From 56699dea89d8a3717d9f95801eaab48299e770e3 Mon Sep 17 00:00:00 2001 From: Yannis Zarkadas Date: Wed, 14 Apr 2021 18:34:12 +0300 Subject: [PATCH] Kubeflow Tekton Pipelines: Sync manifests (#1843) Sync manifests for application "Kubeflow Tekton Pipelines". Upstream manifests are copied from: - Repo: https://github.com/kubeflow/kfp-tekton - Path: manifests/kustomize - Revision: v0.8.0-rc0 Signed-off-by: Yannis Zarkadas --- apps/kfp-tekton/upstream/Makefile | 29 + apps/kfp-tekton/upstream/README.md | 158 + .../base/application/application.yaml | 49 + .../base/application/kustomization.yaml | 5 + .../cache-deployer-deployment.yaml | 29 + .../cache-deployer/cache-deployer-role.yaml | 17 + .../cache-deployer-rolebinding.yaml | 11 + .../cache-deployer-clusterrole.yaml | 35 + .../cache-deployer-clusterrolebinding.yaml | 12 + .../cluster-scoped/cache-deployer-sa.yaml | 4 + .../cluster-scoped/kustomization.yaml | 11 + .../base/cache-deployer/kustomization.yaml | 13 + .../upstream/base/cache/cache-deployment.yaml | 77 + .../upstream/base/cache/cache-role.yaml | 44 + .../base/cache/cache-rolebinding.yaml | 11 + .../upstream/base/cache/cache-sa.yaml | 4 + .../upstream/base/cache/cache-service.yaml | 10 + .../upstream/base/cache/kustomization.yaml | 13 + .../base/installs/generic/kustomization.yaml | 65 + .../base/installs/generic/mysql-secret.yaml | 7 + .../base/installs/generic/params.yaml | 8 + .../generic/pipeline-install-config.yaml | 29 + .../api-service/cluster-role-binding.yaml | 11 + .../multi-user/api-service/cluster-role.yaml | 63 + .../api-service/deployment-patch.yaml | 17 + .../multi-user/api-service/kustomization.yaml | 9 + .../multi-user/api-service/params.env | 4 + .../cache/cluster-role-binding.yaml | 11 + .../multi-user/cache/cluster-role.yaml | 31 + .../multi-user/cache/deployment-patch.yaml | 13 + .../multi-user/cache/kustomization.yaml | 7 + .../istio-authorization-config.yaml | 115 + .../installs/multi-user/kustomization.yaml | 31 + .../metadata-writer/cluster-role-binding.yaml | 11 + .../metadata-writer/cluster-role.yaml | 45 + .../metadata-writer/deployment-patch.yaml | 13 + .../metadata-writer/kustomization.yaml | 5 + .../base/installs/multi-user/params.yaml | 4 + .../cluster-role-binding.yaml | 11 + .../persistence-agent/cluster-role.yaml | 35 + .../persistence-agent/deployment-patch.yaml | 13 + .../persistence-agent/kustomization.yaml | 5 + .../composite-controller.yaml | 39 + .../deployment.yaml | 43 + .../kustomization.yaml | 16 + .../pipelines-profile-controller/params.env | 1 + .../pipelines-profile-controller/service.yaml | 10 + .../pipelines-profile-controller/sync.py | 285 + .../pipelines-ui/cluster-role-binding.yaml | 11 + .../multi-user/pipelines-ui/cluster-role.yaml | 56 + .../pipelines-ui/configmap-patch.yaml | 13 + .../pipelines-ui/deployment-patch.yaml | 34 + .../pipelines-ui/kustomization.yaml | 8 + .../cluster-role-binding.yaml | 11 + .../scheduled-workflow/cluster-role.yaml | 50 + .../scheduled-workflow/deployment-patch.yaml | 13 + .../scheduled-workflow/kustomization.yaml | 6 + .../multi-user/view-edit-cluster-roles.yaml | 115 + .../cluster-role-binding.yaml | 11 + .../viewer-controller/cluster-role.yaml | 30 + .../viewer-controller/deployment-patch.yaml | 13 + .../viewer-controller/kustomization.yaml | 5 + .../installs/multi-user/virtual-service.yaml | 45 + .../base/metadata/base/kustomization.yaml | 12 + .../base/metadata-envoy-deployment.yaml | 26 + .../metadata/base/metadata-envoy-service.yaml | 14 + .../base/metadata-grpc-configmap.yaml | 9 + .../base/metadata-grpc-deployment.yaml | 76 + .../base/metadata/base/metadata-grpc-sa.yaml | 4 + .../metadata/base/metadata-grpc-service.yaml | 14 + .../metadata/overlays/db/kustomization.yaml | 39 + .../overlays/db/metadata-db-deployment.yaml | 51 + .../metadata/overlays/db/metadata-db-pvc.yaml | 10 + .../overlays/db/metadata-db-service.yaml | 14 + .../base/metadata/overlays/db/params.env | 3 + .../db/patches/metadata-grpc-deployment.yaml | 25 + .../base/metadata/overlays/db/secrets.env | 2 + .../base/pipeline/apiserver-deployment.yaml | 103 + .../cluster-scoped/kustomization.yaml | 5 + .../scheduled-workflow-crd.yaml | 18 + .../pipeline/cluster-scoped/viewer-crd.yaml | 18 + .../base/pipeline/container-builder-sa.yaml | 4 + .../base/pipeline/kfp-pipeline-config.yaml | 27 + .../upstream/base/pipeline/kustomization.yaml | 65 + .../pipeline/metadata-writer-deployment.yaml | 31 + .../metadata-writer/kustomization.yaml | 10 + .../metadata-writer-deployment.yaml | 27 + .../metadata-writer/metadata-writer-role.yaml | 45 + .../metadata-writer-rolebinding.yaml | 11 + .../metadata-writer/metadata-writer-sa.yaml | 4 + .../ml-pipeline-apiserver-deployment.yaml | 109 + .../pipeline/ml-pipeline-apiserver-role.yaml | 65 + .../ml-pipeline-apiserver-rolebinding.yaml | 13 + .../pipeline/ml-pipeline-apiserver-sa.yaml | 4 + .../ml-pipeline-apiserver-service.yaml | 16 + ...-pipeline-persistenceagent-deployment.yaml | 35 + .../ml-pipeline-persistenceagent-role.yaml | 35 + ...pipeline-persistenceagent-rolebinding.yaml | 11 + .../ml-pipeline-persistenceagent-sa.yaml | 4 + ...pipeline-scheduledworkflow-deployment.yaml | 32 + .../ml-pipeline-scheduledworkflow-role.yaml | 52 + ...ipeline-scheduledworkflow-rolebinding.yaml | 11 + .../ml-pipeline-scheduledworkflow-sa.yaml | 4 + .../pipeline/ml-pipeline-ui-configmap.yaml | 11 + .../pipeline/ml-pipeline-ui-deployment.yaml | 79 + .../base/pipeline/ml-pipeline-ui-role.yaml | 58 + .../pipeline/ml-pipeline-ui-rolebinding.yaml | 13 + .../base/pipeline/ml-pipeline-ui-sa.yaml | 4 + .../base/pipeline/ml-pipeline-ui-service.yaml | 14 + .../ml-pipeline-viewer-crd-deployment.yaml | 29 + .../pipeline/ml-pipeline-viewer-crd-role.yaml | 30 + .../ml-pipeline-viewer-crd-rolebinding.yaml | 11 + .../pipeline/ml-pipeline-viewer-crd-sa.yaml | 4 + .../ml-pipeline-visualization-deployment.yaml | 53 + .../ml-pipeline-visualization-sa.yaml | 4 + .../ml-pipeline-visualization-service.yaml | 12 + .../base/pipeline/pipeline-runner-role.yaml | 94 + .../pipeline/pipeline-runner-rolebinding.yaml | 11 + .../base/pipeline/pipeline-runner-sa.yaml | 4 + .../upstream/base/pipeline/viewer-sa.yaml | 4 + .../kustomization.yaml | 26 + .../cluster-scoped-resources/namespace.yaml | 4 + .../cluster-scoped-resources/params.yaml | 4 + apps/kfp-tekton/upstream/env/aws/README.md | 56 + .../env/aws/aws-configuration-patch.yaml | 61 + apps/kfp-tekton/upstream/env/aws/config | 20 + .../upstream/env/aws/kustomization.yaml | 33 + .../env/aws/minio-artifact-secret-patch.env | 2 + apps/kfp-tekton/upstream/env/aws/params.env | 5 + apps/kfp-tekton/upstream/env/aws/secret.env | 2 + .../upstream/env/aws/viewer-pod-template.json | 37 + .../upstream/env/azure/kustomization.yaml | 25 + .../minio-azure-gateway/kustomization.yaml | 13 + .../minio-artifact-secret.env | 2 + .../minio-azure-gateway-deployment.yaml | 40 + .../minio-azure-gateway-service.yaml | 11 + .../upstream/env/azure/mysql-secret.env | 2 + apps/kfp-tekton/upstream/env/azure/params.env | 1 + apps/kfp-tekton/upstream/env/azure/readme.md | 15 + .../upstream/env/dev/kustomization.yaml | 19 + .../cloudsql-proxy-deployment.yaml | 47 + .../gcp/cloudsql-proxy/cloudsql-proxy-sa.yaml | 4 + .../env/gcp/cloudsql-proxy/kustomization.yaml | 7 + .../env/gcp/cloudsql-proxy/mysql-service.yaml | 9 + .../env/gcp/gcp-configurations-patch.yaml | 22 + .../env/gcp/inverse-proxy/kustomization.yaml | 11 + .../gcp/inverse-proxy/proxy-configmap.yaml | 4 + .../gcp/inverse-proxy/proxy-deployment.yaml | 21 + .../env/gcp/inverse-proxy/proxy-role.yaml | 13 + .../gcp/inverse-proxy/proxy-rolebinding.yaml | 13 + .../env/gcp/inverse-proxy/proxy-sa.yaml | 4 + .../upstream/env/gcp/kustomization.yaml | 32 + .../gcp/minio-gcs-gateway/kustomization.yaml | 14 + .../minio-artifact-secret.env | 2 + .../minio-gcs-gateway-deployment.yaml | 47 + .../minio-gcs-gateway-sa.yaml | 4 + .../minio-gcs-gateway-service.yaml | 11 + apps/kfp-tekton/upstream/env/gcp/params.env | 6 + .../env/kfp-template/application-crd.yaml | 6 + .../env/kfp-template/kustomization.yaml | 32 + .../upstream/env/kfp-template/namespace.yaml | 4 + .../kfp-template/scheduled-workflow-crd.yaml | 6 + .../upstream/env/kfp-template/viewer-crd.yaml | 6 + .../env/plain-multi-user/kustomization.yaml | 21 + .../upstream/env/plain/kustomization.yaml | 18 + .../kustomization.yaml | 7 + .../env/platform-agnostic/kustomization.yaml | 7 + .../upstream/gcp-workload-identity-setup.sh | 202 + apps/kfp-tekton/upstream/hack/format.sh | 39 + apps/kfp-tekton/upstream/hack/presubmit.sh | 49 + apps/kfp-tekton/upstream/hack/release.sh | 42 + apps/kfp-tekton/upstream/sample/README.md | 77 + .../kustomization.yaml | 10 + .../upstream/sample/kustomization.yaml | 39 + .../upstream/sample/params-db-secret.env | 2 + apps/kfp-tekton/upstream/sample/params.env | 4 + .../application-controller-deployment.yaml | 43 + .../application-controller-role.yaml | 21 + .../application-controller-rolebinding.yaml | 11 + .../application-controller-sa.yaml | 4 + .../application-controller-service.yaml | 13 + .../cluster-scoped/application-crd.yaml | 234 + .../cluster-scoped/kustomization.yaml | 4 + .../application/kustomization.yaml | 9 + .../upstream/third-party/argo/Makefile | 14 + .../upstream/third-party/argo/README.md | 15 + .../third-party/argo/base/kustomization.yaml | 14 + .../third-party/argo/base/params.yaml | 3 + .../workflow-controller-configmap-patch.yaml | 30 + .../workflow-controller-deployment-patch.yaml | 19 + .../argo/installs/cluster/kustomization.yaml | 10 + .../cluster-scoped/kustomization.yaml | 4 + .../installs/namespace/kustomization.yaml | 19 + .../workflow-controller-deployment-patch.json | 7 + .../argo/upstream/manifests/Kptfile | 11 + .../argo-server/argo-server-deployment.yaml | 38 + .../base/argo-server/argo-server-sa.yaml | 4 + .../base/argo-server/argo-server-service.yaml | 11 + .../base/argo-server/kustomization.yaml | 7 + .../manifests/base/crds/full/README.md | 3 + .../argoproj.io_clusterworkflowtemplates.yaml | 6703 +++++ .../crds/full/argoproj.io_cronworkflows.yaml | 6766 ++++++ .../argoproj.io_workfloweventbindings.yaml | 399 + .../base/crds/full/argoproj.io_workflows.yaml | 20207 ++++++++++++++++ .../full/argoproj.io_workflowtemplates.yaml | 6702 +++++ .../base/crds/full/kustomization.yaml | 9 + .../manifests/base/crds/kustomization.yaml | 5 + .../manifests/base/crds/minimal/README.md | 3 + .../argoproj.io_clusterworkflowtemplates.yaml | 20 + .../minimal/argoproj.io_cronworkflows.yaml | 20 + .../argoproj.io_workfloweventbindings.yaml | 19 + .../crds/minimal/argoproj.io_workflows.yaml | 30 + .../argoproj.io_workflowtemplates.yaml | 19 + .../base/crds/minimal/kustomization.yaml | 9 + .../manifests/base/kustomization.yaml | 7 + .../workflow-controller/kustomization.yaml | 8 + .../workflow-controller-configmap.yaml | 4 + .../workflow-controller-deployment.yaml | 42 + .../workflow-controller-metrics-service.yaml | 12 + .../workflow-controller-sa.yaml | 4 + .../argo-server-clusterole.yaml | 62 + .../argo-server-clusterolebinding.yaml | 12 + .../argo-server-rbac/kustomization.yaml | 6 + .../cluster-install/kustomization.yaml | 7 + .../kustomization.yaml | 19 + .../workflow-aggregate-roles.yaml | 86 + .../workflow-controller-clusterrole.yaml | 92 + ...orkflow-controller-clusterrolebinding.yaml | 12 + .../workflow-controller-role.yaml | 11 + .../workflow-controller-rolebinding.yaml | 11 + .../argo-server-rbac/argo-server-role.yaml | 62 + .../argo-server-rolebinding.yaml | 11 + .../argo-server-rbac/kustomization.yaml | 6 + .../namespace-install/kustomization.yaml | 21 + .../overlays/argo-server-deployment.json | 7 + .../workflow-controller-deployment.json | 7 + .../kustomization.yaml | 6 + .../workflow-controller-role.yaml | 96 + .../workflow-controller-rolebinding.yaml | 11 + .../base/argo-server-sso-secret.yaml | 7 + .../base/artifact-repositories-configmap.yaml | 16 + .../base/cluster-workflow-template-rbac.yaml | 58 + .../quick-start/base/kustomization.yaml | 16 + .../quick-start/base/minio/kustomization.yaml | 7 + .../quick-start/base/minio/minio-pod.yaml | 34 + .../quick-start/base/minio/minio-service.yaml | 13 + .../base/minio/my-minio-cred-secret.yaml | 10 + .../base/overlays/argo-server-deployment.yaml | 16 + .../workflow-controller-configmap.yaml | 29 + .../prometheus/prometheus-config-cluster.yaml | 12 + ...argo-workflows-webhook-clients-secret.yaml | 22 + .../base/webhooks/github.com-rolebinding.yaml | 12 + .../base/webhooks/github.com-sa.yaml | 4 + .../base/webhooks/kustomization.yaml | 8 + .../submit-workflow-template-role.yaml | 25 + .../base/workflow-default-rolebinding.yaml | 11 + .../quick-start/base/workflow-role.yaml | 33 + .../quick-start/minimal/kustomization.yaml | 5 + .../mysql/argo-mysql-config-secret.yaml | 10 + .../quick-start/mysql/kustomization.yaml | 11 + .../quick-start/mysql/mysql-deployment.yaml | 37 + .../quick-start/mysql/mysql-service.yaml | 13 + .../workflow-controller-configmap.yaml | 24 + .../postgres/argo-postgres-config-secret.yaml | 10 + .../quick-start/postgres/kustomization.yaml | 11 + .../workflow-controller-configmap.yaml | 24 + .../postgres/postgres-deployment.yaml | 31 + .../postgres/postgres-service.yaml | 13 + .../quick-start/sso/dex/dev-svc.yaml | 10 + .../manifests/quick-start/sso/dex/dex-cm.yaml | 33 + .../quick-start/sso/dex/dex-deploy.yaml | 32 + .../manifests/quick-start/sso/dex/dex-rb.yaml | 11 + .../quick-start/sso/dex/dex-role.yaml | 14 + .../manifests/quick-start/sso/dex/dex-sa.yaml | 4 + .../quick-start/sso/dex/kustomization.yaml | 13 + .../quick-start/sso/kustomization.yaml | 10 + .../sso/overlays/argo-server-sa.yaml | 7 + .../workflow-controller-configmap.yaml | 19 + .../grafana/grafana-deployment.yaml | 60 + .../third-party/grafana/grafana-role.yaml | 19 + .../grafana/grafana-rolebinding.yaml | 13 + .../third-party/grafana/grafana-sa.yaml | 4 + .../third-party/grafana/grafana-service.yaml | 14 + .../third-party/grafana/kustomization.yaml | 11 + .../base/cluster-role-binding.yaml | 11 + .../third-party/metacontroller/base/crd.yaml | 45 + .../metacontroller/base/kustomization.yaml | 14 + .../metacontroller/base/service-account.yaml | 4 + .../metacontroller/base/stateful-set.yaml | 43 + .../third-party/minio/base/kustomization.yaml | 8 + .../minio/base/minio-deployment.yaml | 48 + .../third-party/minio/base/minio-pvc.yaml | 10 + .../third-party/minio/base/minio-service.yaml | 12 + .../mlpipeline-minio-artifact-secret.yaml | 7 + .../istio/istio-authorization-policy.yaml | 31 + .../minio/options/istio/kustomization.yaml | 5 + .../third-party/mysql/base/kustomization.yaml | 8 + .../mysql/base/mysql-deployment.yaml | 44 + .../mysql/base/mysql-pv-claim.yaml | 10 + .../third-party/mysql/base/mysql-service.yaml | 12 + .../mysql/base/mysql-serviceaccount.yaml | 4 + .../istio/istio-authorization-policy.yaml | 32 + .../mysql/options/istio/kustomization.yaml | 5 + .../third-party/prometheus/kustomization.yaml | 11 + .../prometheus/prometheus-configmap.yaml | 31 + .../prometheus/prometheus-deployment.yaml | 34 + .../prometheus/prometheus-role.yaml | 19 + .../prometheus/prometheus-rolebinding.yaml | 13 + .../third-party/prometheus/prometheus-sa.yaml | 4 + .../prometheus/prometheus-service.yaml | 14 + .../tekton-custom-task/kustomization.yaml | 13 + .../pipeline-loops/200-serviceaccount.yaml | 19 + .../pipeline-loops/201-clusterrole.yaml | 92 + .../pipeline-loops/201-role.yaml | 54 + .../pipeline-loops/201-rolebinding.yaml | 35 + .../202-clusterrolebinding.yaml | 88 + .../pipeline-loops/300-pipelineloop.yaml | 38 + .../pipeline-loops/500-controller.yaml | 56 + .../500-webhook-configuration.yaml | 53 + .../pipeline-loops/500-webhook.yaml | 98 + .../pipeline-loops/kustomization.yaml | 13 + .../tekton/base/kustomization.yaml | 5 + .../installs/cluster/kustomization.yaml | 5 + .../manifests/base/kustomization.yaml | 6 + .../cluster-role-binding.yaml | 44 + .../base/tektoncd-dashboard/cluster-role.yaml | 213 + .../base/tektoncd-dashboard/crds.yaml | 42 + .../base/tektoncd-dashboard/deployment.yaml | 56 + .../tektoncd-dashboard/kustomization.yaml | 15 + .../base/tektoncd-dashboard/role-binding.yaml | 47 + .../tektoncd-dashboard/service-account.yaml | 7 + .../base/tektoncd-dashboard/service.yaml | 17 + .../cluster-role-binding.yaml | 48 + .../base/tektoncd-install/cluster-role.yaml | 133 + .../base/tektoncd-install/config-map.yaml | 258 + .../manifests/base/tektoncd-install/crds.yaml | 397 + .../base/tektoncd-install/deployment.yaml | 222 + .../horizontal-pod-autoscaler.yaml | 22 + .../base/tektoncd-install/kustomization.yaml | 146 + .../base/tektoncd-install/namespace.yaml | 4 + .../base/tektoncd-install/params.env | 14 + .../base/tektoncd-install/params.yaml | 3 + .../tektoncd-install/pod-security-policy.yaml | 28 + .../base/tektoncd-install/policy.yaml | 15 + .../base/tektoncd-install/role-binding.yaml | 63 + .../manifests/base/tektoncd-install/role.yaml | 62 + .../base/tektoncd-install/secret.yaml | 8 + .../tektoncd-install/service-account.yaml | 15 + .../base/tektoncd-install/service.yaml | 51 + .../webhook-configuration.yaml | 53 + apps/kfp-tekton/upstream/wi-utils.sh | 85 + 351 files changed, 50622 insertions(+) create mode 100644 apps/kfp-tekton/upstream/Makefile create mode 100644 apps/kfp-tekton/upstream/README.md create mode 100644 apps/kfp-tekton/upstream/base/application/application.yaml create mode 100644 apps/kfp-tekton/upstream/base/application/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/base/cache-deployer/cache-deployer-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/base/cache-deployer/cache-deployer-role.yaml create mode 100644 apps/kfp-tekton/upstream/base/cache-deployer/cache-deployer-rolebinding.yaml create mode 100644 apps/kfp-tekton/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrole.yaml create mode 100644 apps/kfp-tekton/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml create mode 100644 apps/kfp-tekton/upstream/base/cache-deployer/cluster-scoped/cache-deployer-sa.yaml create mode 100644 apps/kfp-tekton/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/base/cache-deployer/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/base/cache/cache-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/base/cache/cache-role.yaml create mode 100644 apps/kfp-tekton/upstream/base/cache/cache-rolebinding.yaml create mode 100644 apps/kfp-tekton/upstream/base/cache/cache-sa.yaml create mode 100644 apps/kfp-tekton/upstream/base/cache/cache-service.yaml create mode 100644 apps/kfp-tekton/upstream/base/cache/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/generic/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/generic/mysql-secret.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/generic/params.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/generic/pipeline-install-config.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/api-service/cluster-role-binding.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/api-service/cluster-role.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/api-service/deployment-patch.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/api-service/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/api-service/params.env create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/cache/cluster-role-binding.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/cache/cluster-role.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/cache/deployment-patch.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/cache/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/istio-authorization-config.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/metadata-writer/cluster-role-binding.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/metadata-writer/cluster-role.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/metadata-writer/deployment-patch.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/metadata-writer/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/params.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/persistence-agent/cluster-role-binding.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/persistence-agent/cluster-role.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/persistence-agent/deployment-patch.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/persistence-agent/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/composite-controller.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/deployment.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/params.env create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/service.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/sync.py create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-ui/cluster-role-binding.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-ui/cluster-role.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-ui/configmap-patch.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-ui/deployment-patch.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-ui/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/scheduled-workflow/cluster-role-binding.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/scheduled-workflow/cluster-role.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/scheduled-workflow/deployment-patch.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/scheduled-workflow/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/view-edit-cluster-roles.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/viewer-controller/cluster-role-binding.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/viewer-controller/cluster-role.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/viewer-controller/deployment-patch.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/viewer-controller/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/base/installs/multi-user/virtual-service.yaml create mode 100644 apps/kfp-tekton/upstream/base/metadata/base/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/base/metadata/base/metadata-envoy-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/base/metadata/base/metadata-envoy-service.yaml create mode 100644 apps/kfp-tekton/upstream/base/metadata/base/metadata-grpc-configmap.yaml create mode 100644 apps/kfp-tekton/upstream/base/metadata/base/metadata-grpc-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/base/metadata/base/metadata-grpc-sa.yaml create mode 100644 apps/kfp-tekton/upstream/base/metadata/base/metadata-grpc-service.yaml create mode 100644 apps/kfp-tekton/upstream/base/metadata/overlays/db/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/base/metadata/overlays/db/metadata-db-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/base/metadata/overlays/db/metadata-db-pvc.yaml create mode 100644 apps/kfp-tekton/upstream/base/metadata/overlays/db/metadata-db-service.yaml create mode 100644 apps/kfp-tekton/upstream/base/metadata/overlays/db/params.env create mode 100644 apps/kfp-tekton/upstream/base/metadata/overlays/db/patches/metadata-grpc-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/base/metadata/overlays/db/secrets.env create mode 100644 apps/kfp-tekton/upstream/base/pipeline/apiserver-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/cluster-scoped/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/cluster-scoped/viewer-crd.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/container-builder-sa.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/kfp-pipeline-config.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/metadata-writer-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/metadata-writer/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/metadata-writer/metadata-writer-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/metadata-writer/metadata-writer-role.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/metadata-writer/metadata-writer-rolebinding.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/metadata-writer/metadata-writer-sa.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-role.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-sa.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-service.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-persistenceagent-rolebinding.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-persistenceagent-sa.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-scheduledworkflow-sa.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-configmap.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-role.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-rolebinding.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-sa.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-service.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-viewer-crd-role.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-viewer-crd-rolebinding.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-viewer-crd-sa.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-visualization-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-visualization-sa.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-visualization-service.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/pipeline-runner-role.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/pipeline-runner-rolebinding.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/pipeline-runner-sa.yaml create mode 100644 apps/kfp-tekton/upstream/base/pipeline/viewer-sa.yaml create mode 100644 apps/kfp-tekton/upstream/cluster-scoped-resources/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/cluster-scoped-resources/namespace.yaml create mode 100644 apps/kfp-tekton/upstream/cluster-scoped-resources/params.yaml create mode 100644 apps/kfp-tekton/upstream/env/aws/README.md create mode 100644 apps/kfp-tekton/upstream/env/aws/aws-configuration-patch.yaml create mode 100644 apps/kfp-tekton/upstream/env/aws/config create mode 100644 apps/kfp-tekton/upstream/env/aws/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/env/aws/minio-artifact-secret-patch.env create mode 100644 apps/kfp-tekton/upstream/env/aws/params.env create mode 100644 apps/kfp-tekton/upstream/env/aws/secret.env create mode 100644 apps/kfp-tekton/upstream/env/aws/viewer-pod-template.json create mode 100644 apps/kfp-tekton/upstream/env/azure/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/env/azure/minio-azure-gateway/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/env/azure/minio-azure-gateway/minio-artifact-secret.env create mode 100644 apps/kfp-tekton/upstream/env/azure/minio-azure-gateway/minio-azure-gateway-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/env/azure/minio-azure-gateway/minio-azure-gateway-service.yaml create mode 100644 apps/kfp-tekton/upstream/env/azure/mysql-secret.env create mode 100644 apps/kfp-tekton/upstream/env/azure/params.env create mode 100644 apps/kfp-tekton/upstream/env/azure/readme.md create mode 100644 apps/kfp-tekton/upstream/env/dev/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-sa.yaml create mode 100644 apps/kfp-tekton/upstream/env/gcp/cloudsql-proxy/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/env/gcp/cloudsql-proxy/mysql-service.yaml create mode 100644 apps/kfp-tekton/upstream/env/gcp/gcp-configurations-patch.yaml create mode 100644 apps/kfp-tekton/upstream/env/gcp/inverse-proxy/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/env/gcp/inverse-proxy/proxy-configmap.yaml create mode 100644 apps/kfp-tekton/upstream/env/gcp/inverse-proxy/proxy-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/env/gcp/inverse-proxy/proxy-role.yaml create mode 100644 apps/kfp-tekton/upstream/env/gcp/inverse-proxy/proxy-rolebinding.yaml create mode 100644 apps/kfp-tekton/upstream/env/gcp/inverse-proxy/proxy-sa.yaml create mode 100644 apps/kfp-tekton/upstream/env/gcp/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/env/gcp/minio-gcs-gateway/minio-artifact-secret.env create mode 100644 apps/kfp-tekton/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-sa.yaml create mode 100644 apps/kfp-tekton/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml create mode 100644 apps/kfp-tekton/upstream/env/gcp/params.env create mode 100644 apps/kfp-tekton/upstream/env/kfp-template/application-crd.yaml create mode 100644 apps/kfp-tekton/upstream/env/kfp-template/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/env/kfp-template/namespace.yaml create mode 100644 apps/kfp-tekton/upstream/env/kfp-template/scheduled-workflow-crd.yaml create mode 100644 apps/kfp-tekton/upstream/env/kfp-template/viewer-crd.yaml create mode 100644 apps/kfp-tekton/upstream/env/plain-multi-user/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/env/plain/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/env/platform-agnostic-multi-user/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/env/platform-agnostic/kustomization.yaml create mode 100755 apps/kfp-tekton/upstream/gcp-workload-identity-setup.sh create mode 100755 apps/kfp-tekton/upstream/hack/format.sh create mode 100755 apps/kfp-tekton/upstream/hack/presubmit.sh create mode 100755 apps/kfp-tekton/upstream/hack/release.sh create mode 100644 apps/kfp-tekton/upstream/sample/README.md create mode 100644 apps/kfp-tekton/upstream/sample/cluster-scoped-resources/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/sample/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/sample/params-db-secret.env create mode 100644 apps/kfp-tekton/upstream/sample/params.env create mode 100644 apps/kfp-tekton/upstream/third-party/application/application-controller-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/application/application-controller-role.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/application/application-controller-rolebinding.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/application/application-controller-sa.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/application/application-controller-service.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/application/cluster-scoped/application-crd.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/application/cluster-scoped/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/application/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/Makefile create mode 100644 apps/kfp-tekton/upstream/third-party/argo/README.md create mode 100644 apps/kfp-tekton/upstream/third-party/argo/base/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/base/params.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/base/workflow-controller-configmap-patch.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/base/workflow-controller-deployment-patch.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/installs/cluster/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/installs/namespace/cluster-scoped/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/installs/namespace/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/installs/namespace/workflow-controller-deployment-patch.json create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/Kptfile create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-sa.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-service.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/README.md create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_clusterworkflowtemplates.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_cronworkflows.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workfloweventbindings.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflows.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtemplates.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/README.md create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_clusterworkflowtemplates.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_cronworkflows.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workfloweventbindings.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflows.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflowtemplates.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-configmap.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-metrics-service.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-sa.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/argo-server-clusterole.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/argo-server-clusterolebinding.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-aggregate-roles.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrole.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrolebinding.yaml create mode 100755 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-role.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-rolebinding.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/argo-server-role.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/argo-server-rolebinding.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/overlays/argo-server-deployment.json create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/overlays/workflow-controller-deployment.json create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/workflow-controller-role.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/workflow-controller-rolebinding.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/argo-server-sso-secret.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/artifact-repositories-configmap.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/cluster-workflow-template-rbac.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-pod.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-service.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/my-minio-cred-secret.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/overlays/argo-server-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/overlays/workflow-controller-configmap.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/prometheus/prometheus-config-cluster.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/argo-workflows-webhook-clients-secret.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/github.com-rolebinding.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/github.com-sa.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/submit-workflow-template-role.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-default-rolebinding.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-role.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/minimal/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/argo-mysql-config-secret.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/mysql-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/mysql-service.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/overlays/workflow-controller-configmap.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/argo-postgres-config-secret.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/overlays/workflow-controller-configmap.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/postgres-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/postgres-service.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dev-svc.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-cm.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-deploy.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-rb.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-role.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-sa.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/overlays/argo-server-sa.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/overlays/workflow-controller-configmap.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/grafana/grafana-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/grafana/grafana-role.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/grafana/grafana-rolebinding.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/grafana/grafana-sa.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/grafana/grafana-service.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/grafana/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/metacontroller/base/cluster-role-binding.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/metacontroller/base/crd.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/metacontroller/base/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/metacontroller/base/service-account.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/metacontroller/base/stateful-set.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/minio/base/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/minio/base/minio-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/minio/base/minio-pvc.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/minio/base/minio-service.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/minio/base/mlpipeline-minio-artifact-secret.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/minio/options/istio/istio-authorization-policy.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/minio/options/istio/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/mysql/base/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/mysql/base/mysql-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/mysql/base/mysql-pv-claim.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/mysql/base/mysql-service.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/mysql/base/mysql-serviceaccount.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/mysql/options/istio/istio-authorization-policy.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/mysql/options/istio/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/prometheus/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/prometheus/prometheus-configmap.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/prometheus/prometheus-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/prometheus/prometheus-role.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/prometheus/prometheus-rolebinding.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/prometheus/prometheus-sa.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/prometheus/prometheus-service.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton-custom-task/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/200-serviceaccount.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/201-clusterrole.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/201-role.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/201-rolebinding.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/202-clusterrolebinding.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/300-pipelineloop.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/500-controller.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/500-webhook-configuration.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/500-webhook.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/base/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/installs/cluster/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/cluster-role-binding.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/cluster-role.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/crds.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/deployment.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/role-binding.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/service-account.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/service.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/cluster-role-binding.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/cluster-role.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/config-map.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/crds.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/deployment.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/horizontal-pod-autoscaler.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/namespace.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/params.env create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/params.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/pod-security-policy.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/policy.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/role-binding.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/role.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/secret.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/service-account.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/service.