ricardozanini commented on code in PR #255:
URL:
https://github.com/apache/incubator-kie-kogito-serverless-operator/pull/255#discussion_r1335987037
##########
api/v1alpha08/sonataflow_types.go:
##########
@@ -24,6 +24,535 @@ import (
"github.com/kiegroup/kogito-serverless-operator/api"
)
+const DefaultContainerName = "workflow"
+
+// FlowContainer is the container for the internal workflow deployment based
on the default Kubernetes Container API
+type FlowContainer struct {
+ // Container image name.
+ // More info: https://kubernetes.io/docs/concepts/containers/images
+ // This field is optional to allow higher level config management to
default or override
+ // container images in workload controllers like Deployments and
StatefulSets.
+ // +optional
+ Image string `json:"image,omitempty" protobuf:"bytes,2,opt,name=image"`
+ // Entrypoint array. Not executed within a shell.
+ // The container image's ENTRYPOINT is used if this is not provided.
+ // Variable references $(VAR_NAME) are expanded using the container's
environment. If a variable
+ // cannot be resolved, the reference in the input string will be
unchanged. Double $$ are reduced
+ // to a single $, which allows for escaping the $(VAR_NAME) syntax:
i.e. "$$(VAR_NAME)" will
+ // produce the string literal "$(VAR_NAME)". Escaped references will
never be expanded, regardless
+ // of whether the variable exists or not. Cannot be updated.
+ // More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ // +optional
+ Command []string `json:"command,omitempty"
protobuf:"bytes,3,rep,name=command"`
+ // Arguments to the entrypoint.
+ // The container image's CMD is used if this is not provided.
+ // Variable references $(VAR_NAME) are expanded using the container's
environment. If a variable
+ // cannot be resolved, the reference in the input string will be
unchanged. Double $$ are reduced
+ // to a single $, which allows for escaping the $(VAR_NAME) syntax:
i.e. "$$(VAR_NAME)" will
+ // produce the string literal "$(VAR_NAME)". Escaped references will
never be expanded, regardless
+ // of whether the variable exists or not. Cannot be updated.
+ // More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ // +optional
+ Args []string `json:"args,omitempty" protobuf:"bytes,4,rep,name=args"`
+ // List of ports to expose from the container. Not specifying a port
here
+ // DOES NOT prevent that port from being exposed. Any port which is
+ // listening on the default "0.0.0.0" address inside a container will be
+ // accessible from the network.
+ // Modifying this array with strategic merge patch may corrupt the data.
+ // For more information See
https://github.com/kubernetes/kubernetes/issues/108255.
+ // Cannot be updated.
+ // +optional
+ // +patchMergeKey=containerPort
+ // +patchStrategy=merge
+ // +listType=map
+ // +listMapKey=containerPort
+ // +listMapKey=protocol
+ Ports []corev1.ContainerPort `json:"ports,omitempty"
patchStrategy:"merge" patchMergeKey:"containerPort"
protobuf:"bytes,6,rep,name=ports"`
+ // List of sources to populate environment variables in the container.
+ // The keys defined within a source must be a C_IDENTIFIER. All invalid
keys
+ // will be reported as an event when the container is starting. When a
key exists in multiple
+ // sources, the value associated with the last source will take
precedence.
+ // Values defined by an Env with a duplicate key will take precedence.
+ // Cannot be updated.
+ // +optional
+ EnvFrom []corev1.EnvFromSource `json:"envFrom,omitempty"
protobuf:"bytes,19,rep,name=envFrom"`
+ // List of environment variables to set in the container.
+ // Cannot be updated.
+ // +optional
+ // +patchMergeKey=name
+ // +patchStrategy=merge
+ Env []corev1.EnvVar `json:"env,omitempty" patchStrategy:"merge"
patchMergeKey:"name" protobuf:"bytes,7,rep,name=env"`
+ // Compute Resources required by this container.
+ // Cannot be updated.
+ // More info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ // +optional
+ Resources corev1.ResourceRequirements `json:"resources,omitempty"
protobuf:"bytes,8,opt,name=resources"`
+ // Resources resize policy for the container.
+ // +featureGate=InPlacePodVerticalScaling
+ // +optional
+ // +listType=atomic
+ ResizePolicy []corev1.ContainerResizePolicy
`json:"resizePolicy,omitempty" protobuf:"bytes,23,rep,name=resizePolicy"`
+ // Pod volumes to mount into the container's filesystem.
+ // Cannot be updated.
+ // +optional
+ // +patchMergeKey=mountPath
+ // +patchStrategy=merge
+ VolumeMounts []corev1.VolumeMount `json:"volumeMounts,omitempty"
patchStrategy:"merge" patchMergeKey:"mountPath"
protobuf:"bytes,9,rep,name=volumeMounts"`
+ // volumeDevices is the list of block devices to be used by the
container.
+ // +patchMergeKey=devicePath
+ // +patchStrategy=merge
+ // +optional
+ VolumeDevices []corev1.VolumeDevice `json:"volumeDevices,omitempty"
patchStrategy:"merge" patchMergeKey:"devicePath"
protobuf:"bytes,21,rep,name=volumeDevices"`
+ // Periodic probe of container liveness.
+ // Container will be restarted if the probe fails.
+ // Cannot be updated.
+ // More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ // +optional
+ LivenessProbe *corev1.Probe `json:"livenessProbe,omitempty"
protobuf:"bytes,10,opt,name=livenessProbe"`
+ // Periodic probe of container service readiness.
+ // Container will be removed from service endpoints if the probe fails.
+ // Cannot be updated.
+ // More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ // +optional
+ ReadinessProbe *corev1.Probe `json:"readinessProbe,omitempty"
protobuf:"bytes,11,opt,name=readinessProbe"`
+ // StartupProbe indicates that the Pod has successfully initialized.
+ // If specified, no other probes are executed until this completes
successfully.
+ // If this probe fails, the Pod will be restarted, just as if the
livenessProbe failed.
+ // This can be used to provide different probe parameters at the
beginning of a Pod's lifecycle,
+ // when it might take a long time to load data or warm a cache, than
during steady-state operation.
+ // This cannot be updated.
+ // More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ // +optional
+ StartupProbe *corev1.Probe `json:"startupProbe,omitempty"
protobuf:"bytes,22,opt,name=startupProbe"`
+ // Actions that the management system should take in response to
container lifecycle events.
+ // Cannot be updated.
+ // +optional
+ Lifecycle *corev1.Lifecycle `json:"lifecycle,omitempty"
protobuf:"bytes,12,opt,name=lifecycle"`
+ // Optional: Path at which the file to which the container's
termination message
+ // will be written is mounted into the container's filesystem.
+ // Message written is intended to be brief final status, such as an
assertion failure message.
+ // Will be truncated by the node if greater than 4096 bytes. The total
message length across
+ // all containers will be limited to 12kb.
+ // Defaults to /dev/termination-log.
+ // Cannot be updated.
+ // +optional
+ TerminationMessagePath string `json:"terminationMessagePath,omitempty"
protobuf:"bytes,13,opt,name=terminationMessagePath"`
+ // Indicate how the termination message should be populated. File will
use the contents of
+ // terminationMessagePath to populate the container status message on
both success and failure.
+ // FallbackToLogsOnError will use the last chunk of container log
output if the termination
+ // message file is empty and the container exited with an error.
+ // The log output is limited to 2048 bytes or 80 lines, whichever is
smaller.
+ // Defaults to File.
+ // Cannot be updated.
+ // +optional
+ TerminationMessagePolicy corev1.TerminationMessagePolicy
`json:"terminationMessagePolicy,omitempty"
protobuf:"bytes,20,opt,name=terminationMessagePolicy,casttype=TerminationMessagePolicy"`
+ // Image pull policy.
+ // One of Always, Never, IfNotPresent.
+ // Defaults to Always if :latest tag is specified, or IfNotPresent
otherwise.
