes: + description: Deprecated. Use mediatedDeviceTypes instead. + items: + type: string + type: array + x-kubernetes-list-type: atomic + nodeMediatedDeviceTypes: + items: + description: NodeMediatedDeviceTypesConfig holds information + about MDEV types to be defined in a specific node that + matches the NodeSelector field. + properties: + mediatedDeviceTypes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mediatedDevicesTypes: + description: Deprecated. Use mediatedDeviceTypes instead. + items: + type: string + type: array + x-kubernetes-list-type: atomic + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the vmi to fit on a node. + Selector which must match a node's labels for the vmi to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + required: + - nodeSelector + type: object + type: array + x-kubernetes-list-type: atomic + type: object + memBalloonStatsPeriod: + format: int32 + type: integer + migrations: + description: |- + MigrationConfiguration holds migration options. + Can be overridden for specific groups of VMs though migration policies. + Visit https://kubevirt.io/user-guide/operations/migration_policies/ for more information. + properties: + allowAutoConverge: + description: |- + AllowAutoConverge allows the platform to compromise performance/availability of VMIs to + guarantee successful VMI live migrations. Defaults to false + type: boolean + allowPostCopy: + description: |- + AllowPostCopy enables post-copy live migrations. Such migrations allow even the busiest VMIs + to successfully live-migrate. However, events like a network failure can cause a VMI crash. + If set to true, migrations will still start in pre-copy, but switch to post-copy when + CompletionTimeoutPerGiB triggers. Defaults to false + type: boolean + bandwidthPerMigration: + anyOf: + - type: integer + - type: string + description: |- + BandwidthPerMigration limits the amount of network bandwidth live migrations are allowed to use. + The value is in quantity per second. Defaults to 0 (no limit) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + completionTimeoutPerGiB: + description: |- + CompletionTimeoutPerGiB is the maximum number of seconds per GiB a migration is allowed to take. + If a live-migration takes longer to migrate than this value multiplied by the size of the VMI, + the migration will be cancelled, unless AllowPostCopy is true. Defaults to 800 + format: int64 + type: integer + disableTLS: + description: |- + When set to true, DisableTLS will disable the additional layer of live migration encryption + provided by KubeVirt. This is usually a bad idea. Defaults to false + type: boolean + matchSELinuxLevelOnMigration: + description: |- + By default, the SELinux level of target virt-launcher pods is forced to the level of the source virt-launcher. + When set to true, MatchSELinuxLevelOnMigration lets the CRI auto-assign a random level to the target. + That will ensure the target virt-launcher doesn't share categories with another pod on the node. + However, migrations will fail when using RWX volumes that don't automatically deal with SELinux levels. + type: boolean + network: + description: |- + Network is the name of the CNI network to use for live migrations. By default, migrations go + through the pod network. + type: string + nodeDrainTaintKey: + description: |- + NodeDrainTaintKey defines the taint key that indicates a node should be drained. + Note: this option relies on the deprecated node taint feature. Default: kubevirt.io/drain + type: string + parallelMigrationsPerCluster: + description: |- + ParallelMigrationsPerCluster is the total number of concurrent live migrations + allowed cluster-wide. Defaults to 5 + format: int32 + type: integer + parallelOutboundMigrationsPerNode: + description: |- + ParallelOutboundMigrationsPerNode is the maximum number of concurrent outgoing live migrations + allowed per node. Defaults to 2 + format: int32 + type: integer + progressTimeout: + description: |- + ProgressTimeout is the maximum number of seconds a live migration is allowed to make no progress. + Hitting this timeout means a migration transferred 0 data for that many seconds. The migration is + then considered stuck and therefore cancelled. Defaults to 150 + format: int64 + type: integer + unsafeMigrationOverride: + description: |- + UnsafeMigrationOverride allows live migrations to occur even if the compatibility check + indicates the migration will be unsafe to the guest. Defaults to false + type: boolean + type: object + minCPUModel: + type: string + network: + description: NetworkConfiguration holds network options + properties: + binding: + additionalProperties: + properties: + computeResourceOverhead: + description: |- + ComputeResourceOverhead specifies the resource overhead that should be added to the compute container when using the binding. + version: v1alphav1 + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + domainAttachmentType: + description: |- + DomainAttachmentType is a standard domain network attachment method kubevirt supports. + Supported values: "tap". + The standard domain attachment can be used instead or in addition to the sidecarImage. + version: 1alphav1 + type: string + downwardAPI: + description: |- + DownwardAPI specifies what kind of data should be exposed to the binding plugin sidecar. + Supported values: "device-info" + version: v1alphav1 + type: string + migration: + description: |- + Migration means the VM using the plugin can be safely migrated + version: 1alphav1 + properties: + method: + description: |- + Method defines a pre-defined migration methodology + version: 1alphav1 + type: string + type: object + networkAttachmentDefinition: + description: |- + NetworkAttachmentDefinition references to a NetworkAttachmentDefinition CR object. + Format: , /. + If namespace is not specified, VMI namespace is assumed. + version: 1alphav1 + type: string + sidecarImage: + description: |- + SidecarImage references a container image that runs in the virt-launcher pod. + The sidecar handles (libvirt) domain configuration and optional services. + version: 1alphav1 + type: string + type: object + type: object + defaultNetworkInterface: + type: string + permitBridgeInterfaceOnPodNetwork: + type: boolean + permitSlirpInterface: + description: |- + DeprecatedPermitSlirpInterface is an alias for the deprecated PermitSlirpInterface. + Deprecated: Removed in v1.3. + type: boolean + type: object + obsoleteCPUModels: + additionalProperties: + type: boolean + type: object + ovmfPath: + description: Deprecated. Use architectureConfiguration instead. + type: string + permittedHostDevices: + description: PermittedHostDevices holds information about devices + allowed for passthrough + properties: + mediatedDevices: + items: + description: MediatedHostDevice represents a host mediated + device allowed for passthrough + properties: + externalResourceProvider: + type: boolean + mdevNameSelector: + type: string + resourceName: + type: string + required: + - mdevNameSelector + - resourceName + type: object + type: array + x-kubernetes-list-type: atomic + pciHostDevices: + items: + description: PciHostDevice represents a host PCI device + allowed for passthrough + properties: + externalResourceProvider: + description: |- + If true, KubeVirt will leave the allocation and monitoring to an + external device plugin + type: boolean + pciVendorSelector: + description: The vendor_id:product_id tuple of the PCI + device + type: string + resourceName: + description: |- + The name of the resource that is representing the device. Exposed by + a device plugin and requested by VMs. Typically of the form + vendor.com/product_name + type: string + required: + - pciVendorSelector + - resourceName + type: object + type: array + x-kubernetes-list-type: atomic + usb: + items: + properties: + externalResourceProvider: + description: |- + If true, KubeVirt will leave the allocation and monitoring to an + external device plugin + type: boolean + resourceName: + description: |- + Identifies the list of USB host devices. + e.g: kubevirt.io/storage, kubevirt.io/bootable-usb, etc + type: string + selectors: + items: + properties: + product: + type: string + vendor: + type: string + required: + - product + - vendor + type: object + type: array + x-kubernetes-list-type: atomic + required: + - resourceName + type: object + type: array + x-kubernetes-list-type: atomic + type: object + seccompConfiguration: + description: SeccompConfiguration holds Seccomp configuration + for Kubevirt components + properties: + virtualMachineInstanceProfile: + description: VirtualMachineInstanceProfile defines what profile + should be used with virt-launcher. Defaults to none + properties: + customProfile: + description: CustomProfile allows to request arbitrary + profile for virt-launcher + properties: + localhostProfile: + type: string + runtimeDefaultProfile: + type: boolean + type: object + type: object + type: object + selinuxLauncherType: + type: string + smbios: + properties: + family: + type: string + manufacturer: + type: string + product: + type: string + sku: + type: string + version: + type: string + type: object + supportContainerResources: + description: SupportContainerResources specifies the resource + requirements for various types of supporting containers such + as container disks/virtiofs/sidecars and hotplug attachment + pods. If omitted a sensible default will be supplied. + items: + description: SupportContainerResources are used to specify the + cpu/memory request and limits for the containers that support + various features of Virtual Machines. These containers are + usually idle and don't require a lot of memory or cpu. + properties: + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: + type: string + required: + - resources + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + supportedGuestAgentVersions: + description: deprecated + items: + type: string + type: array + tlsConfiguration: + description: TLSConfiguration holds TLS options + properties: + ciphers: + items: + type: string + type: array + x-kubernetes-list-type: set + minTLSVersion: + description: |- + MinTLSVersion is a way to specify the minimum protocol version that is acceptable for TLS connections. + Protocol versions are based on the following most common TLS configurations: + + + https://ssl-config.mozilla.org/ + + + Note that SSLv3.0 is not a supported protocol version due to well known + vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + virtualMachineInstancesPerNode: + type: integer + virtualMachineOptions: + description: VirtualMachineOptions holds the cluster level information + regarding the virtual machine. + properties: + disableFreePageReporting: + description: |- + DisableFreePageReporting disable the free page reporting of + memory balloon device https://libvirt.org/formatdomain.html#memory-balloon-device. + This will have effect only if AutoattachMemBalloon is not false and the vmi is not + requesting any high performance feature (dedicatedCPU/realtime/hugePages), in which free page reporting is always disabled. + type: object + disableSerialConsoleLog: + description: |- + DisableSerialConsoleLog disables logging the auto-attached default serial console. + If not set, serial console logs will be written to a file and then streamed from a container named 'guest-console-log'. + The value can be individually overridden for each VM, not relevant if AutoattachSerialConsole is disabled. + type: object + type: object + vmRolloutStrategy: + description: VMRolloutStrategy defines how changes to a VM object + propagate to its VMI + enum: + - Stage + - LiveUpdate + nullable: true + type: string + vmStateStorageClass: + description: |- + VMStateStorageClass is the name of the storage class to use for the PVCs created to preserve VM state, like TPM. + The storage class must support RWX in filesystem mode. + type: string + webhookConfiguration: + description: |- + ReloadableComponentConfiguration holds all generic k8s configuration options which can + be reloaded by components without requiring a restart. + properties: + restClient: + description: RestClient can be used to tune certain aspects + of the k8s client in use. + properties: + rateLimiter: + description: RateLimiter allows selecting and configuring + different rate limiters for the k8s client. + properties: + tokenBucketRateLimiter: + properties: + burst: + description: |- + Maximum burst for throttle. + If it's zero, the component default will be used + type: integer + qps: + description: |- + QPS indicates the maximum QPS to the apiserver from this client. + If it's zero, the component default will be used + type: number + required: + - burst + - qps + type: object + type: object + type: object + type: object + type: object + customizeComponents: + properties: + flags: + description: Configure the value used for deployment and daemonset + resources + properties: + api: + additionalProperties: + type: string + type: object + controller: + additionalProperties: + type: string + type: object + handler: + additionalProperties: + type: string + type: object + type: object + patches: + items: + properties: + patch: + type: string + resourceName: + minLength: 1 + type: string + resourceType: + minLength: 1 + type: string + type: + type: string + required: + - patch + - resourceName + - resourceType + - type + type: object + type: array + x-kubernetes-list-type: atomic + type: object + imagePullPolicy: + description: The ImagePullPolicy to use. + type: string + imagePullSecrets: + description: |- + The imagePullSecrets to pull the container images from + Defaults to none + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + imageRegistry: + description: |- + The image registry to pull the container images from + Defaults to the same registry the operator's container image is pulled from. + type: string + imageTag: + description: |- + The image tag to use for the continer images installed. + Defaults to the same tag as the operator's container image. + type: string + infra: + description: selectors and tolerations that should apply to KubeVirt + infrastructure components + properties: + nodePlacement: + description: |- + nodePlacement describes scheduling configuration for specific + KubeVirt components + properties: + affinity: + description: |- + affinity enables pod affinity/anti-affinity placement expanding the types of constraints + that can be expressed with nodeSelector. + affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector + See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector is the node selector applied to the relevant kind of pods + It specifies a map of key-value pairs: for the pod to be eligible to run on a node, + the node must have each of the indicated key-value pairs as labels + (it can have additional labels as well). + See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + type: object + tolerations: + description: |- + tolerations is a list of tolerations applied to the relevant kind of pods + See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info. + These are additional tolerations other than default ones. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: |- + replicas indicates how many replicas should be created for each KubeVirt infrastructure + component (like virt-api or virt-controller). Defaults to 2. + WARNING: this is an advanced feature that prevents auto-scaling for core kubevirt components. Please use with caution! + type: integer + type: object + monitorAccount: + description: |- + The name of the Prometheus service account that needs read-access to KubeVirt endpoints + Defaults to prometheus-k8s + type: string + monitorNamespace: + description: |- + The namespace Prometheus is deployed in + Defaults to openshift-monitor + type: string + productComponent: + description: |- + Designate the apps.kubevirt.io/component label for KubeVirt components. + Useful if KubeVirt is included as part of a product. + If ProductComponent is not specified, the component label default value is kubevirt. + type: string + productName: + description: |- + Designate the apps.kubevirt.io/part-of label for KubeVirt components. + Useful if KubeVirt is included as part of a product. + If ProductName is not specified, the part-of label will be omitted. + type: string + productVersion: + description: |- + Designate the apps.kubevirt.io/version label for KubeVirt components. + Useful if KubeVirt is included as part of a product. + If ProductVersion is not specified, KubeVirt's version will be used. + type: string + serviceMonitorNamespace: + description: |- + The namespace the service monitor will be deployed + When ServiceMonitorNamespace is set, then we'll install the service monitor object in that namespace + otherwise we will use the monitoring namespace. + type: string + uninstallStrategy: + description: |- + Specifies if kubevirt can be deleted if workloads are still present. + This is mainly a precaution to avoid accidental data loss + type: string + workloadUpdateStrategy: + description: |- + WorkloadUpdateStrategy defines at the cluster level how to handle + automated workload updates + properties: + batchEvictionInterval: + description: |- + BatchEvictionInterval Represents the interval to wait before issuing the next + batch of shutdowns + + + Defaults to 1 minute + type: string + batchEvictionSize: + description: |- + BatchEvictionSize Represents the number of VMIs that can be forced updated per + the BatchShutdownInteral interval + + + Defaults to 10 + type: integer + workloadUpdateMethods: + description: |- + WorkloadUpdateMethods defines the methods that can be used to disrupt workloads + during automated workload updates. + When multiple methods are present, the least disruptive method takes + precedence over more disruptive methods. For example if both LiveMigrate and Shutdown + methods are listed, only VMs which are not live migratable will be restarted/shutdown + + + An empty list defaults to no automated workload updating + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + workloads: + description: selectors and tolerations that should apply to KubeVirt + workloads + properties: + nodePlacement: + description: |- + nodePlacement describes scheduling configuration for specific + KubeVirt components + properties: + affinity: + description: |- + affinity enables pod affinity/anti-affinity placement expanding the types of constraints + that can be expressed with nodeSelector. + affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector + See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector is the node selector applied to the relevant kind of pods + It specifies a map of key-value pairs: for the pod to be eligible to run on a node, + the node must have each of the indicated key-value pairs as labels + (it can have additional labels as well). + See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + type: object + tolerations: + description: |- + tolerations is a list of tolerations applied to the relevant kind of pods + See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info. + These are additional tolerations other than default ones. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: |- + replicas indicates how many replicas should be created for each KubeVirt infrastructure + component (like virt-api or virt-controller). Defaults to 2. + WARNING: this is an advanced feature that prevents auto-scaling for core kubevirt components. Please use with caution! + type: integer + type: object + type: object + status: + description: KubeVirtStatus represents information pertaining to a KubeVirt + deployment. + properties: + conditions: + items: + description: KubeVirtCondition represents a condition of a KubeVirt + deployment + properties: + lastProbeTime: + format: date-time + nullable: true + type: string + lastTransitionTime: + format: date-time + nullable: true + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + defaultArchitecture: + type: string + generations: + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - lastGeneration + - name + - resource + type: object + type: array + x-kubernetes-list-type: atomic + observedDeploymentConfig: + type: string + observedDeploymentID: + type: string + observedGeneration: + format: int64 + type: integer + observedKubeVirtRegistry: + type: string + observedKubeVirtVersion: + type: string + operatorVersion: + type: string + outdatedVirtualMachineInstanceWorkloads: + type: integer + phase: + description: KubeVirtPhase is a label for the phase of a KubeVirt + deployment at the current time. + type: string + targetDeploymentConfig: + type: string + targetDeploymentID: + type: string + targetKubeVirtRegistry: + type: string + targetKubeVirtVersion: + type: string + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} diff --git a/charts/kubevirt/0.4.1/templates/NOTES.txt b/charts/kubevirt/0.4.1/templates/NOTES.txt new file mode 100644 index 00000000..6ff75bf8 --- /dev/null +++ b/charts/kubevirt/0.4.1/templates/NOTES.txt @@ -0,0 +1,2 @@ +Verify that all KubeVirt components are installed correctly: + kubectl get all -n {{ .Release.Namespace }} diff --git a/charts/kubevirt/0.4.1/templates/_helpers.tpl b/charts/kubevirt/0.4.1/templates/_helpers.tpl new file mode 100644 index 00000000..81d11b3a --- /dev/null +++ b/charts/kubevirt/0.4.1/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "kubevirt.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kubevirt.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kubevirt.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kubevirt.labels" -}} +helm.sh/chart: {{ include "kubevirt.chart" . }} +{{ include "kubevirt.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kubevirt.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kubevirt.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "kubevirt.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "kubevirt.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/kubevirt/0.4.1/templates/_hooks.tpl b/charts/kubevirt/0.4.1/templates/_hooks.tpl new file mode 100644 index 00000000..45d484a2 --- /dev/null +++ b/charts/kubevirt/0.4.1/templates/_hooks.tpl @@ -0,0 +1,47 @@ +{{/* Hook annotations */}} +{{- define "kubevirt.hook.annotations" -}} + annotations: + "helm.sh/hook": {{ .hookType }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": {{ .hookWeight | quote }} +{{- end -}} + +{{/* Namespace modifying hook annotations */}} +{{- define "kubevirt.namespaceHook.annotations" -}} +{{ template "kubevirt.hook.annotations" merge (dict "hookType" "pre-install") . }} +{{- end -}} + +{{/* CRD upgrading hook annotations */}} +{{- define "kubevirt.crdUpgradeHook.annotations" -}} +{{ template "kubevirt.hook.annotations" merge (dict "hookType" "pre-upgrade") . }} +{{- end -}} + +{{/* Custom resource uninstalling hook annotations */}} +{{- define "kubevirt.crUninstallHook.annotations" -}} +{{ template "kubevirt.hook.annotations" merge (dict "hookType" "pre-delete") . }} +{{- end -}} + +{{/* CRD uninstalling hook annotations */}} +{{- define "kubevirt.crdUninstallHook.annotations" -}} +{{ template "kubevirt.hook.annotations" merge (dict "hookType" "post-delete") . }} +{{- end -}} + +{{/* Namespace modifying hook name */}} +{{- define "kubevirt.namespaceHook.name" -}} +{{ include "kubevirt.fullname" . }}-namespace-modify +{{- end }} + +{{/* CRD upgrading hook name */}} +{{- define "kubevirt.crdUpgradeHook.name" -}} +{{ include "kubevirt.fullname" . }}-crd-upgrade +{{- end }} + +{{/* Custom resource uninstalling hook name */}} +{{- define "kubevirt.crUninstallHook.name" -}} +{{ include "kubevirt.fullname" . }}-uninstall +{{- end }} + +{{/* CRD uninstalling hook name */}} +{{- define "kubevirt.crdUninstallHook.name" -}} +{{ include "kubevirt.fullname" . }}-crd-uninstall +{{- end }} diff --git a/charts/kubevirt/0.4.1/templates/crd-uninstall-hooks.yaml b/charts/kubevirt/0.4.1/templates/crd-uninstall-hooks.yaml new file mode 100644 index 00000000..fed020d3 --- /dev/null +++ b/charts/kubevirt/0.4.1/templates/crd-uninstall-hooks.yaml @@ -0,0 +1,57 @@ +{{- if .Values.hooksEnabled.crd.uninstall }} +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.crdUninstallHook.name" . }} + {{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 1) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kubevirt.crdUninstallHook.name" . }} + {{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 1) }} +rules: + - apiGroups: [ "apiextensions.k8s.io" ] + resources: [ "customresourcedefinitions" ] + resourceNames: + - "kubevirts.kubevirt.io" + verbs: [ "delete" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kubevirt.crdUninstallHook.name" . }} + {{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 2) }} +subjects: + - kind: ServiceAccount + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.crdUninstallHook.name" . }} +roleRef: + kind: ClusterRole + name: {{ template "kubevirt.crdUninstallHook.name" . }} + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: batch/v1 +kind: Job +metadata: + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.crdUninstallHook.name" . }} + {{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 3) }} +spec: + template: + metadata: + name: {{ template "kubevirt.crdUninstallHook.name" . }} + spec: + serviceAccountName: {{ template "kubevirt.crdUninstallHook.name" . }} + restartPolicy: {{ .Values.hookRestartPolicy }} + containers: + - name: {{ template "kubevirt.crdUninstallHook.name" . }} + image: {{ .Values.hookImage }} + args: + - delete + - customresourcedefinitions + - kubevirts.kubevirt.io + securityContext: + {{- toYaml .Values.hookSecurityContext | nindent 12 }} +{{- end }} \ No newline at end of file diff --git a/charts/kubevirt/0.4.1/templates/crd-upgrade-hooks.yaml b/charts/kubevirt/0.4.1/templates/crd-upgrade-hooks.yaml new file mode 100644 index 00000000..f911e064 --- /dev/null +++ b/charts/kubevirt/0.4.1/templates/crd-upgrade-hooks.yaml @@ -0,0 +1,82 @@ +{{- if .Values.hooksEnabled.crd.upgrade }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Release.Namespace }} + name: kubevirt-crd-manifest + {{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 1) }} +data: + crd: |- + {{ $.Files.Get "crds/kubevirt.yaml" | nindent 4 }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.crdUpgradeHook.name" . }} + {{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 2) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kubevirt.crdUpgradeHook.name" . }} + {{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 2) }} +rules: + - apiGroups: [ "" ] + resources: [ "configmaps" ] + resourceNames: + - "kubevirt-crd-manifest" + verbs: [ "get" ] + - apiGroups: [ "apiextensions.k8s.io" ] + resources: [ "customresourcedefinitions" ] + resourceNames: + - "kubevirts.kubevirt.io" + verbs: [ "get", "patch" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kubevirt.crdUpgradeHook.name" . }} + {{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 3) }} +subjects: + - kind: ServiceAccount + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.crdUpgradeHook.name" . }} +roleRef: + kind: ClusterRole + name: {{ template "kubevirt.crdUpgradeHook.name" . }} + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: batch/v1 +kind: Job +metadata: + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.crdUpgradeHook.name" . }} + {{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 4) }} +spec: + template: + metadata: + name: {{ template "kubevirt.crdUpgradeHook.name" . }} + spec: + serviceAccountName: {{ template "kubevirt.crdUpgradeHook.name" . }} + restartPolicy: {{ .Values.hookRestartPolicy }} + containers: + - name: {{ template "kubevirt.crdUpgradeHook.name" . }} + securityContext: + {{- toYaml .Values.hookSecurityContext | nindent 12 }} + image: {{ .Values.hookImage }} + args: + - apply + - -f + - /etc/manifests/crd.yaml + volumeMounts: + - name: crd-volume + mountPath: /etc/manifests + volumes: + - name: crd-volume + configMap: + name: kubevirt-crd-manifest + items: + - key: crd + path: crd.yaml +{{- end }} \ No newline at end of file diff --git a/charts/kubevirt/0.4.1/templates/kubevirt-operator.yaml b/charts/kubevirt/0.4.1/templates/kubevirt-operator.yaml new file mode 100644 index 00000000..e3941088 --- /dev/null +++ b/charts/kubevirt/0.4.1/templates/kubevirt-operator.yaml @@ -0,0 +1,1361 @@ +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: kubevirt-cluster-critical +value: 1000000000 +globalDefault: false +description: "This priority class should be used for core kubevirt components only." +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubevirt.io:operator + labels: + operator.kubevirt.io: "" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + kubevirt.io: "" + name: kubevirt-operator + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + kubevirt.io: "" + name: kubevirt-operator + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: + - "" + resourceNames: + - kubevirt-ca + - kubevirt-export-ca + - kubevirt-virt-handler-certs + - kubevirt-virt-handler-server-certs + - kubevirt-operator-certs + - kubevirt-virt-api-certs + - kubevirt-controller-certs + - kubevirt-exportproxy-certs + resources: + - secrets + verbs: + - create + - get + - list + - watch + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - watch + - patch + - delete + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - create + - get + - list + - watch + - patch + - delete + - apiGroups: + - route.openshift.io + resources: + - routes/custom-host + verbs: + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - delete + - update + - create + - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - list + - get + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - get + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - delete + - update + - create + - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "" + resourceNames: + - kubevirt-export-ca + resources: + - configmaps + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + kubevirt.io: "" + name: kubevirt-operator-rolebinding + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubevirt-operator +subjects: + - kind: ServiceAccount + name: kubevirt-operator + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + kubevirt.io: "" + name: kubevirt-operator +rules: + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - list + - watch + - patch + - update + - patch + - apiGroups: + - "" + resources: + - serviceaccounts + - services + - endpoints + - pods/exec + verbs: + - get + - list + - watch + - create + - update + - delete + - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - patch + - delete + - apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch + - create + - delete + - patch + - apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - watch + - list + - create + - delete + - patch + - apiGroups: + - apps + resources: + - deployments + - daemonsets + verbs: + - get + - list + - watch + - create + - delete + - patch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - delete + - patch + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - create + - get + - list + - watch + - apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - get + - patch + - update + - apiGroups: + - security.openshift.io + resourceNames: + - kubevirt-handler + - kubevirt-controller + resources: + - securitycontextconstraints + verbs: + - get + - list + - watch + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + - validatingadmissionpolicybindings + - validatingadmissionpolicies + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + - prometheusrules + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - patch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - delete + - patch + - apiGroups: + - kubevirt.io + resources: + - virtualmachines + - virtualmachineinstances + verbs: + - get + - list + - watch + - patch + - update + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - apiGroups: + - kubevirt.io + resources: + - virtualmachines/status + verbs: + - patch + - apiGroups: + - kubevirt.io + resources: + - virtualmachineinstancemigrations + verbs: + - create + - get + - list + - watch + - patch + - apiGroups: + - kubevirt.io + resources: + - virtualmachineinstancepresets + verbs: + - watch + - list + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - limitranges + verbs: + - watch + - list + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - list + - watch + - apiGroups: + - snapshot.kubevirt.io + resources: + - virtualmachinesnapshots + - virtualmachinerestores + - virtualmachinesnapshotcontents + verbs: + - get + - list + - watch + - apiGroups: + - cdi.kubevirt.io + resources: + - datasources + - datavolumes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences + verbs: + - get + - list + - watch + - apiGroups: + - migrations.kubevirt.io + resources: + - migrationpolicies + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - create + - list + - get + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - patch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - delete + - create + - patch + - apiGroups: + - "" + resources: + - pods + - configmaps + - endpoints + - services + verbs: + - get + - list + - watch + - delete + - update + - create + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - update + - create + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - apiGroups: + - "" + resources: + - pods/finalizers + verbs: + - update + - apiGroups: + - "" + resources: + - pods/eviction + verbs: + - create + - apiGroups: + - "" + resources: + - pods/status + verbs: + - patch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - list + - apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - watch + - list + - create + - delete + - get + - update + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - update + - delete + - patch + - apiGroups: + - snapshot.kubevirt.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - export.kubevirt.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - pool.kubevirt.io + resources: + - virtualmachinepools + - virtualmachinepools/finalizers + - virtualmachinepools/status + - virtualmachinepools/scale + verbs: + - watch + - list + - create + - delete + - update + - patch + - get + - apiGroups: + - kubevirt.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachineinstances/addvolume + - virtualmachineinstances/removevolume + - virtualmachineinstances/freeze + - virtualmachineinstances/unfreeze + - virtualmachineinstances/softreboot + - virtualmachineinstances/sev/setupsession + - virtualmachineinstances/sev/injectlaunchsecret + verbs: + - update + - apiGroups: + - cdi.kubevirt.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences + verbs: + - get + - list + - watch + - apiGroups: + - migrations.kubevirt.io + resources: + - migrationpolicies + verbs: + - get + - list + - watch + - apiGroups: + - clone.kubevirt.io + resources: + - virtualmachineclones + - virtualmachineclones/status + - virtualmachineclones/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - resourcequotas + verbs: + - list + - watch + - apiGroups: + - kubevirt.io + resources: + - virtualmachineinstances + verbs: + - update + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - patch + - list + - watch + - get + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - list + - watch + - apiGroups: + - migrations.kubevirt.io + resources: + - migrationpolicies + verbs: + - get + - list + - watch + - apiGroups: + - export.kubevirt.io + resources: + - virtualmachineexports + verbs: + - get + - list + - watch + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - list + - watch + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - list + - apiGroups: + - subresources.kubevirt.io + resources: + - version + - guestfs + verbs: + - get + - list + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachineinstances/console + - virtualmachineinstances/vnc + - virtualmachineinstances/vnc/screenshot + - virtualmachineinstances/portforward + - virtualmachineinstances/guestosinfo + - virtualmachineinstances/filesystemlist + - virtualmachineinstances/userlist + - virtualmachineinstances/sev/fetchcertchain + - virtualmachineinstances/sev/querylaunchmeasurement + verbs: + - get + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachineinstances/pause + - virtualmachineinstances/unpause + - virtualmachineinstances/addvolume + - virtualmachineinstances/removevolume + - virtualmachineinstances/freeze + - virtualmachineinstances/unfreeze + - virtualmachineinstances/softreboot + - virtualmachineinstances/sev/setupsession + - virtualmachineinstances/sev/injectlaunchsecret + verbs: + - update + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/expand-spec + - virtualmachines/portforward + verbs: + - get + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/start + - virtualmachines/stop + - virtualmachines/restart + - virtualmachines/addvolume + - virtualmachines/removevolume + - virtualmachines/migrate + - virtualmachines/memorydump + verbs: + - update + - apiGroups: + - subresources.kubevirt.io + resources: + - expand-vm-spec + verbs: + - update + - apiGroups: + - kubevirt.io + resources: + - virtualmachines + - virtualmachineinstances + - virtualmachineinstancepresets + - virtualmachineinstancereplicasets + - virtualmachineinstancemigrations + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection + - apiGroups: + - snapshot.kubevirt.io + resources: + - virtualmachinesnapshots + - virtualmachinesnapshotcontents + - virtualmachinerestores + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection + - apiGroups: + - export.kubevirt.io + resources: + - virtualmachineexports + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection + - apiGroups: + - clone.kubevirt.io + resources: + - virtualmachineclones + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection + - apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection + - apiGroups: + - pool.kubevirt.io + resources: + - virtualmachinepools + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection + - apiGroups: + - migrations.kubevirt.io + resources: + - migrationpolicies + verbs: + - get + - list + - watch + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachineinstances/console + - virtualmachineinstances/vnc + - virtualmachineinstances/vnc/screenshot + - virtualmachineinstances/portforward + - virtualmachineinstances/guestosinfo + - virtualmachineinstances/filesystemlist + - virtualmachineinstances/userlist + - virtualmachineinstances/sev/fetchcertchain + - virtualmachineinstances/sev/querylaunchmeasurement + verbs: + - get + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachineinstances/pause + - virtualmachineinstances/unpause + - virtualmachineinstances/addvolume + - virtualmachineinstances/removevolume + - virtualmachineinstances/freeze + - virtualmachineinstances/unfreeze + - virtualmachineinstances/softreboot + - virtualmachineinstances/sev/setupsession + - virtualmachineinstances/sev/injectlaunchsecret + verbs: + - update + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/expand-spec + - virtualmachines/portforward + verbs: + - get + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/start + - virtualmachines/stop + - virtualmachines/restart + - virtualmachines/addvolume + - virtualmachines/removevolume + - virtualmachines/migrate + - virtualmachines/memorydump + verbs: + - update + - apiGroups: + - subresources.kubevirt.io + resources: + - expand-vm-spec + verbs: + - update + - apiGroups: + - kubevirt.io + resources: + - virtualmachines + - virtualmachineinstances + - virtualmachineinstancepresets + - virtualmachineinstancereplicasets + - virtualmachineinstancemigrations + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - apiGroups: + - snapshot.kubevirt.io + resources: + - virtualmachinesnapshots + - virtualmachinesnapshotcontents + - virtualmachinerestores + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - apiGroups: + - export.kubevirt.io + resources: + - virtualmachineexports + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - apiGroups: + - clone.kubevirt.io + resources: + - virtualmachineclones + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - apiGroups: + - pool.kubevirt.io + resources: + - virtualmachinepools + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - list + - apiGroups: + - migrations.kubevirt.io + resources: + - migrationpolicies + verbs: + - get + - list + - watch + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - list + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/expand-spec + - virtualmachineinstances/guestosinfo + - virtualmachineinstances/filesystemlist + - virtualmachineinstances/userlist + - virtualmachineinstances/sev/fetchcertchain + - virtualmachineinstances/sev/querylaunchmeasurement + verbs: + - get + - apiGroups: + - subresources.kubevirt.io + resources: + - expand-vm-spec + verbs: + - update + - apiGroups: + - kubevirt.io + resources: + - virtualmachines + - virtualmachineinstances + - virtualmachineinstancepresets + - virtualmachineinstancereplicasets + - virtualmachineinstancemigrations + verbs: + - get + - list + - watch + - apiGroups: + - snapshot.kubevirt.io + resources: + - virtualmachinesnapshots + - virtualmachinesnapshotcontents + - virtualmachinerestores + verbs: + - get + - list + - watch + - apiGroups: + - export.kubevirt.io + resources: + - virtualmachineexports + verbs: + - get + - list + - watch + - apiGroups: + - clone.kubevirt.io + resources: + - virtualmachineclones + verbs: + - get + - list + - watch + - apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences + verbs: + - get + - list + - watch + - apiGroups: + - pool.kubevirt.io + resources: + - virtualmachinepools + verbs: + - get + - list + - watch + - apiGroups: + - migrations.kubevirt.io + resources: + - migrationpolicies + verbs: + - get + - list + - watch + - apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineclusterinstancetypes + - virtualmachineclusterpreferences + verbs: + - get + - list + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + kubevirt.io: "" + name: kubevirt-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubevirt-operator +subjects: + - kind: ServiceAccount + name: kubevirt-operator + namespace: {{ .Release.Namespace }} + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + kubevirt.io: virt-operator + name: virt-operator + namespace: {{ .Release.Namespace }} +spec: + replicas: 2 + selector: + matchLabels: + kubevirt.io: virt-operator + strategy: + type: RollingUpdate + template: + metadata: + labels: + kubevirt.io: virt-operator + name: virt-operator + prometheus.kubevirt.io: "true" + name: virt-operator + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: kubevirt.io + operator: In + values: + - virt-operator + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - args: + - --port + - "8443" + - -v + - "2" + command: + - virt-operator + env: + - name: VIRT_OPERATOR_IMAGE + value: {{ .Values.operator.image }}:{{ .Values.operator.version }} + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: KUBEVIRT_VERSION + value: {{ .Values.operator.version }} + image: {{ .Values.operator.image }}:{{ .Values.operator.version }} + imagePullPolicy: {{ .Values.operator.pullPolicy }} + name: virt-operator + ports: + - containerPort: 8443 + name: metrics + protocol: TCP + - containerPort: 8444 + name: webhooks + protocol: TCP + readinessProbe: + httpGet: + path: /metrics + port: 8443 + scheme: HTTPS + initialDelaySeconds: 5 + timeoutSeconds: 10 + resources: + requests: + cpu: 10m + memory: 450Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/virt-operator/certificates + name: kubevirt-operator-certs + readOnly: true + - mountPath: /profile-data + name: profile-data + nodeSelector: + kubernetes.io/os: linux + priorityClassName: kubevirt-cluster-critical + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: kubevirt-operator + tolerations: + - key: CriticalAddonsOnly + operator: Exists + volumes: + - name: kubevirt-operator-certs + secret: + optional: true + secretName: kubevirt-operator-certs + - emptyDir: {} + name: profile-data diff --git a/charts/kubevirt/0.4.1/templates/kubevirt-uninstall-hooks.yaml b/charts/kubevirt/0.4.1/templates/kubevirt-uninstall-hooks.yaml new file mode 100644 index 00000000..672699ac --- /dev/null +++ b/charts/kubevirt/0.4.1/templates/kubevirt-uninstall-hooks.yaml @@ -0,0 +1,73 @@ +{{- if .Values.hooksEnabled.kubevirt.uninstall }} +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.crUninstallHook.name" . }} + {{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 1) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.crUninstallHook.name" . }} + {{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 1) }} +rules: + - apiGroups: [ "kubevirt.io" ] + resources: [ "kubevirts" ] + resourceNames: + - "kubevirt" + verbs: [ "get", "list", "delete" ] + - apiGroups: [ "apps" ] + resources: [ "deployments", "daemonsets" ] + verbs: [ "get", "list" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.crUninstallHook.name" . }} + {{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 2) }} +subjects: + - kind: ServiceAccount + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.crUninstallHook.name" . }} +roleRef: + kind: Role + name: {{ template "kubevirt.crUninstallHook.name" . }} + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: batch/v1 +kind: Job +metadata: + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.crUninstallHook.name" . }} + {{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 