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/webhook-configuration.yaml create mode 100644 apps/kfp-tekton/upstream/wi-utils.sh diff --git a/apps/kfp-tekton/upstream/Makefile b/apps/kfp-tekton/upstream/Makefile new file mode 100644 index 00000000000..e5dee101822 --- /dev/null +++ b/apps/kfp-tekton/upstream/Makefile @@ -0,0 +1,29 @@ +# This makefile is a quick test to verify all manifests can be hydrated. + +test: aws azure dev gcp platform-agnostic platform-agnostic-multi-user plain plain-multi-user + +aws: FORCE + kubectl kustomize env/aws + +azure: FORCE + kubectl kustomize env/azure + +dev: FORCE + kubectl kustomize env/dev + +gcp: FORCE + kubectl kustomize env/gcp + +platform-agnostic: FORCE + kubectl kustomize env/platform-agnostic + +platform-agnostic-multi-user: FORCE + kustomize build --load_restrictor none env/platform-agnostic-multi-user + +plain: FORCE + kubectl kustomize env/plain + +plain-multi-user: FORCE + kustomize build --load_restrictor none env/plain-multi-user + +FORCE: ; diff --git a/apps/kfp-tekton/upstream/README.md b/apps/kfp-tekton/upstream/README.md new file mode 100644 index 00000000000..49ea21019e8 --- /dev/null +++ b/apps/kfp-tekton/upstream/README.md @@ -0,0 +1,158 @@ +# Kubeflow Pipelines Kustomize Manifest Folder + +## Install Kubeflow Pipelines + +This folder contains Kubeflow Pipelines Kustomize manifests for a light weight +deployment. You can follow the instruction and deploy Kubeflow Pipelines in an +existing cluster. + +To install Kubeflow Pipelines, you have several options. + +- Via an upcoming commandline tool. +- Via Kubectl with Kustomize, it's detailed here. + +### Install via Kustomize + +Deploy latest version of Kubeflow Pipelines. + +It uses following default settings. + +- image: latest released images +- namespace: kubeflow +- application name: pipeline + +#### Option-1 Install it to any K8s cluster + +It's based on in-cluster PersistentVolumeClaim storage. + +```bash +kubectl apply -k cluster-scoped-resources/ +kubectl wait crd/applications.app.k8s.io --for condition=established --timeout=60s +kubectl apply -k env/platform-agnostic/ +kubectl wait pods -l application-crd-id=kubeflow-pipelines -n kubeflow --for condition=Ready --timeout=1800s +kubectl port-forward -n kubeflow svc/ml-pipeline-ui 8080:80 +``` + +Now you can access it via localhost:8080 + +#### Option-2 Install it to GCP with in-cluster PersistentVolumeClaim storage + +It's based on in-cluster PersistentVolumeClaim storage. +Additionally, it introduced a proxy in GCP to allow user easily access KFP safely. + +```bash +kubectl apply -k cluster-scoped-resources/ +kubectl wait crd/applications.app.k8s.io --for condition=established --timeout=60s + +kubectl apply -k env/dev/ +kubectl wait applications/pipeline -n kubeflow --for condition=Ready --timeout=1800s + +# Or visit http://console.cloud.google.com/ai-platform/pipelines +kubectl describe configmap inverse-proxy-config -n kubeflow | grep googleusercontent.com +``` + +#### Option-3 Install it to GCP with CloudSQL & GCS-Minio managed storage + +Its storage is based on CloudSQL & GCS. It's better than others for production usage. + +Please following [sample](sample/README.md) for a customized installation. + +#### Option-4 Install it to AWS with S3 and RDS MySQL + +Its storage is based on S3 & AWS RDS. It's more natural for AWS users to use this option. + +Please following [AWS Instructions](env/aws/README.md) for installation. + +Note: Community maintains a repo [e2fyi/kubeflow-aws](https://github.com/e2fyi/kubeflow-aws/tree/master/pipelines) for AWS. + +#### Option-5 Install it to IBM Cloud with in-cluster PersistentVolumeClaim storage + +It's based on in-cluster PersistentVolumeClaim storage. +Additionally, it uses the ibm cloud NFS storage with UID support to make sure all pods can run as non-root users. + +Please follow the [IKS group ID storage setup](https://www.kubeflow.org/docs/ibm/deploy/install-kubeflow-on-iks/#ibm-cloud-group-id-storage-setup) +before running the below commands. + +```bash +kubectl apply -k cluster-scoped-resources/ +kubectl wait crd/applications.app.k8s.io --for condition=established --timeout=60s +kubectl apply -k env/platform-agnostic/ +kubectl wait pods -l application-crd-id=kubeflow-pipelines -n kubeflow --for condition=Ready --timeout=1800s +kubectl port-forward -n kubeflow svc/ml-pipeline-ui 8080:80 +``` + +## Uninstall + +If the installation is based on CloudSQL/GCS, after the uninstall, the data is still there, +reinstall a newer version can reuse the data. + +```bash +### 1. namespace scoped +# Depends on how you installed it: +kubectl kustomize env/platform-agnostic/ | kubectl delete -f - +# or +kubectl kustomize env/dev | kubectl delete -f - +# or +kubectl kustomize env/gcp | kubectl delete -f - +# or +kubectl delete applications/pipeline -n kubeflow + +### 2. cluster scoped +kubectl delete -k cluster-scoped-resources/ +``` + +## Troubleshooting + +### Permission error installing Kubeflow Pipelines to a cluster + +Run + +```bash +kubectl create clusterrolebinding your-binding --clusterrole=cluster-admin --user=[your-user-name] +``` + +### Samples requires "user-gcp-sa" secret + +If sample code requires a "user-gcp-sa" secret, you could create one by + +- First download the GCE VM service account token + [Document](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating_service_account_keys) + + ```bash + gcloud iam service-accounts keys create application_default_credentials.json \ + --iam-account [SA-NAME]@[PROJECT-ID].iam.gserviceaccount.com + ``` + +- Run + + ```bash + kubectl create secret -n [your-namespace] generic user-gcp-sa --from-file=user-gcp-sa.json=application_default_credentials.json` + ``` + +## Folder Structure + +### Overview + +- User facing manifest entrypoints are `cluster-scoped-resources` package and `env/` package. + - `cluster-scoped-resources` should collect all cluster-scoped resources. + - `env/` should collect env specific namespace-scoped resources. + - Note, for multi-user envs, they already included cluster-scoped resources. +- KFP core components live in `base/` folders. + - If a component requires cluster-scoped resources, it should have a folder inside named `cluster-scoped` with related resources, but note that `base//kustomization.yaml` shouldn't include the `cluster-scoped` folder. `cluster-scoped` folders should be collected by top level `cluster-scoped-resources` folder. +- KFP core installations are in `base/installs/`, they only include the core KFP components, not third party ones. +- Third party components live in `third-party/` folders. + +### For direct deployments + +Env specific overlays live in `env/` folders, they compose above components to get ready for directly deploying. + +### For downstream consumers + +Please compose `base/installs/` and third party dependencies based on your own requirements. + +### Rationale + +Constraints for namespaced installation we need to comply with (that drove above structure): + +- CRDs must be applied separately, because if we apply CRs in the same `kubectl apply` command, the CRD may not have been accepted by k8s api server (e.g. Application CRD). +- [A Kubeflow 1.0 constraint](https://github.com/kubeflow/pipelines/issues/2884#issuecomment-577158715) is that we should separate cluster scoped resources from namespace scoped resources, because sometimes different roles are required to deploy them. Cluster scoped resources usually need a cluster admin role, while namespaced resources can be deployed by individual teams managing a namespace. diff --git a/apps/kfp-tekton/upstream/base/application/application.yaml b/apps/kfp-tekton/upstream/base/application/application.yaml new file mode 100644 index 00000000000..1af2f9b43ae --- /dev/null +++ b/apps/kfp-tekton/upstream/base/application/application.yaml @@ -0,0 +1,49 @@ +# Note, this application.yaml is not included by default for most environments. + +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + name: $(kfp-app-name) + annotations: + kubernetes-engine.cloud.google.com/icon: >- + data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADMAAAAyCAYAAADx/eOPAAALuUlEQVRogd2afWxd9XnHP99bK4pS3yhiGUIRiiJUVVVqbq8ppdR20ibqpuIMtDRkUYERp29J57gMZVuxsrZiK7oZXVv5re1AiOuoG+N1DMkuytprsGPEVMouxqQZJVHEWIdQlGVxZlmZdb/747zcc869jpMO+seOdPz7nd/L83tev89zzjX8Bq795Rq9o17zXp+Tey+Ijkyboela29DRWkhffyT733pH/Z3este9F2cC6N0kNjxtjD+FdRD8UF9X7u97y7UbQFPAivC0BdllS381slun3s3z3xVhhqeds90tqR/oMB7u68z19ZZra0E/l1if3WOziPx3skrDPTr+bvDxfxImEIJbgX6gGBJ7EfHJX/ySReDHwO9KYAenyWCMFKw21GSeslwa2Z17+TcuzPBRr7B8m6Df5oOJqdPAR/u6cm/2lmv3At+IT3GiXZqbcaxSLsfRoTsvn7XL2jE87ZXGnwf+VGiDY86ETM1wU1+XjvSW/RlgTJADQ2QaCZKWcX1/aDIcjE8i3SdzZLjn0lm8pJXD02417BM+gLmq2Rqjr/d16Vu95dp6wc8Ra5O8NrPIcoZCvIR1H+KZkd2qLcfnRYUZOuorJO+3uQt0RerolGYZR7r5+C9ZATwPviGyQprd6Liszy3bnwVKwGMjPbnFyxJmeNpX2T4gaR/QmmSpyYZTho/2depMb9k/kNh3KawuJ1bWauHzUcyXRpZAv5Zmg7aHBLcmNN9ECAFeAO3s69KZ3nLtDuF9dnBs0IT9JO24rbPb0JfP2syCZpFfE5q1mRWcvlgMNcwMTRq9z/+OWXdx4AGjvX1deqC37DbwPwOrMgsufol5mWMWs1ivEbjTrOCtLNNb+udygqsNbUBtopR/NkuuwTJ6Hxsw67KSuvH5MPDA/nJttfGTdUFCMUlp/ALwOtIs9muBxpnFnBzuSQf21oP/BbXclVvumWuTaDN8WNBm2GizJkxPM0CDMA2WGZ72bbb/Njue2TRj9Il/PcG87SeBz4ZTNaSTsmctHcO8SqDp14d7dCFLZ2v/3OpQ023Ah4n65kohvETUCdcsfmuilD+bpNdgGZvOODuHqYGIVGCec9g7+7o031v2jaBTiD0ysxbHRnZrPktzyz1zK7f0z10nh5pWwLRhvZro1KqznVJhNB8UyDeSsU4zAOiIXV1OuEqQ2AR79nflXgcY6dGLwIvR8q39cy1b+uc2Emo6dI824BpMSxz8iVhy4m/2WiYHdV5UmOHp2mpwm52ESCdwRn+9v0tPAWzpn9sAFAQbMdc60PaHsFZEWd9uxk4z8G3seykECfObTEd2KmuZG4CWyLXkYLMwtiYt+hMsTUdAEZQzjs9apv66SHJRk73ZjBQ+iRu29s+1VEr5OImmXs4MHUahVoLWgK23wbv6OrU4OulcuHYehWsVHhpXwpE2FNRayTszX2cwDpQEzTB+QvrJHCXUaigk+c++aXZiE98YmUVgV19X7u3ypH/fgfUA5h2usY2jNjmWoGVn50nvC9T2NviA5OPBGPW91OlG+0Xa1WJhhqadk3WjpKCilQIQFP19XZocnfIHgIeFWyNh6goXyX6gdNWfU8aJ5tNjEheAHZVS/ruGj0s8k6VPhh6ms6kwgoLl1aGuCEuSpwXfHZ2qrTJ+HHkNCpOjmbdFcEcGUIhUSj/H65rPO6j+766U8i/QXV0z8cqJc4btwF8AtWgtMb1wj+j41Df/s1EYQwdEDiqM3hDes9quGY3IKoYOvCrU7HlCoZtEWapPkzEpsU8uq8b36a6uBqaBv5l45URLpZT/pmGH8LnkvlAdAOt1oeXqRsuYTjlEMJiXvWN/Z+5szfqioKcOKo7qr/nAEesKiOyv2A/q88rOx8+8bPhK5dUTAA8jbUT6MuKnbKteNVHKP23xCeD1LC0F2TWOmzoAKEiWxmC+sr8rN1OerF2HGaqXFcZhDWaYj11S4ZxcXxVqyKqPZOeNTwM7Jkr5BeDPQJ8NFQaoC/gZ26rXT5TyxxAfRx6P94d0gU0pYYama+tsbwix/AHM4fKUrwAeB68kRJ5AZsWWieGTjLipsVCgrKCwKHF7pZQ/RXf104j76i4ZMmquxkzRXb2zUsqfxdxsfCiA70hRjZbpCDHmJcRdeZPDHkVck0Ul5PeHZ81DgHxKtglXaHCxVN9fr5TyR9hW3QA8Amqp5526SyKtBEbZVv1eZeZkbqKU7xfsFJwPqRW29s+11oUxnUhnkHf2dWoB+R5Jv5dNaGHh1wog8d/ZAI+0GgVpFPTp4AfJT2Hup7u6EvMk0tpkboutEz0HMPzHyD+mu3pFpZR/Aug0Pgm0RLkvFzLWYfjDvs7cqfKUt2LuXTLhue5mdWhVDJdEzxDDcRKawceN9lRePVkDfgBcR/LKVqNpz/s08DO6q4VKKT8j8zHgJ1HyzA1P11YZjfV1arw85auBR4RalDB5lEjDKi0CgPPphKZ0QiNRwUQeg88B2ydKreew9yH1NCxe/r4GaZpt1Vsrh/JnDDcBLwPkbLVgf6s86RXYj4KvtJKJM8KsGLkSlsmUL6mSg1RJY1xD7KmU8sfprnYgBqJsGVsiEfupsca7FfMo26p/OfHKiVqllB8HyPV16VxfV66G/G1QBwY5xvCgTT7X3/MTaBbFVr0fJvqw2ASZ+yul/FN0V68CHsesiDl3UopM3CwhDZDD/Dnwj3S/sjoYAMqTtc1YX02jVqYOiuuqsAKIkqZCfFIz/IrfFY8gDrKt2gI8irSuwQezyTeNaOl+6qYb+fpYGKEXJE9GSTObK5ItrheaLHE5/XRKcHul+kYN8x2kzWlLNNuVtUqibzKW5CBjxUoszO7NWrS1E/xWvMeJjck2WQHEKJeMD+qH4gWCSvg00m3AVxv5TMRKsp9Cs0Q/Ka/1BOZQNBSXMz2b9Q5oO9JCKgkqg2aKofl8uvTPeE1w3t5KKf8y26pFxINhLRa5R9JV6huT/aZuFu7Ds+A9jBdj+VIvZz2b9BL2Xi5yJQEgUFqinI9SZBDx358o5Q/HiRGtquOEmxJu6DcbC/afQWxnvHg+Odrwm2bP5txh5OEYjOM3vaiu8qqHJw1mPmK/Xs7HJf0LRncDMF5cAL6NWUxDrX/duwbczljxjSzvTX+gtXU3MBlrRCltrsxBTgorACKrRGf5bczOiVLrhUL74B2F9oHVjBd/iLwTWEhr+CIWaLYumDjIWLHha+aSwvRs1iJmJ9Kb9ZJRETS3ACsMC8i1ZNwgXZDYWTmU/1WhfeAW8Cjo+UL7wDrGik8jfid0kYz/Z2ODepv+GPIY+FAznpcUJhAo9w5mh81CFtEsWieCTzwXkogmfKBSyh8ttA98EDPqoPouYqYLxYEPMVY8itmEeTM+KEaqZhVAkiPPIL6QDPhLFiYQSC9J7M3mGlF/24zWSvwIM1xoH2gF/sFiTcSPxQakqUJxsIPx4jGCr0AzCUYTbROJ7DPAdsbSAX9ZwgDs3qTDiMGUOxF/1DgfekLVsPf0sw8DPARsDNwy8iYBXov4p0L7wC2MF99CfBJ4rqmbJbO/qYE+x1jx5HK8Xtp/aFgHDM/FX+RM9FFjHjjj4NV3HvlPsP4g+SqQgm6zCuvJQnHgi4wVz2JuAj8RnLGEVaCf8Y8cuRQ2L0mYEBB2Gb8ZHKD4NQBx+0Qpf7LQPrAVVGqiiWTpCcEn4QcLxcF7C7+aXMDahT1YX5IS5DHE/ZfC4yULEwr0DtIOWwuuvwZ8rVLKP1soDqzHPGJoyRao9b4SXiQQ30A8eO1/PJ8D7gK+BtQSJcQM8AXGlg747LUkmi91lad8J3CuZ5OeBii0D64ET2FdH1N0omWJvgLPkvwM8LmZf7lrnm3VO4CHsM4DH2P8I8vGSfK67P9q8v9wWPAcQLH4PbBHbK6Pq+3M9+Ml+6FL2dyC+WmhOLiWseKPMDeDd12uIPBrWCZ5Xds++AHsAwGlBKnoB5747c2J+aSJEuvRL8CDv/2Zz+cqh/LL/gPD//vrfwFjcI5oX6jDBwAAAABJRU5ErkJggg== + marketplace.cloud.google.com/deploy-info: '{"partner_id": "google-cloud-ai-platform", "product_id": "kubeflow-pipelines", "partner_name": "Google Cloud AI Platform"}' +spec: + addOwnerRef: true + selector: + matchLabels: + application-crd-id: kubeflow-pipelines + descriptor: + version: $(kfp-app-version) + type: Kubeflow Pipelines + description: |- + Reusable end-to-end ML workflow + maintainers: + - name: Google Cloud AI Platform + url: https://cloud.google.com/ai-platform/ + - name: Kubeflow Pipelines + url: https://github.com/kubeflow/pipelines + links: + - description: 'Kubeflow Pipelines Documentation' + url: https://www.kubeflow.org/docs/pipelines/ + notes: |- + Please go to [Hosted Kubeflow Pipelines Console](https://console.cloud.google.com/ai-platform/pipelines/clusters). + + info: + - name: Console + value: 'https://console.cloud.google.com/ai-platform/pipelines/clusters' + componentKinds: + - group: v1 + kind: ServiceAccount + - group: rbac.authorization.k8s.io/v1 + kind: Role + - group: rbac.authorization.k8s.io/v1 + kind: RoleBinding + - group: v1 + kind: Service + - group: v1 + kind: ConfigMap + - group: v1 + kind: Secret + - group: apps/v1 + kind: Deployment diff --git a/apps/kfp-tekton/upstream/base/application/kustomization.yaml b/apps/kfp-tekton/upstream/base/application/kustomization.yaml new file mode 100644 index 00000000000..3ececef7a51 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/application/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - application.yaml + diff --git a/apps/kfp-tekton/upstream/base/cache-deployer/cache-deployer-deployment.yaml b/apps/kfp-tekton/upstream/base/cache-deployer/cache-deployer-deployment.yaml new file mode 100644 index 00000000000..d4c3ae3a867 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/cache-deployer/cache-deployer-deployment.yaml @@ -0,0 +1,29 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cache-deployer-deployment + labels: + app: cache-deployer +spec: + replicas: 1 + selector: + matchLabels: + app: cache-deployer + strategy: + type: Recreate + template: + metadata: + labels: + app: cache-deployer + spec: + containers: + - name: main + image: gcr.io/ml-pipeline/cache-deployer:dummy + imagePullPolicy: Always + env: + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + serviceAccountName: kubeflow-pipelines-cache-deployer-sa + restartPolicy: Always diff --git a/apps/kfp-tekton/upstream/base/cache-deployer/cache-deployer-role.yaml b/apps/kfp-tekton/upstream/base/cache-deployer/cache-deployer-role.yaml new file mode 100644 index 00000000000..f853a321239 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/cache-deployer/cache-deployer-role.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-cache-deployer-role + name: kubeflow-pipelines-cache-deployer-role +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - patch + - list diff --git a/apps/kfp-tekton/upstream/base/cache-deployer/cache-deployer-rolebinding.yaml b/apps/kfp-tekton/upstream/base/cache-deployer/cache-deployer-rolebinding.yaml new file mode 100644 index 00000000000..824a95726e6 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/cache-deployer/cache-deployer-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-cache-deployer-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-cache-deployer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrole.yaml b/apps/kfp-tekton/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrole.yaml new file mode 100644 index 00000000000..5e674b0a48f --- /dev/null +++ b/apps/kfp-tekton/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrole.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kubeflow-pipelines-cache-deployer-clusterrole + name: kubeflow-pipelines-cache-deployer-clusterrole +rules: +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + - certificatesigningrequests/approval + verbs: + - create + - delete + - get + - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch +- apiGroups: + - certificates.k8s.io + resources: + - signers + resourceNames: + - kubernetes.io/* + verbs: + - approve diff --git a/apps/kfp-tekton/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml b/apps/kfp-tekton/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml new file mode 100644 index 00000000000..c0f19d7575b --- /dev/null +++ b/apps/kfp-tekton/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeflow-pipelines-cache-deployer-clusterrolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeflow-pipelines-cache-deployer-clusterrole +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa +# namespace will be added by kustomize automatically according to the namespace field in kustomization.yaml diff --git a/apps/kfp-tekton/upstream/base/cache-deployer/cluster-scoped/cache-deployer-sa.yaml b/apps/kfp-tekton/upstream/base/cache-deployer/cluster-scoped/cache-deployer-sa.yaml new file mode 100644 index 00000000000..affada3d100 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/cache-deployer/cluster-scoped/cache-deployer-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-cache-deployer-sa diff --git a/apps/kfp-tekton/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml b/apps/kfp-tekton/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml new file mode 100644 index 00000000000..2b941ae3f2a --- /dev/null +++ b/apps/kfp-tekton/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - cache-deployer-clusterrole.yaml + - cache-deployer-clusterrolebinding.yaml + # HACK: although a service account(SA) is not a cluster-scoped resource. + # Presence of a SA referred by a clusterrolebinding allows kustomize to auto-add + # namespace for the clusterrolebinding's SA ref. + - cache-deployer-sa.yaml + \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/base/cache-deployer/kustomization.yaml b/apps/kfp-tekton/upstream/base/cache-deployer/kustomization.yaml new file mode 100644 index 00000000000..f86fcc0fd03 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/cache-deployer/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: + - cluster-scoped +resources: + - cache-deployer-role.yaml + - cache-deployer-rolebinding.yaml + - cache-deployer-deployment.yaml +commonLabels: + app: cache-deployer +images: + - name: gcr.io/ml-pipeline/cache-deployer + newTag: 1.5.0-rc.2 diff --git a/apps/kfp-tekton/upstream/base/cache/cache-deployment.yaml b/apps/kfp-tekton/upstream/base/cache/cache-deployment.yaml new file mode 100644 index 00000000000..e81c1ab8b10 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/cache/cache-deployment.yaml @@ -0,0 +1,77 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cache-server + labels: + app: cache-server +spec: + replicas: 1 + selector: + matchLabels: + app: cache-server + template: + metadata: + labels: + app: cache-server + spec: + containers: + - name: server + image: gcr.io/ml-pipeline/cache-server:dummy + env: + - name: CACHE_IMAGE + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: cacheImage + - name: DBCONFIG_DRIVER + value: mysql + - name: DBCONFIG_DB_NAME + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: cacheDb + - name: DBCONFIG_HOST_NAME + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: dbHost + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: dbPort + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + name: mysql-secret + key: username + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-secret + key: password + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + args: ["--db_driver=$(DBCONFIG_DRIVER)", + "--db_host=$(DBCONFIG_HOST_NAME)", + "--db_port=$(DBCONFIG_PORT)", + "--db_name=$(DBCONFIG_DB_NAME)", + "--db_user=$(DBCONFIG_USER)", + "--db_password=$(DBCONFIG_PASSWORD)", + "--namespace_to_watch=$(NAMESPACE_TO_WATCH)", + ] + imagePullPolicy: Always + ports: + - containerPort: 8443 + name: webhook-api + volumeMounts: + - name: webhook-tls-certs + mountPath: /etc/webhook/certs + readOnly: true + volumes: + - name: webhook-tls-certs + secret: + secretName: webhook-server-tls + serviceAccountName: kubeflow-pipelines-cache diff --git a/apps/kfp-tekton/upstream/base/cache/cache-role.yaml b/apps/kfp-tekton/upstream/base/cache/cache-role.yaml new file mode 100644 index 00000000000..d93b5d6a297 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/cache/cache-role.yaml @@ -0,0 +1,44 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-cache-role + name: kubeflow-pipelines-cache-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - tekton.dev + resources: + - taskruns + - taskruns/status + verbs: + - get + - list + - watch + - update + - patch \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/base/cache/cache-rolebinding.yaml b/apps/kfp-tekton/upstream/base/cache/cache-rolebinding.yaml new file mode 100644 index 00000000000..9c8924918fc --- /dev/null +++ b/apps/kfp-tekton/upstream/base/cache/cache-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-cache-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-cache-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/base/cache/cache-sa.yaml b/apps/kfp-tekton/upstream/base/cache/cache-sa.yaml new file mode 100644 index 00000000000..232ddd15cf0 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/cache/cache-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-cache diff --git a/apps/kfp-tekton/upstream/base/cache/cache-service.yaml b/apps/kfp-tekton/upstream/base/cache/cache-service.yaml new file mode 100644 index 00000000000..5916d541ec4 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/cache/cache-service.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Service +metadata: + name: cache-server +spec: + selector: + app: cache-server + ports: + - port: 443 + targetPort: webhook-api \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/base/cache/kustomization.yaml b/apps/kfp-tekton/upstream/base/cache/kustomization.yaml new file mode 100644 index 00000000000..323a3da5b3a --- /dev/null +++ b/apps/kfp-tekton/upstream/base/cache/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - cache-deployment.yaml + - cache-service.yaml + - cache-role.yaml + - cache-rolebinding.yaml + - cache-sa.yaml +commonLabels: + app: cache-server +images: + - name: gcr.io/ml-pipeline/cache-server + newTag: 1.5.0-rc.2 diff --git a/apps/kfp-tekton/upstream/base/installs/generic/kustomization.yaml b/apps/kfp-tekton/upstream/base/installs/generic/kustomization.yaml new file mode 100644 index 00000000000..6d50b990b74 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/generic/kustomization.yaml @@ -0,0 +1,65 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +bases: +- ../../pipeline +- ../../cache +- ../../cache-deployer + +resources: + - pipeline-install-config.yaml + - mysql-secret.yaml + + +images: + - name: gcr.io/ml-pipeline/api-server + newName: docker.io/aipipeline/api-server + newTag: latest + - name: gcr.io/ml-pipeline/persistenceagent + newName: docker.io/aipipeline/persistenceagent + newTag: latest + - name: gcr.io/ml-pipeline/frontend + newName: docker.io/aipipeline/frontend + newTag: latest + - name: gcr.io/ml-pipeline/metadata-writer + newName: docker.io/aipipeline/metadata-writer + newTag: latest + - name: gcr.io/ml-pipeline/scheduledworkflow + newName: docker.io/aipipeline/scheduledworkflow + newTag: latest + - name: gcr.io/ml-pipeline/cache-server + newName: docker.io/aipipeline/cache-server + newTag: latest + +# Used by Kustomize +vars: +- name: kfp-namespace + objref: + kind: Deployment + apiVersion: apps/v1 + name: ml-pipeline + fieldref: + fieldpath: metadata.namespace +- name: kfp-app-name + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.appName +- name: kfp-app-version + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.appVersion +- name: kfp-artifact-bucket-name + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.bucketName +configurations: +- params.yaml diff --git a/apps/kfp-tekton/upstream/base/installs/generic/mysql-secret.yaml b/apps/kfp-tekton/upstream/base/installs/generic/mysql-secret.yaml new file mode 100644 index 00000000000..576dce6f508 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/generic/mysql-secret.yaml @@ -0,0 +1,7 @@ +kind: Secret +apiVersion: v1 +metadata: + name: mysql-secret +stringData: + username: root + password: "" diff --git a/apps/kfp-tekton/upstream/base/installs/generic/params.yaml b/apps/kfp-tekton/upstream/base/installs/generic/params.yaml new file mode 100644 index 00000000000..1f99ef2c531 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/generic/params.yaml @@ -0,0 +1,8 @@ +# Allow Kustomize var to replace following fields. +varReference: +- path: data/config + kind: ConfigMap +- path: metadata/name + kind: Application +- path: spec/descriptor/version + kind: Application diff --git a/apps/kfp-tekton/upstream/base/installs/generic/pipeline-install-config.yaml b/apps/kfp-tekton/upstream/base/installs/generic/pipeline-install-config.yaml new file mode 100644 index 00000000000..b0b997cf9e7 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/generic/pipeline-install-config.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: pipeline-install-config +data: + appName: pipeline + appVersion: 1.5.0-rc.2 + dbHost: mysql + dbPort: "3306" + mlmdDb: metadb + cacheDb: cachedb + pipelineDb: mlpipeline + bucketName: mlpipeline + ## autoUpdatePipelineDefaultVersion: States if the pipeline version + ## should be updated by defult for a versioned pipeline or not when a new + ## version is uploaded. This sets the deployment wide definition. + autoUpdatePipelineDefaultVersion: "true" + ## cronScheduleTimezone: States the timezone which should be used for + ## the cron scheduler. If not specified the local timezone of the + ## cluster will be used. Valid values are UTC, Local or values according to + ## the IANA Time Zone database, such as "America/New_York" and "Asia/Shanghai". + ## Feature stage: + ## [Alpha](https://github.com/kubeflow/pipelines/blob/07328e5094ac2981d3059314cc848fbb71437a76/docs/release/feature-stages.md#alpha) + cronScheduleTimezone: "UTC" + ## cacheImage is the image that the mutating webhook will use to patch + ## cached steps with. Will be used to echo a message announcing that + ## the cached step result will be used. If not set it will default to + ## 'gcr.io/google-containers/busybox' + cacheImage: "gcr.io/google-containers/busybox" diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/api-service/cluster-role-binding.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/api-service/cluster-role-binding.yaml new file mode 100644 index 00000000000..9927d3e1005 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/api-service/cluster-role-binding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: ml-pipeline +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ml-pipeline +subjects: +- kind: ServiceAccount + name: ml-pipeline diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/api-service/cluster-role.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/api-service/cluster-role.yaml new file mode 100644 index 00000000000..c81db285025 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/api-service/cluster-role.yaml @@ -0,0 +1,63 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: ml-pipeline +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get + - list + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - update + - patch + - delete +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - conditions + verbs: + - create + - get + - list + - watch + - update + - patch + - delete diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/api-service/deployment-patch.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/api-service/deployment-patch.yaml new file mode 100644 index 00000000000..4f283cd3ebb --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/api-service/deployment-patch.yaml @@ -0,0 +1,17 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ml-pipeline +spec: + template: + spec: + containers: + - name: ml-pipeline-api-server + envFrom: + - configMapRef: + name: pipeline-api-server-config + env: + - name: KUBEFLOW_USERID_HEADER + value: kubeflow-userid + - name: KUBEFLOW_USERID_PREFIX + value: "" diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/api-service/kustomization.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/api-service/kustomization.yaml new file mode 100644 index 00000000000..20141b33870 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/api-service/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- cluster-role-binding.yaml +- cluster-role.yaml +configMapGenerator: +- name: pipeline-api-server-config + envs: + - params.env diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/api-service/params.env b/apps/kfp-tekton/upstream/base/installs/multi-user/api-service/params.env new file mode 100644 index 00000000000..5bb1e0a3e99 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/api-service/params.env @@ -0,0 +1,4 @@ +MULTIUSER=true +DEFAULTPIPELINERUNNERSERVICEACCOUNT=default-editor +VISUALIZATIONSERVICE_NAME=ml-pipeline-visualizationserver +VISUALIZATIONSERVICE_PORT=8888 diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/cache/cluster-role-binding.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/cache/cluster-role-binding.yaml new file mode 100644 index 00000000000..4e80257c20d --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/cache/cluster-role-binding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeflow-pipelines-cache-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeflow-pipelines-cache-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/cache/cluster-role.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/cache/cluster-role.yaml new file mode 100644 index 00000000000..e604367357f --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/cache/cluster-role.yaml @@ -0,0 +1,31 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubeflow-pipelines-cache-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/cache/deployment-patch.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/cache/deployment-patch.yaml new file mode 100644 index 00000000000..5f98ee136f7 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/cache/deployment-patch.yaml @@ -0,0 +1,13 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cache-server +spec: + template: + spec: + containers: + - name: server + env: + - name: NAMESPACE_TO_WATCH + value: '' + valueFrom: null diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/cache/kustomization.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/cache/kustomization.yaml new file mode 100644 index 00000000000..ec4dfa88604 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/cache/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + app: cache-server +resources: +- cluster-role.yaml +- cluster-role-binding.yaml diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/istio-authorization-config.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/istio-authorization-config.yaml new file mode 100644 index 00000000000..a988072b4f5 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/istio-authorization-config.yaml @@ -0,0 +1,115 @@ +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: ml-pipeline-ui + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-ui + rules: + - from: + - source: + namespaces: + - istio-system +--- +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: ml-pipeline + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline + rules: + - from: + - source: + principals: + - cluster.local/ns/kubeflow/sa/ml-pipeline + - cluster.local/ns/kubeflow/sa/ml-pipeline-ui + - cluster.local/ns/kubeflow/sa/ml-pipeline-persistenceagent + - cluster.local/ns/kubeflow/sa/ml-pipeline-scheduledworkflow + - cluster.local/ns/kubeflow/sa/ml-pipeline-viewer-crd-service-account + - cluster.local/ns/kubeflow/sa/kubeflow-pipelines-cache + # For user workloads, which cannot user http headers for authentication + - when: + - key: request.headers[kubeflow-userid] + notValues: ['*'] +--- +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: ml-pipeline-visualizationserver + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-visualizationserver + rules: + - from: + - source: + principals: + - cluster.local/ns/kubeflow/sa/ml-pipeline + - cluster.local/ns/kubeflow/sa/ml-pipeline-ui + - cluster.local/ns/kubeflow/sa/ml-pipeline-persistenceagent + - cluster.local/ns/kubeflow/sa/ml-pipeline-scheduledworkflow + - cluster.local/ns/kubeflow/sa/ml-pipeline-viewer-crd-service-account + - cluster.local/ns/kubeflow/sa/kubeflow-pipelines-cache + +--- +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: service-cache-server + namespace: kubeflow +spec: + selector: + matchLabels: + app: cache-server + rules: + - {} + +--- +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: metadata-grpc-service +spec: + action: ALLOW + selector: + matchLabels: + component: metadata-grpc-server + rules: + - {} + +--- +apiVersion: "networking.istio.io/v1alpha3" +kind: DestinationRule +metadata: + name: ml-pipeline-ui +spec: + host: ml-pipeline-ui.kubeflow.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL +--- +apiVersion: "networking.istio.io/v1alpha3" +kind: DestinationRule +metadata: + name: ml-pipeline +spec: + host: ml-pipeline.kubeflow.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL +--- +apiVersion: "networking.istio.io/v1alpha3" +kind: DestinationRule +metadata: + name: ml-pipeline-visualizationserver +spec: + host: ml-pipeline-visualizationserver.kubeflow.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/kustomization.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/kustomization.yaml new file mode 100644 index 00000000000..f8c338ebaf2 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/kustomization.yaml @@ -0,0 +1,31 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +commonLabels: + app.kubernetes.io/name: kubeflow-pipelines + app.kubernetes.io/component: ml-pipeline +resources: +- ../generic +- view-edit-cluster-roles.yaml +- api-service +- pipelines-ui +- pipelines-profile-controller +- scheduled-workflow +- viewer-controller +- persistence-agent +- cache +- metadata-writer +- istio-authorization-config.yaml +- virtual-service.yaml +patchesStrategicMerge: +- api-service/deployment-patch.yaml +- pipelines-ui/deployment-patch.yaml +- pipelines-ui/configmap-patch.yaml +- scheduled-workflow/deployment-patch.yaml +- viewer-controller/deployment-patch.yaml +- persistence-agent/deployment-patch.yaml +- metadata-writer/deployment-patch.yaml +- cache/deployment-patch.yaml + +configurations: +- params.yaml diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/metadata-writer/cluster-role-binding.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/metadata-writer/cluster-role-binding.yaml new file mode 100644 index 00000000000..605f1ff0df7 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/metadata-writer/cluster-role-binding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeflow-pipelines-metadata-writer-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeflow-pipelines-metadata-writer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-metadata-writer diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/metadata-writer/cluster-role.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/metadata-writer/cluster-role.yaml new file mode 100644 index 00000000000..ca230566937 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/metadata-writer/cluster-role.yaml @@ -0,0 +1,45 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubeflow-pipelines-metadata-writer-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - conditions + verbs: + - create + - get + - list + - watch + - update + - patch + - delete diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/metadata-writer/deployment-patch.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/metadata-writer/deployment-patch.yaml new file mode 100644 index 00000000000..2babe9f43fe --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/metadata-writer/deployment-patch.yaml @@ -0,0 +1,13 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metadata-writer +spec: + template: + spec: + containers: + - name: main + env: + - name: NAMESPACE_TO_WATCH + value: '' + valueFrom: null diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/metadata-writer/kustomization.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/metadata-writer/kustomization.yaml new file mode 100644 index 00000000000..b1f65469e1d --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/metadata-writer/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- cluster-role.yaml +- cluster-role-binding.yaml diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/params.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/params.yaml new file mode 100644 index 00000000000..0cb3a00414e --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/params.yaml @@ -0,0 +1,4 @@ +# Allow Kustomize var to replace following fields. +varReference: +- path: spec/http/route/destination/host + kind: VirtualService diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/persistence-agent/cluster-role-binding.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/persistence-agent/cluster-role-binding.yaml new file mode 100644 index 00000000000..e030bd8a015 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/persistence-agent/cluster-role-binding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ml-pipeline-persistenceagent-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ml-pipeline-persistenceagent-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-persistenceagent diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/persistence-agent/cluster-role.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/persistence-agent/cluster-role.yaml new file mode 100644 index 00000000000..34a94e9d72b --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/persistence-agent/cluster-role.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ml-pipeline-persistenceagent-role +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - get + - list + - watch +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - conditions + verbs: + - create + - get + - list + - watch + - update + - patch + - delete diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/persistence-agent/deployment-patch.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/persistence-agent/deployment-patch.yaml new file mode 100644 index 00000000000..1e165def422 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/persistence-agent/deployment-patch.yaml @@ -0,0 +1,13 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ml-pipeline-persistenceagent +spec: + template: + spec: + containers: + - name: ml-pipeline-persistenceagent + env: + - name: NAMESPACE + value: '' + valueFrom: null diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/persistence-agent/kustomization.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/persistence-agent/kustomization.yaml new file mode 100644 index 00000000000..b1f65469e1d --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/persistence-agent/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- cluster-role.yaml +- cluster-role-binding.yaml diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/composite-controller.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/composite-controller.yaml new file mode 100644 index 00000000000..251c84b0eb4 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/composite-controller.yaml @@ -0,0 +1,39 @@ +apiVersion: metacontroller.k8s.io/v1alpha1 +kind: CompositeController +metadata: + name: kubeflow-pipelines-profile-controller +spec: + generateSelector: true + resyncPeriodSeconds: 10 + parentResource: + apiVersion: v1 + resource: namespaces + childResources: + - apiVersion: v1 + resource: secrets + updateStrategy: + method: OnDelete + - apiVersion: v1 + resource: configmaps + updateStrategy: + method: OnDelete + - apiVersion: apps/v1 + resource: deployments + updateStrategy: + method: InPlace + - apiVersion: v1 + resource: services + updateStrategy: + method: InPlace + - apiVersion: networking.istio.io/v1alpha3 + resource: destinationrules + updateStrategy: + method: InPlace + - apiVersion: security.istio.io/v1beta1 + resource: authorizationpolicies + updateStrategy: + method: InPlace + hooks: + sync: + webhook: + url: http://kubeflow-pipelines-profile-controller/sync diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/deployment.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/deployment.yaml new file mode 100644 index 00000000000..f0a93fc86c1 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/deployment.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kubeflow-pipelines-profile-controller +spec: + replicas: 1 + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + spec: + containers: + - name: profile-controller + image: python:3.7 + command: ["python", "/hooks/sync.py"] + envFrom: + - configMapRef: + name: kubeflow-pipelines-profile-controller-env + env: + - name: KFP_VERSION + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: appVersion + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: accesskey + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: secretkey + volumeMounts: + - name: hooks + mountPath: /hooks + ports: + - containerPort: 8080 + volumes: + - name: hooks + configMap: + name: kubeflow-pipelines-profile-controller-code diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/kustomization.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/kustomization.yaml new file mode 100644 index 00000000000..6ed73f19874 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +commonLabels: + app: kubeflow-pipelines-profile-controller +resources: +- service.yaml +- deployment.yaml +- composite-controller.yaml +configMapGenerator: +- name: kubeflow-pipelines-profile-controller-code + files: + - sync.py +- name: kubeflow-pipelines-profile-controller-env + envs: + - params.env diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/params.env b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/params.env new file mode 100644 index 00000000000..86706b90ef8 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/params.env @@ -0,0 +1 @@ +DISABLE_ISTIO_SIDECAR=false diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/service.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/service.yaml new file mode 100644 index 00000000000..9c5316ddfa7 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/service.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Service +metadata: + name: kubeflow-pipelines-profile-controller +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/sync.py b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/sync.py new file mode 100644 index 00000000000..98cee4a9360 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/sync.py @@ -0,0 +1,285 @@ +# Copyright 2020-2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from http.server import BaseHTTPRequestHandler, HTTPServer +import json +import os +import base64 + +kfp_version = os.environ["KFP_VERSION"] +disable_istio_sidecar = os.environ.get("DISABLE_ISTIO_SIDECAR") == "true" +mlpipeline_minio_access_key = base64.b64encode( + bytes(os.environ.get("MINIO_ACCESS_KEY"), 'utf-8')).decode('utf-8') +mlpipeline_minio_secret_key = base64.b64encode( + bytes(os.environ.get("MINIO_SECRET_KEY"), 'utf-8')).decode('utf-8') + + +class Controller(BaseHTTPRequestHandler): + def sync(self, parent, children): + pipeline_enabled = parent.get("metadata", {}).get( + "labels", {}).get("pipelines.kubeflow.org/enabled") + + if pipeline_enabled != "true": + return {"status": {}, "children": []} + + # Compute status based on observed state. + desired_status = { + "kubeflow-pipelines-ready": \ + len(children["Secret.v1"]) == 1 and \ + len(children["ConfigMap.v1"]) == 1 and \ + len(children["Deployment.apps/v1"]) == 2 and \ + len(children["Service.v1"]) == 2 and \ + len(children["DestinationRule.networking.istio.io/v1alpha3"]) == 1 and \ + len(children["AuthorizationPolicy.security.istio.io/v1beta1"]) == 1 and \ + "True" or "False" + } + + # Generate the desired child object(s). + # parent is a namespace + namespace = parent.get("metadata", {}).get("name") + desired_resources = [ + { + "apiVersion": "v1", + "kind": "ConfigMap", + "metadata": { + "name": "metadata-grpc-configmap", + "namespace": namespace, + }, + "data": { + "METADATA_GRPC_SERVICE_HOST": + "metadata-grpc-service.kubeflow", + "METADATA_GRPC_SERVICE_PORT": "8080", + }, + }, + # Visualization server related manifests below + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "labels": { + "app": "ml-pipeline-visualizationserver" + }, + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "selector": { + "matchLabels": { + "app": "ml-pipeline-visualizationserver" + }, + }, + "template": { + "metadata": { + "labels": { + "app": "ml-pipeline-visualizationserver" + }, + "annotations": disable_istio_sidecar and { + "sidecar.istio.io/inject": "false" + } or {}, + }, + "spec": { + "containers": [{ + "image": + "gcr.io/ml-pipeline/visualization-server:" + + kfp_version, + "imagePullPolicy": + "IfNotPresent", + "name": + "ml-pipeline-visualizationserver", + "ports": [{ + "containerPort": 8888 + }], + "resources": { + "requests": { + "cpu": "50m", + "memory": "200Mi" + }, + "limits": { + "cpu": "500m", + "memory": "1Gi" + }, + } + }], + "serviceAccountName": + "default-editor", + }, + }, + }, + }, + { + "apiVersion": "networking.istio.io/v1alpha3", + "kind": "DestinationRule", + "metadata": { + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "host": "ml-pipeline-visualizationserver", + "trafficPolicy": { + "tls": { + "mode": "ISTIO_MUTUAL" + } + } + } + }, + { + "apiVersion": "security.istio.io/v1beta1", + "kind": "AuthorizationPolicy", + "metadata": { + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "selector": { + "matchLabels": { + "app": "ml-pipeline-visualizationserver" + } + }, + "rules": [{ + "from": [{ + "source": { + "principals": ["cluster.local/ns/kubeflow/sa/ml-pipeline"] + } + }] + }] + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "ports": [{ + "name": "http", + "port": 8888, + "protocol": "TCP", + "targetPort": 8888, + }], + "selector": { + "app": "ml-pipeline-visualizationserver", + }, + }, + }, + # Artifact fetcher related resources below. + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "labels": { + "app": "ml-pipeline-ui-artifact" + }, + "name": "ml-pipeline-ui-artifact", + "namespace": namespace, + }, + "spec": { + "selector": { + "matchLabels": { + "app": "ml-pipeline-ui-artifact" + } + }, + "template": { + "metadata": { + "labels": { + "app": "ml-pipeline-ui-artifact" + }, + "annotations": disable_istio_sidecar and { + "sidecar.istio.io/inject": "false" + } or {}, + }, + "spec": { + "containers": [{ + "name": + "ml-pipeline-ui-artifact", + "image": + "gcr.io/ml-pipeline/frontend:" + kfp_version, + "imagePullPolicy": + "IfNotPresent", + "ports": [{ + "containerPort": 3000 + }], + "resources": { + "requests": { + "cpu": "10m", + "memory": "70Mi" + }, + "limits": { + "cpu": "100m", + "memory": "500Mi" + }, + } + }], + "serviceAccountName": + "default-editor" + } + } + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "ml-pipeline-ui-artifact", + "namespace": namespace, + "labels": { + "app": "ml-pipeline-ui-artifact" + } + }, + "spec": { + "ports": [{ + "name": + "http", # name is required to let istio understand request protocol + "port": 80, + "protocol": "TCP", + "targetPort": 3000 + }], + "selector": { + "app": "ml-pipeline-ui-artifact" + } + } + }, + ] + print('Received request:', parent) + print('Desired resources except secrets:', desired_resources) + # Moved after the print argument because this is sensitive data. + desired_resources.append({ + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "name": "mlpipeline-minio-artifact", + "namespace": namespace, + }, + "data": { + "accesskey": mlpipeline_minio_access_key, + "secretkey": mlpipeline_minio_secret_key, + }, + }) + + return {"status": desired_status, "children": desired_resources} + + def do_POST(self): + # Serve the sync() function as a JSON webhook. + observed = json.loads( + self.rfile.read(int(self.headers.get("content-length")))) + desired = self.sync(observed["parent"], observed["children"]) + + self.send_response(200) + self.send_header("Content-type", "application/json") + self.end_headers() + self.wfile.write(bytes(json.dumps(desired), 'utf-8')) + + +HTTPServer(("", 8080), Controller).serve_forever() diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-ui/cluster-role-binding.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-ui/cluster-role-binding.yaml new file mode 100644 index 00000000000..3539ff107e2 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-ui/cluster-role-binding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ml-pipeline-ui +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ml-pipeline-ui +subjects: +- kind: ServiceAccount + name: ml-pipeline-ui diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-ui/cluster-role.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-ui/cluster-role.yaml new file mode 100644 index 00000000000..77ea118e416 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-ui/cluster-role.yaml @@ -0,0 +1,56 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ml-pipeline-ui +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - "kubeflow.org" + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete +- apiGroups: + - "argoproj.io" + resources: + - workflows + verbs: + - get + - list +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - conditions + verbs: + - create + - get + - list + - watch + - update + - patch + - delete diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-ui/configmap-patch.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-ui/configmap-patch.yaml new file mode 100644 index 00000000000..11f1f551bd0 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-ui/configmap-patch.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: ml-pipeline-ui-configmap +data: + # Temporary workarounds: + # 1. Using default-editor because default-viewer isn't bound to workload identity + viewer-pod-template.json: |- + { + "spec": { + "serviceAccountName": "default-editor" + } + } diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-ui/deployment-patch.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-ui/deployment-patch.yaml new file mode 100644 index 00000000000..0403cc36274 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-ui/deployment-patch.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ml-pipeline-ui +spec: + template: + spec: + volumes: + - name: config-volume + configMap: + name: ml-pipeline-ui-configmap + containers: + - name: ml-pipeline-ui + env: + - name: VIEWER_TENSORBOARD_POD_TEMPLATE_SPEC_PATH + value: /etc/config/viewer-pod-template.json + - name: DEPLOYMENT + value: KUBEFLOW + - name: ARTIFACTS_SERVICE_PROXY_NAME + value: ml-pipeline-ui-artifact + - name: ARTIFACTS_SERVICE_PROXY_PORT + value: '80' + - name: ARTIFACTS_SERVICE_PROXY_ENABLED + value: 'true' + - name: ENABLE_AUTHZ + value: 'true' + - name: KUBEFLOW_USERID_HEADER + value: kubeflow-userid + - name: KUBEFLOW_USERID_PREFIX + value: "" + volumeMounts: + - name: config-volume + mountPath: /etc/config + readOnly: true diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-ui/kustomization.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-ui/kustomization.yaml new file mode 100644 index 00000000000..c84d97c05c5 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-ui/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +commonLabels: + app: ml-pipeline-ui +resources: +- cluster-role.yaml +- cluster-role-binding.yaml diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/scheduled-workflow/cluster-role-binding.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/scheduled-workflow/cluster-role-binding.yaml new file mode 100644 index 00000000000..0495d0017a1 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/scheduled-workflow/cluster-role-binding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ml-pipeline-scheduledworkflow-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ml-pipeline-scheduledworkflow-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-scheduledworkflow diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/scheduled-workflow/cluster-role.