+ // Cannot be updated.
+ // More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
+ // +optional
+ ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty"
protobuf:"bytes,14,opt,name=imagePullPolicy,casttype=PullPolicy"`
+ // SecurityContext defines the security options the container should be
run with.
+ // If set, the fields of SecurityContext override the equivalent fields
of PodSecurityContext.
+ // More info:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ // +optional
+ SecurityContext *corev1.SecurityContext
`json:"securityContext,omitempty" protobuf:"bytes,15,opt,name=securityContext"`
+
+ // Variables for interactive containers, these have very specialized
use-cases (e.g. debugging)
+ // and shouldn't be used for general purpose containers.
+
+ // Whether this container should allocate a buffer for stdin in the
container runtime. If this
+ // is not set, reads from stdin in the container will always result in
EOF.
+ // Default is false.
+ // +optional
+ Stdin bool `json:"stdin,omitempty" protobuf:"varint,16,opt,name=stdin"`
+ // Whether the container runtime should close the stdin channel after
it has been opened by
+ // a single attach. When stdin is true the stdin stream will remain
open across multiple attach
+ // sessions. If stdinOnce is set to true, stdin is opened on container
start, is empty until the
+ // first client attaches to stdin, and then remains open and accepts
data until the client disconnects,
+ // at which time stdin is closed and remains closed until the container
is restarted. If this
+ // flag is false, a container processes that reads from stdin will
never receive an EOF.
+ // Default is false
+ // +optional
+ StdinOnce bool `json:"stdinOnce,omitempty"
protobuf:"varint,17,opt,name=stdinOnce"`
+ // Whether this container should allocate a TTY for itself, also
requires 'stdin' to be true.
+ // Default is false.
+ // +optional
+ TTY bool `json:"tty,omitempty" protobuf:"varint,18,opt,name=tty"`
+}
+
+// ToContainer converts to Kubernetes Container API.
+func (f *FlowContainer) ToContainer() corev1.Container {
+ return corev1.Container{
+ Name: DefaultContainerName,
+ Image: f.Image,
+ Command: f.Command,
+ Args: f.Args,
+ Ports: f.Ports,
+ EnvFrom: f.EnvFrom,
+ Env: f.Env,
+ Resources: f.Resources,
+ ResizePolicy: f.ResizePolicy,
+ VolumeMounts: f.VolumeMounts,
+ VolumeDevices: f.VolumeDevices,
+ LivenessProbe: f.LivenessProbe,
+ ReadinessProbe: f.ReadinessProbe,
+ StartupProbe: f.StartupProbe,
+ Lifecycle: f.Lifecycle,
+ TerminationMessagePath: f.TerminationMessagePath,
+ TerminationMessagePolicy: f.TerminationMessagePolicy,
+ ImagePullPolicy: f.ImagePullPolicy,
+ SecurityContext: f.SecurityContext,
+ Stdin: f.Stdin,
+ StdinOnce: f.StdinOnce,
+ TTY: f.TTY,
+ }
+}
+
+// FlowPodSpec describes the PodSpec for the internal workflow deployment
based on the default Kubernetes PodSpec API
+type FlowPodSpec struct {
+ // List of volumes that can be mounted by containers belonging to the
pod.
+ // More info: https://kubernetes.io/docs/concepts/storage/volumes
+ // +optional
+ // +patchMergeKey=name
+ // +patchStrategy=merge,retainKeys
+ Volumes []corev1.Volume `json:"volumes,omitempty"
patchStrategy:"merge,retainKeys" patchMergeKey:"name"
protobuf:"bytes,1,rep,name=volumes"`
+ // List of initialization containers belonging to the pod.
+ // Init containers are executed in order prior to containers being
started. If any
+ // init container fails, the pod is considered to have failed and is
handled according
+ // to its restartPolicy. The name for an init container or normal
container must be
+ // unique among all containers.
+ // Init containers may not have Lifecycle actions, Readiness probes,
Liveness probes, or Startup probes.
+ // The resourceRequirements of an init container are taken into account
during scheduling
+ // by finding the highest request/limit for each resource type, and
then using the max of
+ // of that value or the sum of the normal containers. Limits are
applied to init containers
+ // in a similar fashion.
+ // Init containers cannot currently be added or removed.
+ // Cannot be updated.
+ // More info:
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ // +patchMergeKey=name
+ // +patchStrategy=merge
+ InitContainers []corev1.Container `json:"initContainers,omitempty"
patchStrategy:"merge" patchMergeKey:"name"
protobuf:"bytes,20,rep,name=initContainers"`
+ // List of containers belonging to the pod.
+ // Containers cannot currently be added or removed.
+ // There must be at least one container in a Pod.
+ // Cannot be updated.
+ // +optional
+ // +patchMergeKey=name
+ // +patchStrategy=merge
+ Containers []corev1.Container `json:"containers,omitempty"
patchStrategy:"merge" patchMergeKey:"name"
protobuf:"bytes,2,rep,name=containers"`
+ // Restart policy for all containers within the pod.
+ // One of Always, OnFailure, Never. In some contexts, only a subset of
those values may be permitted.
+ // Default to Always.
+ // More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
+ // +optional
+ RestartPolicy corev1.RestartPolicy `json:"restartPolicy,omitempty"
protobuf:"bytes,3,opt,name=restartPolicy,casttype=RestartPolicy"`
+ // Optional duration in seconds the pod needs to terminate gracefully.
May be decreased in delete request.
+ // Value must be non-negative integer. The value zero indicates stop
immediately via
+ // the kill signal (no opportunity to shut down).
+ // If this value is nil, the default grace period will be used instead.
+ // The grace period is the duration in seconds after the processes
running in the pod are sent
+ // a termination signal and the time when the processes are forcibly
halted with a kill signal.
+ // Set this value longer than the expected cleanup time for your
process.
+ // Defaults to 30 seconds.
+ // +optional
+ TerminationGracePeriodSeconds *int64
`json:"terminationGracePeriodSeconds,omitempty"
protobuf:"varint,4,opt,name=terminationGracePeriodSeconds"`
+ // Optional duration in seconds the pod may be active on the node
relative to
+ // StartTime before the system will actively try to mark it failed and
kill associated containers.
+ // Value must be a positive integer.
+ // +optional
+ ActiveDeadlineSeconds *int64 `json:"activeDeadlineSeconds,omitempty"
protobuf:"varint,5,opt,name=activeDeadlineSeconds"`
+ // Set DNS policy for the pod.
+ // Defaults to "ClusterFirst".
+ // Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst',
'Default' or 'None'.
+ // DNS parameters given in DNSConfig will be merged with the policy
selected with DNSPolicy.
+ // To have DNS options set along with hostNetwork, you have to specify
DNS policy
+ // explicitly to 'ClusterFirstWithHostNet'.
+ // +optional
+ DNSPolicy corev1.DNSPolicy `json:"dnsPolicy,omitempty"
protobuf:"bytes,6,opt,name=dnsPolicy,casttype=DNSPolicy"`
+ // NodeSelector is a selector which must be true for the pod to fit on
a node.
+ // Selector which must match a node's labels for the pod to be
scheduled on that node.
+ // More info:
https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ // +optional
+ // +mapType=atomic
+ NodeSelector map[string]string `json:"nodeSelector,omitempty"
protobuf:"bytes,7,rep,name=nodeSelector"`
+
+ // ServiceAccountName is the name of the ServiceAccount to use to run
this pod.
+ // More info:
https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+ // +optional
+ ServiceAccountName string `json:"serviceAccountName,omitempty"
protobuf:"bytes,8,opt,name=serviceAccountName"`
+ // AutomountServiceAccountToken indicates whether a service account
token should be automatically mounted.