3) }} +spec: + template: + metadata: + name: {{ template "kubevirt.crUninstallHook.name" . }} + spec: + serviceAccountName: {{ template "kubevirt.crUninstallHook.name" . }} + restartPolicy: {{ .Values.hookRestartPolicy }} + containers: + - name: {{ template "kubevirt.crUninstallHook.name" . }} + image: {{ .Values.hookImage }} + securityContext: + {{- toYaml .Values.hookSecurityContext | nindent 12 }} + args: + - delete + - kubevirt + - kubevirt + - name: {{ template "kubevirt.crUninstallHook.name" . }}-cleanup + image: {{ .Values.hookImage }} + securityContext: + {{- toYaml .Values.hookSecurityContext | nindent 12 }} + args: + - wait + - --for=delete + - deployments/virt-api + - deployments/virt-controller + - daemonsets/virt-handler + - --timeout=60s + {{- end }} \ No newline at end of file diff --git a/charts/kubevirt/0.4.1/templates/kubevirt.yaml b/charts/kubevirt/0.4.1/templates/kubevirt.yaml new file mode 100644 index 00000000..2fe5a095 --- /dev/null +++ b/charts/kubevirt/0.4.1/templates/kubevirt.yaml @@ -0,0 +1,32 @@ +apiVersion: kubevirt.io/v1 +kind: KubeVirt +metadata: + name: kubevirt + namespace: {{ .Release.Namespace }} +spec: + {{- with .Values.kubevirt.configuration }} + configuration: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.kubevirt.customizeComponents }} + customizeComponents: + {{- toYaml . | nindent 4 }} + {{- end }} + imagePullPolicy: {{ .Values.kubevirt.imagePullPolicy }} + {{- with .Values.kubevirt.infra }} + infra: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.kubevirt.uninstallStrategy }} + uninstallStrategy: {{ .Values.kubevirt.uninstallStrategy }} + {{- end }} + {{- with .Values.kubevirt.workloadUpdateStrategy }} + workloadUpdateStrategy: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.kubevirt.monitorNamespace }} + monitorNamespace: {{ .Values.kubevirt.monitorNamespace }} + {{- end }} + {{- if .Values.kubevirt.monitorAccount }} + monitorAccount: {{ .Values.kubevirt.monitorAccount }} + {{- end }} diff --git a/charts/kubevirt/0.4.1/templates/namespace-hooks.yaml b/charts/kubevirt/0.4.1/templates/namespace-hooks.yaml new file mode 100644 index 00000000..6f8eb4ec --- /dev/null +++ b/charts/kubevirt/0.4.1/templates/namespace-hooks.yaml @@ -0,0 +1,62 @@ +{{- if .Values.hooksEnabled.namespace }} +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.namespaceHook.name" . }} + {{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 1) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kubevirt.namespaceHook.name" . }} + {{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 1) }} +rules: + - apiGroups: [ "" ] + resources: [ "namespaces" ] + resourceNames: + - {{ .Release.Namespace | quote }} + verbs: [ "get", "patch" ] + - apiGroups: [ "management.cattle.io" ] # Rancher + resources: [ "projects" ] + verbs: [ "updatepsa" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kubevirt.namespaceHook.name" . }} + {{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 2) }} +subjects: + - kind: ServiceAccount + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.namespaceHook.name" . }} +roleRef: + kind: ClusterRole + name: {{ template "kubevirt.namespaceHook.name" . }} + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: batch/v1 +kind: Job +metadata: + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.namespaceHook.name" . }} + {{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 3) }} +spec: + template: + metadata: + name: {{ template "kubevirt.namespaceHook.name" . }} + spec: + serviceAccountName: {{ template "kubevirt.namespaceHook.name" . }} + restartPolicy: {{ .Values.hookRestartPolicy }} + containers: + - name: {{ template "kubevirt.namespaceHook.name" . }} + securityContext: + {{- toYaml .Values.hookSecurityContext | nindent 12 }} + image: {{ .Values.hookImage }} + args: + - label + - namespace + - {{ .Release.Namespace }} + - kubevirt.io= + - pod-security.kubernetes.io/enforce=privileged + {{- end }} \ No newline at end of file diff --git a/charts/kubevirt/0.4.1/values.yaml b/charts/kubevirt/0.4.1/values.yaml new file mode 100644 index 00000000..2bfcc405 --- /dev/null +++ b/charts/kubevirt/0.4.1/values.yaml @@ -0,0 +1,41 @@ +operator: + image: registry.suse.com/suse/sles/15.6/virt-operator + version: 1.3.1-150600.5.9.1 + pullPolicy: IfNotPresent + +kubevirt: + # Holds kubevirt configurations. Same as the virt-configMap. + configuration: {} + customizeComponents: {} + # The ImagePullPolicy to use. + imagePullPolicy: IfNotPresent + # Selectors and tolerations that should apply to KubeVirt infrastructure components. + infra: {} + # Specifies if KubeVirt can be deleted if workloads are still present. + # This is mainly a precaution to avoid accidental data loss. + uninstallStrategy: "" + # WorkloadUpdateStrategy defines at the cluster level how to handle automated workload updates. + workloadUpdateStrategy: {} + # Optionally enable ServiceMonitor for prometheus, see + # https://kubevirt.io/user-guide/user_workloads/component_monitoring/ + monitorAccount: "" + monitorNamespace: "" + +hooksEnabled: + crd: + upgrade: true + uninstall: true + kubevirt: + uninstall: true + namespace: true +hookImage: rancher/kubectl:v1.30.2 +hookRestartPolicy: OnFailure +hookSecurityContext: + seccompProfile: + type: RuntimeDefault + runAsNonRoot: true + runAsUser: 1000 + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL diff --git a/index.yaml b/index.yaml index cfe81681..fd1b6ae5 100755 --- a/index.yaml +++ b/index.yaml @@ -212,6 +212,17 @@ entries: - assets/endpoint-copier-operator/endpoint-copier-operator-0.2.0.tgz version: 0.2.0 kubevirt: + - apiVersion: v2 + appVersion: 1.3.1 + created: "2024-10-17T16:08:52.433299869Z" + description: A Helm chart for KubeVirt + digest: f3956ac0c6aab1c329b0c3044c9a1b135effe1a0eac946de33223a45380f8d13 + icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg + name: kubevirt + type: application + urls: + - assets/kubevirt/kubevirt-0.4.1.tgz + version: 0.4.1 - apiVersion: v2 appVersion: 1.3.1 created: "2024-09-04T11:50:49.997153+03:00" From 275eedf50446fb5110bbc331c172cdfcdeedcc04 Mon Sep 17 00:00:00 2001 From: Koen de Laat Date: Thu, 17 Oct 2024 18:23:57 +0200 Subject: [PATCH 3/3] make html Signed-off-by: Koen de Laat --- index.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/index.html b/index.html index cd42f60d..5d0ca560 100755 --- a/index.html +++ b/index.html @@ -223,14 +223,14 @@

Charts

- +

kubevirt - (0.4.0@1.3.1) + (0.4.1@1.3.1) github link