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/scheduled-workflow/cluster-role.yaml new file mode 100644 index 00000000000..e0eee898b81 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/scheduled-workflow/cluster-role.yaml @@ -0,0 +1,50 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ml-pipeline-scheduledworkflow-role +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - '' + resources: + - events + verbs: + - create + - patch +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - conditions + verbs: + - create + - get + - list + - watch + - update + - patch + - delete diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/scheduled-workflow/deployment-patch.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/scheduled-workflow/deployment-patch.yaml new file mode 100644 index 00000000000..ea35690d816 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/scheduled-workflow/deployment-patch.yaml @@ -0,0 +1,13 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ml-pipeline-scheduledworkflow +spec: + template: + spec: + containers: + - name: ml-pipeline-scheduledworkflow + env: + - name: NAMESPACE + value: '' # Empty namespace let viewer controller watch all namespaces + valueFrom: null # HACK: https://github.com/kubernetes-sigs/kustomize/issues/2606 diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/scheduled-workflow/kustomization.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/scheduled-workflow/kustomization.yaml new file mode 100644 index 00000000000..ad2710f3363 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/scheduled-workflow/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: +- cluster-role.yaml +- cluster-role-binding.yaml diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/view-edit-cluster-roles.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/view-edit-cluster-roles.yaml new file mode 100644 index 00000000000..49bfe111b83 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/view-edit-cluster-roles.yaml @@ -0,0 +1,115 @@ +# NOTE: IMPORTANT +# We need to separate out actual rules from aggregation rules due to +# https://github.com/kubernetes/kubernetes/issues/65171 +# TL;DR: We can't have both aggregation and rules in a [Cluster]Role. When that +# is the case, the rules get ignored. +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + name: kubeflow-pipelines-edit +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-pipelines-edit: "true" +rules: [] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-pipelines-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-pipelines-view +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-pipelines-view: "true" +rules: [] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-pipelines-edit: "true" + name: aggregate-to-kubeflow-pipelines-edit +rules: +- apiGroups: + - pipelines.kubeflow.org + resources: + - pipelines + - pipelines/versions + verbs: + - create + - delete + - update +- apiGroups: + - pipelines.kubeflow.org + resources: + - experiments + verbs: + - archive + - create + - delete + - unarchive +- apiGroups: + - pipelines.kubeflow.org + resources: + - runs + verbs: + - archive + - create + - delete + - retry + - terminate + - unarchive +- apiGroups: + - pipelines.kubeflow.org + resources: + - jobs + verbs: + - create + - delete + - disable + - enable + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-pipelines-view: "true" + name: aggregate-to-kubeflow-pipelines-view +rules: +- apiGroups: + - pipelines.kubeflow.org + resources: + - pipelines + - pipelines/versions + - experiments + - runs + - jobs + verbs: + - get + - list +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - delete +- apiGroups: + - pipelines.kubeflow.org + resources: + - visualizations + verbs: + - create diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/viewer-controller/cluster-role-binding.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/viewer-controller/cluster-role-binding.yaml new file mode 100644 index 00000000000..5e325bfc68e --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/viewer-controller/cluster-role-binding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ml-pipeline-viewer-crd-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ml-pipeline-viewer-controller-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-viewer-crd-service-account diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/viewer-controller/cluster-role.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/viewer-controller/cluster-role.yaml new file mode 100644 index 00000000000..e2bca79710e --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/viewer-controller/cluster-role.yaml @@ -0,0 +1,30 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ml-pipeline-viewer-controller-role +rules: +- apiGroups: + - '*' + resources: + - deployments + - services + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/viewer-controller/deployment-patch.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/viewer-controller/deployment-patch.yaml new file mode 100644 index 00000000000..73e5d105063 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/viewer-controller/deployment-patch.yaml @@ -0,0 +1,13 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ml-pipeline-viewer-crd +spec: + template: + spec: + containers: + - name: ml-pipeline-viewer-crd + env: + - name: NAMESPACE + value: '' # Empty namespace let viewer controller watch all namespaces + valueFrom: null diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/viewer-controller/kustomization.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/viewer-controller/kustomization.yaml new file mode 100644 index 00000000000..b1f65469e1d --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/viewer-controller/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- cluster-role.yaml +- cluster-role-binding.yaml diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/virtual-service.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/virtual-service.yaml new file mode 100644 index 00000000000..d82e06e29cd --- /dev/null +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/virtual-service.yaml @@ -0,0 +1,45 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: ml-pipeline-ui +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /pipeline + rewrite: + uri: /pipeline + route: + - destination: + host: ml-pipeline-ui.$(kfp-namespace).svc.cluster.local + port: + number: 80 + timeout: 300s + +--- + +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: metadata-grpc + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /ml_metadata + rewrite: + uri: /ml_metadata + route: + - destination: + host: ml-pipeline-ui.$(kfp-namespace).svc.cluster.local + port: + number: 80 diff --git a/apps/kfp-tekton/upstream/base/metadata/base/kustomization.yaml b/apps/kfp-tekton/upstream/base/metadata/base/kustomization.yaml new file mode 100644 index 00000000000..bd9dcd1620d --- /dev/null +++ b/apps/kfp-tekton/upstream/base/metadata/base/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - metadata-grpc-configmap.yaml + - metadata-grpc-deployment.yaml + - metadata-grpc-service.yaml + - metadata-envoy-deployment.yaml + - metadata-envoy-service.yaml + - metadata-grpc-sa.yaml +images: + - name: gcr.io/ml-pipeline/metadata-envoy + newTag: 1.5.0-rc.2 diff --git a/apps/kfp-tekton/upstream/base/metadata/base/metadata-envoy-deployment.yaml b/apps/kfp-tekton/upstream/base/metadata/base/metadata-envoy-deployment.yaml new file mode 100644 index 00000000000..e087d80aa90 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/metadata/base/metadata-envoy-deployment.yaml @@ -0,0 +1,26 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metadata-envoy-deployment + labels: + component: metadata-envoy +spec: + replicas: 1 + selector: + matchLabels: + component: metadata-envoy + template: + metadata: + labels: + component: metadata-envoy + annotations: + sidecar.istio.io/inject: "false" + spec: + containers: + - name: container + image: gcr.io/ml-pipeline/metadata-envoy:dummy + ports: + - name: md-envoy + containerPort: 9090 + - name: envoy-admin + containerPort: 9901 diff --git a/apps/kfp-tekton/upstream/base/metadata/base/metadata-envoy-service.yaml b/apps/kfp-tekton/upstream/base/metadata/base/metadata-envoy-service.yaml new file mode 100644 index 00000000000..42166c85ccd --- /dev/null +++ b/apps/kfp-tekton/upstream/base/metadata/base/metadata-envoy-service.yaml @@ -0,0 +1,14 @@ +kind: Service +apiVersion: v1 +metadata: + labels: + app: metadata-envoy + name: metadata-envoy-service +spec: + selector: + component: metadata-envoy + type: ClusterIP + ports: + - port: 9090 + protocol: TCP + name: md-envoy diff --git a/apps/kfp-tekton/upstream/base/metadata/base/metadata-grpc-configmap.yaml b/apps/kfp-tekton/upstream/base/metadata/base/metadata-grpc-configmap.yaml new file mode 100644 index 00000000000..08cc7e69278 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/metadata/base/metadata-grpc-configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: metadata-grpc-configmap + labels: + component: metadata-grpc-server +data: + METADATA_GRPC_SERVICE_HOST: "metadata-grpc-service" + METADATA_GRPC_SERVICE_PORT: "8080" diff --git a/apps/kfp-tekton/upstream/base/metadata/base/metadata-grpc-deployment.yaml b/apps/kfp-tekton/upstream/base/metadata/base/metadata-grpc-deployment.yaml new file mode 100644 index 00000000000..baa8df0d1b6 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/metadata/base/metadata-grpc-deployment.yaml @@ -0,0 +1,76 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metadata-grpc-deployment + labels: + component: metadata-grpc-server +spec: + replicas: 1 + selector: + matchLabels: + component: metadata-grpc-server + template: + metadata: + labels: + component: metadata-grpc-server + spec: + containers: + - name: container + # ! Sync to the same MLMD version: + # * backend/metadata_writer/requirements.in and requirements.txt + # * @kubeflow/frontend/src/mlmd/generated + # * .cloudbuild.yaml and .release.cloudbuild.yaml + # * manifests/kustomize/base/metadata/base/metadata-grpc-deployment.yaml + # * test/tag_for_hosted.sh + image: gcr.io/tfx-oss-public/ml_metadata_store_server:0.25.1 + env: + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + name: mysql-secret + key: username + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-secret + key: password + - name: MYSQL_DATABASE + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: mlmdDb + - name: MYSQL_HOST + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: dbHost + - name: MYSQL_PORT + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: dbPort + command: ["/bin/metadata_store_server"] + args: ["--grpc_port=8080", + "--mysql_config_database=$(MYSQL_DATABASE)", + "--mysql_config_host=$(MYSQL_HOST)", + "--mysql_config_port=$(MYSQL_PORT)", + "--mysql_config_user=$(DBCONFIG_USER)", + "--mysql_config_password=$(DBCONFIG_PASSWORD)", + "--enable_database_upgrade=true" + ] + ports: + - name: grpc-api + containerPort: 8080 + livenessProbe: + tcpSocket: + port: grpc-api + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + readinessProbe: + tcpSocket: + port: grpc-api + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: metadata-grpc-server diff --git a/apps/kfp-tekton/upstream/base/metadata/base/metadata-grpc-sa.yaml b/apps/kfp-tekton/upstream/base/metadata/base/metadata-grpc-sa.yaml new file mode 100644 index 00000000000..c8e8d1fc86d --- /dev/null +++ b/apps/kfp-tekton/upstream/base/metadata/base/metadata-grpc-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: metadata-grpc-server diff --git a/apps/kfp-tekton/upstream/base/metadata/base/metadata-grpc-service.yaml b/apps/kfp-tekton/upstream/base/metadata/base/metadata-grpc-service.yaml new file mode 100644 index 00000000000..7e7b73bf02d --- /dev/null +++ b/apps/kfp-tekton/upstream/base/metadata/base/metadata-grpc-service.yaml @@ -0,0 +1,14 @@ +kind: Service +apiVersion: v1 +metadata: + labels: + app: metadata + name: metadata-grpc-service +spec: + selector: + component: metadata-grpc-server + type: ClusterIP + ports: + - port: 8080 + protocol: TCP + name: grpc-api diff --git a/apps/kfp-tekton/upstream/base/metadata/overlays/db/kustomization.yaml b/apps/kfp-tekton/upstream/base/metadata/overlays/db/kustomization.yaml new file mode 100644 index 00000000000..fa67b8a9667 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/metadata/overlays/db/kustomization.yaml @@ -0,0 +1,39 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow + +bases: +- ../../base +resources: +- metadata-db-pvc.yaml +- metadata-db-deployment.yaml +- metadata-db-service.yaml + +patchesStrategicMerge: +- patches/metadata-grpc-deployment.yaml + +configMapGenerator: +- name: metadata-db-parameters + envs: + - params.env +secretGenerator: +- name: metadata-db-secrets + envs: + - secrets.env +generatorOptions: + disableNameSuffixHash: true + + +images: +- name: mysql + newName: mysql + newTag: 8.0.3 + +vars: +- name: MLMD_DB_HOST + objref: + kind: Service + name: metadata-db + apiVersion: v1 + fieldref: + fieldpath: metadata.name diff --git a/apps/kfp-tekton/upstream/base/metadata/overlays/db/metadata-db-deployment.yaml b/apps/kfp-tekton/upstream/base/metadata/overlays/db/metadata-db-deployment.yaml new file mode 100644 index 00000000000..360512d0467 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/metadata/overlays/db/metadata-db-deployment.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metadata-db + labels: + component: db +spec: + selector: + matchLabels: + component: db + replicas: 1 + strategy: + type: Recreate + template: + metadata: + name: db + labels: + component: db + annotations: + sidecar.istio.io/inject: "false" + spec: + containers: + - name: db-container + image: mysql:8.0.3 + args: + - --datadir + - /var/lib/mysql/datadir + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + ports: + - name: dbapi + containerPort: 3306 + readinessProbe: + exec: + command: + - "/bin/bash" + - "-c" + - "mysql -D $$MYSQL_DATABASE -p$$MYSQL_ROOT_PASSWORD -e 'SELECT 1'" + initialDelaySeconds: 5 + periodSeconds: 2 + timeoutSeconds: 1 + volumeMounts: + - name: metadata-mysql + mountPath: /var/lib/mysql + volumes: + - name: metadata-mysql + persistentVolumeClaim: + claimName: metadata-mysql diff --git a/apps/kfp-tekton/upstream/base/metadata/overlays/db/metadata-db-pvc.yaml b/apps/kfp-tekton/upstream/base/metadata/overlays/db/metadata-db-pvc.yaml new file mode 100644 index 00000000000..b1c083d9f45 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/metadata/overlays/db/metadata-db-pvc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: metadata-mysql +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/apps/kfp-tekton/upstream/base/metadata/overlays/db/metadata-db-service.yaml b/apps/kfp-tekton/upstream/base/metadata/overlays/db/metadata-db-service.yaml new file mode 100644 index 00000000000..b7a6401714a --- /dev/null +++ b/apps/kfp-tekton/upstream/base/metadata/overlays/db/metadata-db-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: metadata-db + labels: + component: db +spec: + type: ClusterIP + ports: + - port: 3306 + protocol: TCP + name: dbapi + selector: + component: db diff --git a/apps/kfp-tekton/upstream/base/metadata/overlays/db/params.env b/apps/kfp-tekton/upstream/base/metadata/overlays/db/params.env new file mode 100644 index 00000000000..5ab2adb3bb5 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/metadata/overlays/db/params.env @@ -0,0 +1,3 @@ +MYSQL_DATABASE=metadb +MYSQL_PORT=3306 +MYSQL_ALLOW_EMPTY_PASSWORD=true \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/base/metadata/overlays/db/patches/metadata-grpc-deployment.yaml b/apps/kfp-tekton/upstream/base/metadata/overlays/db/patches/metadata-grpc-deployment.yaml new file mode 100644 index 00000000000..03023a3404c --- /dev/null +++ b/apps/kfp-tekton/upstream/base/metadata/overlays/db/patches/metadata-grpc-deployment.yaml @@ -0,0 +1,25 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metadata-grpc-deployment +spec: + template: + spec: + containers: + - name: container + # Remove existing environment variables + env: + - $patch: replace + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + - configMapRef: + name: metadata-grpc-configmap + args: ["--grpc_port=$(METADATA_GRPC_SERVICE_PORT)", + "--mysql_config_host=$(MLMD_DB_HOST)", + "--mysql_config_database=$(MYSQL_DATABASE)", + "--mysql_config_port=$(MYSQL_PORT)", + "--mysql_config_user=$(MYSQL_USER_NAME)", + "--mysql_config_password=$(MYSQL_ROOT_PASSWORD)"] diff --git a/apps/kfp-tekton/upstream/base/metadata/overlays/db/secrets.env b/apps/kfp-tekton/upstream/base/metadata/overlays/db/secrets.env new file mode 100644 index 00000000000..44ac2ee3980 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/metadata/overlays/db/secrets.env @@ -0,0 +1,2 @@ +MYSQL_USER_NAME=root +MYSQL_ROOT_PASSWORD=test \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/base/pipeline/apiserver-deployment.yaml b/apps/kfp-tekton/upstream/base/pipeline/apiserver-deployment.yaml new file mode 100644 index 00000000000..7da648ecfbf --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/apiserver-deployment.yaml @@ -0,0 +1,103 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ml-pipeline +spec: + template: + spec: + containers: + - name: ml-pipeline-api-server + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OBJECTSTORECONFIG_SECURE + value: "false" + - name: OBJECTSTORECONFIG_BUCKETNAME + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: bucketName + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + name: mysql-secret + key: username + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-secret + key: password + - name: DBCONFIG_DBNAME + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: pipelineDb + - name: DBCONFIG_HOST + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: dbHost + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: dbPort + - name: OBJECTSTORECONFIG_ACCESSKEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: accesskey + - name: OBJECTSTORECONFIG_SECRETACCESSKEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: secretkey + - name: PIPELINE_RUNTIME + value: tekton + - name: ARTIFACT_BUCKET + valueFrom: + configMapKeyRef: + name: kfp-tekton-config + key: artifact_bucket + - name: ARTIFACT_ENDPOINT + valueFrom: + configMapKeyRef: + name: kfp-tekton-config + key: artifact_endpoint + - name: ARTIFACT_ENDPOINT_SCHEME + valueFrom: + configMapKeyRef: + name: kfp-tekton-config + key: artifact_endpoint_scheme + - name: ARCHIVE_LOGS + valueFrom: + configMapKeyRef: + name: kfp-tekton-config + key: archive_logs + - name: TRACK_ARTIFACTS + valueFrom: + configMapKeyRef: + name: kfp-tekton-config + key: track_artifacts + - name: STRIP_EOF + valueFrom: + configMapKeyRef: + name: kfp-tekton-config + key: strip_eof + - name: ARTIFACT_SCRIPT + valueFrom: + configMapKeyRef: + name: kfp-tekton-config + key: artifact_script + - name: ARTIFACT_IMAGE + valueFrom: + configMapKeyRef: + name: kfp-tekton-config + key: artifact_image + - name: INJECT_DEFAULT_SCRIPT + valueFrom: + configMapKeyRef: + name: kfp-tekton-config + key: inject_default_script diff --git a/apps/kfp-tekton/upstream/base/pipeline/cluster-scoped/kustomization.yaml b/apps/kfp-tekton/upstream/base/pipeline/cluster-scoped/kustomization.yaml new file mode 100644 index 00000000000..9a92c2ced66 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/cluster-scoped/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- scheduled-workflow-crd.yaml +- viewer-crd.yaml diff --git a/apps/kfp-tekton/upstream/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml b/apps/kfp-tekton/upstream/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml new file mode 100644 index 00000000000..623e183494b --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml @@ -0,0 +1,18 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: scheduledworkflows.kubeflow.org +spec: + group: kubeflow.org + names: + kind: ScheduledWorkflow + listKind: ScheduledWorkflowList + plural: scheduledworkflows + shortNames: + - swf + singular: scheduledworkflow + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/base/pipeline/cluster-scoped/viewer-crd.yaml b/apps/kfp-tekton/upstream/base/pipeline/cluster-scoped/viewer-crd.yaml new file mode 100644 index 00000000000..dcb5db0f88a --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/cluster-scoped/viewer-crd.yaml @@ -0,0 +1,18 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: viewers.kubeflow.org +spec: + group: kubeflow.org + names: + kind: Viewer + listKind: ViewerList + plural: viewers + shortNames: + - vi + singular: viewer + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true diff --git a/apps/kfp-tekton/upstream/base/pipeline/container-builder-sa.yaml b/apps/kfp-tekton/upstream/base/pipeline/container-builder-sa.yaml new file mode 100644 index 00000000000..aa65bd9bbf3 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/container-builder-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-container-builder diff --git a/apps/kfp-tekton/upstream/base/pipeline/kfp-pipeline-config.yaml b/apps/kfp-tekton/upstream/base/pipeline/kfp-pipeline-config.yaml new file mode 100644 index 00000000000..469b818bda6 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/kfp-pipeline-config.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: kfp-tekton-config +data: + artifact_bucket: "mlpipeline" + artifact_endpoint: "minio-service.kubeflow:9000" + artifact_endpoint_scheme: "http://" + artifact_image: "minio/mc:RELEASE.2020-11-25T23-04-07Z" + archive_logs: "false" + track_artifacts: "true" + strip_eof: "false" + inject_default_script: "true" + artifact_script: |- + #!/usr/bin/env sh + push_artifact() { + tar -cvzf $1.tgz $2 + mc cp $1.tgz storage/$ARTIFACT_BUCKET/artifacts/$PIPELINERUN/$PIPELINETASK/$1.tgz + } + push_log() { + cat /var/log/containers/$PODNAME*$NAMESPACE*step-main*.log > step-main.log + push_artifact main-log step-main.log + } + strip_eof() { + awk 'NF' $2 | head -c -1 > $1_temp_save && cp $1_temp_save $2 + } + mc config host add storage ${ARTIFACT_ENDPOINT_SCHEME}${ARTIFACT_ENDPOINT} $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY diff --git a/apps/kfp-tekton/upstream/base/pipeline/kustomization.yaml b/apps/kfp-tekton/upstream/base/pipeline/kustomization.yaml new file mode 100644 index 00000000000..d07d32938fb --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/kustomization.yaml @@ -0,0 +1,65 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: + - metadata-writer + - cluster-scoped +resources: + - ml-pipeline-apiserver-deployment.yaml + - ml-pipeline-apiserver-role.yaml + - ml-pipeline-apiserver-rolebinding.yaml + - ml-pipeline-apiserver-sa.yaml + - ml-pipeline-apiserver-service.yaml + - ml-pipeline-persistenceagent-deployment.yaml + - ml-pipeline-persistenceagent-role.yaml + - ml-pipeline-persistenceagent-rolebinding.yaml + - ml-pipeline-persistenceagent-sa.yaml + - ml-pipeline-scheduledworkflow-deployment.yaml + - ml-pipeline-scheduledworkflow-role.yaml + - ml-pipeline-scheduledworkflow-rolebinding.yaml + - ml-pipeline-scheduledworkflow-sa.yaml + - ml-pipeline-ui-deployment.yaml + - ml-pipeline-ui-configmap.yaml + - ml-pipeline-ui-role.yaml + - ml-pipeline-ui-rolebinding.yaml + - ml-pipeline-ui-sa.yaml + - ml-pipeline-ui-service.yaml + - ml-pipeline-viewer-crd-role.yaml + - ml-pipeline-viewer-crd-rolebinding.yaml + - ml-pipeline-viewer-crd-deployment.yaml + - ml-pipeline-viewer-crd-sa.yaml + - ml-pipeline-visualization-deployment.yaml + - ml-pipeline-visualization-sa.yaml + - ml-pipeline-visualization-service.yaml + - pipeline-runner-role.yaml + - pipeline-runner-rolebinding.yaml + - pipeline-runner-sa.yaml + - container-builder-sa.yaml + - viewer-sa.yaml + - kfp-pipeline-config.yaml + +patchesStrategicMerge: + - apiserver-deployment.yaml + - metadata-writer-deployment.yaml +images: + - name: gcr.io/ml-pipeline/api-server + newName: docker.io/aipipeline/api-server + newTag: 0.8.0-rc0 + - name: gcr.io/ml-pipeline/persistenceagent + newName: docker.io/aipipeline/persistenceagent + newTag: 0.8.0-rc0 + - name: gcr.io/ml-pipeline/scheduledworkflow + newName: docker.io/aipipeline/scheduledworkflow + newTag: 0.8.0-rc0 + - name: gcr.io/ml-pipeline/frontend + newName: docker.io/aipipeline/frontend + newTag: 0.8.0-rc0 + - name: gcr.io/ml-pipeline/viewer-crd-controller + newTag: 1.5.0-rc.2 + - name: gcr.io/ml-pipeline/visualization-server + newTag: 1.5.0-rc.2 + - name: gcr.io/ml-pipeline/metadata-writer + newName: docker.io/aipipeline/metadata-writer + newTag: 0.8.0-rc0 + - name: gcr.io/ml-pipeline/cache-server + newName: docker.io/aipipeline/cache-server + newTag: 0.8.0-rc0 diff --git a/apps/kfp-tekton/upstream/base/pipeline/metadata-writer-deployment.yaml b/apps/kfp-tekton/upstream/base/pipeline/metadata-writer-deployment.yaml new file mode 100644 index 00000000000..4ebd45a844b --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/metadata-writer-deployment.yaml @@ -0,0 +1,31 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metadata-writer + labels: + app: metadata-writer +spec: + replicas: 1 + selector: + matchLabels: + app: metadata-writer + template: + metadata: + labels: + app: metadata-writer + spec: + containers: + - name: main + env: + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PIPELINE_RUNTIME + value: tekton + - name: ARCHIVE_LOGS + valueFrom: + configMapKeyRef: + name: kfp-tekton-config + key: archive_logs + serviceAccountName: kubeflow-pipelines-metadata-writer diff --git a/apps/kfp-tekton/upstream/base/pipeline/metadata-writer/kustomization.yaml b/apps/kfp-tekton/upstream/base/pipeline/metadata-writer/kustomization.yaml new file mode 100644 index 00000000000..478c1910c79 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/metadata-writer/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - metadata-writer-deployment.yaml + - metadata-writer-role.yaml + - metadata-writer-rolebinding.yaml + - metadata-writer-sa.yaml +images: + - name: gcr.io/ml-pipeline/metadata-writer + newTag: 1.5.0-rc.2 diff --git a/apps/kfp-tekton/upstream/base/pipeline/metadata-writer/metadata-writer-deployment.yaml b/apps/kfp-tekton/upstream/base/pipeline/metadata-writer/metadata-writer-deployment.yaml new file mode 100644 index 00000000000..7cf254c14d1 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/metadata-writer/metadata-writer-deployment.yaml @@ -0,0 +1,27 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metadata-writer + labels: + app: metadata-writer +spec: + replicas: 1 + selector: + matchLabels: + app: metadata-writer + template: + metadata: + labels: + app: metadata-writer + spec: + containers: + - name: main + image: gcr.io/ml-pipeline/metadata-writer:dummy + env: + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PIPELINE_RUNTIME + value: tekton + serviceAccountName: kubeflow-pipelines-metadata-writer diff --git a/apps/kfp-tekton/upstream/base/pipeline/metadata-writer/metadata-writer-role.yaml b/apps/kfp-tekton/upstream/base/pipeline/metadata-writer/metadata-writer-role.yaml new file mode 100644 index 00000000000..924e8f8424c --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/metadata-writer/metadata-writer-role.yaml @@ -0,0 +1,45 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-metadata-writer-role + name: kubeflow-pipelines-metadata-writer-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - conditions + verbs: + - get + - list + - watch + - update + - patch diff --git a/apps/kfp-tekton/upstream/base/pipeline/metadata-writer/metadata-writer-rolebinding.yaml b/apps/kfp-tekton/upstream/base/pipeline/metadata-writer/metadata-writer-rolebinding.yaml new file mode 100644 index 00000000000..5a6c1fef249 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/metadata-writer/metadata-writer-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-metadata-writer-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-metadata-writer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-metadata-writer \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/base/pipeline/metadata-writer/metadata-writer-sa.yaml b/apps/kfp-tekton/upstream/base/pipeline/metadata-writer/metadata-writer-sa.yaml new file mode 100644 index 00000000000..77812949a84 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/metadata-writer/metadata-writer-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-metadata-writer diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml new file mode 100644 index 00000000000..bb2eb8f82cd --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml @@ -0,0 +1,109 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline + name: ml-pipeline +spec: + selector: + matchLabels: + app: ml-pipeline + template: + metadata: + labels: + app: ml-pipeline + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + spec: + containers: + - env: + - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: autoUpdatePipelineDefaultVersion + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OBJECTSTORECONFIG_SECURE + value: "false" + - name: OBJECTSTORECONFIG_BUCKETNAME + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: bucketName + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + name: mysql-secret + key: username + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-secret + key: password + - name: DBCONFIG_DBNAME + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: pipelineDb + - name: DBCONFIG_HOST + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: dbHost + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: dbPort + - name: OBJECTSTORECONFIG_ACCESSKEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: accesskey + - name: OBJECTSTORECONFIG_SECRETACCESSKEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: secretkey + - name: PIPELINE_RUNTIME + value: tekton + image: gcr.io/ml-pipeline/api-server:dummy + imagePullPolicy: Always + name: ml-pipeline-api-server + ports: + - name: http + containerPort: 8888 + - name: grpc + containerPort: 8887 + readinessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + livenessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + resources: + requests: + cpu: 250m + memory: 500Mi + serviceAccountName: ml-pipeline diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-role.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-role.yaml new file mode 100644 index 00000000000..432f2565b71 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-role.yaml @@ -0,0 +1,65 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline + name: ml-pipeline +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get + - list + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - conditions + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - update + - patch + - delete +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml new file mode 100644 index 00000000000..c4ef4f5ffe6 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline + name: ml-pipeline +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline +subjects: +- kind: ServiceAccount + name: ml-pipeline \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-sa.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-sa.yaml new file mode 100644 index 00000000000..95ff3141e61 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-service.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-service.yaml new file mode 100644 index 00000000000..4ac2ba4ac90 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: ml-pipeline +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + - name: grpc + port: 8887 + protocol: TCP + targetPort: 8887 + selector: + app: ml-pipeline \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml new file mode 100644 index 00000000000..bc5032e51a8 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml @@ -0,0 +1,35 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-persistenceagent + name: ml-pipeline-persistenceagent +spec: + selector: + matchLabels: + app: ml-pipeline-persistenceagent + template: + metadata: + labels: + app: ml-pipeline-persistenceagent + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: TTL_SECONDS_AFTER_WORKFLOW_FINISH + value: "86400" + - name: NUM_WORKERS + value: "2" + image: gcr.io/ml-pipeline/persistenceagent:dummy + imagePullPolicy: IfNotPresent + name: ml-pipeline-persistenceagent + resources: + requests: + cpu: 120m + memory: 500Mi + serviceAccountName: ml-pipeline-persistenceagent diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml new file mode 100644 index 00000000000..7e7f976819f --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ml-pipeline-persistenceagent-role +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - get + - list + - watch +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - conditions + verbs: + - create + - get + - list + - watch + - update + - patch + - delete diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-persistenceagent-rolebinding.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-persistenceagent-rolebinding.yaml new file mode 100644 index 00000000000..a690f20cbf0 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-persistenceagent-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-persistenceagent-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-persistenceagent-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-persistenceagent diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-persistenceagent-sa.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-persistenceagent-sa.yaml new file mode 100644 index 00000000000..4725287b375 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-persistenceagent-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-persistenceagent \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml new file mode 100644 index 00000000000..ac20e5736f2 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml @@ -0,0 +1,32 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-scheduledworkflow + name: ml-pipeline-scheduledworkflow +spec: + selector: + matchLabels: + app: ml-pipeline-scheduledworkflow + template: + metadata: + labels: + app: ml-pipeline-scheduledworkflow + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + spec: + containers: + - image: gcr.io/ml-pipeline/scheduledworkflow:dummy + imagePullPolicy: IfNotPresent + name: ml-pipeline-scheduledworkflow + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CRON_SCHEDULE_TIMEZONE + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: cronScheduleTimezone + serviceAccountName: ml-pipeline-scheduledworkflow diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml new file mode 100644 index 00000000000..9c172782d7a --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml @@ -0,0 +1,52 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-scheduledworkflow-role + name: ml-pipeline-scheduledworkflow-role +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - '' + resources: + - events + verbs: + - create + - patch +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - conditions + verbs: + - create + - get + - list + - watch + - update + - patch + - delete diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml new file mode 100644 index 00000000000..e9429f36624 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-scheduledworkflow-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-scheduledworkflow-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-scheduledworkflow \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-scheduledworkflow-sa.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-scheduledworkflow-sa.yaml new file mode 100644 index 00000000000..285c13742fd --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-scheduledworkflow-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-scheduledworkflow diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-configmap.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-configmap.yaml new file mode 100644 index 00000000000..85b64229767 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-configmap.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: ml-pipeline-ui-configmap +data: + viewer-pod-template.json: |- + { + "spec": { + "serviceAccountName": "kubeflow-pipelines-viewer" + } + } diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml new file mode 100644 index 00000000000..8e8923a3659 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml @@ -0,0 +1,79 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +spec: + selector: + matchLabels: + app: ml-pipeline-ui + template: + metadata: + labels: + app: ml-pipeline-ui + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + spec: + volumes: + - name: config-volume + configMap: + name: ml-pipeline-ui-configmap + containers: + - image: gcr.io/ml-pipeline/frontend:dummy + imagePullPolicy: IfNotPresent + name: ml-pipeline-ui + ports: + - containerPort: 3000 + volumeMounts: + - name: config-volume + mountPath: /etc/config + readOnly: true + env: + - name: VIEWER_TENSORBOARD_POD_TEMPLATE_SPEC_PATH + value: /etc/config/viewer-pod-template.json + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: accesskey + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: secretkey + - name: ALLOW_CUSTOM_VISUALIZATIONS + value: "true" + readinessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:3000/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + livenessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:3000/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + resources: + requests: + cpu: 10m + memory: 70Mi + serviceAccountName: ml-pipeline-ui diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-role.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-role.yaml new file mode 100644 index 00000000000..d80adb4a534 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-role.yaml @@ -0,0 +1,58 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - "kubeflow.org" + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete +- apiGroups: + - "argoproj.io" + resources: + - workflows + verbs: + - get + - list +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - conditions + verbs: + - create + - get + - list + - watch + - update + - patch + - delete diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-rolebinding.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-rolebinding.yaml new file mode 100644 index 00000000000..e8298354200 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-ui +subjects: +- kind: ServiceAccount + name: ml-pipeline-ui diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-sa.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-sa.yaml new file mode 100644 index 00000000000..06bc4453843 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-ui \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-service.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-service.yaml new file mode 100644 index 00000000000..093ad8ca2c9 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +spec: + ports: + - name: http + protocol: TCP + port: 80 + targetPort: 3000 + selector: + app: ml-pipeline-ui diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml new file mode 100644 index 00000000000..617801d11ff --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml @@ -0,0 +1,29 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-viewer-crd + name: ml-pipeline-viewer-crd +spec: + selector: + matchLabels: + app: ml-pipeline-viewer-crd + template: + metadata: + labels: + app: ml-pipeline-viewer-crd + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + spec: + containers: + - image: gcr.io/ml-pipeline/viewer-crd-controller:dummy + imagePullPolicy: Always + name: ml-pipeline-viewer-crd + env: + - name: MAX_NUM_VIEWERS + value: "50" + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + serviceAccountName: ml-pipeline-viewer-crd-service-account diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-viewer-crd-role.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-viewer-crd-role.yaml new file mode 100644 index 00000000000..73bf032fdd8 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-viewer-crd-role.yaml @@ -0,0 +1,30 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ml-pipeline-viewer-controller-role +rules: +- apiGroups: + - '*' + resources: + - deployments + - services + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-viewer-crd-rolebinding.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-viewer-crd-rolebinding.yaml new file mode 100644 index 00000000000..bd1f77a8379 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-viewer-crd-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-viewer-crd-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-viewer-controller-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-viewer-crd-service-account diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-viewer-crd-sa.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-viewer-crd-sa.yaml new file mode 100644 index 00000000000..5dd08f88439 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-viewer-crd-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-viewer-crd-service-account diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-visualization-deployment.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-visualization-deployment.yaml new file mode 100644 index 00000000000..b6d1e1184e6 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-visualization-deployment.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-visualizationserver + name: ml-pipeline-visualizationserver +spec: + selector: + matchLabels: + app: ml-pipeline-visualizationserver + template: + metadata: + labels: + app: ml-pipeline-visualizationserver + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + spec: + containers: + - image: gcr.io/ml-pipeline/visualization-server:dummy + imagePullPolicy: IfNotPresent + name: ml-pipeline-visualizationserver + ports: + - name: http + containerPort: 8888 + readinessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + livenessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + resources: + requests: + cpu: 30m + memory: 500Mi + serviceAccountName: ml-pipeline-visualizationserver diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-visualization-sa.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-visualization-sa.yaml new file mode 100644 index 00000000000..e1bbc6ad273 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-visualization-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-visualizationserver diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-visualization-service.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-visualization-service.yaml new file mode 100644 index 00000000000..83c7dd67504 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-visualization-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: ml-pipeline-visualizationserver +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + selector: + app: ml-pipeline-visualizationserver \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/base/pipeline/pipeline-runner-role.yaml b/apps/kfp-tekton/upstream/base/pipeline/pipeline-runner-role.yaml new file mode 100644 index 00000000000..2ca3332c2e0 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/pipeline-runner-role.yaml @@ -0,0 +1,94 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: pipeline-runner +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + verbs: + - '*' +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' +- apiGroups: + - machinelearning.seldon.io + resources: + - seldondeployments + verbs: + - '*' +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - conditions + verbs: + - create + - get + - list + - watch + - update + - patch + - delete diff --git a/apps/kfp-tekton/upstream/base/pipeline/pipeline-runner-rolebinding.yaml b/apps/kfp-tekton/upstream/base/pipeline/pipeline-runner-rolebinding.yaml new file mode 100644 index 00000000000..9adae61887f --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/pipeline-runner-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipeline-runner-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipeline-runner +subjects: +- kind: ServiceAccount + name: pipeline-runner diff --git a/apps/kfp-tekton/upstream/base/pipeline/pipeline-runner-sa.yaml b/apps/kfp-tekton/upstream/base/pipeline/pipeline-runner-sa.yaml new file mode 100644 index 00000000000..8cb2c669fb2 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/pipeline-runner-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pipeline-runner diff --git a/apps/kfp-tekton/upstream/base/pipeline/viewer-sa.yaml b/apps/kfp-tekton/upstream/base/pipeline/viewer-sa.yaml new file mode 100644 index 00000000000..932133c82a6 --- /dev/null +++ b/apps/kfp-tekton/upstream/base/pipeline/viewer-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-viewer diff --git a/apps/kfp-tekton/upstream/cluster-scoped-resources/kustomization.yaml b/apps/kfp-tekton/upstream/cluster-scoped-resources/kustomization.yaml new file mode 100644 index 00000000000..936b2d782bf --- /dev/null +++ b/apps/kfp-tekton/upstream/cluster-scoped-resources/kustomization.yaml @@ -0,0 +1,26 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: kubeflow + +resources: +- namespace.yaml +bases: +- ../third-party/application/cluster-scoped +- ../base/pipeline/cluster-scoped +- ../base/cache-deployer/cluster-scoped +vars: +# NOTE: var name must be unique globally to allow composition of multiple kustomize +# packages. Therefore, we added prefix `kfp-cluster-scoped-` to distinguish it from +# others. +- name: kfp-cluster-scoped-namespace + objref: + # cache deployer sa's metadata.namespace will be first transformed by namespace field in kustomization.yaml + # so that we only need to change kustomization.yaml's namespace field for namespace customization. + kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa + apiVersion: v1 + fieldref: + fieldpath: metadata.namespace +configurations: +- params.yaml diff --git a/apps/kfp-tekton/upstream/cluster-scoped-resources/namespace.yaml b/apps/kfp-tekton/upstream/cluster-scoped-resources/namespace.yaml new file mode 100644 index 00000000000..3c65856e7b7 --- /dev/null +++ b/apps/kfp-tekton/upstream/cluster-scoped-resources/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: '$(kfp-cluster-scoped-namespace)' diff --git a/apps/kfp-tekton/upstream/cluster-scoped-resources/params.yaml b/apps/kfp-tekton/upstream/cluster-scoped-resources/params.yaml new file mode 100644 index 00000000000..cc253fe2660 --- /dev/null +++ b/apps/kfp-tekton/upstream/cluster-scoped-resources/params.yaml @@ -0,0 +1,4 @@ +# Allow Kustomize var to replace following fields. +varReference: +- path: metadata/name + kind: Namespace diff --git a/apps/kfp-tekton/upstream/env/aws/README.md b/apps/kfp-tekton/upstream/env/aws/README.md new file mode 100644 index 00000000000..fc0a6437357 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/aws/README.md @@ -0,0 +1,56 @@ +# Sample installation + +1. Create an EKS cluster + +Run this command to create EKS cluster +``` +eksctl create cluster \ +--name AWS-KFP \ +--version 1.17 \ +--region us-west-2 \ +--nodegroup-name linux-nodes \ +--node-type m5.xlarge \ +--nodes 2 \ +--nodes-min 1 \ +--nodes-max 4 \ +--managed +``` + +2. Prepare S3 + +Create S3 bucket. [Console](https://console.aws.amazon.com/s3/home). + +Run this command to create S3 bucket by changing `` to your prefer s3 bucket name. + +``` +export S3_BUCKET= +export AWS_REGION=us-west-2 +aws s3 mb s3://$S3_BUCKET --region $AWS_REGION +``` + +3. Prepare RDS + +Follow this [doc](https://www.kubeflow.org/docs/aws/rds/#deploy-amazon-rds-mysql-in-your-environment) to set up AWS RDS instance. + +4. Customize your values +- Edit [params.env](params.env), [secret.env](secret.env) and [minio-artifact-secret-patch.env](minio-artifact-secret-patch.env) + +5. Install + +``` +kubectl apply -k ../../cluster-scoped-resources +# If upper one action got failed, e.x. you used wrong value, try delete, fix and apply again +# kubectl delete -k ../../cluster-scoped-resources + +kubectl wait crd/applications.app.k8s.io --for condition=established --timeout=60s + +kubectl apply -k ./ +# If upper one action got failed, e.x. you used wrong value, try delete, fix and apply again +# kubectl delete -k ./ + +kubectl wait applications/pipeline -n kubeflow --for condition=Ready --timeout=1800s + +kubectl port-forward -n kubeflow svc/ml-pipeline-ui 8080:80 +``` + +Now you can access via `localhost:8080` diff --git a/apps/kfp-tekton/upstream/env/aws/aws-configuration-patch.yaml b/apps/kfp-tekton/upstream/env/aws/aws-configuration-patch.yaml new file mode 100644 index 00000000000..d008e3bc767 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/aws/aws-configuration-patch.