+ // +optional
+ AutomountServiceAccountToken *bool
`json:"automountServiceAccountToken,omitempty"
protobuf:"varint,21,opt,name=automountServiceAccountToken"`
+
+ // NodeName is a request to schedule this pod onto a specific node. If
it is non-empty,
+ // the scheduler simply schedules this pod onto that node, assuming
that it fits resource
+ // requirements.
+ // +optional
+ NodeName string `json:"nodeName,omitempty"
protobuf:"bytes,10,opt,name=nodeName"`
+ // Host networking requested for this pod. Use the host's network
namespace.
+ // If this option is set, the ports that will be used must be specified.
+ // Default to false.
+ // +k8s:conversion-gen=false
+ // +optional
+ HostNetwork bool `json:"hostNetwork,omitempty"
protobuf:"varint,11,opt,name=hostNetwork"`
+ // Use the host's pid namespace.
+ // Optional: Default to false.
+ // +k8s:conversion-gen=false
+ // +optional
+ HostPID bool `json:"hostPID,omitempty"
protobuf:"varint,12,opt,name=hostPID"`
+ // Use the host's ipc namespace.
+ // Optional: Default to false.
+ // +k8s:conversion-gen=false
+ // +optional
+ HostIPC bool `json:"hostIPC,omitempty"
protobuf:"varint,13,opt,name=hostIPC"`
+ // Share a single process namespace between all of the containers in a
pod.
+ // When this is set containers will be able to view and signal
processes from other containers
+ // in the same pod, and the first process in each container will not be
assigned PID 1.
+ // HostPID and ShareProcessNamespace cannot both be set.
+ // Optional: Default to false.
+ // +k8s:conversion-gen=false
+ // +optional
+ ShareProcessNamespace *bool `json:"shareProcessNamespace,omitempty"
protobuf:"varint,27,opt,name=shareProcessNamespace"`
+ // SecurityContext holds pod-level security attributes and common
container settings.
+ // Optional: Defaults to empty. See type description for default
values of each field.
+ // +optional
+ SecurityContext *corev1.PodSecurityContext
`json:"securityContext,omitempty" protobuf:"bytes,14,opt,name=securityContext"`
+ // ImagePullSecrets is an optional list of references to secrets in the
same namespace to use for pulling any of the images used by this PodSpec.
+ // If specified, these secrets will be passed to individual puller
implementations for them to use.
+ // More info:
https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+ // +optional
+ // +patchMergeKey=name
+ // +patchStrategy=merge
+ ImagePullSecrets []corev1.LocalObjectReference
`json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name"
protobuf:"bytes,15,rep,name=imagePullSecrets"`
+ // Specifies the hostname of the Pod
+ // If not specified, the pod's hostname will be set to a system-defined
value.
+ // +optional
+ Hostname string `json:"hostname,omitempty"
protobuf:"bytes,16,opt,name=hostname"`
+ // If specified, the fully qualified Pod hostname will be
"<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>".
+ // If not specified, the pod will not have a domainname at all.
+ // +optional
+ Subdomain string `json:"subdomain,omitempty"
protobuf:"bytes,17,opt,name=subdomain"`
+ // If specified, the pod's scheduling constraints
+ // +optional
+ Affinity *corev1.Affinity `json:"affinity,omitempty"
protobuf:"bytes,18,opt,name=affinity"`
+ // If specified, the pod will be dispatched by specified scheduler.
+ // If not specified, the pod will be dispatched by default scheduler.
+ // +optional
+ SchedulerName string `json:"schedulerName,omitempty"
protobuf:"bytes,19,opt,name=schedulerName"`
+ // If specified, the pod's tolerations.
+ // +optional
+ Tolerations []corev1.Toleration `json:"tolerations,omitempty"
protobuf:"bytes,22,opt,name=tolerations"`
+ // HostAliases is an optional list of hosts and IPs that will be
injected into the pod's hosts
+ // file if specified. This is only valid for non-hostNetwork pods.
+ // +optional
+ // +patchMergeKey=ip
+ // +patchStrategy=merge
+ HostAliases []corev1.HostAlias `json:"hostAliases,omitempty"
patchStrategy:"merge" patchMergeKey:"ip"
protobuf:"bytes,23,rep,name=hostAliases"`
+ // If specified, indicates the pod's priority. "system-node-critical"
and
+ // "system-cluster-critical" are two special keywords which indicate the
+ // highest priorities with the former being the highest priority. Any
other
+ // name must be defined by creating a PriorityClass object with that
name.
+ // If not specified, the pod priority will be default or zero if there
is no
+ // default.
+ // +optional
+ PriorityClassName string `json:"priorityClassName,omitempty"
protobuf:"bytes,24,opt,name=priorityClassName"`
+ // The priority value. Various system components use this field to find
the
+ // priority of the pod. When Priority Admission Controller is enabled,
it
+ // prevents users from setting this field. The admission controller
populates
+ // this field from PriorityClassName.
+ // The higher the value, the higher the priority.
+ // +optional
+ Priority *int32 `json:"priority,omitempty"
protobuf:"bytes,25,opt,name=priority"`
+ // Specifies the DNS parameters of a pod.
+ // Parameters specified here will be merged to the generated DNS
+ // configuration based on DNSPolicy.
+ // +optional
+ DNSConfig *corev1.PodDNSConfig `json:"dnsConfig,omitempty"
protobuf:"bytes,26,opt,name=dnsConfig"`
+ // If specified, all readiness gates will be evaluated for pod
readiness.
+ // A pod is ready when all its containers are ready AND
+ // all conditions specified in the readiness gates have status equal to
"True"
+ // More info:
https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
+ // +optional
+ ReadinessGates []corev1.PodReadinessGate
`json:"readinessGates,omitempty" protobuf:"bytes,28,opt,name=readinessGates"`
+ // RuntimeClassName refers to a RuntimeClass object in the node.k8s.io
group, which should be used
+ // to run this pod. If no RuntimeClass resource matches the named
class, the pod will not be run.
+ // If unset or empty, the "legacy" RuntimeClass will be used, which is
an implicit class with an
+ // empty definition that uses the default runtime handler.
+ // More info:
https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class
+ // +optional
+ RuntimeClassName *string `json:"runtimeClassName,omitempty"
protobuf:"bytes,29,opt,name=runtimeClassName"`
+ // EnableServiceLinks indicates whether information about services
should be injected into pod's
+ // environment variables, matching the syntax of Docker links.
+ // Optional: Defaults to true.
+ // +optional
+ EnableServiceLinks *bool `json:"enableServiceLinks,omitempty"
protobuf:"varint,30,opt,name=enableServiceLinks"`
+ // PreemptionPolicy is the Policy for preempting pods with lower
priority.
+ // One of Never, PreemptLowerPriority.
+ // Defaults to PreemptLowerPriority if unset.
+ // +optional
+ PreemptionPolicy *corev1.PreemptionPolicy
`json:"preemptionPolicy,omitempty"
protobuf:"bytes,31,opt,name=preemptionPolicy"`
+ // Overhead represents the resource overhead associated with running a
pod for a given RuntimeClass.
+ // This field will be autopopulated at admission time by the
RuntimeClass admission controller. If
+ // the RuntimeClass admission controller is enabled, overhead must not
be set in Pod create requests.
+ // The RuntimeClass admission controller will reject Pod create
requests which have the overhead already
+ // set. If RuntimeClass is configured and selected in the PodSpec,
Overhead will be set to the value
+ // defined in the corresponding RuntimeClass, otherwise it will remain
unset and treated as zero.
+ // More info:
https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
+ // +optional
+ Overhead corev1.ResourceList `json:"overhead,omitempty"
protobuf:"bytes,32,opt,name=overhead"`
+ // TopologySpreadConstraints describes how a group of pods ought to
spread across topology
+ // domains. Scheduler will schedule pods in a way which abides by the
constraints.
+ // All topologySpreadConstraints are ANDed.
+ // +optional
+ // +patchMergeKey=topologyKey
+ // +patchStrategy=merge
+ // +listType=map
+ // +listMapKey=topologyKey
+ // +listMapKey=whenUnsatisfiable
+ TopologySpreadConstraints []corev1.TopologySpreadConstraint
`json:"topologySpreadConstraints,omitempty" patchStrategy:"merge"
patchMergeKey:"topologyKey"
protobuf:"bytes,33,opt,name=topologySpreadConstraints"`
+ // If true the pod's hostname will be configured as the pod's FQDN,
rather than the leaf name (the default).
+ // In Linux containers, this means setting the FQDN in the hostname
field of the kernel (the nodename field of struct utsname).
+ // In Windows containers, this means setting the registry value of
hostname for the registry key
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to
FQDN.
+ // If a pod does not have FQDN, this has no effect.
+ // Default to false.
+ // +optional
+ SetHostnameAsFQDN *bool `json:"setHostnameAsFQDN,omitempty"
protobuf:"varint,35,opt,name=setHostnameAsFQDN"`
+ // Specifies the OS of the containers in the pod.
+ // Some pod and container fields are restricted if this is set.
+ //
+ // If the OS field is set to linux, the following fields must be unset:
+ // -securityContext.windowsOptions
+ //
+ // If the OS field is set to windows, following fields must be unset:
+ // - spec.hostPID
+ // - spec.hostIPC
+ // - spec.hostUsers
+ // - spec.securityContext.seLinuxOptions
+ // - spec.securityContext.seccompProfile
+ // - spec.securityContext.fsGroup
+ // - spec.securityContext.fsGroupChangePolicy
+ // - spec.securityContext.sysctls
+ // - spec.shareProcessNamespace
+ // - spec.securityContext.runAsUser
+ // - spec.securityContext.runAsGroup
+ // - spec.securityContext.supplementalGroups
+ // - spec.containers[*].securityContext.seLinuxOptions
+ // - spec.containers[*].securityContext.seccompProfile
+ // - spec.containers[*].securityContext.capabilities
+ // - spec.containers[*].securityContext.readOnlyRootFilesystem
+ // - spec.containers[*].securityContext.privileged
+ // - spec.containers[*].securityContext.allowPrivilegeEscalation
+ // - spec.containers[*].securityContext.procMount
+ // - spec.containers[*].securityContext.runAsUser
+ // - spec.containers[*].securityContext.runAsGroup
+ // +optional
+ OS *corev1.PodOS `json:"os,omitempty" protobuf:"bytes,36,opt,name=os"`
+
+ // Use the host's user namespace.
+ // Optional: Default to true.
+ // If set to true or not present, the pod will be run in the host user
namespace, useful
+ // for when the pod needs a feature only available to the host user
namespace, such as
+ // loading a kernel module with CAP_SYS_MODULE.
+ // When set to false, a new userns is created for the pod. Setting
false is useful for
+ // mitigating container breakout vulnerabilities even allowing users to
run their
+ // containers as root without actually having root privileges on the
host.
+ // This field is alpha-level and is only honored by servers that enable
the UserNamespacesSupport feature.
+ // +k8s:conversion-gen=false
+ // +optional
+ HostUsers *bool `json:"hostUsers,omitempty"
protobuf:"bytes,37,opt,name=hostUsers"`
+
+ // SchedulingGates is an opaque list of values that if specified will
block scheduling the pod.
+ // If schedulingGates is not empty, the pod will stay in the
SchedulingGated state and the
+ // scheduler will not attempt to schedule the pod.
+ //
+ // SchedulingGates can only be set at pod creation time, and be removed
only afterwards.
+ //
+ // This is a beta feature enabled by the PodSchedulingReadiness feature
gate.
+ //
+ // +patchMergeKey=name
+ // +patchStrategy=merge
+ // +listType=map
+ // +listMapKey=name
+ // +featureGate=PodSchedulingReadiness
+ // +optional
+ SchedulingGates []corev1.PodSchedulingGate
`json:"schedulingGates,omitempty" patchStrategy:"merge" patchMergeKey:"name"
protobuf:"bytes,38,opt,name=schedulingGates"`
+ // ResourceClaims defines which ResourceClaims must be allocated
+ // and reserved before the Pod is allowed to start. The resources
+ // will be made available to those containers which consume them
+ // by name.
+ //
+ // This is an alpha field and requires enabling the
+ // DynamicResourceAllocation feature gate.
+ //
+ // This field is immutable.
+ //
+ // +patchMergeKey=name
+ // +patchStrategy=merge,retainKeys
+ // +listType=map
+ // +listMapKey=name
+ // +featureGate=DynamicResourceAllocation
+ // +optional
+ ResourceClaims []corev1.PodResourceClaim
`json:"resourceClaims,omitempty" patchStrategy:"merge,retainKeys"
patchMergeKey:"name" protobuf:"bytes,39,rep,name=resourceClaims"`
+}
+
+func (f *FlowPodSpec) ToPodSpec() corev1.PodSpec {
+ return corev1.PodSpec{
+ Volumes: f.Volumes,
+ InitContainers: f.InitContainers,
+ Containers: f.Containers,
+ RestartPolicy: f.RestartPolicy,
+ TerminationGracePeriodSeconds: f.TerminationGracePeriodSeconds,
+ ActiveDeadlineSeconds: f.ActiveDeadlineSeconds,
+ DNSPolicy: f.DNSPolicy,
+ NodeSelector: f.NodeSelector,
+ ServiceAccountName: f.ServiceAccountName,
+ AutomountServiceAccountToken: f.AutomountServiceAccountToken,
+ NodeName: f.NodeName,
+ HostNetwork: f.HostNetwork,
+ HostPID: f.HostPID,
+ HostIPC: f.HostIPC,
+ ShareProcessNamespace: f.ShareProcessNamespace,
+ SecurityContext: f.SecurityContext,
+ ImagePullSecrets: f.ImagePullSecrets,
+ Hostname: f.Hostname,
+ Subdomain: f.Subdomain,
+ Affinity: f.Affinity,
+ SchedulerName: f.SchedulerName,
+ Tolerations: f.Tolerations,
+ HostAliases: f.HostAliases,
+ PriorityClassName: f.PriorityClassName,
+ Priority: f.Priority,
+ DNSConfig: f.DNSConfig,
+ ReadinessGates: f.ReadinessGates,
+ RuntimeClassName: f.RuntimeClassName,
+ EnableServiceLinks: f.EnableServiceLinks,
+ PreemptionPolicy: f.PreemptionPolicy,
+ Overhead: f.Overhead,
+ TopologySpreadConstraints: f.TopologySpreadConstraints,
+ SetHostnameAsFQDN: f.SetHostnameAsFQDN,
+ OS: f.OS,
+ HostUsers: f.HostUsers,
+ SchedulingGates: f.SchedulingGates,
+ ResourceClaims: f.ResourceClaims,
+ }
+}
+
+// FlowPodSpecTemplate describes the desired custom Kubernetes PodSpecTemplate
definition for the deployed flow.
+//
+// The FlowContainer describes the container where the actual flow is running.
It will override any default definitions.
+// For example, to override the image one can use
`.spec.podSpecTemplate.flowContainer.image = my/image:tag`.
+type FlowPodSpecTemplate struct {
+ // FlowContainer is the Kubernetes container where the workflow
application should run.
+ // One can change this attribute in order to override the defaults
provided by the operator.
+ // +optional
+ FlowContainer FlowContainer `json:"flowContainer,omitempty"`
+ PodSpecTemplate FlowPodSpec `json:",omitempty"`
Review Comment:
No, the `PodSpecTemplate` has an array of `containers` mapped by the
container name. We set the application container to `workflow`. So if a user
overrides the defaults, they should to change
`spec.podSpecTemplate.containers[workflow].` That's cumbersome and not robust
so we added a shortcut to `spec.flowContainer`. I'll clarify this in the
OpenAPI + docs. If one tries to override the naming, we just ignore it for now,
but with webhooks we can fire an error.