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ml-pipeline-ui +spec: + template: + metadata: + labels: + app: ml-pipeline-ui + spec: + volumes: + - name: config-volume + configMap: + name: ml-pipeline-ui-configmap + containers: + - name: ml-pipeline-ui + env: + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: accesskey + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: secretkey + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ml-pipeline +spec: + template: + metadata: + labels: + app: ml-pipeline + spec: + containers: + - env: + - name: OBJECTSTORECONFIG_SECURE + value: "true" + - name: OBJECTSTORECONFIG_BUCKETNAME + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: bucketName + - name: OBJECTSTORECONFIG_HOST + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: minioServiceHost + - name: OBJECTSTORECONFIG_REGION + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: minioServiceRegion + - name: OBJECTSTORECONFIG_PORT + value: "" + name: ml-pipeline-api-server \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/env/aws/config b/apps/kfp-tekton/upstream/env/aws/config new file mode 100644 index 00000000000..ebf05538dc9 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/aws/config @@ -0,0 +1,20 @@ +{ +artifactRepository: +{ + s3: { + bucket: $(kfp-artifact-bucket-name), + keyPrefix: artifacts, + endpoint: s3.amazonaws.com, + insecure: true, + accessKeySecret: { + name: mlpipeline-minio-artifact, + key: accesskey + }, + secretKeySecret: { + name: mlpipeline-minio-artifact, + key: secretkey + } + }, + archiveLogs: true +} +} diff --git a/apps/kfp-tekton/upstream/env/aws/kustomization.yaml b/apps/kfp-tekton/upstream/env/aws/kustomization.yaml new file mode 100644 index 00000000000..50bb9d3a83f --- /dev/null +++ b/apps/kfp-tekton/upstream/env/aws/kustomization.yaml @@ -0,0 +1,33 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +bases: +- ../../env/platform-agnostic +configMapGenerator: +- name: pipeline-install-config + env: params.env + behavior: merge +- name: workflow-controller-configmap + behavior: replace + files: + - config +- name: ml-pipeline-ui-configmap + behavior: replace + files: + - viewer-pod-template.json +secretGenerator: +- name: mysql-secret + env: secret.env + behavior: merge +- name: mlpipeline-minio-artifact + env: minio-artifact-secret-patch.env + behavior: merge +generatorOptions: + disableNameSuffixHash: true +patchesStrategicMerge: +- aws-configuration-patch.yaml +# Identifier for application manager to apply ownerReference. +# The ownerReference ensures the resources get garbage collected +# when application is deleted. +commonLabels: + application-crd-id: kubeflow-pipelines diff --git a/apps/kfp-tekton/upstream/env/aws/minio-artifact-secret-patch.env b/apps/kfp-tekton/upstream/env/aws/minio-artifact-secret-patch.env new file mode 100644 index 00000000000..3f11b74138c --- /dev/null +++ b/apps/kfp-tekton/upstream/env/aws/minio-artifact-secret-patch.env @@ -0,0 +1,2 @@ +accesskey=YOUR_AWS_ACCESS_ID +secretkey=YOUR_AWS_SECRET_KEY diff --git a/apps/kfp-tekton/upstream/env/aws/params.env b/apps/kfp-tekton/upstream/env/aws/params.env new file mode 100644 index 00000000000..30e966592ca --- /dev/null +++ b/apps/kfp-tekton/upstream/env/aws/params.env @@ -0,0 +1,5 @@ +dbHost=YOUR_RDS_ENDPOINT + +bucketName=YOUR_S3_BUCKET_NAME +minioServiceHost=s3.amazonaws.com +minioServiceRegion=YOUR_AWS_REGION diff --git a/apps/kfp-tekton/upstream/env/aws/secret.env b/apps/kfp-tekton/upstream/env/aws/secret.env new file mode 100644 index 00000000000..cdd7b0a5fc4 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/aws/secret.env @@ -0,0 +1,2 @@ +username=YOUR_RDS_USERNAME +password=YOUR_RDS_PASSWORD diff --git a/apps/kfp-tekton/upstream/env/aws/viewer-pod-template.json b/apps/kfp-tekton/upstream/env/aws/viewer-pod-template.json new file mode 100644 index 00000000000..5cce566794e --- /dev/null +++ b/apps/kfp-tekton/upstream/env/aws/viewer-pod-template.json @@ -0,0 +1,37 @@ +{ + "spec": { + "containers": [ + { + "env": [ + { + "name": "AWS_ACCESS_KEY_ID", + "valueFrom": { + "secretKeyRef": { + "name": "mlpipeline-minio-artifact", + "key": "accesskey" + } + } + }, + { + "name": "AWS_SECRET_ACCESS_KEY", + "valueFrom": { + "secretKeyRef": { + "name": "mlpipeline-minio-artifact", + "key": "secretkey" + } + } + }, + { + "name": "AWS_REGION", + "valueFrom": { + "configMapKeyRef": { + "name": "pipeline-install-config", + "key": "minioServiceRegion" + } + } + } + ] + } + ] + } +} \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/env/azure/kustomization.yaml b/apps/kfp-tekton/upstream/env/azure/kustomization.yaml new file mode 100644 index 00000000000..39b9c7d95c6 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/azure/kustomization.yaml @@ -0,0 +1,25 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow + +bases: +- ../../base/installs/generic +- ../../base/metadata/base +- ../../third-party/argo/installs/namespace +- minio-azure-gateway + +configMapGenerator: +- name: pipeline-install-config + env: params.env + behavior: merge + +secretGenerator: +- name: mysql-secret + env: mysql-secret.env + behavior: merge + +# Identifier for application manager to apply ownerReference. +# The ownerReference ensures the resources get garbage collected +# when application is deleted. +commonLabels: + application-crd-id: kubeflow-pipelines diff --git a/apps/kfp-tekton/upstream/env/azure/minio-azure-gateway/kustomization.yaml b/apps/kfp-tekton/upstream/env/azure/minio-azure-gateway/kustomization.yaml new file mode 100644 index 00000000000..db350a6f5b0 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/azure/minio-azure-gateway/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- minio-azure-gateway-deployment.yaml +- minio-azure-gateway-service.yaml + +secretGenerator: +- name: mlpipeline-minio-artifact + env: minio-artifact-secret.env +generatorOptions: + # mlpipeline-minio-artifact needs to be referred by exact name + disableNameSuffixHash: true \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/env/azure/minio-azure-gateway/minio-artifact-secret.env b/apps/kfp-tekton/upstream/env/azure/minio-azure-gateway/minio-artifact-secret.env new file mode 100644 index 00000000000..7d9d25d6f05 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/azure/minio-azure-gateway/minio-artifact-secret.env @@ -0,0 +1,2 @@ +accesskey=[STORAGEACCOUNTNAME] +secretkey=[STORAGEACCOUNTKEY] \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/env/azure/minio-azure-gateway/minio-azure-gateway-deployment.yaml b/apps/kfp-tekton/upstream/env/azure/minio-azure-gateway/minio-azure-gateway-deployment.yaml new file mode 100644 index 00000000000..56979c42e94 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/azure/minio-azure-gateway/minio-azure-gateway-deployment.yaml @@ -0,0 +1,40 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio + labels: + app: minio +spec: + selector: + matchLabels: + app: minio + strategy: + type: Recreate + template: + metadata: + labels: + app: minio + spec: + containers: + - name: minio + image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance + args: + - gateway + - azure + env: + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: accesskey + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: secretkey + ports: + - containerPort: 9000 + resources: + requests: + cpu: 20m + memory: 25Mi diff --git a/apps/kfp-tekton/upstream/env/azure/minio-azure-gateway/minio-azure-gateway-service.yaml b/apps/kfp-tekton/upstream/env/azure/minio-azure-gateway/minio-azure-gateway-service.yaml new file mode 100644 index 00000000000..7dd18174965 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/azure/minio-azure-gateway/minio-azure-gateway-service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: minio-service +spec: + ports: + - port: 9000 + targetPort: 9000 + protocol: TCP + selector: + app: minio \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/env/azure/mysql-secret.env b/apps/kfp-tekton/upstream/env/azure/mysql-secret.env new file mode 100644 index 00000000000..93f6075227d --- /dev/null +++ b/apps/kfp-tekton/upstream/env/azure/mysql-secret.env @@ -0,0 +1,2 @@ +username=[SQLUSER]@[SQLSERVERNAME] +password=[SQLPASS] \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/env/azure/params.env b/apps/kfp-tekton/upstream/env/azure/params.env new file mode 100644 index 00000000000..44ed71784f1 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/azure/params.env @@ -0,0 +1 @@ +dbHost=[SQLSERVERNAME].mysql.database.azure.com diff --git a/apps/kfp-tekton/upstream/env/azure/readme.md b/apps/kfp-tekton/upstream/env/azure/readme.md new file mode 100644 index 00000000000..5487d6aa02f --- /dev/null +++ b/apps/kfp-tekton/upstream/env/azure/readme.md @@ -0,0 +1,15 @@ +# KFP customizations for Azure + +This template provides a starting point to configure KFP to use an Azure hosted MySQL database, as well as an Azure Blob backed MinIO service. + +## MySQL + +1. [Create an Azure Database for MySQL](https://docs.microsoft.com/azure/mysql/quickstart-create-mysql-server-database-using-azure-portal). Ensure that it will allow connections from the Kubernetes cluster. + +2. Substitute the server name into [params.env](./params.env), and the username and password into [mysql-secret.env](./mysql-secret.env) + +## MinIO Gateway for Azure Blobstore + +1. [Create an Azure Storage account](https://docs.microsoft.com/azure/storage/common/storage-account-create). Ensure that it will allow connections from the Kubernetes cluster. + +2. Substitute the storage name and access key into [minio-artifact-secret.env](./minio-azure-gateway/minio-artifact-secret.env). diff --git a/apps/kfp-tekton/upstream/env/dev/kustomization.yaml b/apps/kfp-tekton/upstream/env/dev/kustomization.yaml new file mode 100644 index 00000000000..23030cea7c3 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/dev/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +bases: + # Application controller is used to provide Google Cloud Console integration. + - ../../third-party/application + - ../../base/application + - ../platform-agnostic + - ../gcp/inverse-proxy + +# Identifier for application manager to apply ownerReference. +# The ownerReference ensures the resources get garbage collected +# when application is deleted. +commonLabels: + application-crd-id: kubeflow-pipelines + +# !!! If you want to customize the namespace, +# please refer sample/cluster-scoped-resources to update the namespace for cluster-scoped-resources +namespace: kubeflow diff --git a/apps/kfp-tekton/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml b/apps/kfp-tekton/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml new file mode 100644 index 00000000000..10e1f6aafe8 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml @@ -0,0 +1,47 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cloudsqlproxy + labels: + app: cloudsqlproxy +spec: + selector: + matchLabels: + app: cloudsqlproxy + replicas: 1 + template: + metadata: + labels: + app: cloudsqlproxy + spec: + serviceAccountName: kubeflow-pipelines-cloudsql-proxy + containers: + - image: gcr.io/cloudsql-docker/gce-proxy:1.14 + name: cloudsqlproxy + env: + - name: GCP_CLOUDSQL_INSTANCE_NAME + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: gcsCloudSqlInstanceName + command: ["/cloud_sql_proxy", + "-dir=/cloudsql", + "-instances=$(GCP_CLOUDSQL_INSTANCE_NAME)=tcp:0.0.0.0:3306", + "term_timeout=10s"] + # set term_timeout if require graceful handling of shutdown + # NOTE: proxy will stop accepting new connections; only wait on existing connections + lifecycle: + preStop: + exec: + # (optional) add a preStop hook so that termination is delayed + # this is required if your server still require new connections (e.g., connection pools) + command: ['sleep', '10'] + ports: + - name: mysql + containerPort: 3306 + volumeMounts: + - mountPath: /cloudsql + name: cloudsql + volumes: + - name: cloudsql + emptyDir: diff --git a/apps/kfp-tekton/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-sa.yaml b/apps/kfp-tekton/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-sa.yaml new file mode 100644 index 00000000000..a4cc9c43dfe --- /dev/null +++ b/apps/kfp-tekton/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-cloudsql-proxy diff --git a/apps/kfp-tekton/upstream/env/gcp/cloudsql-proxy/kustomization.yaml b/apps/kfp-tekton/upstream/env/gcp/cloudsql-proxy/kustomization.yaml new file mode 100644 index 00000000000..a336cb50f9e --- /dev/null +++ b/apps/kfp-tekton/upstream/env/gcp/cloudsql-proxy/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- cloudsql-proxy-deployment.yaml +- cloudsql-proxy-sa.yaml +- mysql-service.yaml diff --git a/apps/kfp-tekton/upstream/env/gcp/cloudsql-proxy/mysql-service.yaml b/apps/kfp-tekton/upstream/env/gcp/cloudsql-proxy/mysql-service.yaml new file mode 100644 index 00000000000..f97dbc3a20a --- /dev/null +++ b/apps/kfp-tekton/upstream/env/gcp/cloudsql-proxy/mysql-service.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: mysql +spec: + ports: + - port: 3306 + selector: + app: cloudsqlproxy diff --git a/apps/kfp-tekton/upstream/env/gcp/gcp-configurations-patch.yaml b/apps/kfp-tekton/upstream/env/gcp/gcp-configurations-patch.yaml new file mode 100644 index 00000000000..5e725b536d2 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/gcp/gcp-configurations-patch.yaml @@ -0,0 +1,22 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ml-pipeline +spec: + template: + spec: + containers: + - name: ml-pipeline-api-server + env: + - name: HAS_DEFAULT_BUCKET + value: 'true' + - name: BUCKET_NAME + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: bucketName + - name: PROJECT_ID + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: gcsProjectId diff --git a/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/kustomization.yaml b/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/kustomization.yaml new file mode 100644 index 00000000000..8a369d191b2 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: + - name: gcr.io/ml-pipeline/inverse-proxy-agent + newTag: 1.5.0-rc.2 +resources: + - proxy-configmap.yaml + - proxy-deployment.yaml + - proxy-role.yaml + - proxy-rolebinding.yaml + - proxy-sa.yaml diff --git a/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/proxy-configmap.yaml b/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/proxy-configmap.yaml new file mode 100644 index 00000000000..c469f7acb93 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/proxy-configmap.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: inverse-proxy-config diff --git a/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/proxy-deployment.yaml b/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/proxy-deployment.yaml new file mode 100644 index 00000000000..faf3e473098 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/proxy-deployment.yaml @@ -0,0 +1,21 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: proxy-agent + name: proxy-agent +spec: + selector: + matchLabels: + app: proxy-agent + template: + metadata: + labels: + app: proxy-agent + spec: + hostNetwork: true + containers: + - image: gcr.io/ml-pipeline/inverse-proxy-agent:dummy + imagePullPolicy: IfNotPresent + name: proxy-agent + serviceAccountName: proxy-agent-runner diff --git a/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/proxy-role.yaml b/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/proxy-role.yaml new file mode 100644 index 00000000000..d6c03d5d043 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/proxy-role.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: proxy-agent-runner + name: proxy-agent-runner +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/proxy-rolebinding.yaml b/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/proxy-rolebinding.yaml new file mode 100644 index 00000000000..72f1fc0d6f9 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/proxy-rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: proxy-agent-runner + name: proxy-agent-runner +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: proxy-agent-runner +subjects: +- kind: ServiceAccount + name: proxy-agent-runner diff --git a/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/proxy-sa.yaml b/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/proxy-sa.yaml new file mode 100644 index 00000000000..af8b0c3c2d6 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/proxy-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: proxy-agent-runner diff --git a/apps/kfp-tekton/upstream/env/gcp/kustomization.yaml b/apps/kfp-tekton/upstream/env/gcp/kustomization.yaml new file mode 100644 index 00000000000..e96b88413fb --- /dev/null +++ b/apps/kfp-tekton/upstream/env/gcp/kustomization.yaml @@ -0,0 +1,32 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +bases: + # Application controller is used to provide Google Cloud Console integration. + - ../../third-party/application + - ../../base/application + - ../../base/installs/generic + - ../../base/metadata/base + - ../../third-party/argo/installs/namespace + - inverse-proxy + - minio-gcs-gateway + - cloudsql-proxy + +# Identifier for application manager to apply ownerReference. +# The ownerReference ensures the resources get garbage collected +# when application is deleted. +commonLabels: + application-crd-id: kubeflow-pipelines + +# !!! If you want to customize the namespace, +# please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml +namespace: kubeflow + +patchesStrategicMerge: + - gcp-configurations-patch.yaml + +# Used by Kustomize +configMapGenerator: + - name: pipeline-install-config + env: params.env + behavior: merge diff --git a/apps/kfp-tekton/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml b/apps/kfp-tekton/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml new file mode 100644 index 00000000000..877ad81746a --- /dev/null +++ b/apps/kfp-tekton/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- minio-gcs-gateway-deployment.yaml +- minio-gcs-gateway-sa.yaml +- minio-gcs-gateway-service.yaml + +secretGenerator: +- name: mlpipeline-minio-artifact + env: minio-artifact-secret.env +generatorOptions: + # mlpipeline-minio-artifact needs to be referred by exact name + disableNameSuffixHash: true diff --git a/apps/kfp-tekton/upstream/env/gcp/minio-gcs-gateway/minio-artifact-secret.env b/apps/kfp-tekton/upstream/env/gcp/minio-gcs-gateway/minio-artifact-secret.env new file mode 100644 index 00000000000..bc8613ce2a0 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/gcp/minio-gcs-gateway/minio-artifact-secret.env @@ -0,0 +1,2 @@ +accesskey=minio +secretkey=minio123 diff --git a/apps/kfp-tekton/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml b/apps/kfp-tekton/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml new file mode 100644 index 00000000000..bb85c95eb0d --- /dev/null +++ b/apps/kfp-tekton/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml @@ -0,0 +1,47 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio + labels: + app: minio +spec: + selector: + matchLabels: + app: minio + strategy: + type: Recreate + template: + metadata: + labels: + app: minio + spec: + serviceAccountName: kubeflow-pipelines-minio-gcs-gateway + containers: + - name: minio + image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance + args: + - gateway + - gcs + - $(GCP_PROJECT_ID) + env: + - name: GCP_PROJECT_ID + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: gcsProjectId + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: accesskey + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: secretkey + resources: + requests: + cpu: 20m + memory: 25Mi + ports: + - containerPort: 9000 diff --git a/apps/kfp-tekton/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-sa.yaml b/apps/kfp-tekton/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-sa.yaml new file mode 100644 index 00000000000..2aa4f937685 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-minio-gcs-gateway diff --git a/apps/kfp-tekton/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml b/apps/kfp-tekton/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml new file mode 100644 index 00000000000..7dd18174965 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: minio-service +spec: + ports: + - port: 9000 + targetPort: 9000 + protocol: TCP + selector: + app: minio \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/env/gcp/params.env b/apps/kfp-tekton/upstream/env/gcp/params.env new file mode 100644 index 00000000000..0c1d077bee7 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/gcp/params.env @@ -0,0 +1,6 @@ +pipelineDb=pipelinedb +mlmdDb=metadb +cacheDb=cachedb +bucketName=yourGcsBucketName +gcsProjectId=yourGcsProjectId +gcsCloudSqlInstanceName=yourCloudSqlInstanceName diff --git a/apps/kfp-tekton/upstream/env/kfp-template/application-crd.yaml b/apps/kfp-tekton/upstream/env/kfp-template/application-crd.yaml new file mode 100644 index 00000000000..31698c906c3 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/kfp-template/application-crd.yaml @@ -0,0 +1,6 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + kubeflow/crd-install: "true" + name: applications.app.k8s.io diff --git a/apps/kfp-tekton/upstream/env/kfp-template/kustomization.yaml b/apps/kfp-tekton/upstream/env/kfp-template/kustomization.yaml new file mode 100644 index 00000000000..9e80513f55f --- /dev/null +++ b/apps/kfp-tekton/upstream/env/kfp-template/kustomization.yaml @@ -0,0 +1,32 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +bases: + - ../plain + - ../../third-party/tekton-custom-task + +resources: + - namespace.yaml + +patchesStrategicMerge: + - application-crd.yaml + - scheduled-workflow-crd.yaml + - viewer-crd.yaml + +images: + - name: docker.io/aipipeline/api-server + newTag: 0.8.0 + - name: docker.io/aipipeline/persistenceagent + newTag: 0.8.0 + - name: docker.io/aipipeline/frontend + newTag: 0.8.0 + - name: docker.io/aipipeline/metadata-writer + newTag: 0.8.0 + - name: docker.io/aipipeline/scheduledworkflow + newTag: 0.8.0 + - name: docker.io/aipipeline/cache-server + newTag: 0.8.0 + - name: docker.io/aipipeline/pipelineloop-controller + newTag: 0.8.0 + - name: docker.io/aipipeline/pipelineloop-webhook + newTag: 0.8.0 diff --git a/apps/kfp-tekton/upstream/env/kfp-template/namespace.yaml b/apps/kfp-tekton/upstream/env/kfp-template/namespace.yaml new file mode 100644 index 00000000000..7a940e4673d --- /dev/null +++ b/apps/kfp-tekton/upstream/env/kfp-template/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: kubeflow diff --git a/apps/kfp-tekton/upstream/env/kfp-template/scheduled-workflow-crd.yaml b/apps/kfp-tekton/upstream/env/kfp-template/scheduled-workflow-crd.yaml new file mode 100644 index 00000000000..c09e5b1cb6c --- /dev/null +++ b/apps/kfp-tekton/upstream/env/kfp-template/scheduled-workflow-crd.yaml @@ -0,0 +1,6 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: scheduledworkflows.kubeflow.org + labels: + kubeflow/crd-install: "true" diff --git a/apps/kfp-tekton/upstream/env/kfp-template/viewer-crd.yaml b/apps/kfp-tekton/upstream/env/kfp-template/viewer-crd.yaml new file mode 100644 index 00000000000..713c62d2b99 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/kfp-template/viewer-crd.yaml @@ -0,0 +1,6 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: viewers.kubeflow.org + labels: + kubeflow/crd-install: "true" diff --git a/apps/kfp-tekton/upstream/env/plain-multi-user/kustomization.yaml b/apps/kfp-tekton/upstream/env/plain-multi-user/kustomization.yaml new file mode 100644 index 00000000000..5bdb25278d1 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/plain-multi-user/kustomization.yaml @@ -0,0 +1,21 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +bases: + - ../../base/installs/multi-user + - ../../base/metadata/base + - ../../third-party/mysql/base + - ../../third-party/mysql/options/istio + - ../../third-party/minio/base + - ../../third-party/minio/options/istio + - ../../third-party/metacontroller/base + +# Identifier for application manager to apply ownerReference. +# The ownerReference ensures the resources get garbage collected +# when application is deleted. +commonLabels: + application-crd-id: kubeflow-pipelines + +# !!! If you want to customize the namespace, +# please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml +namespace: kubeflow diff --git a/apps/kfp-tekton/upstream/env/plain/kustomization.yaml b/apps/kfp-tekton/upstream/env/plain/kustomization.yaml new file mode 100644 index 00000000000..97c42e278e5 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/plain/kustomization.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +bases: + - ../../base/installs/generic + - ../../base/metadata/base + - ../../third-party/minio/base + - ../../third-party/mysql/base + +# Identifier for application manager to apply ownerReference. +# The ownerReference ensures the resources get garbage collected +# when application is deleted. +commonLabels: + application-crd-id: kubeflow-pipelines + +# !!! If you want to customize the namespace, +# please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml +namespace: kubeflow diff --git a/apps/kfp-tekton/upstream/env/platform-agnostic-multi-user/kustomization.yaml b/apps/kfp-tekton/upstream/env/platform-agnostic-multi-user/kustomization.yaml new file mode 100644 index 00000000000..d56660f2b65 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/platform-agnostic-multi-user/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +bases: + - ../../third-party/tekton/installs/cluster + - ../../third-party/tekton-custom-task + - ../plain-multi-user diff --git a/apps/kfp-tekton/upstream/env/platform-agnostic/kustomization.yaml b/apps/kfp-tekton/upstream/env/platform-agnostic/kustomization.yaml new file mode 100644 index 00000000000..7238062e296 --- /dev/null +++ b/apps/kfp-tekton/upstream/env/platform-agnostic/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +bases: + - ../../third-party/tekton/installs/cluster + - ../../third-party/tekton-custom-task + - ../plain diff --git a/apps/kfp-tekton/upstream/gcp-workload-identity-setup.sh b/apps/kfp-tekton/upstream/gcp-workload-identity-setup.sh new file mode 100755 index 00000000000..6fac04c570f --- /dev/null +++ b/apps/kfp-tekton/upstream/gcp-workload-identity-setup.sh @@ -0,0 +1,202 @@ +#!/bin/bash +# +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -e + +# Kubernetes Namespace +NAMESPACE=${NAMESPACE:-kubeflow} + +# Google service Account (GSA) +SYSTEM_GSA=${SYSTEM_GSA:-$RESOURCE_PREFIX-kfp-system} +USER_GSA=${USER_GSA:-$RESOURCE_PREFIX-kfp-user} + +# Kubernetes Service Account (KSA) +# Note, if deploying manifests/kustomize/env/gcp, you can add the following KSAs +# to the array of SYSTEM_KSA: +# * kubeflow-pipelines-minio-gcs-gateway needs gcs permissions +# * kubeflow-pipelines-cloudsql-proxy needs cloudsql permissions +SYSTEM_KSA=(ml-pipeline-ui ml-pipeline-visualizationserver) +USER_KSA=(pipeline-runner kubeflow-pipelines-container-builder kubeflow-pipelines-viewer) + +if [ -n $USE_GCP_MANAGED_STORAGE ]; then + SYSTEM_KSA+=(kubeflow-pipelines-minio-gcs-gateway) + SYSTEM_KSA+=(kubeflow-pipelines-cloudsql-proxy) +fi + +cat < RESOURCE_PREFIX= NAMESPACE= ./gcp-workload-identity-setup.sh +``` + +PROJECT_ID: GCP project ID your cluster belongs to. +RESOURCE_PREFIX: Your preferred resource prefix for GCP resources this script creates. +NAMESPACE: Optional. Kubernetes namespace your Kubeflow Pipelines standalone deployment belongs to. (Defaults to kubeflow) +USE_GCP_MANAGED_STORAGE: Optional. Defaults to "false", specify "true" if you intend to use GCP managed storage (Google Cloud Storage and Cloud SQL) following instructions in: +https://github.com/kubeflow/pipelines/tree/master/manifests/kustomize/sample +EOF +} +if [ -z "$PROJECT_ID" ]; then + usage + echo + echo "Error: PROJECT_ID env variable is empty!" + exit 1 +fi +if [ -z "$RESOURCE_PREFIX" ]; then + usage + echo + echo "Error: RESOURCE_PREFIX env variable is empty!" + exit 1 +fi +echo "Env variables set:" +echo "* PROJECT_ID=$PROJECT_ID" +echo "* RESOURCE_PREFIX=$RESOURCE_PREFIX" +echo "* NAMESPACE=$NAMESPACE" +echo "* USE_GCP_MANAGED_STORAGE=${USE_GCP_MANAGED_STORAGE:-false}" +echo + +SYSTEM_GSA_FULL="$SYSTEM_GSA@$PROJECT_ID.iam.gserviceaccount.com" +USER_GSA_FULL="$USER_GSA@$PROJECT_ID.iam.gserviceaccount.com" + +cat </dev/null; then + echo "KSA $name already exists" + else + kubectl create serviceaccount $name -n $NAMESPACE --save-config + echo "KSA $name created" + fi +} + +# Bind KSA to GSA through workload identity. +# Documentation: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity +function bind_gsa_and_ksa { + local gsa=${1} + local ksa=${2} + + gcloud iam service-accounts add-iam-policy-binding $gsa@$PROJECT_ID.iam.gserviceaccount.com \ + --member="serviceAccount:$PROJECT_ID.svc.id.goog[$NAMESPACE/$ksa]" \ + --role="roles/iam.workloadIdentityUser" \ + > /dev/null # hide verbose output + + create_ksa_if_not_present $ksa + kubectl annotate serviceaccount \ + --namespace $NAMESPACE \ + --overwrite \ + $ksa \ + iam.gke.io/gcp-service-account=$gsa@$PROJECT_ID.iam.gserviceaccount.com + echo "* Bound KSA $ksa to GSA $gsa" +} + +echo "Binding each kfp system KSA to $SYSTEM_GSA" +for ksa in ${SYSTEM_KSA[@]}; do + bind_gsa_and_ksa $SYSTEM_GSA $ksa +done + +echo "Binding each kfp user KSA to $USER_GSA" +for ksa in ${USER_KSA[@]}; do + bind_gsa_and_ksa $USER_GSA $ksa +done + +echo +echo "All the workload identity bindings have succeeded!" +cat < /dev/null && pwd)" + +function format_yaml { + local path=$1 + local tmp=$(mktemp) + yq r "$path" > "$tmp" + cp "$tmp" "$path" +} +echo "This formatting script uses yq, it can be downloaded at https://github.com/mikefarah/yq/releases/tag/3.3.0" +kustomization_yamls_with_images=( + "base/cache-deployer/kustomization.yaml" + "base/cache/kustomization.yaml" + "base/metadata/base/kustomization.yaml" + "base/pipeline/metadata-writer/kustomization.yaml" + "base/pipeline/kustomization.yaml" + "env/gcp/inverse-proxy/kustomization.yaml" +) +for path in "${kustomization_yamls_with_images[@]}" +do + format_yaml "$DIR/../$path" +done diff --git a/apps/kfp-tekton/upstream/hack/presubmit.sh b/apps/kfp-tekton/upstream/hack/presubmit.sh new file mode 100755 index 00000000000..7ec09c66da7 --- /dev/null +++ b/apps/kfp-tekton/upstream/hack/presubmit.sh @@ -0,0 +1,49 @@ +#!/bin/bash +# +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This is a wrapper script on top of test.sh, it installs required dependencies. + +set -ex + +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null && pwd)" +TMP="$(mktemp -d)" + +pushd "${TMP}" +# Install Kustomize +KUSTOMIZE_VERSION=3.10.0 +# Reference: https://kubectl.docs.kubernetes.io/installation/kustomize/binaries/ +curl -s -O "https://github.com/raw/\ +kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" +chmod +x install_kustomize.sh +./install_kustomize.sh "${KUSTOMIZE_VERSION}" /usr/local/bin/ + +# Reference: https://github.com/mikefarah/yq/releases/tag/3.4.1 +curl -s -LO "https://github.com/mikefarah/yq/releases/download/3.4.1/yq_linux_amd64" +chmod +x yq_linux_amd64 +mv yq_linux_amd64 /usr/local/bin/yq +popd + +# kpt and kubectl should already be installed in gcr.io/google.com/cloudsdktool/cloud-sdk:latest +# so we do not need to install them here + +# trigger real unit tests +${DIR}/test.sh +# verify release script runs properly + +${DIR}/release.sh v1.2.3-dummy +# --no-pager sends output to stdout +# Show git diff, so people can manually verify results of the release script +git --no-pager diff diff --git a/apps/kfp-tekton/upstream/hack/release.sh b/apps/kfp-tekton/upstream/hack/release.sh new file mode 100755 index 00000000000..2a01e4ede45 --- /dev/null +++ b/apps/kfp-tekton/upstream/hack/release.sh @@ -0,0 +1,42 @@ +#!/bin/bash +# +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +TAG_NAME=$1 +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null && pwd)" +MANIFEST_DIR="${DIR}/.." + +if [[ -z "$TAG_NAME" ]]; then + echo "Usage: release.sh " >&2 + exit 1 +fi + +echo "This release script uses yq, it can be downloaded at https://github.com/mikefarah/yq/releases/tag/3.3.0" +kustomization_yamls_with_images=( + "base/cache-deployer/kustomization.yaml" + "base/cache/kustomization.yaml" + "base/metadata/base/kustomization.yaml" + "base/pipeline/metadata-writer/kustomization.yaml" + "base/pipeline/kustomization.yaml" + "env/gcp/inverse-proxy/kustomization.yaml" +) +for path in "${kustomization_yamls_with_images[@]}" +do + yq w -i "${MANIFEST_DIR}/$path" images[*].newTag "$TAG_NAME" +done + +yq w -i "${MANIFEST_DIR}/base/installs/generic/pipeline-install-config.yaml" data.appVersion "$TAG_NAME" diff --git a/apps/kfp-tekton/upstream/sample/README.md b/apps/kfp-tekton/upstream/sample/README.md new file mode 100644 index 00000000000..c4bfe95ba23 --- /dev/null +++ b/apps/kfp-tekton/upstream/sample/README.md @@ -0,0 +1,77 @@ +# Sample installation + +1. Prepare a cluster and setup kubectl context +Do whatever you want to customize your cluster. You can use existing cluster +or create a new one. +- **ML Usage** GPU normally is required for deep learning task. +You may consider create **zero-sized GPU node-pool with autoscaling**. +Please reference [GPU Tutorial](/samples/tutorials/gpu/). +- **Security** You may consider use **Workload Identity** in GCP cluster. + +Here for simplicity, we create a small cluster with **--scopes=cloud-platform** +which grants all the GCP permissions to the cluster. + +``` +gcloud container clusters create mycluster \ + --zone us-central1-a \ + --machine-type n1-standard-2 \ + --scopes cloud-platform \ + --enable-autoscaling \ + --min-nodes 1 \ + --max-nodes 5 \ + --num-nodes 3 +``` + +2. Prepare CloudSQL + +Create CloudSQL instance. [Console](https://console.cloud.google.com/sql/instances). + +Here is a sample for demo. + +``` +gcloud beta sql instances create mycloudsqlname \ + --database-version=MYSQL_5_7 \ + --tier=db-n1-standard-1 \ + --region=us-central1 \ + --root-password=password123 +``` + +You may use **Private IP** to well protect your CloudSQL. +If you use **Private IP**, please go to [VPC network peering](https://console.cloud.google.com/networking/peering/list) +to double check whether the "cloudsql-mysql-googleais-com" is created and the "Exchange custom routes" is enabled. You +are expected to see "Peer VPC network is connected". + +3. Prepare GCS Bucket + +Create Cloud Storage bucket. [Console](https://console.cloud.google.com/storage). + +``` +gsutil mb -p myProjectId gs://myBucketName/ +``` + +4. Customize your values +- Edit **params.env**, **params-db-secret.env** and **cluster-scoped-resources/params.env** +- Edit kustomization.yaml to set your namespace, e.x. "kubeflow" + +5. (Optional.) If the cluster is on Workload Identity, please run **[gcp-workload-identity-setup.sh](../gcp-workload-identity-setup.sh)** + The script prints usage documentation when calling without argument. Note, you should + call it with `USE_GCP_MANAGED_STORAGE=true` env var. + + - make sure the Google Service Account (GSA) can access the CloudSQL instance and GCS bucket + - if your workload calls other GCP APIs, make sure the GSA can access them + +6. Install + +``` +kubectl apply -k sample/cluster-scoped-resources/ + +kubectl wait crd/applications.app.k8s.io --for condition=established --timeout=60s + +kubectl apply -k sample/ +# If upper one action got failed, e.x. you used wrong value, try delete, fix and apply again +# kubectl delete -k sample/ + +kubectl wait applications/mypipeline -n kubeflow --for condition=Ready --timeout=1800s +``` + +Now you can find the installation in [Console](http://console.cloud.google.com/ai-platform/pipelines) diff --git a/apps/kfp-tekton/upstream/sample/cluster-scoped-resources/kustomization.yaml b/apps/kfp-tekton/upstream/sample/cluster-scoped-resources/kustomization.yaml new file mode 100644 index 00000000000..83c54aa99c3 --- /dev/null +++ b/apps/kfp-tekton/upstream/sample/cluster-scoped-resources/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +# !!! If you want to customize the namespace, +# please also update sample/kustomization.yaml's namespace field to the same value +namespace: kubeflow + +bases: + # Or github.com/kubeflow/pipelines/manifests/kustomize/cluster-scoped-resources?ref=1.0.0 + - ../../cluster-scoped-resources diff --git a/apps/kfp-tekton/upstream/sample/kustomization.yaml b/apps/kfp-tekton/upstream/sample/kustomization.yaml new file mode 100644 index 00000000000..3af7efd42bc --- /dev/null +++ b/apps/kfp-tekton/upstream/sample/kustomization.yaml @@ -0,0 +1,39 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +bases: + # Or github.com/kubeflow/pipelines/manifests/kustomize/env/gcp?ref=1.0.0 + - ../env/gcp + # Kubeflow Pipelines servers are capable of collecting Prometheus metrics. + # If you want to monitor your Kubeflow Pipelines servers with those metrics, you'll need a Prometheus server in your Kubeflow Pipelines cluster. + # If you don't already have a Prometheus server up, you can uncomment the following configuration files for Prometheus. + # If you have your own Prometheus server up already or you don't want a Prometheus server for monitoring, you can comment the following line out. + # - ../third_party/prometheus + # - ../third_party/grafana + +# Identifier for application manager to apply ownerReference. +# The ownerReference ensures the resources get garbage collected +# when application is deleted. +commonLabels: + application-crd-id: kubeflow-pipelines + +# Used by Kustomize +configMapGenerator: + - name: pipeline-install-config + env: params.env + behavior: merge + +secretGenerator: + - name: mysql-secret + env: params-db-secret.env + behavior: merge + +# !!! If you want to customize the namespace, +# please also update sample/cluster-scoped-resources/kustomization.yaml's namespace field to the same value +namespace: kubeflow + +#### Customization ### +# 1. Change values in params.env file +# 2. Change values in params-db-secret.env file for CloudSQL username and password +# 3. kubectl apply -k ./ +#### diff --git a/apps/kfp-tekton/upstream/sample/params-db-secret.env b/apps/kfp-tekton/upstream/sample/params-db-secret.env new file mode 100644 index 00000000000..c15cb2e3377 --- /dev/null +++ b/apps/kfp-tekton/upstream/sample/params-db-secret.env @@ -0,0 +1,2 @@ +username=root +password= diff --git a/apps/kfp-tekton/upstream/sample/params.env b/apps/kfp-tekton/upstream/sample/params.env new file mode 100644 index 00000000000..6d6cca0d902 --- /dev/null +++ b/apps/kfp-tekton/upstream/sample/params.env @@ -0,0 +1,4 @@ +appName=mypipeline +bucketName=mybucketname +gcsProjectId=myprojectid +gcsCloudSqlInstanceName=myprojectid:myregion:myinstance diff --git a/apps/kfp-tekton/upstream/third-party/application/application-controller-deployment.yaml b/apps/kfp-tekton/upstream/third-party/application/application-controller-deployment.yaml new file mode 100644 index 00000000000..8cffbb44fde --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/application/application-controller-deployment.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" +spec: + selector: + matchLabels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + template: + metadata: + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + spec: + containers: + - command: + - /bin/sh + - -c + # See https://github.com/kubeflow/gcp-blueprints/issues/184. + - | + echo "logs are hidden because volume is too excessive" && + /root/manager 2> /dev/null + # A customized image with https://github.com/kubernetes-sigs/application/pull/127 + image: gcr.io/ml-pipeline/application-crd-controller:1.0-beta-non-cluster-role + imagePullPolicy: IfNotPresent + name: manager + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 30Mi + requests: + cpu: 100m + memory: 20Mi + serviceAccountName: application diff --git a/apps/kfp-tekton/upstream/third-party/application/application-controller-role.yaml b/apps/kfp-tekton/upstream/third-party/application/application-controller-role.yaml new file mode 100644 index 00000000000..ac061350876 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/application/application-controller-role.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: application-manager-role +rules: + - apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - list + - update + - patch + - watch + - apiGroups: + - app.k8s.io + resources: + - '*' + verbs: + - '*' \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/application/application-controller-rolebinding.yaml b/apps/kfp-tekton/upstream/third-party/application/application-controller-rolebinding.yaml new file mode 100644 index 00000000000..24b383a1802 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/application/application-controller-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: application-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: application-manager-role +subjects: + - kind: ServiceAccount + name: application diff --git a/apps/kfp-tekton/upstream/third-party/application/application-controller-sa.yaml b/apps/kfp-tekton/upstream/third-party/application/application-controller-sa.yaml new file mode 100644 index 00000000000..bd130391510 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/application/application-controller-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: application diff --git a/apps/kfp-tekton/upstream/third-party/application/application-controller-service.yaml b/apps/kfp-tekton/upstream/third-party/application/application-controller-service.yaml new file mode 100644 index 00000000000..e4b6086bad5 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/application/application-controller-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: controller-manager-service + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" +spec: + selector: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + ports: + - port: 443 \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/application/cluster-scoped/application-crd.yaml b/apps/kfp-tekton/upstream/third-party/application/cluster-scoped/application-crd.yaml new file mode 100644 index 00000000000..e17455d521c --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/application/cluster-scoped/application-crd.yaml @@ -0,0 +1,234 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + controller-tools.k8s.io: "1.0" + name: applications.app.k8s.io +spec: + group: app.k8s.io + names: + kind: Application + plural: applications + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + addOwnerRef: + type: boolean + assemblyPhase: + type: string + componentKinds: + items: + type: object + type: array + descriptor: + properties: + description: + type: string + icons: + items: + properties: + size: + type: string + src: + type: string + type: + type: string + required: + - src + type: object + type: array + keywords: + items: + type: string + type: array + links: + items: + properties: + description: + type: string + url: + type: string + type: object + type: array + maintainers: + items: + properties: + email: + type: string + name: + type: string + url: + type: string + type: object + type: array + notes: + type: string + owners: + items: + properties: + email: + type: string + name: + type: string + url: + type: string + type: object + type: array + type: + type: string + version: + type: string + type: object + info: + items: + properties: + name: + type: string + type: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + key: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + ingressRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + host: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + path: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + secretKeyRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + key: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + serviceRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + path: + type: string + port: + format: int32 + type: integer + resourceVersion: + type: string + uid: + type: string + type: object + type: + type: string + type: object + type: object + type: array + selector: + type: object + type: object + status: + properties: + components: + items: + properties: + group: + type: string + kind: + type: string + link: + type: string + name: + type: string + status: + type: string + type: object + type: array + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + lastUpdateTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - type + - status + type: object + type: array + observedGeneration: + format: int64 + type: integer + type: object + version: v1beta1 diff --git a/apps/kfp-tekton/upstream/third-party/application/cluster-scoped/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/application/cluster-scoped/kustomization.yaml new file mode 100644 index 00000000000..0fc4e0bb3f1 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/application/cluster-scoped/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- application-crd.yaml diff --git a/apps/kfp-tekton/upstream/third-party/application/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/application/kustomization.yaml new file mode 100644 index 00000000000..c35e3eebcb9 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/application/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - application-controller-deployment.yaml + - application-controller-role.yaml + - application-controller-rolebinding.yaml + - application-controller-sa.yaml + - application-controller-service.