##########
api/v1alpha08/sonataflow_types.go:
##########
@@ -24,6 +24,535 @@ import (
"github.com/kiegroup/kogito-serverless-operator/api"
)
+const DefaultContainerName = "workflow"
+
+// FlowContainer is the container for the internal workflow deployment based
on the default Kubernetes Container API
+type FlowContainer struct {
+ // Container image name.
+ // More info: https://kubernetes.io/docs/concepts/containers/images
+ // This field is optional to allow higher level config management to
default or override
+ // container images in workload controllers like Deployments and
StatefulSets.
+ // +optional
+ Image string `json:"image,omitempty" protobuf:"bytes,2,opt,name=image"`
+ // Entrypoint array. Not executed within a shell.
+ // The container image's ENTRYPOINT is used if this is not provided.
+ // Variable references $(VAR_NAME) are expanded using the container's
environment. If a variable
+ // cannot be resolved, the reference in the input string will be
unchanged. Double $$ are reduced
+ // to a single $, which allows for escaping the $(VAR_NAME) syntax:
i.e. "$$(VAR_NAME)" will
+ // produce the string literal "$(VAR_NAME)". Escaped references will
never be expanded, regardless
+ // of whether the variable exists or not. Cannot be updated.
+ // More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ // +optional
+ Command []string `json:"command,omitempty"
protobuf:"bytes,3,rep,name=command"`
+ // Arguments to the entrypoint.
+ // The container image's CMD is used if this is not provided.
+ // Variable references $(VAR_NAME) are expanded using the container's
environment. If a variable
+ // cannot be resolved, the reference in the input string will be
unchanged. Double $$ are reduced
+ // to a single $, which allows for escaping the $(VAR_NAME) syntax:
i.e. "$$(VAR_NAME)" will
+ // produce the string literal "$(VAR_NAME)". Escaped references will
never be expanded, regardless
+ // of whether the variable exists or not. Cannot be updated.
+ // More info:
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ // +optional
+ Args []string `json:"args,omitempty" protobuf:"bytes,4,rep,name=args"`
+ // List of ports to expose from the container. Not specifying a port
here
+ // DOES NOT prevent that port from being exposed. Any port which is
+ // listening on the default "0.0.0.0" address inside a container will be
+ // accessible from the network.
+ // Modifying this array with strategic merge patch may corrupt the data.
+ // For more information See
https://github.com/kubernetes/kubernetes/issues/108255.
+ // Cannot be updated.
+ // +optional
+ // +patchMergeKey=containerPort
+ // +patchStrategy=merge
+ // +listType=map
+ // +listMapKey=containerPort
+ // +listMapKey=protocol
+ Ports []corev1.ContainerPort `json:"ports,omitempty"
patchStrategy:"merge" patchMergeKey:"containerPort"
protobuf:"bytes,6,rep,name=ports"`
+ // List of sources to populate environment variables in the container.
+ // The keys defined within a source must be a C_IDENTIFIER. All invalid
keys
+ // will be reported as an event when the container is starting. When a
key exists in multiple
+ // sources, the value associated with the last source will take
precedence.
+ // Values defined by an Env with a duplicate key will take precedence.
+ // Cannot be updated.
+ // +optional
+ EnvFrom []corev1.EnvFromSource `json:"envFrom,omitempty"
protobuf:"bytes,19,rep,name=envFrom"`
+ // List of environment variables to set in the container.
+ // Cannot be updated.
+ // +optional
+ // +patchMergeKey=name
+ // +patchStrategy=merge
+ Env []corev1.EnvVar `json:"env,omitempty" patchStrategy:"merge"
patchMergeKey:"name" protobuf:"bytes,7,rep,name=env"`
+ // Compute Resources required by this container.
+ // Cannot be updated.
+ // More info:
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ // +optional
+ Resources corev1.ResourceRequirements `json:"resources,omitempty"
protobuf:"bytes,8,opt,name=resources"`
+ // Resources resize policy for the container.
+ // +featureGate=InPlacePodVerticalScaling
+ // +optional
+ // +listType=atomic
+ ResizePolicy []corev1.ContainerResizePolicy
`json:"resizePolicy,omitempty" protobuf:"bytes,23,rep,name=resizePolicy"`
+ // Pod volumes to mount into the container's filesystem.
+ // Cannot be updated.
+ // +optional
+ // +patchMergeKey=mountPath
+ // +patchStrategy=merge
+ VolumeMounts []corev1.VolumeMount `json:"volumeMounts,omitempty"
patchStrategy:"merge" patchMergeKey:"mountPath"
protobuf:"bytes,9,rep,name=volumeMounts"`
+ // volumeDevices is the list of block devices to be used by the
container.
+ // +patchMergeKey=devicePath
+ // +patchStrategy=merge
+ // +optional
+ VolumeDevices []corev1.VolumeDevice `json:"volumeDevices,omitempty"
patchStrategy:"merge" patchMergeKey:"devicePath"
protobuf:"bytes,21,rep,name=volumeDevices"`
+ // Periodic probe of container liveness.
+ // Container will be restarted if the probe fails.
+ // Cannot be updated.
+ // More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ // +optional
+ LivenessProbe *corev1.Probe `json:"livenessProbe,omitempty"
protobuf:"bytes,10,opt,name=livenessProbe"`
+ // Periodic probe of container service readiness.
+ // Container will be removed from service endpoints if the probe fails.
+ // Cannot be updated.
+ // More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ // +optional
+ ReadinessProbe *corev1.Probe `json:"readinessProbe,omitempty"
protobuf:"bytes,11,opt,name=readinessProbe"`
+ // StartupProbe indicates that the Pod has successfully initialized.
+ // If specified, no other probes are executed until this completes
successfully.
+ // If this probe fails, the Pod will be restarted, just as if the
livenessProbe failed.
+ // This can be used to provide different probe parameters at the
beginning of a Pod's lifecycle,
+ // when it might take a long time to load data or warm a cache, than
during steady-state operation.
+ // This cannot be updated.
+ // More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ // +optional
+ StartupProbe *corev1.Probe `json:"startupProbe,omitempty"
protobuf:"bytes,22,opt,name=startupProbe"`
+ // Actions that the management system should take in response to
container lifecycle events.
+ // Cannot be updated.
+ // +optional
+ Lifecycle *corev1.Lifecycle `json:"lifecycle,omitempty"
protobuf:"bytes,12,opt,name=lifecycle"`
+ // Optional: Path at which the file to which the container's
termination message
+ // will be written is mounted into the container's filesystem.
+ // Message written is intended to be brief final status, such as an
assertion failure message.
+ // Will be truncated by the node if greater than 4096 bytes. The total
message length across
+ // all containers will be limited to 12kb.
+ // Defaults to /dev/termination-log.
+ // Cannot be updated.
+ // +optional
+ TerminationMessagePath string `json:"terminationMessagePath,omitempty"
protobuf:"bytes,13,opt,name=terminationMessagePath"`
+ // Indicate how the termination message should be populated. File will
use the contents of
+ // terminationMessagePath to populate the container status message on
both success and failure.
+ // FallbackToLogsOnError will use the last chunk of container log
output if the termination
+ // message file is empty and the container exited with an error.
+ // The log output is limited to 2048 bytes or 80 lines, whichever is
smaller.
+ // Defaults to File.
+ // Cannot be updated.
+ // +optional
+ TerminationMessagePolicy corev1.TerminationMessagePolicy
`json:"terminationMessagePolicy,omitempty"
protobuf:"bytes,20,opt,name=terminationMessagePolicy,casttype=TerminationMessagePolicy"`
+ // Image pull policy.
+ // One of Always, Never, IfNotPresent.
+ // Defaults to Always if :latest tag is specified, or IfNotPresent
otherwise.
+ // Cannot be updated.