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/Makefile b/apps/kfp-tekton/upstream/third-party/argo/Makefile new file mode 100644 index 00000000000..aaed86b577f --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/Makefile @@ -0,0 +1,14 @@ +REPO_ROOT=../../../.. + +update: + rm -rf upstream + mkdir upstream + # This currently yields an error after fetching upstream manifests: + # > wrong Node Kind for expected: MappingNode was SequenceNode + # The error can be ignored for now. + # TODO(Bobgy): figure out a workaround. + -kpt pkg get "https://github.com/argoproj/argo-workflows.git/manifests@$$(cat $(REPO_ROOT)/third_party/argo/VERSION)" upstream/ + # Remove the pre-hydrated manifests which we do not use. + rm upstream/manifests/*.yaml + # Remove README.md which might be confusing here. + rm upstream/manifests/README.md diff --git a/apps/kfp-tekton/upstream/third-party/argo/README.md b/apps/kfp-tekton/upstream/third-party/argo/README.md new file mode 100644 index 00000000000..df29731b33c --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/README.md @@ -0,0 +1,15 @@ +# Manifests for Argo workflows + +Kubeflow Pipelines uses [Argo Workflows](https://argoproj.github.io/argo-workflows/) as the underlying workflow execution engine. + +This folder contains: + +* `upstream/manifests` a mirror of argo workflows manifests upstream. It should never be edited here. Run `make update` to update it. +* `installs` a folder with preconfigured argo workflows installations used in Kubeflow Pipelines distributions. + + Major differences from upstream argo manifests: + + * Argo server is not included. + * Argo workflow controller configmap is preconfigured to integrate with KFP. + * Images are configured to use KFP redistributed ones which comply with open source licenses. + * A default artifact repository config is added for in-cluster minio service. diff --git a/apps/kfp-tekton/upstream/third-party/argo/base/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/base/kustomization.yaml new file mode 100644 index 00000000000..81c3b931643 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/base/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +bases: +- ../upstream/manifests/base/workflow-controller + +patchesStrategicMerge: +- workflow-controller-deployment-patch.yaml +- workflow-controller-configmap-patch.yaml + +# Allow Kustomize vars to replace fields defined in params.yaml. +# The vars can be defined anywhere. +configurations: +- params.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/base/params.yaml b/apps/kfp-tekton/upstream/third-party/argo/base/params.yaml new file mode 100644 index 00000000000..91e9f1f248f --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/base/params.yaml @@ -0,0 +1,3 @@ +varReference: +- path: data/artifactRepository + kind: ConfigMap diff --git a/apps/kfp-tekton/upstream/third-party/argo/base/workflow-controller-configmap-patch.yaml b/apps/kfp-tekton/upstream/third-party/argo/base/workflow-controller-configmap-patch.yaml new file mode 100644 index 00000000000..394b80687ac --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/base/workflow-controller-configmap-patch.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: workflow-controller-configmap +data: + # References: + # * https://github.com/argoproj/argo-workflows/blob/v2.12.9/config/config.go + # * https://github.com/argoproj/argo-workflows/blob/v2.12.9/docs/workflow-controller-configmap.md + # * https://github.com/argoproj/argo-workflows/blob/v2.12.9/docs/workflow-controller-configmap.yaml + + # pns executor is a more portable default, see https://github.com/kubeflow/pipelines/issues/1654. + # However, it is flaky for containers that run really fast, see https://github.com/kubeflow/pipelines/issues/5285. + # So we still default to docker for now. + containerRuntimeExecutor: docker + + # In artifactRepository.s3.endpoint, $(kfp-namespace) is needed, because in multi-user mode, pipelines may run in other namespaces. + artifactRepository: | + archiveLogs: true + s3: + endpoint: "minio-service.$(kfp-namespace):9000" + bucket: "$(kfp-artifact-bucket-name)" + keyFormat: "artifacts/{{workflow.name}}/{{pod.name}}" + # insecure will disable TLS. Primarily used for minio installs not configured with TLS + insecure: true + accessKeySecret: + name: mlpipeline-minio-artifact + key: accesskey + secretKeySecret: + name: mlpipeline-minio-artifact + key: secretkey diff --git a/apps/kfp-tekton/upstream/third-party/argo/base/workflow-controller-deployment-patch.yaml b/apps/kfp-tekton/upstream/third-party/argo/base/workflow-controller-deployment-patch.yaml new file mode 100644 index 00000000000..86eb95d3f9e --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/base/workflow-controller-deployment-patch.yaml @@ -0,0 +1,19 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: workflow-controller +spec: + template: + spec: + containers: + - name: workflow-controller + image: gcr.io/ml-pipeline/workflow-controller:v2.12.9-license-compliance + args: + - --configmap + - workflow-controller-configmap + - --executor-image + - gcr.io/ml-pipeline/argoexec:v2.12.9-license-compliance + resources: + requests: + cpu: 100m + memory: 500Mi diff --git a/apps/kfp-tekton/upstream/third-party/argo/installs/cluster/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/installs/cluster/kustomization.yaml new file mode 100644 index 00000000000..077419550d6 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/installs/cluster/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +bases: +# Note, we do not explicitly separate cluster-scoped resources for cluster installation, +# because people who deploy cluster-scoped resources should be the same as who deploys +# namespaced resources. +- ../../upstream/manifests/base/crds +- ../../upstream/manifests/cluster-install/workflow-controller-rbac +- ../../base diff --git a/apps/kfp-tekton/upstream/third-party/argo/installs/namespace/cluster-scoped/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/installs/namespace/cluster-scoped/kustomization.yaml new file mode 100644 index 00000000000..a733d309d0a --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/installs/namespace/cluster-scoped/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- ../../../upstream/manifests/base/crds diff --git a/apps/kfp-tekton/upstream/third-party/argo/installs/namespace/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/installs/namespace/kustomization.yaml new file mode 100644 index 00000000000..1a861c499cc --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/installs/namespace/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +# This kustomization.yaml is built mirroring ../../upstream/manifests/namespace-install/kustomization.yaml. +# The differences: +# * this does not include argo server. +# * this separates cluster-scoped resources to its own folder. + +bases: +- ../../base +- ../../upstream/manifests/namespace-install/workflow-controller-rbac + +patchesJson6902: +- target: + version: v1 + group: apps + kind: Deployment + name: workflow-controller + path: workflow-controller-deployment-patch.json diff --git a/apps/kfp-tekton/upstream/third-party/argo/installs/namespace/workflow-controller-deployment-patch.json b/apps/kfp-tekton/upstream/third-party/argo/installs/namespace/workflow-controller-deployment-patch.json new file mode 100644 index 00000000000..b8d82b0c752 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/installs/namespace/workflow-controller-deployment-patch.json @@ -0,0 +1,7 @@ +[ + { + "op": "add", + "path": "/spec/template/spec/containers/0/args/-", + "value": "--namespaced" + } +] diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/Kptfile b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/Kptfile new file mode 100644 index 00000000000..4ad71de4187 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/Kptfile @@ -0,0 +1,11 @@ +apiVersion: kpt.dev/v1alpha1 +kind: Kptfile +metadata: + name: manifests +upstream: + type: git + git: + commit: 737905345d70ba1ebd566ce1230e4f971993dfd0 + repo: https://github.com/argoproj/argo-workflows + directory: /manifests + ref: v2.12.9 diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-deployment.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-deployment.yaml new file mode 100644 index 00000000000..4780b43fcc2 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-deployment.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: argo-server +spec: + selector: + matchLabels: + app: argo-server + template: + metadata: + labels: + app: argo-server + spec: + serviceAccountName: argo-server + containers: + - name: argo-server + image: argoproj/argocli:v2.12.9 + args: [ server ] + ports: + - name: web + containerPort: 2746 + readinessProbe: + httpGet: + port: 2746 + scheme: HTTP + path: / + initialDelaySeconds: 10 + periodSeconds: 20 + volumeMounts: + - mountPath: /tmp + name: tmp + volumes: + - name: tmp + emptyDir: { } + securityContext: + runAsNonRoot: true + nodeSelector: + kubernetes.io/os: linux diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-sa.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-sa.yaml new file mode 100644 index 00000000000..1d07b8da9e1 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo-server diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-service.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-service.yaml new file mode 100644 index 00000000000..0c6e58d30ed --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: argo-server +spec: + selector: + app: argo-server + ports: + - name: web + port: 2746 + targetPort: 2746 diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/kustomization.yaml new file mode 100644 index 00000000000..3817bd729b1 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- argo-server-deployment.yaml +- argo-server-sa.yaml +- argo-server-service.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/README.md b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/README.md new file mode 100644 index 00000000000..bca5186fefe --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/README.md @@ -0,0 +1,3 @@ +# Full CRDs + +These CRDs have full schema validation. As a result, they are large and probably not suitable to be used in your cluster. diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_clusterworkflowtemplates.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_clusterworkflowtemplates.yaml new file mode 100644 index 00000000000..ab129027c97 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_clusterworkflowtemplates.yaml @@ -0,0 +1,6703 @@ +# This is an auto-generated file. DO NOT EDIT +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterworkflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: ClusterWorkflowTemplate + listKind: ClusterWorkflowTemplateList + plural: clusterworkflowtemplates + shortNames: + - clusterwftmpl + - cwft + singular: clusterworkflowtemplate + scope: Cluster + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + artifactRepositoryRef: + properties: + configMap: + type: string + key: + type: string + type: object + automountServiceAccountToken: + type: boolean + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + entrypoint: + type: string + executor: + properties: + serviceAccountName: + type: string + type: object + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostNetwork: + type: boolean + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + metrics: + properties: + prometheus: + items: + properties: + counter: + properties: + value: + type: string + required: + - value + type: object + gauge: + properties: + realtime: + type: boolean + value: + type: string + required: + - realtime + - value + type: object + help: + type: string + histogram: + properties: + buckets: + items: + type: number + type: array + value: + type: string + required: + - buckets + - value + type: object + labels: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + name: + type: string + when: + type: string + required: + - help + - name + type: object + type: array + required: + - prometheus + type: object + nodeSelector: + additionalProperties: + type: string + type: object + onExit: + type: string + parallelism: + format: int64 + type: integer + podDisruptionBudget: + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + minAvailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + podGC: + properties: + strategy: + type: string + type: object + podPriority: + format: int32 + type: integer + podPriorityClassName: + type: string + podSpecPatch: + type: string + priority: + format: int32 + type: integer + retryStrategy: + properties: + backoff: + properties: + duration: + type: string + factor: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxDuration: + type: string + type: object + limit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + retryPolicy: + type: string + type: object + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + shutdown: + type: string + suspend: + type: boolean + synchronization: + properties: + mutex: + properties: + name: + type: string + type: object + semaphore: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + templates: + items: + properties: + activeDeadlineSeconds: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + archiveLocation: + properties: + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + raw: + properties: + data: + type: string + required: + - data + type: object + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + type: object + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + automountServiceAccountToken: + type: boolean + container: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - image + type: object + daemon: + type: boolean + dag: + properties: + failFast: + type: boolean + target: + type: string + tasks: + items: + properties: + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + continueOn: + properties: + error: + type: boolean + failed: + type: boolean + type: object + dependencies: + items: + type: string + type: array + depends: + type: string + name: + type: string + onExit: + type: string + template: + type: string + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + runtimeResolution: + type: boolean + template: + type: string + type: object + when: + type: string + withItems: + items: + type: object + type: array + withParam: + type: string + withSequence: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + end: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + format: + type: string + start: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + required: + - name + type: object + type: array + required: + - tasks + type: object + executor: + properties: + serviceAccountName: + type: string + type: object + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + mirrorVolumeMounts: + type: boolean + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + inputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + memoize: + properties: + cache: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - configMap + type: object + key: + type: string + maxAge: + type: string + required: + - cache + - key + - maxAge + type: object + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + metrics: + properties: + prometheus: + items: + properties: + counter: + properties: + value: + type: string + required: + - value + type: object + gauge: + properties: + realtime: + type: boolean + value: + type: string + required: + - realtime + - value + type: object + help: + type: string + histogram: + properties: + buckets: + items: + type: number + type: array + value: + type: string + required: + - buckets + - value + type: object + labels: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + name: + type: string + when: + type: string + required: + - help + - name + type: object + type: array + required: + - prometheus + type: object + name: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + outputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + exitCode: + type: string + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + result: + type: string + type: object + parallelism: + format: int64 + type: integer + podSpecPatch: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + resource: + properties: + action: + type: string + failureCondition: + type: string + flags: + items: + type: string + type: array + manifest: + type: string + mergeStrategy: + type: string + setOwnerReference: + type: boolean + successCondition: + type: string + required: + - action + type: object + retryStrategy: + properties: + backoff: + properties: + duration: + type: string + factor: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxDuration: + type: string + type: object + limit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + retryPolicy: + type: string + type: object + schedulerName: + type: string + script: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + source: + type: string + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - image + - source + type: object + securityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + sidecars: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + mirrorVolumeMounts: + type: boolean + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + steps: + items: + type: array + type: array + suspend: + properties: + duration: + type: string + type: object + synchronization: + properties: + mutex: + properties: + name: + type: string + type: object + semaphore: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template: + type: string + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + runtimeResolution: + type: boolean + template: + type: string + type: object + timeout: + type: string + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + ttlSecondsAfterFinished: + format: int32 + type: integer + ttlStrategy: + properties: + secondsAfterCompletion: + format: int32 + type: integer + secondsAfterFailure: + format: int32 + type: integer + secondsAfterSuccess: + format: int32 + type: integer + type: object + volumeClaimGC: + properties: + strategy: + type: string + type: object + volumeClaimTemplates: + items: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + status: + properties: + accessModes: + items: + type: string + type: array + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + conditions: + items: + properties: + lastProbeTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + phase: + type: string + type: object + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + workflowMetadata: + type: object + workflowTemplateRef: + properties: + clusterScope: + type: boolean + name: + type: string + type: object + type: object + required: + - metadata + - spec + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_cronworkflows.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_cronworkflows.yaml new file mode 100644 index 00000000000..42af0a37939 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_cronworkflows.yaml @@ -0,0 +1,6766 @@ +# This is an auto-generated file. DO NOT EDIT +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: cronworkflows.argoproj.io +spec: + group: argoproj.io + names: + kind: CronWorkflow + listKind: CronWorkflowList + plural: cronworkflows + shortNames: + - cwf + - cronwf + singular: cronworkflow + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + concurrencyPolicy: + type: string + failedJobsHistoryLimit: + format: int32 + type: integer + schedule: + type: string + startingDeadlineSeconds: + format: int64 + type: integer + successfulJobsHistoryLimit: + format: int32 + type: integer + suspend: + type: boolean + timezone: + type: string + workflowMetadata: + type: object + workflowSpec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + artifactRepositoryRef: + properties: + configMap: + type: string + key: + type: string + type: object + automountServiceAccountToken: + type: boolean + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + entrypoint: + type: string + executor: + properties: + serviceAccountName: + type: string + type: object + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostNetwork: + type: boolean + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + metrics: + properties: + prometheus: + items: + properties: + counter: + properties: + value: + type: string + required: + - value + type: object + gauge: + properties: + realtime: + type: boolean + value: + type: string + required: + - realtime + - value + type: object + help: + type: string + histogram: + properties: + buckets: + items: + type: number + type: array + value: + type: string + required: + - buckets + - value + type: object + labels: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + name: + type: string + when: + type: string + required: + - help + - name + type: object + type: array + required: + - prometheus + type: object + nodeSelector: + additionalProperties: + type: string + type: object + onExit: + type: string + parallelism: + format: int64 + type: integer + podDisruptionBudget: + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + minAvailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + podGC: + properties: + strategy: + type: string + type: object + podPriority: + format: int32 + type: integer + podPriorityClassName: + type: string + podSpecPatch: + type: string + priority: + format: int32 + type: integer + retryStrategy: + properties: + backoff: + properties: + duration: + type: string + factor: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxDuration: + type: string + type: object + limit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + retryPolicy: + type: string + type: object + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + shutdown: + type: string + suspend: + type: boolean + synchronization: + properties: + mutex: + properties: + name: + type: string + type: object + semaphore: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + templates: + items: + properties: + activeDeadlineSeconds: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + archiveLocation: + properties: + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + raw: + properties: + data: + type: string + required: + - data + type: object + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + type: object + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + automountServiceAccountToken: + type: boolean + container: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - image + type: object + daemon: + type: boolean + dag: + properties: + failFast: + type: boolean + target: + type: string + tasks: + items: + properties: + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + continueOn: + properties: + error: + type: boolean + failed: + type: boolean + type: object + dependencies: + items: + type: string + type: array + depends: + type: string + name: + type: string + onExit: + type: string + template: + type: string + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + runtimeResolution: + type: boolean + template: + type: string + type: object + when: + type: string + withItems: + items: + type: object + type: array + withParam: + type: string + withSequence: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + end: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + format: + type: string + start: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + required: + - name + type: object + type: array + required: + - tasks + type: object + executor: + properties: + serviceAccountName: + type: string + type: object + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + mirrorVolumeMounts: + type: boolean + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + inputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + memoize: + properties: + cache: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - configMap + type: object + key: + type: string + maxAge: + type: string + required: + - cache + - key + - maxAge + type: object + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + metrics: + properties: + prometheus: + items: + properties: + counter: + properties: + value: + type: string + required: + - value + type: object + gauge: + properties: + realtime: + type: boolean + value: + type: string + required: + - realtime + - value + type: object + help: + type: string + histogram: + properties: + buckets: + items: + type: number + type: array + value: + type: string + required: + - buckets + - value + type: object + labels: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + name: + type: string + when: + type: string + required: + - help + - name + type: object + type: array + required: + - prometheus + type: object + name: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + outputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + exitCode: + type: string + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + result: + type: string + type: object + parallelism: + format: int64 + type: integer + podSpecPatch: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + resource: + properties: + action: + type: string + failureCondition: + type: string + flags: + items: + type: string + type: array + manifest: + type: string + mergeStrategy: + type: string + setOwnerReference: + type: boolean + successCondition: + type: string + required: + - action + type: object + retryStrategy: + properties: + backoff: + properties: + duration: + type: string + factor: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxDuration: + type: string + type: object + limit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + retryPolicy: + type: string + type: object + schedulerName: + type: string + script: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + source: + type: string + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - image + - source + type: object + securityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + sidecars: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + mirrorVolumeMounts: + type: boolean + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + steps: + items: + type: array + type: array + suspend: + properties: + duration: + type: string + type: object + synchronization: + properties: + mutex: + properties: + name: + type: string + type: object + semaphore: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template: + type: string + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + runtimeResolution: + type: boolean + template: + type: string + type: object + timeout: + type: string + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + ttlSecondsAfterFinished: + format: int32 + type: integer + ttlStrategy: + properties: + secondsAfterCompletion: + format: int32 + type: integer + secondsAfterFailure: + format: int32 + type: integer + secondsAfterSuccess: + format: int32 + type: integer + type: object + volumeClaimGC: + properties: + strategy: + type: string + type: object + volumeClaimTemplates: + items: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + status: + properties: + accessModes: + items: + type: string + type: array + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + conditions: + items: + properties: + lastProbeTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + phase: + type: string + type: object + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + workflowTemplateRef: + properties: + clusterScope: + type: boolean + name: + type: string + type: object + type: object + required: + - schedule + - workflowSpec + type: object + status: + properties: + active: + items: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + type: array + conditions: + items: + properties: + message: + type: string + status: + type: string + type: + type: string + type: object + type: array + lastScheduledTime: + format: date-time + type: string + required: + - active + - conditions + - lastScheduledTime + type: object + required: + - metadata + - spec + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workfloweventbindings.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workfloweventbindings.yaml new file mode 100644 index 00000000000..bd0e2e0fb39 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workfloweventbindings.yaml @@ -0,0 +1,399 @@ +# This is an auto-generated file. DO NOT EDIT +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: workfloweventbindings.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowEventBinding + listKind: WorkflowEventBindingList + plural: workfloweventbindings + shortNames: + - wfeb + singular: workfloweventbinding + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + event: + properties: + selector: + type: string + required: + - selector + type: object + submit: + properties: + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + workflowTemplateRef: + properties: + clusterScope: + type: boolean + name: + type: string + type: object + required: + - workflowTemplateRef + type: object + required: + - event + type: object + required: + - metadata + - spec + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflows.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflows.yaml new file mode 100644 index 00000000000..e64254d6643 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflows.yaml @@ -0,0 +1,20207 @@ +# This is an auto-generated file. DO NOT EDIT +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: workflows.argoproj.io +spec: + additionalPrinterColumns: + - JSONPath: .status.phase + description: Status of the workflow + name: Status + type: string + - JSONPath: .status.startedAt + description: When the workflow was started + format: date-time + name: Age + type: date + group: argoproj.io + names: + kind: Workflow + listKind: WorkflowList + plural: workflows + shortNames: + - wf + singular: workflow + scope: Namespaced + subresources: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + artifactRepositoryRef: + properties: + configMap: + type: string + key: + type: string + type: object + automountServiceAccountToken: + type: boolean + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + entrypoint: + type: string + executor: + properties: + serviceAccountName: + type: string + type: object + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostNetwork: + type: boolean + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + metrics: + properties: + prometheus: + items: + properties: + counter: + properties: + value: + type: string + required: + - value + type: object + gauge: + properties: + realtime: + type: boolean + value: + type: string + required: + - realtime + - value + type: object + help: + type: string + histogram: + properties: + buckets: + items: + type: number + type: array + value: + type: string + required: + - buckets + - value + type: object + labels: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + name: + type: string + when: + type: string + required: + - help + - name + type: object + type: array + required: + - prometheus + type: object + nodeSelector: + additionalProperties: + type: string + type: object + onExit: + type: string + parallelism: + format: int64 + type: integer + podDisruptionBudget: + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + minAvailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + podGC: + properties: + strategy: + type: string + type: object + podPriority: + format: int32 + type: integer + podPriorityClassName: + type: string + podSpecPatch: + type: string + priority: + format: int32 + type: integer + retryStrategy: + properties: + backoff: + properties: + duration: + type: string + factor: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxDuration: + type: string + type: object + limit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + retryPolicy: + type: string + type: object + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + shutdown: + type: string + suspend: + type: boolean + synchronization: + properties: + mutex: + properties: + name: + type: string + type: object + semaphore: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + templates: + items: + properties: + activeDeadlineSeconds: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + archiveLocation: + properties: + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + raw: + properties: + data: + type: string + required: + - data + type: object + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + type: object + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + automountServiceAccountToken: + type: boolean + container: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - image + type: object + daemon: + type: boolean + dag: + properties: + failFast: + type: boolean + target: + type: string + tasks: + items: + properties: + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + continueOn: + properties: + error: + type: boolean + failed: + type: boolean + type: object + dependencies: + items: + type: string + type: array + depends: + type: string + name: + type: string + onExit: + type: string + template: + type: string + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + runtimeResolution: + type: boolean + template: + type: string + type: object + when: + type: string + withItems: + items: + type: object + type: array + withParam: + type: string + withSequence: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + end: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + format: + type: string + start: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + required: + - name + type: object + type: array + required: + - tasks + type: object + executor: + properties: + serviceAccountName: + type: string + type: object + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + mirrorVolumeMounts: + type: boolean + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + inputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + memoize: + properties: + cache: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - configMap + type: object + key: + type: string + maxAge: + type: string + required: + - cache + - key + - maxAge + type: object + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + metrics: + properties: + prometheus: + items: + properties: + counter: + properties: + value: + type: string + required: + - value + type: object + gauge: + properties: + realtime: + type: boolean + value: + type: string + required: + - realtime + - value + type: object + help: + type: string + histogram: + properties: + buckets: + items: + type: number + type: array + value: + type: string + required: + - buckets + - value + type: object + labels: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + name: + type: string + when: + type: string + required: + - help + - name + type: object + type: array + required: + - prometheus + type: object + name: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + outputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + exitCode: + type: string + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + result: + type: string + type: object + parallelism: + format: int64 + type: integer + podSpecPatch: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + resource: + properties: + action: + type: string + failureCondition: + type: string + flags: + items: + type: string + type: array + manifest: + type: string + mergeStrategy: + type: string + setOwnerReference: + type: boolean + successCondition: + type: string + required: + - action + type: object + retryStrategy: + properties: + backoff: + properties: + duration: + type: string + factor: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxDuration: + type: string + type: object + limit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + retryPolicy: + type: string + type: object + schedulerName: + type: string + script: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + source: + type: string + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - image + - source + type: object + securityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + sidecars: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + mirrorVolumeMounts: + type: boolean + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + steps: + items: + type: array + type: array + suspend: + properties: + duration: + type: string + type: object + synchronization: + properties: + mutex: + properties: + name: + type: string + type: object + semaphore: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template: + type: string + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + runtimeResolution: + type: boolean + template: + type: string + type: object + timeout: + type: string + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + ttlSecondsAfterFinished: + format: int32 + type: integer + ttlStrategy: + properties: + secondsAfterCompletion: + format: int32 + type: integer + secondsAfterFailure: + format: int32 + type: integer + secondsAfterSuccess: + format: int32 + type: integer + type: object + volumeClaimGC: + properties: + strategy: + type: string + type: object + volumeClaimTemplates: + items: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + status: + properties: + accessModes: + items: + type: string + type: array + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + conditions: + items: + properties: + lastProbeTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + phase: + type: string + type: object + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + workflowTemplateRef: + properties: + clusterScope: + type: boolean + name: + type: string + type: object + type: object + status: + properties: + compressedNodes: + type: string + conditions: + items: + properties: + message: + type: string + status: + type: string + type: + type: string + type: object + type: array + estimatedDuration: + type: integer + finishedAt: + format: date-time + type: string + message: + type: string + nodes: + additionalProperties: + properties: + boundaryID: + type: string + children: + items: + type: string + type: array + daemoned: + type: boolean + displayName: + type: string + estimatedDuration: + type: integer + finishedAt: + format: date-time + type: string + hostNodeName: + type: string + id: + type: string + inputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + memoizationStatus: + properties: + cacheName: + type: string + hit: + type: boolean + key: + type: string + required: + - cacheName + - hit + - key + type: object + message: + type: string + name: + type: string + outboundNodes: + items: + type: string + type: array + outputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + exitCode: + type: string + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + result: + type: string + type: object + phase: + type: string + podIP: + type: string + progress: + type: string + resourcesDuration: + additionalProperties: + format: int64 + type: integer + type: object + startedAt: + format: date-time + type: string + storedTemplateID: + type: string + synchronizationStatus: + properties: + waiting: + type: string + type: object + templateName: + type: string + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + runtimeResolution: + type: boolean + template: + type: string + type: object + templateScope: + type: string + type: + type: string + workflowTemplateName: + type: string + required: + - id + - name + - type + type: object + type: object + offloadNodeStatusVersion: + type: string + outputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + exitCode: + type: string + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + result: + type: string + type: object + persistentVolumeClaims: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + phase: + type: string + progress: + type: string + resourcesDuration: + additionalProperties: + format: int64 + type: integer + type: object + startedAt: + format: date-time + type: string + storedTemplates: + additionalProperties: + properties: + activeDeadlineSeconds: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + archiveLocation: + properties: + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + raw: + properties: + data: + type: string + required: + - data + type: object + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + type: object + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + automountServiceAccountToken: + type: boolean + container: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + daemon: + type: boolean + dag: + properties: + failFast: + type: boolean + target: + type: string + tasks: + items: + properties: + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + continueOn: + properties: + error: + type: boolean + failed: + type: boolean + type: object + dependencies: + items: + type: string + type: array + depends: + type: string + name: + type: string + onExit: + type: string + template: + type: string + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + runtimeResolution: + type: boolean + template: + type: string + type: object + when: + type: string + withItems: + items: + type: object + type: array + withParam: + type: string + withSequence: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + end: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + format: + type: string + start: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + required: + - name + type: object + type: array + required: + - tasks + type: object + executor: + properties: + serviceAccountName: + type: string + type: object + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + mirrorVolumeMounts: + type: boolean + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + inputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + memoize: + properties: + cache: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - configMap + type: object + key: + type: string + maxAge: + type: string + required: + - cache + - key + - maxAge + type: object + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + metrics: + properties: + prometheus: + items: + properties: + counter: + properties: + value: + type: string + required: + - value + type: object + gauge: + properties: + realtime: + type: boolean + value: + type: string + required: + - realtime + - value + type: object + help: + type: string + histogram: + properties: + buckets: + items: + type: number + type: array + value: + type: string + required: + - buckets + - value + type: object + labels: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + name: + type: string + when: + type: string + required: + - help + - name + type: object + type: array + required: + - prometheus + type: object + name: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + outputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + exitCode: + type: string + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + result: + type: string + type: object + parallelism: + format: int64 + type: integer + podSpecPatch: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + resource: + properties: + action: + type: string + failureCondition: + type: string + flags: + items: + type: string + type: array + manifest: + type: string + mergeStrategy: + type: string + setOwnerReference: + type: boolean + successCondition: + type: string + required: + - action + type: object + retryStrategy: + properties: + backoff: + properties: + duration: + type: string + factor: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxDuration: + type: string + type: object + limit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + retryPolicy: + type: string + type: object + schedulerName: + type: string + script: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + source: + type: string + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + - source + type: object + securityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + sidecars: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + mirrorVolumeMounts: + type: boolean + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + steps: + items: + type: array + type: array + suspend: + properties: + duration: + type: string + type: object + synchronization: + properties: + mutex: + properties: + name: + type: string + type: object + semaphore: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template: + type: string + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + runtimeResolution: + type: boolean + template: + type: string + type: object + timeout: + type: string + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - name + type: object + type: object + storedWorkflowTemplateSpec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + artifactRepositoryRef: + properties: + configMap: + type: string + key: + type: string + type: object + automountServiceAccountToken: + type: boolean + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + entrypoint: + type: string + executor: + properties: + serviceAccountName: + type: string + type: object + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostNetwork: + type: boolean + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + metrics: + properties: + prometheus: + items: + properties: + counter: + properties: + value: + type: string + required: + - value + type: object + gauge: + properties: + realtime: + type: boolean + value: + type: string + required: + - realtime + - value + type: object + help: + type: string + histogram: + properties: + buckets: + items: + type: number + type: array + value: + type: string + required: + - buckets + - value + type: object + labels: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + name: + type: string + when: + type: string + required: + - help + - name + type: object + type: array + required: + - prometheus + type: object + nodeSelector: + additionalProperties: + type: string + type: object + onExit: + type: string + parallelism: + format: int64 + type: integer + podDisruptionBudget: + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + minAvailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + podGC: + properties: + strategy: + type: string + type: object + podPriority: + format: int32 + type: integer + podPriorityClassName: + type: string + podSpecPatch: + type: string + priority: + format: int32 + type: integer + retryStrategy: + properties: + backoff: + properties: + duration: + type: string + factor: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxDuration: + type: string + type: object + limit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + retryPolicy: + type: string + type: object + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + shutdown: + type: string + suspend: + type: boolean + synchronization: + properties: + mutex: + properties: + name: + type: string + type: object + semaphore: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + templates: + items: + properties: + activeDeadlineSeconds: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + archiveLocation: + properties: + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + raw: + properties: + data: + type: string + required: + - data + type: object + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + type: object + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + automountServiceAccountToken: + type: boolean + container: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + daemon: + type: boolean + dag: + properties: + failFast: + type: boolean + target: + type: string + tasks: + items: + properties: + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + continueOn: + properties: + error: + type: boolean + failed: + type: boolean + type: object + dependencies: + items: + type: string + type: array + depends: + type: string + name: + type: string + onExit: + type: string + template: + type: string + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + runtimeResolution: + type: boolean + template: + type: string + type: object + when: + type: string + withItems: + items: + type: object + type: array + withParam: + type: string + withSequence: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + end: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + format: + type: string + start: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + required: + - name + type: object + type: array + required: + - tasks + type: object + executor: + properties: + serviceAccountName: + type: string + type: object + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + mirrorVolumeMounts: + type: boolean + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + inputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + memoize: + properties: + cache: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - configMap + type: object + key: + type: string + maxAge: + type: string + required: + - cache + - key + - maxAge + type: object + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + metrics: + properties: + prometheus: + items: + properties: + counter: + properties: + value: + type: string + required: + - value + type: object + gauge: + properties: + realtime: + type: boolean + value: + type: string + required: + - realtime + - value + type: object + help: + type: string + histogram: + properties: + buckets: + items: + type: number + type: array + value: + type: string + required: + - buckets + - value + type: object + labels: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + name: + type: string + when: + type: string + required: + - help + - name + type: object + type: array + required: + - prometheus + type: object + name: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + outputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + exitCode: + type: string + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + result: + type: string + type: object + parallelism: + format: int64 + type: integer + podSpecPatch: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + resource: + properties: + action: + type: string + failureCondition: + type: string + flags: + items: + type: string + type: array + manifest: + type: string + mergeStrategy: + type: string + setOwnerReference: + type: boolean + successCondition: + type: string + required: + - action + type: object + retryStrategy: + properties: + backoff: + properties: + duration: + type: string + factor: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxDuration: + type: string + type: object + limit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + retryPolicy: + type: string + type: object + schedulerName: + type: string + script: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + source: + type: string + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + - source + type: object + securityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + sidecars: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + mirrorVolumeMounts: + type: boolean + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + steps: + items: + type: array + type: array + suspend: + properties: + duration: + type: string + type: object + synchronization: + properties: + mutex: + properties: + name: + type: string + type: object + semaphore: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template: + type: string + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + runtimeResolution: + type: boolean + template: + type: string + type: object + timeout: + type: string + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + ttlSecondsAfterFinished: + format: int32 + type: integer + ttlStrategy: + properties: + secondsAfterCompletion: + format: int32 + type: integer + secondsAfterFailure: + format: int32 + type: integer + secondsAfterSuccess: + format: int32 + type: integer + type: object + volumeClaimGC: + properties: + strategy: + type: string + type: object + volumeClaimTemplates: + items: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + status: + properties: + accessModes: + items: + type: string + type: array + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + conditions: + items: + properties: + lastProbeTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + phase: + type: string + type: object + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + workflowTemplateRef: + properties: + clusterScope: + type: boolean + name: + type: string + type: object + type: object + synchronization: + properties: + mutex: + properties: + holding: + items: + properties: + holder: + type: string + mutex: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + waiting: + items: + properties: + holder: + type: string + mutex: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + semaphore: + properties: + holding: + items: + properties: + holders: + items: + type: string + type: array + x-kubernetes-list-type: atomic + semaphore: + type: string + type: object + type: array + waiting: + items: + properties: + holders: + items: + type: string + type: array + x-kubernetes-list-type: atomic + semaphore: + type: string + type: object + type: array + type: object + type: object + type: object + required: + - metadata + - spec + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtemplates.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtemplates.yaml new file mode 100644 index 00000000000..725a2f30265 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtemplates.yaml @@ -0,0 +1,6702 @@ +# This is an auto-generated file. DO NOT EDIT +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: workflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTemplate + listKind: WorkflowTemplateList + plural: workflowtemplates + shortNames: + - wftmpl + singular: workflowtemplate + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + artifactRepositoryRef: + properties: + configMap: + type: string + key: + type: string + type: object + automountServiceAccountToken: + type: boolean + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + entrypoint: + type: string + executor: + properties: + serviceAccountName: + type: string + type: object + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostNetwork: + type: boolean + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + metrics: + properties: + prometheus: + items: + properties: + counter: + properties: + value: + type: string + required: + - value + type: object + gauge: + properties: + realtime: + type: boolean + value: + type: string + required: + - realtime + - value + type: object + help: + type: string + histogram: + properties: + buckets: + items: + type: number + type: array + value: + type: string + required: + - buckets + - value + type: object + labels: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + name: + type: string + when: + type: string + required: + - help + - name + type: object + type: array + required: + - prometheus + type: object + nodeSelector: + additionalProperties: + type: string + type: object + onExit: + type: string + parallelism: + format: int64 + type: integer + podDisruptionBudget: + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + minAvailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + podGC: + properties: + strategy: + type: string + type: object + podPriority: + format: int32 + type: integer + podPriorityClassName: + type: string + podSpecPatch: + type: string + priority: + format: int32 + type: integer + retryStrategy: + properties: + backoff: + properties: + duration: + type: string + factor: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxDuration: + type: string + type: object + limit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + retryPolicy: + type: string + type: object + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + shutdown: + type: string + suspend: + type: boolean + synchronization: + properties: + mutex: + properties: + name: + type: string + type: object + semaphore: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + templates: + items: + properties: + activeDeadlineSeconds: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + archiveLocation: + properties: + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + raw: + properties: + data: + type: string + required: + - data + type: object + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + type: object + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + automountServiceAccountToken: + type: boolean + container: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - image + type: object + daemon: + type: boolean + dag: + properties: + failFast: + type: boolean + target: + type: string + tasks: + items: + properties: + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + continueOn: + properties: + error: + type: boolean + failed: + type: boolean + type: object + dependencies: + items: + type: string + type: array + depends: + type: string + name: + type: string + onExit: + type: string + template: + type: string + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + runtimeResolution: + type: boolean + template: + type: string + type: object + when: + type: string + withItems: + items: + type: object + type: array + withParam: + type: string + withSequence: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + end: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + format: + type: string + start: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + required: + - name + type: object + type: array + required: + - tasks + type: object + executor: + properties: + serviceAccountName: + type: string + type: object + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + mirrorVolumeMounts: + type: boolean + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + inputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + memoize: + properties: + cache: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - configMap + type: object + key: + type: string + maxAge: + type: string + required: + - cache + - key + - maxAge + type: object + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + metrics: + properties: + prometheus: + items: + properties: + counter: + properties: + value: + type: string + required: + - value + type: object + gauge: + properties: + realtime: + type: boolean + value: + type: string + required: + - realtime + - value + type: object + help: + type: string + histogram: + properties: + buckets: + items: + type: number + type: array + value: + type: string + required: + - buckets + - value + type: object + labels: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + name: + type: string + when: + type: string + required: + - help + - name + type: object + type: array + required: + - prometheus + type: object + name: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + outputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - bucket + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - addresses + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + key: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + required: + - accessKeySecret + - bucket + - endpoint + - key + - secretKeySecret + type: object + subPath: + type: string + required: + - name + type: object + type: array + exitCode: + type: string + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + default: + type: string + event: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + result: + type: string + type: object + parallelism: + format: int64 + type: integer + podSpecPatch: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + resource: + properties: + action: + type: string + failureCondition: + type: string + flags: + items: + type: string + type: array + manifest: + type: string + mergeStrategy: + type: string + setOwnerReference: + type: boolean + successCondition: + type: string + required: + - action + type: object + retryStrategy: + properties: + backoff: + properties: + duration: + type: string + factor: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxDuration: + type: string + type: object + limit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + retryPolicy: + type: string + type: object + schedulerName: + type: string + script: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + source: + type: string + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - image + - source + type: object + securityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + sidecars: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + mirrorVolumeMounts: + type: boolean + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + steps: + items: + type: array + type: array + suspend: + properties: + duration: + type: string + type: object + synchronization: + properties: + mutex: + properties: + name: + type: string + type: object + semaphore: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template: + type: string + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + runtimeResolution: + type: boolean + template: + type: string + type: object + timeout: + type: string + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + ttlSecondsAfterFinished: + format: int32 + type: integer + ttlStrategy: + properties: + secondsAfterCompletion: + format: int32 + type: integer + secondsAfterFailure: + format: int32 + type: integer + secondsAfterSuccess: + format: int32 + type: integer + type: object + volumeClaimGC: + properties: + strategy: + type: string + type: object + volumeClaimTemplates: + items: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + status: + properties: + accessModes: + items: + type: string + type: array + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + conditions: + items: + properties: + lastProbeTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + phase: + type: string + type: object + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + workflowMetadata: + type: object + workflowTemplateRef: + properties: + clusterScope: + type: boolean + name: + type: string + type: object + type: object + required: + - metadata + - spec + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/kustomization.yaml new file mode 100644 index 00000000000..a593d88d02d --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- argoproj.io_clusterworkflowtemplates.yaml +- argoproj.io_cronworkflows.yaml +- argoproj.io_workflows.yaml +- argoproj.io_workflowtemplates.yaml +- argoproj.io_workfloweventbindings.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/kustomization.yaml new file mode 100644 index 00000000000..b868dd5f5a5 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +bases: + - minimal diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/README.md b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/README.md new file mode 100644 index 00000000000..55f48f08081 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/README.md @@ -0,0 +1,3 @@ +# Minimal CRDs + +These CRDs omit schema validation. diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_clusterworkflowtemplates.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_clusterworkflowtemplates.yaml new file mode 100644 index 00000000000..82859455313 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_clusterworkflowtemplates.yaml @@ -0,0 +1,20 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterworkflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: ClusterWorkflowTemplate + listKind: ClusterWorkflowTemplateList + plural: clusterworkflowtemplates + shortNames: + - clusterwftmpl + - cwft + singular: clusterworkflowtemplate + scope: Cluster + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_cronworkflows.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_cronworkflows.yaml new file mode 100644 index 00000000000..e8763df108e --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_cronworkflows.yaml @@ -0,0 +1,20 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: cronworkflows.argoproj.io +spec: + group: argoproj.io + names: + kind: CronWorkflow + listKind: CronWorkflowList + plural: cronworkflows + shortNames: + - cwf + - cronwf + singular: cronworkflow + scope: Namespaced + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workfloweventbindings.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workfloweventbindings.yaml new file mode 100644 index 00000000000..a58de8e76bf --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workfloweventbindings.yaml @@ -0,0 +1,19 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: workfloweventbindings.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowEventBinding + listKind: WorkflowEventBindingList + plural: workfloweventbindings + shortNames: + - wfeb + singular: workfloweventbinding + scope: Namespaced + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflows.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflows.yaml new file mode 100644 index 00000000000..6abd6bbbf96 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflows.yaml @@ -0,0 +1,30 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: workflows.argoproj.io +spec: + additionalPrinterColumns: + - JSONPath: .status.phase + description: Status of the workflow + name: Status + type: string + - JSONPath: .status.startedAt + description: When the workflow was started + format: date-time + name: Age + type: date + group: argoproj.io + names: + kind: Workflow + listKind: WorkflowList + plural: workflows + shortNames: + - wf + singular: workflow + scope: Namespaced + subresources: {} + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflowtemplates.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflowtemplates.yaml new file mode 100644 index 00000000000..03a7b1e97ce --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflowtemplates.yaml @@ -0,0 +1,19 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: workflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTemplate + listKind: WorkflowTemplateList + plural: workflowtemplates + shortNames: + - wftmpl + singular: workflowtemplate + scope: Namespaced + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/kustomization.yaml new file mode 100644 index 00000000000..a593d88d02d --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- argoproj.io_clusterworkflowtemplates.yaml +- argoproj.io_cronworkflows.yaml +- argoproj.io_workflows.yaml +- argoproj.io_workflowtemplates.yaml +- argoproj.io_workfloweventbindings.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/kustomization.yaml new file mode 100644 index 00000000000..0b9a73341d7 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- crds +- workflow-controller +- argo-server diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/kustomization.yaml new file mode 100644 index 00000000000..5ed907d651e --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- workflow-controller-configmap.yaml +- workflow-controller-deployment.yaml +- workflow-controller-sa.yaml +- workflow-controller-metrics-service.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-configmap.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-configmap.yaml new file mode 100644 index 00000000000..d28f4edb3f2 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-configmap.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: workflow-controller-configmap diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-deployment.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-deployment.yaml new file mode 100644 index 00000000000..99f50ea9259 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-deployment.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: workflow-controller +spec: + selector: + matchLabels: + app: workflow-controller + template: + metadata: + labels: + app: workflow-controller + spec: + serviceAccountName: argo + containers: + - name: workflow-controller + image: argoproj/workflow-controller:v2.12.9 + command: + - workflow-controller + args: + - --configmap + - workflow-controller-configmap + - --executor-image + - argoproj/argoexec:v2.12.9 + ports: + - name: metrics + containerPort: 9090 + # Periodically check we are listening on the metrics port + # causing a restart if it is not OK. + # This takes advantage of the fact that if the metrics service has died, + # then the controller has died. + # In testing, it appears to take 60-90s from failure to restart. + livenessProbe: + httpGet: + port: metrics + path: /metrics + initialDelaySeconds: 30 + periodSeconds: 30 + securityContext: + runAsNonRoot: true + nodeSelector: + kubernetes.io/os: linux diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-metrics-service.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-metrics-service.yaml new file mode 100644 index 00000000000..0bf5b0ccc93 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-metrics-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: workflow-controller-metrics +spec: + selector: + app: workflow-controller + ports: + - name: metrics + port: 9090 + targetPort: 9090 + protocol: TCP diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-sa.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-sa.yaml new file mode 100644 index 00000000000..f3d5885df98 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/argo-server-clusterole.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/argo-server-clusterole.yaml new file mode 100644 index 00000000000..37fcf1128a2 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/argo-server-clusterole.yaml @@ -0,0 +1,62 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: argo-server-cluster-role +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + verbs: + - get + - list + - watch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - watch + - create + - patch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - apiGroups: + - argoproj.io + resources: + - workflows + - workfloweventbindings + - workflowtemplates + - cronworkflows + - clusterworkflowtemplates + verbs: + - create + - get + - list + - watch + - update + - patch + - delete diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/argo-server-clusterolebinding.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/argo-server-clusterolebinding.yaml new file mode 100644 index 00000000000..6d7ac27ff5e --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/argo-server-clusterolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: argo-server-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo-server-cluster-role +subjects: + - kind: ServiceAccount + name: argo-server + namespace: argo diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/kustomization.yaml new file mode 100644 index 00000000000..6ae17fe059a --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- argo-server-clusterole.yaml +- argo-server-clusterolebinding.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/kustomization.yaml new file mode 100644 index 00000000000..a1698bd2ac7 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- ../base +- ./workflow-controller-rbac +- ./argo-server-rbac diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/kustomization.yaml new file mode 100644 index 00000000000..69730fbf9f5 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- workflow-aggregate-roles.yaml +- workflow-controller-clusterrole.yaml +- workflow-controller-clusterrolebinding.yaml +- workflow-controller-role.yaml +- workflow-controller-rolebinding.yaml + +patches: +- patch: | + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: argo-binding + subjects: + - kind: ServiceAccount + name: argo diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-aggregate-roles.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-aggregate-roles.yaml new file mode 100644 index 00000000000..b632e22bc35 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-aggregate-roles.yaml @@ -0,0 +1,86 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: argo-aggregate-to-view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workfloweventbindings + - workfloweventbindings/finalizers + - workflowtemplates + - workflowtemplates/finalizers + - cronworkflows + - cronworkflows/finalizers + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers + verbs: + - get + - list + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: argo-aggregate-to-edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workfloweventbindings + - workfloweventbindings/finalizers + - workflowtemplates + - workflowtemplates/finalizers + - cronworkflows + - cronworkflows/finalizers + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: argo-aggregate-to-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workfloweventbindings + - workfloweventbindings/finalizers + - workflowtemplates + - workflowtemplates/finalizers + - cronworkflows + - cronworkflows/finalizers + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrole.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrole.yaml new file mode 100644 index 00000000000..0bc7edd4f12 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrole.yaml @@ -0,0 +1,92 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: argo-cluster-role +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete + - create +- apiGroups: + - argoproj.io + resources: + - workflowtemplates + - workflowtemplates/finalizers + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list +- apiGroups: + - argoproj.io + resources: + - cronworkflows + - cronworkflows/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "policy" + resources: + - poddisruptionbudgets + verbs: + - create + - get + - delete diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrolebinding.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrolebinding.yaml new file mode 100644 index 00000000000..b4e54ea67c9 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: argo-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo-cluster-role +subjects: +- kind: ServiceAccount + name: argo + namespace: argo diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-role.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-role.yaml new file mode 100755 index 00000000000..7ccf9e809ea --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-role.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-role +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-rolebinding.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-rolebinding.yaml new file mode 100644 index 00000000000..191f34d44cd --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-role +subjects: + - kind: ServiceAccount + name: argo diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/argo-server-role.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/argo-server-role.yaml new file mode 100644 index 00000000000..a23fa8a9208 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/argo-server-role.yaml @@ -0,0 +1,62 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-server-role +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + verbs: + - get + - list + - watch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - watch + - create + - patch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - apiGroups: + - argoproj.io + resources: + - workflows + - workfloweventbindings + - workflowtemplates + - cronworkflows + - cronworkflows/finalizers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/argo-server-rolebinding.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/argo-server-rolebinding.yaml new file mode 100644 index 00000000000..d92f0a50965 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/argo-server-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-server-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-server-role +subjects: +- kind: ServiceAccount + name: argo-server diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/kustomization.yaml new file mode 100644 index 00000000000..57a0718f655 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- argo-server-role.yaml +- argo-server-rolebinding.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/kustomization.yaml new file mode 100644 index 00000000000..808268c9b0e --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/kustomization.yaml @@ -0,0 +1,21 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../base + - ./argo-server-rbac + - ./workflow-controller-rbac + +patchesJson6902: + - target: + version: v1 + group: apps + kind: Deployment + name: workflow-controller + path: ./overlays/workflow-controller-deployment.json + - target: + version: v1 + group: apps + kind: Deployment + name: argo-server + path: ./overlays/argo-server-deployment.json diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/overlays/argo-server-deployment.json b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/overlays/argo-server-deployment.json new file mode 100644 index 00000000000..b8d82b0c752 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/overlays/argo-server-deployment.json @@ -0,0 +1,7 @@ +[ + { + "op": "add", + "path": "/spec/template/spec/containers/0/args/-", + "value": "--namespaced" + } +] diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/overlays/workflow-controller-deployment.json b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/overlays/workflow-controller-deployment.json new file mode 100644 index 00000000000..b8d82b0c752 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/overlays/workflow-controller-deployment.json @@ -0,0 +1,7 @@ +[ + { + "op": "add", + "path": "/spec/template/spec/containers/0/args/-", + "value": "--namespaced" + } +] diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/kustomization.yaml new file mode 100644 index 00000000000..f7b23b2b0bc --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- workflow-controller-role.yaml +- workflow-controller-rolebinding.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/workflow-controller-role.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/workflow-controller-role.yaml new file mode 100644 index 00000000000..c72eee346e0 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/workflow-controller-role.yaml @@ -0,0 +1,96 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-role +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete + - create +- apiGroups: + - argoproj.io + resources: + - workflowtemplates + - workflowtemplates/finalizers + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - cronworkflows + - cronworkflows/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "policy" + resources: + - poddisruptionbudgets + verbs: + - create + - get + - delete diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/workflow-controller-rolebinding.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/workflow-controller-rolebinding.yaml new file mode 100644 index 00000000000..0484f455b84 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/workflow-controller-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-role +subjects: +- kind: ServiceAccount + name: argo diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/argo-server-sso-secret.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/argo-server-sso-secret.yaml new file mode 100644 index 00000000000..173d6b314a4 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/argo-server-sso-secret.yaml @@ -0,0 +1,7 @@ +kind: Secret +apiVersion: v1 +metadata: + name: argo-server-sso +stringData: + clientID: argo-server + clientSecret: ZXhhbXBsZS1hcHAtc2VjcmV0 diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/artifact-repositories-configmap.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/artifact-repositories-configmap.yaml new file mode 100644 index 00000000000..82df052806d --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/artifact-repositories-configmap.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +data: + minio: | + s3: + bucket: my-bucket + endpoint: minio:9000 + insecure: true + accessKeySecret: + name: my-minio-cred + key: accesskey + secretKeySecret: + name: my-minio-cred + key: secretkey +kind: ConfigMap +metadata: + name: artifact-repositories diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/cluster-workflow-template-rbac.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/cluster-workflow-template-rbac.yaml new file mode 100644 index 00000000000..c2dd06d694c --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/cluster-workflow-template-rbac.yaml @@ -0,0 +1,58 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: argo-server-clusterworkflowtemplate-role +rules: + - apiGroups: + - argoproj.io + resources: + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers + verbs: + - create + - delete + - watch + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: argo-clusterworkflowtemplate-role +rules: + - apiGroups: + - argoproj.io + resources: + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: argo-clusterworkflowtemplate-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo-clusterworkflowtemplate-role +subjects: + - kind: ServiceAccount + name: argo + namespace: argo +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: argo-server-clusterworkflowtemplate-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo-server-clusterworkflowtemplate-role +subjects: + - kind: ServiceAccount + name: argo-server + namespace: argo diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/kustomization.yaml new file mode 100644 index 00000000000..add9be781db --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../namespace-install + - minio + - webhooks + - argo-server-sso-secret.yaml + - workflow-role.yaml + - workflow-default-rolebinding.yaml + - cluster-workflow-template-rbac.yaml + - artifact-repositories-configmap.yaml + +patchesStrategicMerge: + - overlays/workflow-controller-configmap.yaml + - overlays/argo-server-deployment.yaml \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/kustomization.yaml new file mode 100644 index 00000000000..dccbebf6547 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - minio-pod.yaml + - minio-service.yaml + - my-minio-cred-secret.yaml \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-pod.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-pod.yaml new file mode 100644 index 00000000000..707fea3835a --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-pod.yaml @@ -0,0 +1,34 @@ +apiVersion: v1 +kind: Pod +metadata: + name: minio + labels: + app: minio +spec: + containers: + - name: main + image: minio/minio:RELEASE.2019-12-17T23-16-33Z + env: + - name: MINIO_ACCESS_KEY + value: admin + - name: MINIO_SECRET_KEY + value: password + ports: + - containerPort: 9000 + command: [minio, server, /data] + lifecycle: + postStart: + exec: + command: [mkdir, -p, /data/my-bucket] + readinessProbe: + httpGet: + path: /minio/health/ready + port: 9000 + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /minio/health/live + port: 9000 + initialDelaySeconds: 5 + periodSeconds: 10 \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-service.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-service.yaml new file mode 100644 index 00000000000..dbdbdf3a04e --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: minio + labels: + app: minio +spec: + selector: + app: minio + ports: + - protocol: TCP + port: 9000 + targetPort: 9000 diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/my-minio-cred-secret.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/my-minio-cred-secret.yaml new file mode 100644 index 00000000000..7a29e26b985 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/my-minio-cred-secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +stringData: + accesskey: admin + secretkey: password +kind: Secret +metadata: + name: my-minio-cred + labels: + app: minio +type: Opaque diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/overlays/argo-server-deployment.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/overlays/argo-server-deployment.yaml new file mode 100644 index 00000000000..eab93f168c2 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/overlays/argo-server-deployment.yaml @@ -0,0 +1,16 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: argo-server +spec: + template: + spec: + containers: + - name: argo-server + args: + - server + - --namespaced + - --auth-mode + - server + - --auth-mode + - client \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/overlays/workflow-controller-configmap.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/overlays/workflow-controller-configmap.yaml new file mode 100644 index 00000000000..4a118d21dc9 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/overlays/workflow-controller-configmap.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +data: + artifactRepository: | + archiveLogs: true + s3: + bucket: my-bucket + endpoint: minio:9000 + insecure: true + accessKeySecret: + name: my-minio-cred + key: accesskey + secretKeySecret: + name: my-minio-cred + key: secretkey + metricsConfig: | + disableLegacy: true + enabled: true + path: /metrics + port: 9090 + links: | + - name: Example Workflow Link + scope: workflow + url: http://logging-facility?namespace=${metadata.namespace}&workflowName=${metadata.name}&startedAt=${status.startedAt}&finishedAt=${status.finishedAt} + - name: Example Pod Link + scope: pod + url: http://logging-facility?namespace=${metadata.namespace}&podName=${metadata.name}&startedAt=${status.startedAt}&finishedAt=${status.finishedAt} +kind: ConfigMap +metadata: + name: workflow-controller-configmap diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/prometheus/prometheus-config-cluster.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/prometheus/prometheus-config-cluster.yaml new file mode 100644 index 00000000000..e5b849d3822 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/prometheus/prometheus-config-cluster.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: prometheus-config +data: + prometheus.yaml: | + global: + scrape_interval: 15s + scrape_configs: + - job_name: 'argo' + static_configs: + - targets: ['workflow-controller-metrics:9090', 'argo-server:2746'] diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/argo-workflows-webhook-clients-secret.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/argo-workflows-webhook-clients-secret.yaml new file mode 100644 index 00000000000..566b49951f2 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/argo-workflows-webhook-clients-secret.yaml @@ -0,0 +1,22 @@ +kind: Secret +apiVersion: v1 +metadata: + name: argo-workflows-webhook-clients +# The data keys must be the name of a service account. +stringData: + # https://support.atlassian.com/bitbucket-cloud/docs/manage-webhooks/ + bitbucket.org: | + type: bitbucket + secret: "my-uuid" + # https://confluence.atlassian.com/bitbucketserver/managing-webhooks-in-bitbucket-server-938025878.html + bitbucketserver: | + type: bitbucketserver + secret: "shh!" + # https://developer.github.com/webhooks/securing/ + github.com: | + type: github + secret: "shh!" + # https://docs.gitlab.com/ee/user/project/integrations/webhooks.html + gitlab.com: | + type: gitlab + secret: "shh!" \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/github.com-rolebinding.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/github.com-rolebinding.yaml new file mode 100644 index 00000000000..6477163c4ec --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/github.com-rolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: github.com +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: submit-workflow-template +subjects: + - kind: ServiceAccount + name: github.com + namespace: argo \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/github.com-sa.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/github.com-sa.yaml new file mode 100644 index 00000000000..7e42d02edb2 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/github.com-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: github.com diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/kustomization.yaml new file mode 100644 index 00000000000..ffef982a706 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - submit-workflow-template-role.yaml + - github.com-sa.yaml + - github.com-rolebinding.yaml + - argo-workflows-webhook-clients-secret.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/submit-workflow-template-role.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/submit-workflow-template-role.yaml new file mode 100644 index 00000000000..82dd187abd3 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/submit-workflow-template-role.yaml @@ -0,0 +1,25 @@ +# Just enough permissions to submit a workflow template. +# You could tighten this further (but perhaps impractically) by using `resourceNames` +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: submit-workflow-template +rules: + - apiGroups: + - argoproj.io + resources: + - workfloweventbindings + verbs: + - list + - apiGroups: + - argoproj.io + resources: + - workflowtemplates + verbs: + - get + - apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-default-rolebinding.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-default-rolebinding.yaml new file mode 100644 index 00000000000..9cca0400776 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-default-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: workflow-default-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: workflow-role +subjects: + - kind: ServiceAccount + name: default diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-role.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-role.yaml new file mode 100644 index 00000000000..15850395218 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-role.yaml @@ -0,0 +1,33 @@ +# https://argoproj.github.io/argo/workflow-rbac/ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: workflow-role +rules: + # pod get/watch is used to identify the container IDs of the current pod + # pod patch is used to annotate the step's outputs back to controller (e.g. artifact location) + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - watch + - patch + # logs get/watch are used to get the pods logs for script outputs, and for log archival + - apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - watch + # This allows one workflow to create another. + # Not needed for the majority of use cases. + - apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/minimal/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/minimal/kustomization.yaml new file mode 100644 index 00000000000..aa0b761e856 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/minimal/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../base diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/argo-mysql-config-secret.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/argo-mysql-config-secret.yaml new file mode 100644 index 00000000000..ad496bc6137 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/argo-mysql-config-secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +stringData: + username: mysql + password: password +kind: Secret +metadata: + name: argo-mysql-config + labels: + app: mysql +type: Opaque diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/kustomization.yaml new file mode 100644 index 00000000000..97b3ca0a1ed --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../base + - argo-mysql-config-secret.yaml + - mysql-deployment.yaml + - mysql-service.yaml + +patchesStrategicMerge: + - overlays/workflow-controller-configmap.yaml \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/mysql-deployment.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/mysql-deployment.yaml new file mode 100644 index 00000000000..d41ad079fb1 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/mysql-deployment.yaml @@ -0,0 +1,37 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mysql + labels: + app: mysql +spec: + selector: + matchLabels: + app: mysql + template: + metadata: + name: mysql + labels: + app: mysql + spec: + containers: + - name: main + image: mysql:8 + env: + - name: MYSQL_USER + value: mysql + - name: MYSQL_PASSWORD + value: password + - name: MYSQL_DATABASE + value: argo + - name: MYSQL_RANDOM_ROOT_PASSWORD + value: "yes" + ports: + - containerPort: 3306 + readinessProbe: + exec: + command: ["mysql", "-u", "mysql", "-ppassword", "argo", "-e", "SELECT 1"] + initialDelaySeconds: 15 + timeoutSeconds: 2 + nodeSelector: + kubernetes.io/os: linux \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/mysql-service.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/mysql-service.yaml new file mode 100644 index 00000000000..98be938e3f1 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/mysql-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: mysql + labels: + app: mysql +spec: + selector: + app: mysql + ports: + - protocol: TCP + port: 3306 + targetPort: 3306 \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/overlays/workflow-controller-configmap.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/overlays/workflow-controller-configmap.yaml new file mode 100644 index 00000000000..c20578d1482 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/overlays/workflow-controller-configmap.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +data: + persistence: | + connectionPool: + maxIdleConns: 100 + maxOpenConns: 0 + connMaxLifetime: 0s + nodeStatusOffLoad: true + archive: true + archiveTTL: 7d + mysql: + host: mysql + port: 3306 + database: argo + tableName: argo_workflows + userNameSecret: + name: argo-mysql-config + key: username + passwordSecret: + name: argo-mysql-config + key: password +kind: ConfigMap +metadata: + name: workflow-controller-configmap \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/argo-postgres-config-secret.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/argo-postgres-config-secret.yaml new file mode 100644 index 00000000000..2a154b8c572 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/argo-postgres-config-secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +stringData: + username: postgres + password: password +kind: Secret +metadata: + name: argo-postgres-config + labels: + app: postgres +type: Opaque diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/kustomization.yaml new file mode 100644 index 00000000000..b039183f45f --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../base + - argo-postgres-config-secret.yaml + - postgres-deployment.yaml + - postgres-service.yaml + +patchesStrategicMerge: + - overlays/workflow-controller-configmap.yaml \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/overlays/workflow-controller-configmap.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/overlays/workflow-controller-configmap.yaml new file mode 100644 index 00000000000..6675ce86e2d --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/overlays/workflow-controller-configmap.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +data: + persistence: | + connectionPool: + maxIdleConns: 100 + maxOpenConns: 0 + connMaxLifetime: 0s + nodeStatusOffLoad: true + archive: true + archiveTTL: 7d + postgresql: + host: postgres + port: 5432 + database: postgres + tableName: argo_workflows + userNameSecret: + name: argo-postgres-config + key: username + passwordSecret: + name: argo-postgres-config + key: password +kind: ConfigMap +metadata: + name: workflow-controller-configmap \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/postgres-deployment.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/postgres-deployment.yaml new file mode 100644 index 00000000000..c22a5009196 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/postgres-deployment.yaml @@ -0,0 +1,31 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: postgres + labels: + app: postgres +spec: + selector: + matchLabels: + app: postgres + template: + metadata: + name: postgres + labels: + app: postgres + spec: + containers: + - name: main + image: postgres:12-alpine + env: + - name: POSTGRES_PASSWORD + value: password + ports: + - containerPort: 5432 + readinessProbe: + exec: + command: ["psql", "-U", "postgres", "-c", "SELECT 1"] + initialDelaySeconds: 15 + timeoutSeconds: 2 + nodeSelector: + kubernetes.io/os: linux \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/postgres-service.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/postgres-service.yaml new file mode 100644 index 00000000000..e59ffa43721 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/postgres-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: postgres + labels: + app: postgres +spec: + selector: + app: postgres + ports: + - protocol: TCP + port: 5432 + targetPort: 5432 \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dev-svc.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dev-svc.yaml new file mode 100644 index 00000000000..29e2f7c7d67 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dev-svc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Service +metadata: + name: dex +spec: + ports: + - name: http + port: 5556 + selector: + app: dex diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-cm.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-cm.yaml new file mode 100644 index 00000000000..c41c67cc595 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-cm.yaml @@ -0,0 +1,33 @@ +apiVersion: v1 +# this contain secret data, so do not use in production +data: + # https://github.com/dexidp/dex/blob/master/examples/config-dev.yaml + config.yaml: | + issuer: http://dex:5556/dex + storage: + type: sqlite3 + config: + file: ":memory:" + web: + http: 0.0.0.0:5556 + logger: + level: debug + staticClients: + - id: argo-server + redirectURIs: + - http://localhost:2746/oauth2/callback + name: Argo Server + secret: ZXhhbXBsZS1hcHAtc2VjcmV0 + connectors: + - type: mockCallback + id: mock + name: Example + enablePasswordDB: true + staticPasswords: + - email: admin@example.com + hash: $2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W + username: admin + userID: 08a8684b-db88-4b73-90a9-3cd1661f5466 +kind: ConfigMap +metadata: + name: dex \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-deploy.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-deploy.yaml new file mode 100644 index 00000000000..5a622bb20b8 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-deploy.yaml @@ -0,0 +1,32 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: dex + name: dex +spec: + selector: + matchLabels: + app: dex + template: + metadata: + labels: + app: dex + spec: + serviceAccountName: dex + containers: + - name: dex + image: quay.io/dexidp/dex:v2.23.0 + args: + - serve + - /data/config.yaml + ports: + - name: http + containerPort: 5556 + volumeMounts: + - mountPath: /data + name: config + volumes: + - name: config + configMap: + name: dex \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-rb.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-rb.yaml new file mode 100644 index 00000000000..9a3f2788ce2 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-rb.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: dex +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: dex +subjects: + - kind: ServiceAccount + name: dex diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-role.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-role.yaml new file mode 100644 index 00000000000..ff1ab9aacd4 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-role.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: dex +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-sa.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-sa.yaml new file mode 100644 index 00000000000..97a137459c0 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dex diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/kustomization.yaml new file mode 100644 index 00000000000..09b3bdbaca0 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +commonLabels: + "app.kubernetes.io/part-of": "dex" + +resources: + - dex-cm.yaml + - dex-role.yaml + - dex-sa.yaml + - dex-rb.yaml + - dex-deploy.yaml + - dev-svc.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/kustomization.yaml new file mode 100644 index 00000000000..3981219ff0e --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../base + - dex + +patchesStrategicMerge: + - overlays/workflow-controller-configmap.yaml + - overlays/argo-server-sa.yaml \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/overlays/argo-server-sa.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/overlays/argo-server-sa.yaml new file mode 100644 index 00000000000..0cd3393f2a3 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/overlays/argo-server-sa.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo-server + annotations: + workflows.argoproj.io/rbac-rule: "'authors' in groups && email == 'kilgore@kilgore.trout'" + workflows.argoproj.io/rbac-rule-precedence: "1" diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/overlays/workflow-controller-configmap.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/overlays/workflow-controller-configmap.yaml new file mode 100644 index 00000000000..b502c7f7c5e --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/overlays/workflow-controller-configmap.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +data: + sso: | + issuer: http://dex:5556/dex + clientId: + name: argo-server-sso + key: clientID + clientSecret: + name: argo-server-sso + key: clientSecret + redirectUrl: http://localhost:2746/oauth2/callback + scopes: + - groups + - email + rbac: + enabled: true +kind: ConfigMap +metadata: + name: workflow-controller-configmap diff --git a/apps/kfp-tekton/upstream/third-party/grafana/grafana-deployment.yaml b/apps/kfp-tekton/upstream/third-party/grafana/grafana-deployment.yaml new file mode 100644 index 00000000000..be9b77b0fda --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/grafana/grafana-deployment.yaml @@ -0,0 +1,60 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: grafana + namespace: kubeflow + labels: + app: grafana +spec: + replicas: 1 + selector: + matchLabels: + app: grafana + revisionHistoryLimit: 10 + template: + metadata: + labels: + app: grafana + spec: + containers: + - name: grafana + image: grafana/grafana:5.3.4 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 3000 + name: grafana + env: + - name: GF_SECURITY_ADMIN_USER + value: admin + - name: GF_SECURITY_ADMIN_PASSWORD + value: admin + readinessProbe: + failureThreshold: 10 + httpGet: + path: /api/health + port: 3000 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 30 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /api/health + port: 3000 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 100m + memory: 256Mi + securityContext: + fsGroup: 472 + runAsUser: 472 +# TODO(jingzhang36): consider adding persistent volume if you would like the created dashboards to persist. \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/grafana/grafana-role.yaml b/apps/kfp-tekton/upstream/third-party/grafana/grafana-role.yaml new file mode 100644 index 00000000000..e06c9e9e6a0 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/grafana/grafana-role.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: grafana + name: grafana +rules: +- apiGroups: [""] + resources: + - nodes + - services + - endpoints + - pods + verbs: ["get", "list", "watch"] +- apiGroups: + - extensions + resources: + - ingresses + verbs: ["get", "list", "watch"] diff --git a/apps/kfp-tekton/upstream/third-party/grafana/grafana-rolebinding.yaml b/apps/kfp-tekton/upstream/third-party/grafana/grafana-rolebinding.yaml new file mode 100644 index 00000000000..c9f8b629439 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/grafana/grafana-rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: grafana + name: grafana +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: grafana +subjects: +- kind: ServiceAccount + name: grafana diff --git a/apps/kfp-tekton/upstream/third-party/grafana/grafana-sa.yaml b/apps/kfp-tekton/upstream/third-party/grafana/grafana-sa.yaml new file mode 100644 index 00000000000..1ec8b08b8b2 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/grafana/grafana-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: grafana diff --git a/apps/kfp-tekton/upstream/third-party/grafana/grafana-service.yaml b/apps/kfp-tekton/upstream/third-party/grafana/grafana-service.yaml new file mode 100644 index 00000000000..ced9c388af3 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/grafana/grafana-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: grafana + name: grafana +spec: + selector: + app: grafana + ports: + - name: grafanaui + protocol: TCP + port: 3000 + targetPort: 3000 diff --git a/apps/kfp-tekton/upstream/third-party/grafana/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/grafana/kustomization.yaml new file mode 100644 index 00000000000..fd1cf026198 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/grafana/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- grafana-deployment.yaml +- grafana-service.yaml +- grafana-role.yaml +- grafana-sa.yaml +- grafana-rolebinding.yaml +images: + - name: grafana/grafana + newTag: 5.3.4 diff --git a/apps/kfp-tekton/upstream/third-party/metacontroller/base/cluster-role-binding.yaml b/apps/kfp-tekton/upstream/third-party/metacontroller/base/cluster-role-binding.yaml new file mode 100644 index 00000000000..dc9c7324194 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/metacontroller/base/cluster-role-binding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: meta-controller-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: meta-controller-service diff --git a/apps/kfp-tekton/upstream/third-party/metacontroller/base/crd.yaml b/apps/kfp-tekton/upstream/third-party/metacontroller/base/crd.yaml new file mode 100644 index 00000000000..0ae8700d789 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/metacontroller/base/crd.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: compositecontrollers.metacontroller.k8s.io +spec: + group: metacontroller.k8s.io + names: + kind: CompositeController + plural: compositecontrollers + shortNames: + - cc + - cctl + singular: compositecontroller + scope: Cluster + version: v1alpha1 +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: controllerrevisions.metacontroller.k8s.io +spec: + group: metacontroller.k8s.io + names: + kind: ControllerRevision + plural: controllerrevisions + singular: controllerrevision + scope: Namespaced + version: v1alpha1 +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: decoratorcontrollers.metacontroller.k8s.io +spec: + group: metacontroller.k8s.io + names: + kind: DecoratorController + plural: decoratorcontrollers + shortNames: + - dec + - decorators + singular: decoratorcontroller + scope: Cluster + version: v1alpha1 diff --git a/apps/kfp-tekton/upstream/third-party/metacontroller/base/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/metacontroller/base/kustomization.yaml new file mode 100644 index 00000000000..fb7f0e8cbe9 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/metacontroller/base/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: +- cluster-role-binding.yaml +- crd.yaml +- service-account.yaml +- stateful-set.yaml +commonLabels: + kustomize.component: metacontroller +images: +- name: metacontroller/metacontroller + newName: metacontroller/metacontroller + newTag: v0.3.0 diff --git a/apps/kfp-tekton/upstream/third-party/metacontroller/base/service-account.yaml b/apps/kfp-tekton/upstream/third-party/metacontroller/base/service-account.yaml new file mode 100644 index 00000000000..85c48de170e --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/metacontroller/base/service-account.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: meta-controller-service diff --git a/apps/kfp-tekton/upstream/third-party/metacontroller/base/stateful-set.yaml b/apps/kfp-tekton/upstream/third-party/metacontroller/base/stateful-set.yaml new file mode 100644 index 00000000000..7bbc3870a8d --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/metacontroller/base/stateful-set.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app: metacontroller + name: metacontroller +spec: + replicas: 1 + selector: + matchLabels: + app: metacontroller + serviceName: "" + template: + metadata: + labels: + app: metacontroller + annotations: + sidecar.istio.io/inject: "false" + spec: + containers: + - command: + - /usr/bin/metacontroller + - --logtostderr + - -v=4 + - --discovery-interval=20s + image: metacontroller/metacontroller:v0.3.0 + imagePullPolicy: Always + name: metacontroller + ports: + - containerPort: 2345 + resources: + limits: + cpu: "4" + memory: 4Gi + requests: + cpu: 500m + memory: 1Gi + securityContext: + allowPrivilegeEscalation: true + privileged: true + serviceAccountName: meta-controller-service + # Workaround for https://github.com/kubernetes-sigs/kustomize/issues/677 + volumeClaimTemplates: [] diff --git a/apps/kfp-tekton/upstream/third-party/minio/base/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/minio/base/kustomization.yaml new file mode 100644 index 00000000000..e3b41d4cd8c --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/minio/base/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- minio-deployment.yaml +- minio-pvc.yaml +- minio-service.yaml +- mlpipeline-minio-artifact-secret.yaml diff --git a/apps/kfp-tekton/upstream/third-party/minio/base/minio-deployment.yaml b/apps/kfp-tekton/upstream/third-party/minio/base/minio-deployment.yaml new file mode 100644 index 00000000000..a1bd963078d --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/minio/base/minio-deployment.yaml @@ -0,0 +1,48 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio + labels: + app: minio +spec: + selector: + matchLabels: + app: minio + strategy: + type: Recreate + template: + metadata: + labels: + app: minio + spec: + containers: + - args: + - server + - /data + env: + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: accesskey + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: secretkey + image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance + name: minio + ports: + - containerPort: 9000 + volumeMounts: + - mountPath: /data + name: data + subPath: minio + resources: + requests: + cpu: 20m + memory: 100Mi + volumes: + - name: data + persistentVolumeClaim: + claimName: minio-pvc diff --git a/apps/kfp-tekton/upstream/third-party/minio/base/minio-pvc.yaml b/apps/kfp-tekton/upstream/third-party/minio/base/minio-pvc.yaml new file mode 100644 index 00000000000..ecfa32bbe8a --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/minio/base/minio-pvc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: minio-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/apps/kfp-tekton/upstream/third-party/minio/base/minio-service.yaml b/apps/kfp-tekton/upstream/third-party/minio/base/minio-service.yaml new file mode 100644 index 00000000000..3ab42043017 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/minio/base/minio-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: minio-service +spec: + ports: + - name: http + port: 9000 + protocol: TCP + targetPort: 9000 + selector: + app: minio diff --git a/apps/kfp-tekton/upstream/third-party/minio/base/mlpipeline-minio-artifact-secret.yaml b/apps/kfp-tekton/upstream/third-party/minio/base/mlpipeline-minio-artifact-secret.yaml new file mode 100644 index 00000000000..ac298d9b3d0 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/minio/base/mlpipeline-minio-artifact-secret.yaml @@ -0,0 +1,7 @@ +kind: Secret +apiVersion: v1 +metadata: + name: mlpipeline-minio-artifact +stringData: + accesskey: minio + secretkey: minio123 diff --git a/apps/kfp-tekton/upstream/third-party/minio/options/istio/istio-authorization-policy.yaml b/apps/kfp-tekton/upstream/third-party/minio/options/istio/istio-authorization-policy.yaml new file mode 100644 index 00000000000..4c2fdf708b9 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/minio/options/istio/istio-authorization-policy.yaml @@ -0,0 +1,31 @@ + +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: minio-service +spec: + action: ALLOW + selector: + matchLabels: + app: minio + rules: + - from: + - source: + principals: + - cluster.local/ns/kubeflow/sa/ml-pipeline + - from: + - source: + principals: + - cluster.local/ns/kubeflow/sa/ml-pipeline-ui + # Allow traffic from User Pipeline Pods, which don't have a sidecar. + - {} +--- +apiVersion: "networking.istio.io/v1alpha3" +kind: DestinationRule +metadata: + name: ml-pipeline-minio +spec: + host: minio-service.kubeflow.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL diff --git a/apps/kfp-tekton/upstream/third-party/minio/options/istio/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/minio/options/istio/kustomization.yaml new file mode 100644 index 00000000000..611e399e57c --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/minio/options/istio/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- istio-authorization-policy.yaml diff --git a/apps/kfp-tekton/upstream/third-party/mysql/base/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/mysql/base/kustomization.yaml new file mode 100644 index 00000000000..df8929c1966 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/mysql/base/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- mysql-deployment.yaml +- mysql-pv-claim.yaml +- mysql-service.yaml +- mysql-serviceaccount.yaml diff --git a/apps/kfp-tekton/upstream/third-party/mysql/base/mysql-deployment.yaml b/apps/kfp-tekton/upstream/third-party/mysql/base/mysql-deployment.yaml new file mode 100644 index 00000000000..c7174d44b44 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/mysql/base/mysql-deployment.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mysql + labels: + app: mysql +spec: + selector: + matchLabels: + app: mysql + strategy: + type: Recreate + template: + metadata: + labels: + app: mysql + spec: + serviceAccountName: mysql + containers: + # https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_ignore-db-dir + # Ext4, Btrfs etc. volumes root directories have a lost+found directory that should not be treated as a database. + - args: + - --ignore-db-dir=lost+found + - --datadir + - /var/lib/mysql + env: + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "true" + image: gcr.io/ml-pipeline/mysql:5.7 + name: mysql + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - mountPath: /var/lib/mysql + name: mysql-persistent-storage + resources: + requests: + cpu: 100m + memory: 800Mi + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-pv-claim diff --git a/apps/kfp-tekton/upstream/third-party/mysql/base/mysql-pv-claim.yaml b/apps/kfp-tekton/upstream/third-party/mysql/base/mysql-pv-claim.yaml new file mode 100644 index 00000000000..108dc24ef32 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/mysql/base/mysql-pv-claim.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mysql-pv-claim +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/apps/kfp-tekton/upstream/third-party/mysql/base/mysql-service.yaml b/apps/kfp-tekton/upstream/third-party/mysql/base/mysql-service.yaml new file mode 100644 index 00000000000..d52482770e7 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/mysql/base/mysql-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: mysql +spec: + ports: + - # We cannot have name: mysql here, because some requests through istio fail with it. + port: 3306 + protocol: TCP + targetPort: 3306 + selector: + app: mysql diff --git a/apps/kfp-tekton/upstream/third-party/mysql/base/mysql-serviceaccount.yaml b/apps/kfp-tekton/upstream/third-party/mysql/base/mysql-serviceaccount.yaml new file mode 100644 index 00000000000..e03c27cfa78 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/mysql/base/mysql-serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: mysql diff --git a/apps/kfp-tekton/upstream/third-party/mysql/options/istio/istio-authorization-policy.yaml b/apps/kfp-tekton/upstream/third-party/mysql/options/istio/istio-authorization-policy.yaml new file mode 100644 index 00000000000..a8dcb205c92 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/mysql/options/istio/istio-authorization-policy.yaml @@ -0,0 +1,32 @@ +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: mysql + namespace: kubeflow +spec: + selector: + matchLabels: + app: mysql + rules: + - from: + - source: + principals: + - cluster.local/ns/kubeflow/sa/ml-pipeline + - cluster.local/ns/kubeflow/sa/ml-pipeline-ui + - cluster.local/ns/kubeflow/sa/ml-pipeline-persistenceagent + - cluster.local/ns/kubeflow/sa/ml-pipeline-scheduledworkflow + - cluster.local/ns/kubeflow/sa/ml-pipeline-viewer-crd-service-account + - cluster.local/ns/kubeflow/sa/kubeflow-pipelines-cache + - cluster.local/ns/kubeflow/sa/metadata-grpc-server + +--- + +apiVersion: "networking.istio.io/v1alpha3" +kind: DestinationRule +metadata: + name: ml-pipeline-mysql +spec: + host: mysql.kubeflow.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL diff --git a/apps/kfp-tekton/upstream/third-party/mysql/options/istio/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/mysql/options/istio/kustomization.yaml new file mode 100644 index 00000000000..611e399e57c --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/mysql/options/istio/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- istio-authorization-policy.yaml diff --git a/apps/kfp-tekton/upstream/third-party/prometheus/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/prometheus/kustomization.yaml new file mode 100644 index 00000000000..9b2d54ef6e0 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/prometheus/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- prometheus-configmap.yaml +- prometheus-sa.yaml +- prometheus-role.yaml +- prometheus-rolebinding.yaml +- prometheus-service.yaml +- prometheus-deployment.yaml +images: + - name: prom/prometheus diff --git a/apps/kfp-tekton/upstream/third-party/prometheus/prometheus-configmap.yaml b/apps/kfp-tekton/upstream/third-party/prometheus/prometheus-configmap.yaml new file mode 100644 index 00000000000..6bb19ccdfbf --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/prometheus/prometheus-configmap.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +data: + prometheus.yml: | + global: + scrape_interval: 15s # By default, scrape targets every 15 seconds. + + # Attach these labels to any time series or alerts when communicating with + # external systems (federation, remote storage, Alertmanager). + external_labels: + monitor: 'kubeflow-pipelines-monitor' + + # A scrape configuration containing exactly one endpoint to scrape: + # Here it's Prometheus itself. + scrape_configs: + # The job name is added as a label `job=` to any timeseries scraped from this config. + - job_name: 'prometheus' + + # Override the global default and scrape targets from this job every 5 seconds. + scrape_interval: 5s + + static_configs: + - targets: ['localhost:9090'] + + # Monitoring ml-pipeline (aka Kubeflow Pipelines API server) + - job_name: 'ml-pipeline' + scrape_interval: 60s + static_configs: + - targets: ['ml-pipeline:8888'] +kind: ConfigMap +metadata: + name: prometheus-configmap \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/prometheus/prometheus-deployment.yaml b/apps/kfp-tekton/upstream/third-party/prometheus/prometheus-deployment.yaml new file mode 100644 index 00000000000..ebd4f8aebb9 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/prometheus/prometheus-deployment.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: prometheus + labels: + app: prometheus +spec: + replicas: 1 + selector: + matchLabels: + app: prometheus + template: + metadata: + labels: + app: prometheus + spec: + containers: + - name: prometheus + image: prom/prometheus + volumeMounts: + - name: config-volume + mountPath: /etc/prometheus/prometheus.yml + subPath: prometheus.yml + args: ["--storage.tsdb.retention.time=7d", # Adjust retention policy if necessary + "--storage.tsdb.retention.size=1GB", + "--config.file=/etc/prometheus/prometheus.yml", + ] + ports: + - containerPort: 9090 + volumes: + - name: config-volume + configMap: + name: prometheus-configmap + serviceAccountName: prometheus diff --git a/apps/kfp-tekton/upstream/third-party/prometheus/prometheus-role.yaml b/apps/kfp-tekton/upstream/third-party/prometheus/prometheus-role.yaml new file mode 100644 index 00000000000..4cb03fc19e7 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/prometheus/prometheus-role.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: prometheus + name: prometheus +rules: +- apiGroups: [""] + resources: + - nodes + - services + - endpoints + - pods + verbs: ["get", "list", "watch"] +- apiGroups: + - extensions + resources: + - ingresses + verbs: ["get", "list", "watch"] diff --git a/apps/kfp-tekton/upstream/third-party/prometheus/prometheus-rolebinding.yaml b/apps/kfp-tekton/upstream/third-party/prometheus/prometheus-rolebinding.yaml new file mode 100644 index 00000000000..12a56ee13d1 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/prometheus/prometheus-rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: prometheus + name: prometheus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: prometheus +subjects: +- kind: ServiceAccount + name: prometheus diff --git a/apps/kfp-tekton/upstream/third-party/prometheus/prometheus-sa.yaml b/apps/kfp-tekton/upstream/third-party/prometheus/prometheus-sa.yaml new file mode 100644 index 00000000000..f3fb283ca03 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/prometheus/prometheus-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: prometheus diff --git a/apps/kfp-tekton/upstream/third-party/prometheus/prometheus-service.yaml b/apps/kfp-tekton/upstream/third-party/prometheus/prometheus-service.yaml new file mode 100644 index 00000000000..7071bb7a910 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/prometheus/prometheus-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: prometheus + name: prometheus +spec: + selector: + app: prometheus + ports: + - name: promui + protocol: TCP + port: 9090 + targetPort: 9090 diff --git a/apps/kfp-tekton/upstream/third-party/tekton-custom-task/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/kustomization.yaml new file mode 100644 index 00000000000..5310e47ba57 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +bases: +- pipeline-loops + +namespace: tekton-pipelines + +images: + - name: docker.io/aipipeline/pipelineloop-controller + newTag: 0.8.0-rc0 + - name: docker.io/aipipeline/pipelineloop-webhook + newTag: 0.8.0-rc0 diff --git a/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/200-serviceaccount.yaml b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/200-serviceaccount.yaml new file mode 100644 index 00000000000..c995e80bd67 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/200-serviceaccount.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-pipelineloop-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops diff --git a/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/201-clusterrole.yaml b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/201-clusterrole.yaml new file mode 100644 index 00000000000..c4514eeaf65 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/201-clusterrole.yaml @@ -0,0 +1,92 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelineloop-controller-cluster-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +rules: + # Controller needs cluster access to all of the CRDs that it is responsible for managing. + - apiGroups: ["tekton.dev"] + resources: ["runs", "taskruns", "pipelineruns"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["runs/status", "taskruns/status", "pipelineruns/status", "runs/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["custom.tekton.dev"] + resources: ["pipelineloops"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["apps"] + resources: ["deployments", "deployments/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + # This is the access that the controller needs on a per-namespace basis. + name: tekton-pipelineloop-controller-tenant-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelineloop-webhook-cluster-access + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +rules: + # The webhook needs to be able to list and update customresourcedefinitions, + # mainly to update the webhook certificates. + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions", "customresourcedefinitions/status"] + verbs: ["get", "list", "update", "patch", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + # The webhook performs a reconciliation on these two resources and continuously + # updates configuration. + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + # knative starts informers on these things, which is why we need get, list and watch. + verbs: ["list", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + # This mutating webhook is responsible for applying defaults to tekton objects + # as they are received. + resourceNames: ["webhook.pipelineloop.custom.tekton.dev"] + # When there are changes to the configs or secrets, knative updates the mutatingwebhook config + # with the updated certificates or the refreshed set of rules. + verbs: ["get", "update"] + - apiGroups: ["apps"] + resources: ["deployments", "deployments/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + # validation.webhook.pipelineloop.custom.tekton.dev performs schema validation when you, for example, create PipelineLoops. + resourceNames: ["validation.webhook.pipelineloop.custom.tekton.dev"] + # When there are changes to the configs or secrets, knative updates the validatingwebhook config + # with the updated certificates or the refreshed set of rules. + verbs: ["get", "update"] + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-pipelines"] + verbs: ["use"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelineloop-leader-election + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +rules: + # We uses leases for leaderelection + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] diff --git a/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/201-role.yaml b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/201-role.yaml new file mode 100644 index 00000000000..2bc0f84a11c --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/201-role.yaml @@ -0,0 +1,54 @@ +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelineloop-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["config-leader-election", "config-logging", "config-observability"] + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-pipelines"] + verbs: ["use"] +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + # The webhook needs access to these configmaps for logging information. + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["config-logging", "config-observability", "config-leader-election"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list", "watch"] + # The webhook daemon makes a reconciliation loop on tekton-pipelineloop-webhook-certs. Whenever + # the secret changes it updates the webhook configurations with the certificates + # stored in the secret. + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "update"] + resourceNames: ["tekton-pipelineloop-webhook-certs"] + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-pipelines"] + verbs: ["use"] diff --git a/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/201-rolebinding.yaml b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/201-rolebinding.yaml new file mode 100644 index 00000000000..49336a7016b --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/201-rolebinding.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: tekton-pipelineloop-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +subjects: + - kind: ServiceAccount + name: tekton-pipelineloop-controller + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelineloop-controller + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +subjects: + - kind: ServiceAccount + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelineloop-webhook + apiGroup: rbac.authorization.k8s.io diff --git a/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/202-clusterrolebinding.yaml b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/202-clusterrolebinding.yaml new file mode 100644 index 00000000000..a5403bbef40 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/202-clusterrolebinding.yaml @@ -0,0 +1,88 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelineloop-controller-cluster-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +subjects: + - kind: ServiceAccount + name: tekton-pipelineloop-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelineloop-controller-cluster-access + apiGroup: rbac.authorization.k8s.io +--- +# If this ClusterRoleBinding is replaced with a RoleBinding +# then the ClusterRole would be namespaced. The access described by +# the tekton-pipelineloop-controller-tenant-access ClusterRole would +# be scoped to individual tenant namespaces. +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelineloop-controller-tenant-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +subjects: + - kind: ServiceAccount + name: tekton-pipelineloop-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelineloop-controller-tenant-access + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelineloop-controller-leaderelection + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +subjects: + - kind: ServiceAccount + name: tekton-pipelineloop-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelineloop-leader-election + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelineloop-webhook-cluster-access + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +subjects: + - kind: ServiceAccount + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelineloop-webhook-cluster-access + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelineloop-webhook-leaderelection + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +subjects: + - kind: ServiceAccount + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelineloop-leader-election + apiGroup: rbac.authorization.k8s.io diff --git a/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/300-pipelineloop.yaml b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/300-pipelineloop.yaml new file mode 100644 index 00000000000..0b982494a53 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/300-pipelineloop.yaml @@ -0,0 +1,38 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: pipelineloops.custom.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + pipeline.tekton.dev/release: "devel" + version: "devel" +spec: + group: custom.tekton.dev + preserveUnknownFields: false + validation: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + versions: + - name: v1alpha1 + served: true + storage: true + names: + kind: PipelineLoop + plural: pipelineloops + categories: + - tekton + - tekton-pipelines + scope: Namespaced + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} diff --git a/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/500-controller.yaml b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/500-controller.yaml new file mode 100644 index 00000000000..9b71b964792 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/500-controller.yaml @@ -0,0 +1,56 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-pipelineloop-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "devel" + app.kubernetes.io/part-of: tekton-pipeline-loops + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "devel" + # labels below are related to istio and should not be used for resource lookup + version: "devel" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "devel" + app.kubernetes.io/part-of: tekton-pipeline-loops + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "devel" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelineloop-controller + version: "devel" + spec: + serviceAccountName: tekton-pipelineloop-controller + containers: + - name: tekton-pipelineloop-controller + image: docker.io/aipipeline/pipelineloop-controller:nightly + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: tekton.dev/pipeline diff --git a/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/500-webhook-configuration.yaml b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/500-webhook-configuration.yaml new file mode 100644 index 00000000000..6833bd28c9f --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/500-webhook-configuration.yaml @@ -0,0 +1,53 @@ +apiVersion: v1 +kind: Secret +metadata: + name: tekton-pipelineloop-webhook-certs + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + pipeline.tekton.dev/release: "devel" +# The data is populated at install time. + +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.pipelineloop.custom.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + pipeline.tekton.dev/release: "devel" +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: validation.webhook.pipelineloop.custom.tekton.dev + +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.pipelineloop.custom.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + pipeline.tekton.dev/release: "devel" +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: webhook.pipelineloop.custom.tekton.dev diff --git a/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/500-webhook.yaml b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/500-webhook.yaml new file mode 100644 index 00000000000..08b5728f934 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/500-webhook.yaml @@ -0,0 +1,98 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "devel" + app.kubernetes.io/part-of: tekton-pipeline-loops + pipeline.tekton.dev/release: "devel" + version: "devel" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "devel" + app.kubernetes.io/part-of: tekton-pipeline-loops + pipeline.tekton.dev/release: "devel" + app: tekton-pipelines-webhook + version: "devel" + spec: + serviceAccountName: tekton-pipelineloop-webhook + containers: + - name: webhook + image: docker.io/aipipeline/pipelineloop-webhook:nightly + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # If you are changing these names, you will also need to update + # the webhook's Role in 200-role.yaml to include the new + # values in the "configmaps" "get" rule. + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election + - name: WEBHOOK_SERVICE_NAME + value: tekton-pipelineloop-webhook + - name: WEBHOOK_SECRET_NAME + value: tekton-pipelineloop-webhook-certs + - name: METRICS_DOMAIN + value: tekton.dev/pipeline + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: https-webhook + containerPort: 8443 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "devel" + app.kubernetes.io/part-of: tekton-pipeline-loops + pipeline.tekton.dev/release: "devel" + app: tekton-pipelines-webhook + version: "devel" + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops diff --git a/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/kustomization.yaml new file mode 100644 index 00000000000..48d13ed58e3 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - 200-serviceaccount.yaml + - 201-clusterrole.yaml + - 201-role.yaml + - 201-rolebinding.yaml + - 202-clusterrolebinding.yaml + - 300-pipelineloop.yaml + - 500-controller.yaml + - 500-webhook-configuration.yaml + - 500-webhook.yaml diff --git a/apps/kfp-tekton/upstream/third-party/tekton/base/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/tekton/base/kustomization.yaml new file mode 100644 index 00000000000..632bff25aaf --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/base/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +bases: +- ../upstream/manifests/base/tektoncd-install diff --git a/apps/kfp-tekton/upstream/third-party/tekton/installs/cluster/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/tekton/installs/cluster/kustomization.yaml new file mode 100644 index 00000000000..2e9e7974b3e --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/installs/cluster/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +bases: + - ../../base diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/kustomization.yaml new file mode 100644 index 00000000000..a654682cb47 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- tektoncd-install +- tektoncd-dashboard diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/cluster-role-binding.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/cluster-role-binding.yaml new file mode 100644 index 00000000000..cf4e1826f1a --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/cluster-role-binding.yaml @@ -0,0 +1,44 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: tekton-dashboard + name: tekton-dashboard-backend +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-dashboard-backend +subjects: + - kind: ServiceAccount + name: tekton-dashboard + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: tekton-dashboard + name: tekton-dashboard-tenant +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-dashboard-tenant +subjects: + - kind: ServiceAccount + name: tekton-dashboard + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: tekton-dashboard + name: tekton-dashboard-extensions +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-dashboard-extensions +subjects: + - kind: ServiceAccount + name: tekton-dashboard + namespace: tekton-pipelines diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/cluster-role.