+ // More info:
https://kubernetes.io/docs/concepts/containers/images#updating-images
+ // +optional
+ ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty"
protobuf:"bytes,14,opt,name=imagePullPolicy,casttype=PullPolicy"`
+ // SecurityContext defines the security options the container should be
run with.
+ // If set, the fields of SecurityContext override the equivalent fields
of PodSecurityContext.
+ // More info:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ // +optional
+ SecurityContext *corev1.SecurityContext
`json:"securityContext,omitempty" protobuf:"bytes,15,opt,name=securityContext"`
+
+ // Variables for interactive containers, these have very specialized
use-cases (e.g. debugging)
+ // and shouldn't be used for general purpose containers.
+
+ // Whether this container should allocate a buffer for stdin in the
container runtime. If this
+ // is not set, reads from stdin in the container will always result in
EOF.
+ // Default is false.
+ // +optional
+ Stdin bool `json:"stdin,omitempty" protobuf:"varint,16,opt,name=stdin"`
+ // Whether the container runtime should close the stdin channel after
it has been opened by
+ // a single attach. When stdin is true the stdin stream will remain
open across multiple attach
+ // sessions. If stdinOnce is set to true, stdin is opened on container
start, is empty until the
+ // first client attaches to stdin, and then remains open and accepts
data until the client disconnects,
+ // at which time stdin is closed and remains closed until the container
is restarted. If this
+ // flag is false, a container processes that reads from stdin will
never receive an EOF.
+ // Default is false
+ // +optional
+ StdinOnce bool `json:"stdinOnce,omitempty"
protobuf:"varint,17,opt,name=stdinOnce"`
+ // Whether this container should allocate a TTY for itself, also
requires 'stdin' to be true.
+ // Default is false.
+ // +optional
+ TTY bool `json:"tty,omitempty" protobuf:"varint,18,opt,name=tty"`
+}
+
+// ToContainer converts to Kubernetes Container API.
+func (f *FlowContainer) ToContainer() corev1.Container {
+ return corev1.Container{
+ Name: DefaultContainerName,
+ Image: f.Image,
+ Command: f.Command,
+ Args: f.Args,
+ Ports: f.Ports,
+ EnvFrom: f.EnvFrom,
+ Env: f.Env,
+ Resources: f.Resources,
+ ResizePolicy: f.ResizePolicy,
+ VolumeMounts: f.VolumeMounts,
+ VolumeDevices: f.VolumeDevices,
+ LivenessProbe: f.LivenessProbe,
+ ReadinessProbe: f.ReadinessProbe,
+ StartupProbe: f.StartupProbe,
+ Lifecycle: f.Lifecycle,
+ TerminationMessagePath: f.TerminationMessagePath,
+ TerminationMessagePolicy: f.TerminationMessagePolicy,
+ ImagePullPolicy: f.ImagePullPolicy,
+ SecurityContext: f.SecurityContext,
+ Stdin: f.Stdin,
+ StdinOnce: f.StdinOnce,
+ TTY: f.TTY,
+ }
+}
+
+// FlowPodSpec describes the PodSpec for the internal workflow deployment
based on the default Kubernetes PodSpec API
+type FlowPodSpec struct {
+ // List of volumes that can be mounted by containers belonging to the
pod.
+ // More info: https://kubernetes.io/docs/concepts/storage/volumes
+ // +optional
+ // +patchMergeKey=name
+ // +patchStrategy=merge,retainKeys
+ Volumes []corev1.Volume `json:"volumes,omitempty"
patchStrategy:"merge,retainKeys" patchMergeKey:"name"
protobuf:"bytes,1,rep,name=volumes"`
+ // List of initialization containers belonging to the pod.
+ // Init containers are executed in order prior to containers being
started. If any
+ // init container fails, the pod is considered to have failed and is
handled according
+ // to its restartPolicy. The name for an init container or normal
container must be
+ // unique among all containers.
+ // Init containers may not have Lifecycle actions, Readiness probes,
Liveness probes, or Startup probes.
+ // The resourceRequirements of an init container are taken into account
during scheduling
+ // by finding the highest request/limit for each resource type, and
then using the max of
+ // of that value or the sum of the normal containers. Limits are
applied to init containers
+ // in a similar fashion.
+ // Init containers cannot currently be added or removed.
+ // Cannot be updated.
+ // More info:
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ // +patchMergeKey=name
+ // +patchStrategy=merge
+ InitContainers []corev1.Container `json:"initContainers,omitempty"
patchStrategy:"merge" patchMergeKey:"name"
protobuf:"bytes,20,rep,name=initContainers"`
+ // List of containers belonging to the pod.
+ // Containers cannot currently be added or removed.
+ // There must be at least one container in a Pod.
+ // Cannot be updated.
+ // +optional
+ // +patchMergeKey=name
+ // +patchStrategy=merge
+ Containers []corev1.Container `json:"containers,omitempty"
patchStrategy:"merge" patchMergeKey:"name"
protobuf:"bytes,2,rep,name=containers"`
+ // Restart policy for all containers within the pod.
+ // One of Always, OnFailure, Never. In some contexts, only a subset of
those values may be permitted.
+ // Default to Always.
+ // More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
+ // +optional
+ RestartPolicy corev1.RestartPolicy `json:"restartPolicy,omitempty"
protobuf:"bytes,3,opt,name=restartPolicy,casttype=RestartPolicy"`
+ // Optional duration in seconds the pod needs to terminate gracefully.
May be decreased in delete request.
+ // Value must be non-negative integer. The value zero indicates stop
immediately via
+ // the kill signal (no opportunity to shut down).
+ // If this value is nil, the default grace period will be used instead.
+ // The grace period is the duration in seconds after the processes
running in the pod are sent
+ // a termination signal and the time when the processes are forcibly
halted with a kill signal.
+ // Set this value longer than the expected cleanup time for your
process.
+ // Defaults to 30 seconds.
+ // +optional
+ TerminationGracePeriodSeconds *int64
`json:"terminationGracePeriodSeconds,omitempty"
protobuf:"varint,4,opt,name=terminationGracePeriodSeconds"`
+ // Optional duration in seconds the pod may be active on the node
relative to
+ // StartTime before the system will actively try to mark it failed and
kill associated containers.
+ // Value must be a positive integer.
+ // +optional
+ ActiveDeadlineSeconds *int64 `json:"activeDeadlineSeconds,omitempty"
protobuf:"varint,5,opt,name=activeDeadlineSeconds"`
+ // Set DNS policy for the pod.
+ // Defaults to "ClusterFirst".
+ // Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst',
'Default' or 'None'.
+ // DNS parameters given in DNSConfig will be merged with the policy
selected with DNSPolicy.
+ // To have DNS options set along with hostNetwork, you have to specify
DNS policy
+ // explicitly to 'ClusterFirstWithHostNet'.
+ // +optional
+ DNSPolicy corev1.DNSPolicy `json:"dnsPolicy,omitempty"
protobuf:"bytes,6,opt,name=dnsPolicy,casttype=DNSPolicy"`
+ // NodeSelector is a selector which must be true for the pod to fit on
a node.
+ // Selector which must match a node's labels for the pod to be
scheduled on that node.
+ // More info:
https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ // +optional
+ // +mapType=atomic
+ NodeSelector map[string]string `json:"nodeSelector,omitempty"
protobuf:"bytes,7,rep,name=nodeSelector"`
+
+ // ServiceAccountName is the name of the ServiceAccount to use to run
this pod.
+ // More info:
https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+ // +optional
+ ServiceAccountName string `json:"serviceAccountName,omitempty"
protobuf:"bytes,8,opt,name=serviceAccountName"`
+ // AutomountServiceAccountToken indicates whether a service account
token should be automatically mounted.
+ // +optional
+ AutomountServiceAccountToken *bool
`json:"automountServiceAccountToken,omitempty"
protobuf:"varint,21,opt,name=automountServiceAccountToken"`
+
+ // NodeName is a request to schedule this pod onto a specific node. If
it is non-empty,
+ // the scheduler simply schedules this pod onto that node, assuming
that it fits resource
+ // requirements.
+ // +optional
+ NodeName string `json:"nodeName,omitempty"
protobuf:"bytes,10,opt,name=nodeName"`
+ // Host networking requested for this pod. Use the host's network
namespace.
+ // If this option is set, the ports that will be used must be specified.
+ // Default to false.
+ // +k8s:conversion-gen=false
+ // +optional
+ HostNetwork bool `json:"hostNetwork,omitempty"
protobuf:"varint,11,opt,name=hostNetwork"`
+ // Use the host's pid namespace.
+ // Optional: Default to false.
+ // +k8s:conversion-gen=false
+ // +optional
+ HostPID bool `json:"hostPID,omitempty"
protobuf:"varint,12,opt,name=hostPID"`
+ // Use the host's ipc namespace.
+ // Optional: Default to false.
+ // +k8s:conversion-gen=false
+ // +optional
+ HostIPC bool `json:"hostIPC,omitempty"
protobuf:"varint,13,opt,name=hostIPC"`
+ // Share a single process namespace between all of the containers in a
pod.
+ // When this is set containers will be able to view and signal
processes from other containers
+ // in the same pod, and the first process in each container will not be
assigned PID 1.
+ // HostPID and ShareProcessNamespace cannot both be set.
+ // Optional: Default to false.
+ // +k8s:conversion-gen=false
+ // +optional
+ ShareProcessNamespace *bool `json:"shareProcessNamespace,omitempty"
protobuf:"varint,27,opt,name=shareProcessNamespace"`
+ // SecurityContext holds pod-level security attributes and common
container settings.
+ // Optional: Defaults to empty. See type description for default
values of each field.
+ // +optional
+ SecurityContext *corev1.PodSecurityContext
`json:"securityContext,omitempty" protobuf:"bytes,14,opt,name=securityContext"`
+ // ImagePullSecrets is an optional list of references to secrets in the
same namespace to use for pulling any of the images used by this PodSpec.
+ // If specified, these secrets will be passed to individual puller
implementations for them to use.
+ // More info:
https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+ // +optional
+ // +patchMergeKey=name
+ // +patchStrategy=merge
+ ImagePullSecrets []corev1.LocalObjectReference
`json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name"
protobuf:"bytes,15,rep,name=imagePullSecrets"`
+ // Specifies the hostname of the Pod
+ // If not specified, the pod's hostname will be set to a system-defined
value.
+ // +optional
+ Hostname string `json:"hostname,omitempty"
protobuf:"bytes,16,opt,name=hostname"`
+ // If specified, the fully qualified Pod hostname will be
"<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>".
+ // If not specified, the pod will not have a domainname at all.
+ // +optional
+ Subdomain string `json:"subdomain,omitempty"
protobuf:"bytes,17,opt,name=subdomain"`
+ // If specified, the pod's scheduling constraints
+ // +optional
+ Affinity *corev1.Affinity `json:"affinity,omitempty"
protobuf:"bytes,18,opt,name=affinity"`
+ // If specified, the pod will be dispatched by specified scheduler.
+ // If not specified, the pod will be dispatched by default scheduler.
+ // +optional
+ SchedulerName string `json:"schedulerName,omitempty"
protobuf:"bytes,19,opt,name=schedulerName"`
+ // If specified, the pod's tolerations.
+ // +optional
+ Tolerations []corev1.Toleration `json:"tolerations,omitempty"
protobuf:"bytes,22,opt,name=tolerations"`
+ // HostAliases is an optional list of hosts and IPs that will be
injected into the pod's hosts
+ // file if specified. This is only valid for non-hostNetwork pods.
+ // +optional
+ // +patchMergeKey=ip
+ // +patchStrategy=merge
+ HostAliases []corev1.HostAlias `json:"hostAliases,omitempty"
patchStrategy:"merge" patchMergeKey:"ip"
protobuf:"bytes,23,rep,name=hostAliases"`
+ // If specified, indicates the pod's priority. "system-node-critical"
and
+ // "system-cluster-critical" are two special keywords which indicate the
+ // highest priorities with the former being the highest priority. Any
other
+ // name must be defined by creating a PriorityClass object with that
name.
+ // If not specified, the pod priority will be default or zero if there
is no
+ // default.
+ // +optional
+ PriorityClassName string `json:"priorityClassName,omitempty"
protobuf:"bytes,24,opt,name=priorityClassName"`
+ // The priority value. Various system components use this field to find
the
+ // priority of the pod. When Priority Admission Controller is enabled,
it
+ // prevents users from setting this field. The admission controller
populates
+ // this field from PriorityClassName.
+ // The higher the value, the higher the priority.
+ // +optional
+ Priority *int32 `json:"priority,omitempty"
protobuf:"bytes,25,opt,name=priority"`
+ // Specifies the DNS parameters of a pod.
+ // Parameters specified here will be merged to the generated DNS
+ // configuration based on DNSPolicy.
+ // +optional
+ DNSConfig *corev1.PodDNSConfig `json:"dnsConfig,omitempty"
protobuf:"bytes,26,opt,name=dnsConfig"`
+ // If specified, all readiness gates will be evaluated for pod
readiness.
+ // A pod is ready when all its containers are ready AND
+ // all conditions specified in the readiness gates have status equal to
"True"
+ // More info:
https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
+ // +optional
+ ReadinessGates []corev1.PodReadinessGate
`json:"readinessGates,omitempty" protobuf:"bytes,28,opt,name=readinessGates"`
+ // RuntimeClassName refers to a RuntimeClass object in the node.k8s.io
group, which should be used
+ // to run this pod. If no RuntimeClass resource matches the named
class, the pod will not be run.
+ // If unset or empty, the "legacy" RuntimeClass will be used, which is
an implicit class with an
+ // empty definition that uses the default runtime handler.
+ // More info:
https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class
+ // +optional
+ RuntimeClassName *string `json:"runtimeClassName,omitempty"
protobuf:"bytes,29,opt,name=runtimeClassName"`
+ // EnableServiceLinks indicates whether information about services
should be injected into pod's
+ // environment variables, matching the syntax of Docker links.
+ // Optional: Defaults to true.
+ // +optional
+ EnableServiceLinks *bool `json:"enableServiceLinks,omitempty"
protobuf:"varint,30,opt,name=enableServiceLinks"`
+ // PreemptionPolicy is the Policy for preempting pods with lower
priority.
+ // One of Never, PreemptLowerPriority.
+ // Defaults to PreemptLowerPriority if unset.
+ // +optional
+ PreemptionPolicy *corev1.PreemptionPolicy
`json:"preemptionPolicy,omitempty"
protobuf:"bytes,31,opt,name=preemptionPolicy"`
+ // Overhead represents the resource overhead associated with running a
pod for a given RuntimeClass.
+ // This field will be autopopulated at admission time by the
RuntimeClass admission controller. If
+ // the RuntimeClass admission controller is enabled, overhead must not
be set in Pod create requests.
+ // The RuntimeClass admission controller will reject Pod create
requests which have the overhead already
+ // set. If RuntimeClass is configured and selected in the PodSpec,
Overhead will be set to the value
+ // defined in the corresponding RuntimeClass, otherwise it will remain
unset and treated as zero.
+ // More info:
https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
+ // +optional
+ Overhead corev1.ResourceList `json:"overhead,omitempty"
protobuf:"bytes,32,opt,name=overhead"`
+ // TopologySpreadConstraints describes how a group of pods ought to
spread across topology
+ // domains. Scheduler will schedule pods in a way which abides by the
constraints.
+ // All topologySpreadConstraints are ANDed.