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/cluster-role.yaml new file mode 100644 index 00000000000..d1e2bb6ca81 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/cluster-role.yaml @@ -0,0 +1,213 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: tekton-dashboard + name: tekton-dashboard-backend +rules: + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - tekton.dev + resources: + - clustertasks + - clustertasks/status + verbs: + - get + - list + - watch + - apiGroups: + - triggers.tekton.dev + resources: + - clustertriggerbindings + verbs: + - get + - list + - watch + - apiGroups: + - dashboard.tekton.dev + resources: + - extensions + verbs: + - create + - update + - delete + - patch + - apiGroups: + - tekton.dev + resources: + - clustertasks + - clustertasks/status + verbs: + - create + - update + - delete + - patch + - apiGroups: + - triggers.tekton.dev + resources: + - clustertriggerbindings + verbs: + - create + - update + - delete + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: tekton-dashboard + name: tekton-dashboard-dashboard +rules: + - apiGroups: + - apps + resources: + - deployments + verbs: + - list +--- +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.dashboard.tekton.dev/aggregate-to-dashboard: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: tekton-dashboard + name: tekton-dashboard-extensions +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: tekton-dashboard + name: tekton-dashboard-pipelines +rules: + - apiGroups: + - apps + resources: + - deployments + verbs: + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: tekton-dashboard + name: tekton-dashboard-tenant +rules: + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - dashboard.tekton.dev + resources: + - extensions + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + - pods/log + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - tasks + - taskruns + - pipelines + - pipelineruns + - pipelineresources + - conditions + - tasks/status + - taskruns/status + - pipelines/status + - pipelineruns/status + - taskruns/finalizers + - pipelineruns/finalizers + verbs: + - get + - list + - watch + - apiGroups: + - triggers.tekton.dev + resources: + - eventlisteners + - triggerbindings + - triggertemplates + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - tasks + - taskruns + - pipelines + - pipelineruns + - pipelineresources + - conditions + - taskruns/finalizers + - pipelineruns/finalizers + - tasks/status + - taskruns/status + - pipelines/status + - pipelineruns/status + verbs: + - create + - update + - delete + - patch + - apiGroups: + - triggers.tekton.dev + resources: + - eventlisteners + - triggerbindings + - triggertemplates + verbs: + - create + - update + - delete + - patch + - add +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: tekton-dashboard + name: tekton-dashboard-triggers +rules: + - apiGroups: + - apps + resources: + - deployments + verbs: + - list diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/crds.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/crds.yaml new file mode 100644 index 00000000000..2a98fbf0232 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/crds.yaml @@ -0,0 +1,42 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: tekton-dashboard + name: extensions.dashboard.tekton.dev +spec: + group: dashboard.tekton.dev + names: + categories: + - tekton + - tekton-dashboard + kind: Extension + plural: extensions + shortNames: + - ext + - exts + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.apiVersion + name: API version + type: string + - jsonPath: .spec.name + name: Kind + type: string + - jsonPath: .spec.displayname + name: Display name + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/deployment.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/deployment.yaml new file mode 100644 index 00000000000..dc478e62e3c --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/deployment.yaml @@ -0,0 +1,56 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: tekton-dashboard + app.kubernetes.io/version: v0.14.0 + dashboard.tekton.dev/release: v0.14.0 + name: tekton-dashboard + namespace: tekton-pipelines +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: tekton-dashboard + template: + metadata: + labels: + app.kubernetes.io/component: tekton-dashboard + app.kubernetes.io/version: v0.14.0 + name: tekton-dashboard + spec: + containers: + - args: + - --port=9097 + - --logout-url= + - --pipelines-namespace=tekton-pipelines + - --triggers-namespace=tekton-pipelines + - --read-only=false + - --log-level=info + - --log-format=json + - --namespace= + - --openshift=false + - --stream-logs=false + - --external-logs= + env: + - name: INSTALLED_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard@sha256:e36ec9efe78b4bb56a4b1c24d8241bee3a2b477aeef20ff864d1edef31953cd8 + livenessProbe: + httpGet: + path: /health + port: 9097 + name: tekton-dashboard + ports: + - containerPort: 9097 + readinessProbe: + httpGet: + path: /readiness + port: 9097 + securityContext: + runAsNonRoot: true + runAsUser: 65532 + serviceAccountName: tekton-dashboard + volumes: [] diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/kustomization.yaml new file mode 100644 index 00000000000..ad5a6c18bb0 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/kustomization.yaml @@ -0,0 +1,15 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- crds.yaml +- service-account.yaml +- cluster-role.yaml +- cluster-role-binding.yaml +- deployment.yaml +- service.yaml +- role-binding.yaml +namespace: tekton-pipelines +images: +- name: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard + newName: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard + digest: sha256:e36ec9efe78b4bb56a4b1c24d8241bee3a2b477aeef20ff864d1edef31953cd8 diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/role-binding.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/role-binding.yaml new file mode 100644 index 00000000000..fb416e20cb3 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/role-binding.yaml @@ -0,0 +1,47 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: tekton-dashboard + name: tekton-dashboard-pipelines + namespace: tekton-pipelines +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-dashboard-pipelines +subjects: + - kind: ServiceAccount + name: tekton-dashboard + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: tekton-dashboard + name: tekton-dashboard-dashboard + namespace: tekton-pipelines +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-dashboard-dashboard +subjects: + - kind: ServiceAccount + name: tekton-dashboard + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: tekton-dashboard + name: tekton-dashboard-triggers + namespace: tekton-pipelines +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-dashboard-triggers +subjects: + - kind: ServiceAccount + name: tekton-dashboard + namespace: tekton-pipelines diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/service-account.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/service-account.yaml new file mode 100644 index 00000000000..4b2a8d4a07a --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/service-account.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: tekton-dashboard + name: tekton-dashboard + namespace: tekton-pipelines diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/service.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/service.yaml new file mode 100644 index 00000000000..61b880f017e --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: tekton-dashboard + app.kubernetes.io/version: v0.14.0 + dashboard.tekton.dev/release: v0.14.0 + name: tekton-dashboard + namespace: tekton-pipelines +spec: + ports: + - name: http + port: 9097 + protocol: TCP + targetPort: 9097 + selector: + app.kubernetes.io/component: tekton-dashboard diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/cluster-role-binding.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/cluster-role-binding.yaml new file mode 100644 index 00000000000..49ea01f6fde --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/cluster-role-binding.yaml @@ -0,0 +1,48 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelines-controller-cluster-access + labels: + app.kubernetes.io/component: tekton-pipelines-controller +subjects: + - kind: ServiceAccount + name: tekton-pipelines-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelines-controller-cluster-access + apiGroup: rbac.authorization.k8s.io +--- +# If this ClusterRoleBinding is replaced with a RoleBinding +# then the ClusterRole would be namespaced. The access described by +# the tekton-pipelines-controller-tenant-access ClusterRole would +# be scoped to individual tenant namespaces. +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelines-controller-tenant-access + labels: + app.kubernetes.io/component: tekton-pipelines-controller +subjects: + - kind: ServiceAccount + name: tekton-pipelines-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelines-controller-tenant-access + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelines-webhook-cluster-access + labels: + app.kubernetes.io/component: tekton-pipelines-webhook +subjects: + - kind: ServiceAccount + name: tekton-pipelines-webhook + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelines-webhook-cluster-access + apiGroup: rbac.authorization.k8s.io diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/cluster-role.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/cluster-role.yaml new file mode 100644 index 00000000000..6428ec7bac4 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/cluster-role.yaml @@ -0,0 +1,133 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-controller-cluster-access + labels: + app.kubernetes.io/component: tekton-pipelines-controller +rules: + - apiGroups: [""] + # Namespace access is required because the controller timeout handling logic + # iterates over all namespaces and times out any PipelineRuns that have expired. + # Pod access is required because the taskrun controller wants to be updated when + # a Pod underlying a TaskRun changes state. + resources: ["namespaces", "pods"] + verbs: ["list", "watch"] + # Controller needs cluster access to all of the CRDs that it is responsible for + # managing. + - apiGroups: ["tekton.dev"] + resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "pipelineresources", "conditions", "runs"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["taskruns/finalizers", "pipelineruns/finalizers", "runs/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "pipelineresources/status", "runs/status"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + # This is the access that the controller needs on a per-namespace basis. + name: tekton-pipelines-controller-tenant-access + labels: + app.kubernetes.io/component: tekton-pipelines-controller +rules: + - apiGroups: [""] + resources: ["pods", "pods/log", "secrets", "events", "serviceaccounts", "configmaps", "persistentvolumeclaims", "limitranges"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + # Unclear if this access is actually required. Simply a hold-over from the previous + # incarnation of the controller's ClusterRole. + - apiGroups: ["apps"] + resources: ["deployments", "statefulsets"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["apps"] + resources: ["deployments/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-webhook-cluster-access + labels: + app.kubernetes.io/component: tekton-pipelines-webhook +rules: + # The webhook needs to be able to list and update customresourcedefinitions, + # mainly to update the webhook certificates. + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions", "customresourcedefinitions/status"] + verbs: ["get", "list", "update", "patch", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + # The webhook performs a reconciliation on these two resources and continuously + # updates configuration. + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + # knative starts informers on these things, which is why we need get, list and watch. + verbs: ["list", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + # This mutating webhook is responsible for applying defaults to tekton objects + # as they are received. + resourceNames: ["webhook.pipeline.tekton.dev"] + # When there are changes to the configs or secrets, knative updates the mutatingwebhook config + # with the updated certificates or the refreshed set of rules. + verbs: ["get", "update"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + # validation.webhook.pipeline.tekton.dev performs schema validation when you, for example, create TaskRuns. + # config.webhook.pipeline.tekton.dev validates the logging configuration against knative's logging structure + resourceNames: ["validation.webhook.pipeline.tekton.dev", "config.webhook.pipeline.tekton.dev"] + # When there are changes to the configs or secrets, knative updates the validatingwebhook config + # with the updated certificates or the refreshed set of rules. + verbs: ["get", "update"] + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-pipelines"] + verbs: ["use"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-aggregate-edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - tekton.dev + resources: + - tasks + - taskruns + - pipelines + - pipelineruns + - pipelineresources + - conditions + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-aggregate-view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: + - apiGroups: + - tekton.dev + resources: + - tasks + - taskruns + - pipelines + - pipelineruns + - pipelineresources + - conditions + verbs: + - get + - list + - watch diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/config-map.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/config-map.yaml new file mode 100644 index 00000000000..573b7b4a8bd --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/config-map.yaml @@ -0,0 +1,258 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-artifact-bucket + namespace: tekton-pipelines +# data: +# # location of the gcs bucket to be used for artifact storage +# location: "gs://bucket-name" +# # name of the secret that will contain the credentials for the service account +# # with access to the bucket +# bucket.service.account.secret.name: +# # The key in the secret with the required service account json +# bucket.service.account.secret.key: +# # The field name that should be used for the service account +# # Valid values: GOOGLE_APPLICATION_CREDENTIALS, BOTO_CONFIG. +# bucket.service.account.field.name: GOOGLE_APPLICATION_CREDENTIALS + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-artifact-pvc + namespace: tekton-pipelines +# data: +# # size of the PVC volume +# size: 5Gi +# +# # storage class of the PVC volume +# storageClassName: storage-class-name + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-defaults + namespace: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # default-timeout-minutes contains the default number of + # minutes to use for TaskRun and PipelineRun, if none is specified. + default-timeout-minutes: "60" # 60 minutes + + # default-service-account contains the default service account name + # to use for TaskRun and PipelineRun, if none is specified. + default-service-account: "default" + + # default-managed-by-label-value contains the default value given to the + # "app.kubernetes.io/managed-by" label applied to all Pods created for + # TaskRuns. If a user's requested TaskRun specifies another value for this + # label, the user's request supercedes. + default-managed-by-label-value: "tekton-pipelines" + + # default-pod-template contains the default pod template to use + # TaskRun and PipelineRun, if none is specified. If a pod template + # is specified, the default pod template is ignored. + # default-pod-template: + + # default-cloud-events-sink contains the default CloudEvents sink to be + # used for TaskRun and PipelineRun, when no sink is specified. + # Note that right now it is still not possible to set a PipelineRun or + # TaskRun specific sink, so the default is the only option available. + # If no sink is specified, no CloudEvent is generated + # default-cloud-events-sink: + + # default-task-run-workspace-binding contains the default workspace + # configuration provided for any Workspaces that a Task declares + # but that a TaskRun does not explicitly provide. + # default-task-run-workspace-binding: | + # emptyDir: {} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: feature-flags + namespace: tekton-pipelines +data: + # Setting this flag to "true" will prevent Tekton to create an + # Affinity Assistant for every TaskRun sharing a PVC workspace + # + # The default behaviour is for Tekton to create Affinity Assistants + # + # See more in the workspace documentation about Affinity Assistant + # https://github.com/tektoncd/pipeline/blob/master/docs/workspaces.md#affinity-assistant-and-specifying-workspace-order-in-a-pipeline + # or https://github.com/tektoncd/pipeline/pull/2630 for more info. + disable-affinity-assistant: "false" + # Setting this flag to "true" will prevent Tekton overriding your + # Task container's $HOME environment variable. + # + # The default behaviour currently is for Tekton to override the + # $HOME environment variable but this will change in an upcoming + # release. + # + # See https://github.com/tektoncd/pipeline/issues/2013 for more + # info. + disable-home-env-overwrite: "true" + # Setting this flag to "true" will prevent Tekton overriding your + # Task container's working directory. + # + # The default behaviour currently is for Tekton to override the + # working directory if not set by the user but this will change + # in an upcoming release. + # + # See https://github.com/tektoncd/pipeline/issues/1836 for more + # info. + disable-working-directory-overwrite: "true" + # Setting this flag to "true" will prevent Tekton scanning attached + # service accounts and injecting any credentials it finds into your + # Steps. + # + # The default behaviour currently is for Tekton to search service + # accounts for secrets matching a specified format and automatically + # mount those into your Steps. + # + # Note: setting this to "true" will prevent PipelineResources from + # working. + # + # See https://github.com/tektoncd/pipeline/issues/1836 for more + # info. + disable-creds-init: "false" + # This option should be set to false when Pipelines is running in a + # cluster that does not use injected sidecars such as Istio. Setting + # it to false should decrease the time it takes for a TaskRun to start + # running. For clusters that use injected sidecars, setting this + # option to false can lead to unexpected behavior. + # + # See https://github.com/tektoncd/pipeline/issues/2080 for more info. + running-in-environment-with-injected-sidecars: "true" + # Setting this flag to "true" will require that any Git SSH Secret + # offered to Tekton must have known_hosts included. + # + # See https://github.com/tektoncd/pipeline/issues/2981 for more + # info. + require-git-ssh-secret-known-hosts: "false" + # Setting this flag to "true" enables the use of Tekton OCI bundle. + # This is an experimental feature and thus should still be considered + # an alpha feature. + enable-tekton-oci-bundles: "false" + # Setting this flag to "true" enables the use of custom tasks from + # within pipelines. + # This is an experimental feature and thus should still be considered + # an alpha feature. + enable-custom-tasks: "true" + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election + namespace: tekton-pipelines +data: + # An inactive but valid configuration follows; see example. + leaseDuration: "15s" + renewDeadline: "10s" + retryPeriod: "2s" + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging + namespace: tekton-pipelines +data: + # Common configuration for all knative codebase + zap-logger-config: | + { + "level": "info", + "development": false, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "ts", + "levelKey": "level", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "msg", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + # Log level overrides + loglevel.controller: "info" + loglevel.webhook: "info" + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-observability + namespace: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using Stackdriver will incur additional charges. + metrics.backend-destination: prometheus + + # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used and metrics will be sent to the cluster's project if this field is + # not provided. + metrics.stackdriver-project-id: "" + + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed + # to send metrics to Stackdriver using "global" resource type and custom + # metric type. Setting this flag to "true" could cause extra Stackdriver + # charge. If metrics.backend-destination is not Stackdriver, this is + # ignored. + metrics.allow-stackdriver-custom-metrics: "false" + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-registry-cert + namespace: tekton-pipelines +# data: +# # Registry's self-signed certificate +# cert: | diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/crds.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/crds.yaml new file mode 100644 index 00000000000..b4e2211eee1 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/crds.yaml @@ -0,0 +1,397 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clustertasks.tekton.dev + labels: + pipeline.tekton.dev/release: "v0.21.0" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - &version + name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - !!merge <<: *version + name: v1beta1 + storage: true + names: + kind: ClusterTask + plural: clustertasks + categories: + - tekton + - tekton-pipelines + scope: Cluster + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: conditions.tekton.dev + labels: + pipeline.tekton.dev/release: "v0.21.0" +spec: + group: tekton.dev + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: Condition + plural: conditions + categories: + - tekton + - tekton-pipelines + scope: Namespaced + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: pipelines.tekton.dev + labels: + pipeline.tekton.dev/release: "v0.21.0" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - &version + name: v1alpha1 + served: true + storage: false + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + - !!merge <<: *version + name: v1beta1 + storage: true + names: + kind: Pipeline + plural: pipelines + categories: + - tekton + - tekton-pipelines + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: pipelineruns.tekton.dev + labels: + pipeline.tekton.dev/release: "v0.21.0" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - &version + name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - !!merge <<: *version + name: v1beta1 + storage: true + names: + kind: PipelineRun + plural: pipelineruns + categories: + - tekton + - tekton-pipelines + shortNames: + - pr + - prs + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: pipelineresources.tekton.dev + labels: + pipeline.tekton.dev/release: "v0.21.0" +spec: + group: tekton.dev + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: PipelineResource + plural: pipelineresources + categories: + - tekton + - tekton-pipelines + scope: Namespaced + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: runs.tekton.dev + labels: + pipeline.tekton.dev/release: "v0.21.0" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: Run + plural: runs + categories: + - tekton + - tekton-pipelines + scope: Namespaced + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: tasks.tekton.dev + labels: + pipeline.tekton.dev/release: "v0.21.0" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - &version + name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - !!merge <<: *version + name: v1beta1 + storage: true + names: + kind: Task + plural: tasks + categories: + - tekton + - tekton-pipelines + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: taskruns.tekton.dev + labels: + pipeline.tekton.dev/release: "v0.21.0" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - &version + name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - !!merge <<: *version + name: v1beta1 + storage: true + names: + kind: TaskRun + plural: taskruns + categories: + - tekton + - tekton-pipelines + shortNames: + - tr + - trs + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/deployment.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/deployment.yaml new file mode 100644 index 00000000000..5b1cd8e7d8b --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/deployment.yaml @@ -0,0 +1,222 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-pipelines-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: tekton-pipelines-controller + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.21.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: tekton-pipelines-controller + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app.kubernetes.io/component: tekton-pipelines-controller + app.kubernetes.io/version: "v0.21.0" + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.21.0" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-controller + spec: + serviceAccountName: tekton-pipelines-controller + containers: + - name: tekton-pipelines-controller + image: $(tekton-registry)/$(controller) + args: [ + # Version, to be replace at release time + "-version", "v0.21.0", + # These images are built on-demand by `ko resolve` and are replaced + # by image references by digest. + "-kubeconfig-writer-image", $(tekton-registry)/$(kubeconfigwriter), + "-git-image", $(tekton-registry)/$(git-init), + "-entrypoint-image", $(tekton-registry)/$(entrypoint), + "-nop-image", $(tekton-registry)/$(nop), + "-imagedigest-exporter-image", $(tekton-registry)/$(imagedigestexporter), + "-pr-image", $(tekton-registry)/$(pullrequest-init), + "-build-gcs-fetcher-image", $(tekton-registry)/$(gcs-fetcher), + # This is gcr.io/google.com/cloudsdktool/cloud-sdk:302.0.0-slim + "-gsutil-image", $(gsutil-registry)/$(gsutil), + # The shell image must be root in order to create directories and copy files to PVCs. + # gcr.io/distroless/base:debug as of November 15, 2020 + # image shall not contains tag, so it will be supported on a runtime like cri-o + "-shell-image", $(bash-registry)/$(bash)] + volumeMounts: + - name: config-logging + mountPath: /etc/config-logging + - name: config-registry-cert + mountPath: /etc/config-registry-cert + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # If you are changing these names, you will also need to update + # the controller's Role in 200-role.yaml to include the new + # values in the "configmaps" "get" rule. + - name: CONFIG_DEFAULTS_NAME + value: config-defaults + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_ARTIFACT_BUCKET_NAME + value: config-artifact-bucket + - name: CONFIG_ARTIFACT_PVC_NAME + value: config-artifact-pvc + - name: CONFIG_FEATURE_FLAGS_NAME + value: feature-flags + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election + - name: SSL_CERT_FILE + value: /etc/config-registry-cert/cert + - name: SSL_CERT_DIR + value: /etc/ssl/certs + - name: METRICS_DOMAIN + value: tekton.dev/pipeline + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + # User 65532 is the distroless nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + ports: + - name: probes + containerPort: 8080 + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + volumes: + - name: config-logging + configMap: + name: config-logging + - name: config-registry-cert + configMap: + name: config-registry-cert +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: tekton-pipelines-webhook + app.kubernetes.io/version: "v0.21.0" + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.21.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: tekton-pipelines-webhook + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app.kubernetes.io/component: tekton-pipelines-webhook + app.kubernetes.io/version: "v0.21.0" + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.21.0" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-webhook + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: tekton-pipelines-webhook + containers: + - name: webhook + # This is the Go import path for the binary that is containerized + # and substituted here. + image: $(tekton-registry)/$(webhook) + # Resource request required for autoscaler to take any action for a metric + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # If you are changing these names, you will also need to update + # the webhook's Role in 200-role.yaml to include the new + # values in the "configmaps" "get" rule. + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election + - name: WEBHOOK_SERVICE_NAME + value: tekton-pipelines-webhook + - name: WEBHOOK_SECRET_NAME + value: webhook-certs + - name: METRICS_DOMAIN + value: tekton.dev/pipeline + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + # User 65532 is the distroless nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: https-webhook + containerPort: 8443 + - name: probes + containerPort: 8080 + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/horizontal-pod-autoscaler.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/horizontal-pod-autoscaler.yaml new file mode 100644 index 00000000000..1048f89f37e --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/horizontal-pod-autoscaler.yaml @@ -0,0 +1,22 @@ +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: tekton-pipelines-webhook + app.kubernetes.io/version: "v0.21.0" + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.21.0" +spec: + minReplicas: 1 + maxReplicas: 5 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: tekton-pipelines-webhook + metrics: + - type: Resource + resource: + name: cpu + targetAverageUtilization: 100 diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/kustomization.yaml new file mode 100644 index 00000000000..3595528955b --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/kustomization.yaml @@ -0,0 +1,146 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- namespace.yaml +- crds.yaml +- cluster-role-binding.yaml +- cluster-role.yaml +- config-map.yaml +- pod-security-policy.yaml +- service-account.yaml +- service.yaml +- deployment.yaml +- role.yaml +- role-binding.yaml +- secret.yaml +- webhook-configuration.yaml +- horizontal-pod-autoscaler.yaml +- policy.yaml +namespace: tekton-pipelines +configMapGenerator: +- name: tektoncd-parameters + literals: + - tekton-registry=gcr.io/tekton-releases + - gsutil-registry=gcr.io/google.com + - bash-registry=gcr.io/distroless + - webhook=github.com/tektoncd/pipeline/cmd/webhook:v0.21.0@sha256:1c9c9acf8451fd40ce46dc4069d1b589a7fe1b9e5798652beb4f514e4a17e8cb + - nop=github.com/tektoncd/pipeline/cmd/nop:v0.21.0@sha256:8172a046a040a6267888ab9755b48631bbcf92ea58534ae506bb80125ee94cc2 + - entrypoint=github.com/tektoncd/pipeline/cmd/entrypoint:v0.21.0@sha256:d5af7d58c2ad222548e7fcaf7d8e8172837df254b49cc636d1f9d0d8c499beb8 + - gsutil=cloudsdktool/cloud-sdk@sha256:27b2c22bf259d9bc1a291e99c63791ba0c27a04d2db0a43241ba0f1f20f4067f + - gcs-fetcher=github.com/tektoncd/pipeline/vendor/github.com/googlecloudplatform/cloud-builders/gcs-fetcher/cmd/gcs-fetcher:v0.21.0@sha256:41c251a2cc7e7c6e6c0f8d3bc3f0c3cc6a980325e754d4d95570c775a2a80b35 + - bash=base@sha256:92720b2305d7315b5426aec19f8651e9e04222991f877cae71f40b3141d2f07e + - git-init=github.com/tektoncd/pipeline/cmd/git-init:v0.21.0@sha256:db18a9c1607c8cbbcd72f61d0c4d795b9ff528669deacd5f8a1672e4ef198ffd + - pullrequest-init=github.com/tektoncd/pipeline/cmd/pullrequest-init:v0.21.0@sha256:6e2c398d27d5d9f6de3a41ed2d70d9c940e22a648a349c5cb5bbdbb76484c9fe + - imagedigestexporter=github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.21.0@sha256:265641edf8fbb19f844f7d2006d1b81927f43fd1b19f037709355938a1e3c78e + - kubeconfigwriter=github.com/tektoncd/pipeline/cmd/kubeconfigwriter:v0.21.0@sha256:1727868bd5a22dd8e45a4efca0a7f0b5b00cd1bbbe97068e60986ae221b828c3 + - controller=github.com/tektoncd/pipeline/cmd/controller:v0.21.0@sha256:972ee9c3f43c88495b074bfc0a8350eb34131355ab9ddc5da63c59f64d74e83d +generatorOptions: + disableNameSuffixHash: true +vars: +- name: tekton-registry + objref: + kind: ConfigMap + name: tektoncd-parameters + apiVersion: v1 + fieldref: + fieldpath: data.tekton-registry +- name: gsutil-registry + objref: + kind: ConfigMap + name: tektoncd-parameters + apiVersion: v1 + fieldref: + fieldpath: data.gsutil-registry +- name: bash-registry + objref: + kind: ConfigMap + name: tektoncd-parameters + apiVersion: v1 + fieldref: + fieldpath: data.bash-registry +- name: entrypoint + objref: + kind: ConfigMap + name: tektoncd-parameters + apiVersion: v1 + fieldref: + fieldpath: data.entrypoint +- name: nop + objref: + kind: ConfigMap + name: tektoncd-parameters + apiVersion: v1 + fieldref: + fieldpath: data.nop +- name: webhook + objref: + kind: ConfigMap + name: tektoncd-parameters + apiVersion: v1 + fieldref: + fieldpath: data.webhook +- name: gcs-fetcher + objref: + kind: ConfigMap + name: tektoncd-parameters + apiVersion: v1 + fieldref: + fieldpath: data.gcs-fetcher +- name: gsutil + objref: + kind: ConfigMap + name: tektoncd-parameters + apiVersion: v1 + fieldref: + fieldpath: data.gsutil +- name: bash + objref: + kind: ConfigMap + name: tektoncd-parameters + apiVersion: v1 + fieldref: + fieldpath: data.bash +- name: git-init + objref: + kind: ConfigMap + name: tektoncd-parameters + apiVersion: v1 + fieldref: + fieldpath: data.git-init +- name: pullrequest-init + objref: + kind: ConfigMap + name: tektoncd-parameters + apiVersion: v1 + fieldref: + fieldpath: data.pullrequest-init +- name: imagedigestexporter + objref: + kind: ConfigMap + name: tektoncd-parameters + apiVersion: v1 + fieldref: + fieldpath: data.imagedigestexporter +- name: kubeconfigwriter + objref: + kind: ConfigMap + name: tektoncd-parameters + apiVersion: v1 + fieldref: + fieldpath: data.kubeconfigwriter +- name: controller + objref: + kind: ConfigMap + name: tektoncd-parameters + apiVersion: v1 + fieldref: + fieldpath: data.controller +configurations: +- params.yaml +images: +- name: $(registry)/$(controller) + newName: $(registry)/$(controller) + newTag: latest +- name: $(registry)/$(webhook) + newName: $(registry)/$(webhook) + newTag: latest diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/namespace.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/namespace.yaml new file mode 100644 index 00000000000..5439a25ef3e --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: tekton-pipelines diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/params.env b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/params.env new file mode 100644 index 00000000000..ca4e9c293c8 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/params.env @@ -0,0 +1,14 @@ +tekton-registry=gcr.io/tekton-releases +gsutil-registry=gcr.io/google.com +bash-registry=gcr.io/distroless +webhook=github.com/tektoncd/pipeline/cmd/webhook:v0.21.0@sha256:1c9c9acf8451fd40ce46dc4069d1b589a7fe1b9e5798652beb4f514e4a17e8cb +nop=github.com/tektoncd/pipeline/cmd/nop:v0.21.0@sha256:8172a046a040a6267888ab9755b48631bbcf92ea58534ae506bb80125ee94cc2 +entrypoint=github.com/tektoncd/pipeline/cmd/entrypoint:v0.21.0@sha256:d5af7d58c2ad222548e7fcaf7d8e8172837df254b49cc636d1f9d0d8c499beb8 +gsutil=cloudsdktool/cloud-sdk@sha256:27b2c22bf259d9bc1a291e99c63791ba0c27a04d2db0a43241ba0f1f20f4067f +gcs-fetcher=github.com/tektoncd/pipeline/vendor/github.com/googlecloudplatform/cloud-builders/gcs-fetcher/cmd/gcs-fetcher:v0.21.0@sha256:41c251a2cc7e7c6e6c0f8d3bc3f0c3cc6a980325e754d4d95570c775a2a80b35 +bash=base@sha256:92720b2305d7315b5426aec19f8651e9e04222991f877cae71f40b3141d2f07e +git-init=github.com/tektoncd/pipeline/cmd/git-init:v0.21.0@sha256:db18a9c1607c8cbbcd72f61d0c4d795b9ff528669deacd5f8a1672e4ef198ffd +pullrequest-init=github.com/tektoncd/pipeline/cmd/pullrequest-init:v0.21.0@sha256:6e2c398d27d5d9f6de3a41ed2d70d9c940e22a648a349c5cb5bbdbb76484c9fe +imagedigestexporter=github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.21.0@sha256:265641edf8fbb19f844f7d2006d1b81927f43fd1b19f037709355938a1e3c78e +kubeconfigwriter=github.com/tektoncd/pipeline/cmd/kubeconfigwriter:v0.21.0@sha256:1727868bd5a22dd8e45a4efca0a7f0b5b00cd1bbbe97068e60986ae221b828c3 +controller=github.com/tektoncd/pipeline/cmd/controller:v0.21.0@sha256:972ee9c3f43c88495b074bfc0a8350eb34131355ab9ddc5da63c59f64d74e83d diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/params.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/params.yaml new file mode 100644 index 00000000000..3d389397289 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/params.yaml @@ -0,0 +1,3 @@ +varReference: +- path: spec/template/spec/containers/image + kind: Deployment diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/pod-security-policy.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/pod-security-policy.yaml new file mode 100644 index 00000000000..107fd03eb26 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/pod-security-policy.yaml @@ -0,0 +1,28 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: tekton-pipelines +spec: + privileged: false + allowPrivilegeEscalation: false + volumes: + - 'emptyDir' + - 'configMap' + - 'secret' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/policy.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/policy.yaml new file mode 100644 index 00000000000..8df9f41b692 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/policy.yaml @@ -0,0 +1,15 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: tekton-pipelines-webhook + app.kubernetes.io/version: "v0.21.0" + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.21.0" +spec: + minAvailable: 80% + selector: + matchLabels: + app.kubernetes.io/component: tekton-pipelines-webhook diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/role-binding.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/role-binding.yaml new file mode 100644 index 00000000000..dbb11848997 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/role-binding.yaml @@ -0,0 +1,63 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: tekton-pipelines-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: tekton-pipelines-controller +subjects: + - kind: ServiceAccount + name: tekton-pipelines-controller + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-controller + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: tekton-pipelines-webhook +subjects: + - kind: ServiceAccount + name: tekton-pipelines-webhook + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-webhook + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: tekton-pipelines-controller-leaderelection + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: tekton-pipelines-controller +subjects: + - kind: ServiceAccount + name: tekton-pipelines-controller + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-leader-election + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: tekton-pipelines-webhook-leaderelection + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: tekton-pipelines-webhook +subjects: + - kind: ServiceAccount + name: tekton-pipelines-webhook + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-leader-election + apiGroup: rbac.authorization.k8s.io diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/role.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/role.yaml new file mode 100644 index 00000000000..16e50901b87 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/role.yaml @@ -0,0 +1,62 @@ +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: tekton-pipelines-controller +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + # The controller needs access to these configmaps for logging information and runtime configuration. + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["config-logging", "config-observability", "config-artifact-bucket", "config-artifact-pvc", "feature-flags", "config-leader-election", "config-registry-cert"] + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-pipelines"] + verbs: ["use"] +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: tekton-pipelines-webhook +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + # The webhook needs access to these configmaps for logging information. + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["config-logging", "config-observability", "config-leader-election"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list", "watch"] + # The webhook daemon makes a reconciliation loop on webhook-certs. Whenever + # the secret changes it updates the webhook configurations with the certificates + # stored in the secret. + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "update"] + resourceNames: ["webhook-certs"] + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-pipelines"] + verbs: ["use"] +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-leader-election + namespace: tekton-pipelines +rules: + # We uses leases for leaderelection + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/secret.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/secret.yaml new file mode 100644 index 00000000000..0c5e438b737 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: webhook-certs + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: tekton-pipelines-webhook + pipeline.tekton.dev/release: "v0.21.0" diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/service-account.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/service-account.yaml new file mode 100644 index 00000000000..f304c81edbe --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/service-account.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-pipelines-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: tekton-pipelines-controller +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: tekton-pipelines-webhook diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/service.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/service.yaml new file mode 100644 index 00000000000..c4690a55251 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/service.yaml @@ -0,0 +1,51 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: tekton-pipelines-controller + app.kubernetes.io/version: "v0.21.0" + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.21.0" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-controller + name: tekton-pipelines-controller + namespace: tekton-pipelines +spec: + ports: + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + - name: probes + port: 8080 + selector: + app.kubernetes.io/component: tekton-pipelines-controller +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: tekton-pipelines-webhook + app.kubernetes.io/version: "v0.21.0" + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.21.0" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-webhook + name: tekton-pipelines-webhook + namespace: tekton-pipelines +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: https-webhook + port: 443 + targetPort: 8443 + - name: probes + port: 8080 + selector: + app.kubernetes.io/component: tekton-pipelines-webhook diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/webhook-configuration.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/webhook-configuration.yaml new file mode 100644 index 00000000000..c19f2732368 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/webhook-configuration.yaml @@ -0,0 +1,53 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.pipeline.tekton.dev + labels: + app.kubernetes.io/component: tekton-pipelines-webhook + pipeline.tekton.dev/release: "v0.21.0" +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: validation.webhook.pipeline.tekton.dev +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.pipeline.tekton.dev + labels: + app.kubernetes.io/component: tekton-pipelines-webhook + pipeline.tekton.dev/release: "v0.21.0" +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: webhook.pipeline.tekton.dev +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: config.webhook.pipeline.tekton.dev + labels: + app.kubernetes.io/component: tekton-pipelines-webhook + pipeline.tekton.dev/release: "v0.21.0" +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: config.webhook.pipeline.tekton.dev + objectSelector: + matchLabels: + app.kubernetes.io/part-of: tekton-pipelines diff --git a/apps/kfp-tekton/upstream/wi-utils.sh b/apps/kfp-tekton/upstream/wi-utils.sh new file mode 100644 index 00000000000..f5a06db927d --- /dev/null +++ b/apps/kfp-tekton/upstream/wi-utils.sh @@ -0,0 +1,85 @@ +#!/bin/bash +# +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +function create_gsa_if_not_present { + local name=${1} + local already_present=$(gcloud iam service-accounts list --filter='name:'$name'' --format='value(name)') + if [ -n "$already_present" ]; then + echo "Service account $name already exists" + else + gcloud iam service-accounts create $name + fi +} + +# Bind KSA to GSA through workload identity. +# Documentation: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity +function bind_gsa_and_ksa { + local gsa=${1} + local ksa=${2} + local project=${3:-$PROJECT_ID} + local gsa_full="$gsa@$project.iam.gserviceaccount.com" + local namespace=${4:-$NAMESPACE} + + gcloud iam service-accounts add-iam-policy-binding $gsa_full \ + --member="serviceAccount:$project.svc.id.goog[$namespace/$ksa]" \ + --role="roles/iam.workloadIdentityUser" \ + > /dev/null # hide verbose output + kubectl annotate serviceaccount \ + --namespace $namespace \ + --overwrite \ + $ksa \ + iam.gke.io/gcp-service-account=$gsa_full + echo "* Bound KSA $ksa in namespace $namespace to GSA $gsa_full" +} + +# This can be used to programmatically verify workload identity binding grants corresponding GSA +# permissions successfully. +# Usage: verify_workload_identity_binding $KSA $NAMESPACE +# +# If you want to verify manually, use the following command instead: +# kubectl run test-$RANDOM --rm -it --restart=Never \ +# --image=google/cloud-sdk:slim \ +# --serviceaccount $ksa \ +# --namespace $namespace \ +# -- /bin/bash +# It connects you to a pod using specified KSA running an image with gcloud and gsutil CLI tools. +function verify_workload_identity_binding { + local ksa=${1} + local namespace=${2} + local max_attempts=10 + local workload_identity_is_ready=false + for i in $(seq 1 ${max_attempts}) + do + workload_identity_is_ready=true + kubectl run test-$RANDOM --rm -i --restart=Never \ + --image=google/cloud-sdk:slim \ + --serviceaccount $ksa \ + --namespace $namespace \ + -- gcloud auth list || workload_identity_is_ready=false + kubectl run test-$RANDOM --rm -i --restart=Never \ + --image=google/cloud-sdk:slim \ + --serviceaccount $ksa \ + --namespace $namespace \ + -- gsutil ls gs:// || workload_identity_is_ready=false + if [ "$workload_identity_is_ready" = true ]; then + break + fi + done + if [ ! "$workload_identity_is_ready" = true ]; then + echo "Workload identity bindings are not ready after $max_attempts attempts" + return 1 + fi +}