+ // +optional
+ // +patchMergeKey=topologyKey
+ // +patchStrategy=merge
+ // +listType=map
+ // +listMapKey=topologyKey
+ // +listMapKey=whenUnsatisfiable
+ TopologySpreadConstraints []corev1.TopologySpreadConstraint
`json:"topologySpreadConstraints,omitempty" patchStrategy:"merge"
patchMergeKey:"topologyKey"
protobuf:"bytes,33,opt,name=topologySpreadConstraints"`
+ // If true the pod's hostname will be configured as the pod's FQDN,
rather than the leaf name (the default).
+ // In Linux containers, this means setting the FQDN in the hostname
field of the kernel (the nodename field of struct utsname).
+ // In Windows containers, this means setting the registry value of
hostname for the registry key
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to
FQDN.
+ // If a pod does not have FQDN, this has no effect.
+ // Default to false.
+ // +optional
+ SetHostnameAsFQDN *bool `json:"setHostnameAsFQDN,omitempty"
protobuf:"varint,35,opt,name=setHostnameAsFQDN"`
+ // Specifies the OS of the containers in the pod.
+ // Some pod and container fields are restricted if this is set.
+ //
+ // If the OS field is set to linux, the following fields must be unset:
+ // -securityContext.windowsOptions
+ //
+ // If the OS field is set to windows, following fields must be unset:
+ // - spec.hostPID
+ // - spec.hostIPC
+ // - spec.hostUsers
+ // - spec.securityContext.seLinuxOptions
+ // - spec.securityContext.seccompProfile
+ // - spec.securityContext.fsGroup
+ // - spec.securityContext.fsGroupChangePolicy
+ // - spec.securityContext.sysctls
+ // - spec.shareProcessNamespace
+ // - spec.securityContext.runAsUser
+ // - spec.securityContext.runAsGroup
+ // - spec.securityContext.supplementalGroups
+ // - spec.containers[*].securityContext.seLinuxOptions
+ // - spec.containers[*].securityContext.seccompProfile
+ // - spec.containers[*].securityContext.capabilities
+ // - spec.containers[*].securityContext.readOnlyRootFilesystem
+ // - spec.containers[*].securityContext.privileged
+ // - spec.containers[*].securityContext.allowPrivilegeEscalation
+ // - spec.containers[*].securityContext.procMount
+ // - spec.containers[*].securityContext.runAsUser
+ // - spec.containers[*].securityContext.runAsGroup
+ // +optional
+ OS *corev1.PodOS `json:"os,omitempty" protobuf:"bytes,36,opt,name=os"`
+
+ // Use the host's user namespace.
+ // Optional: Default to true.
+ // If set to true or not present, the pod will be run in the host user
namespace, useful
+ // for when the pod needs a feature only available to the host user
namespace, such as
+ // loading a kernel module with CAP_SYS_MODULE.
+ // When set to false, a new userns is created for the pod. Setting
false is useful for
+ // mitigating container breakout vulnerabilities even allowing users to
run their
+ // containers as root without actually having root privileges on the
host.
+ // This field is alpha-level and is only honored by servers that enable
the UserNamespacesSupport feature.
+ // +k8s:conversion-gen=false
+ // +optional
+ HostUsers *bool `json:"hostUsers,omitempty"
protobuf:"bytes,37,opt,name=hostUsers"`
+
+ // SchedulingGates is an opaque list of values that if specified will
block scheduling the pod.
+ // If schedulingGates is not empty, the pod will stay in the
SchedulingGated state and the
+ // scheduler will not attempt to schedule the pod.
+ //
+ // SchedulingGates can only be set at pod creation time, and be removed
only afterwards.
+ //
+ // This is a beta feature enabled by the PodSchedulingReadiness feature
gate.
+ //
+ // +patchMergeKey=name
+ // +patchStrategy=merge
+ // +listType=map
+ // +listMapKey=name
+ // +featureGate=PodSchedulingReadiness
+ // +optional
+ SchedulingGates []corev1.PodSchedulingGate
`json:"schedulingGates,omitempty" patchStrategy:"merge" patchMergeKey:"name"
protobuf:"bytes,38,opt,name=schedulingGates"`
+ // ResourceClaims defines which ResourceClaims must be allocated
+ // and reserved before the Pod is allowed to start. The resources
+ // will be made available to those containers which consume them
+ // by name.
+ //
+ // This is an alpha field and requires enabling the
+ // DynamicResourceAllocation feature gate.
+ //
+ // This field is immutable.
+ //
+ // +patchMergeKey=name
+ // +patchStrategy=merge,retainKeys
+ // +listType=map
+ // +listMapKey=name
+ // +featureGate=DynamicResourceAllocation
+ // +optional
+ ResourceClaims []corev1.PodResourceClaim
`json:"resourceClaims,omitempty" patchStrategy:"merge,retainKeys"
patchMergeKey:"name" protobuf:"bytes,39,rep,name=resourceClaims"`
+}
+
+func (f *FlowPodSpec) ToPodSpec() corev1.PodSpec {
+ return corev1.PodSpec{
+ Volumes: f.Volumes,
+ InitContainers: f.InitContainers,
+ Containers: f.Containers,
+ RestartPolicy: f.RestartPolicy,
+ TerminationGracePeriodSeconds: f.TerminationGracePeriodSeconds,
+ ActiveDeadlineSeconds: f.ActiveDeadlineSeconds,
+ DNSPolicy: f.DNSPolicy,
+ NodeSelector: f.NodeSelector,
+ ServiceAccountName: f.ServiceAccountName,
+ AutomountServiceAccountToken: f.AutomountServiceAccountToken,
+ NodeName: f.NodeName,
+ HostNetwork: f.HostNetwork,
+ HostPID: f.HostPID,
+ HostIPC: f.HostIPC,
+ ShareProcessNamespace: f.ShareProcessNamespace,
+ SecurityContext: f.SecurityContext,
+ ImagePullSecrets: f.ImagePullSecrets,
+ Hostname: f.Hostname,
+ Subdomain: f.Subdomain,
+ Affinity: f.Affinity,
+ SchedulerName: f.SchedulerName,
+ Tolerations: f.Tolerations,
+ HostAliases: f.HostAliases,
+ PriorityClassName: f.PriorityClassName,
+ Priority: f.Priority,
+ DNSConfig: f.DNSConfig,
+ ReadinessGates: f.ReadinessGates,
+ RuntimeClassName: f.RuntimeClassName,
+ EnableServiceLinks: f.EnableServiceLinks,
+ PreemptionPolicy: f.PreemptionPolicy,
+ Overhead: f.Overhead,
+ TopologySpreadConstraints: f.TopologySpreadConstraints,
+ SetHostnameAsFQDN: f.SetHostnameAsFQDN,
+ OS: f.OS,
+ HostUsers: f.HostUsers,
+ SchedulingGates: f.SchedulingGates,
+ ResourceClaims: f.ResourceClaims,
+ }
+}
+
+// FlowPodSpecTemplate describes the desired custom Kubernetes PodSpecTemplate
definition for the deployed flow.
+//
+// The FlowContainer describes the container where the actual flow is running.
It will override any default definitions.
+// For example, to override the image one can use
`.spec.podSpecTemplate.flowContainer.image = my/image:tag`.
+type FlowPodSpecTemplate struct {
+ // FlowContainer is the Kubernetes container where the workflow
application should run.
+ // One can change this attribute in order to override the defaults
provided by the operator.
+ // +optional
+ FlowContainer FlowContainer `json:"flowContainer,omitempty"`
+ PodSpecTemplate FlowPodSpec `json:",omitempty"`
Review Comment:
No, the `PodSpecTemplate` has an array of `containers` mapped by the
container name. We set the application container to `workflow`. So if a user
overrides the defaults, they should change
`spec.podSpecTemplate.containers[workflow].` That's cumbersome and not robust
so we added a shortcut to `spec.flowContainer`. I'll clarify this in the
OpenAPI + docs. If one tries to override the naming, we just ignore it for now,
but with webhooks we can fire an error.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
