diff --git a/data/fluent-operator/config.json b/data/fluent-operator/config.json new file mode 100644 index 000000000..216742579 --- /dev/null +++ b/data/fluent-operator/config.json @@ -0,0 +1,31 @@ +{ + "deploy": { + "steps": [ + { + "apply": { + "file": "data/fluent-operator/operator.yaml", + "operator": true + } + }, + { + "apply": { + "file": "data/fluent-operator/fluent-bit-config.yaml" + } + } + ] + }, + "crd_name": "fluentbits.fluentbit.fluent.io", + "seed_custom_resource": "data/fluent-operator/cr.yaml", + "kubernetes_version": "v1.26.3", + "diff_ignore_fields": [ + "\\['metadata'\\]\\['annotations'\\]\\['anvil\\.dev\\\/lastRestartAt'\\]", + "\\['daemonset_pods'\\]\\['test\\-cluster'\\]\\[.*\\]\\['metadata'\\]\\['labels'\\]\\['pod\\-template\\-generation'\\]", + "\\['daemonset_pods'\\]\\['test\\-cluster'\\]\\[.*\\]\\['spec'\\]\\['affinity'\\]", + "\\['metadata'\\]\\['annotations'\\]\\['deprecated\\.daemonset\\.template\\.generation'\\]" + ], + "kubernetes_engine": { + "feature_gates": { + "StatefulSetAutoDeletePVC": true + } + } +} \ No newline at end of file diff --git a/data/fluent-operator/cr.yaml b/data/fluent-operator/cr.yaml new file mode 100644 index 000000000..aa229b674 --- /dev/null +++ b/data/fluent-operator/cr.yaml @@ -0,0 +1,14 @@ +apiVersion: fluentbit.fluent.io/v1alpha2 +kind: FluentBit +metadata: + name: fluentbit-sample + labels: + app: fluent-bit +spec: + image: kubesphere/fluent-bit:v1.8.3 + imagePullPolicy: IfNotPresent + positionDB: + hostPath: + path: /var/lib/fluent-bit/ + fluentBitConfigName: fluentbitconfig-sample + disableLogVolumes: false \ No newline at end of file diff --git a/data/fluent-operator/fluent-bit-config.yaml b/data/fluent-operator/fluent-bit-config.yaml new file mode 100644 index 000000000..d1e1f644e --- /dev/null +++ b/data/fluent-operator/fluent-bit-config.yaml @@ -0,0 +1,26 @@ +apiVersion: fluentbit.fluent.io/v1alpha2 +kind: FluentBitConfig +metadata: + name: fluentbitconfig-sample + namespace: fluent +spec: + service: + flush: 1 + daemon: false + logLevel: info + parsersFile: parsers.conf + inputSelector: + matchExpressions: + - key: fluentbit.fluent.io/enabled + operator: In + values: ["true"] + filterSelector: + matchExpressions: + - key: fluentbit.fluent.io/enabled + operator: In + values: ["true"] + outputSelector: + matchExpressions: + - key: fluentbit.fluent.io/enabled + operator: In + values: ["true"] \ No newline at end of file diff --git a/data/fluent-operator/operator.yaml b/data/fluent-operator/operator.yaml new file mode 100644 index 000000000..d47ea9348 --- /dev/null +++ b/data/fluent-operator/operator.yaml @@ -0,0 +1,30323 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + name: clusterfilters.fluentbit.fluent.io +spec: + group: fluentbit.fluent.io + names: + kind: ClusterFilter + listKind: ClusterFilterList + plural: clusterfilters + shortNames: + - cfbf + singular: clusterfilter + scope: Cluster + versions: + - name: v1alpha2 + schema: + openAPIV3Schema: + description: ClusterFilter defines a cluster-level Filter configuration. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Filter configuration. + properties: + filters: + description: A set of filter plugins in order. + items: + properties: + aws: + description: Aws defines a Aws configuration. + properties: + accountID: + description: The account ID for current EC2 instance.Default + is false. + type: boolean + alias: + description: Alias for the plugin + type: string + amiID: + description: The EC2 instance image id.Default is false. + type: boolean + az: + description: The availability zone; for example, "us-east-1a". + Default is true. + type: boolean + ec2InstanceID: + description: The EC2 instance ID.Default is true. + type: boolean + ec2InstanceType: + description: The EC2 instance type.Default is false. + type: boolean + hostName: + description: The hostname for current EC2 instance.Default + is false. + type: boolean + imdsVersion: + description: Specify which version of the instance metadata + service to use. Valid values are 'v1' or 'v2'. + enum: + - v1 + - v2 + type: string + privateIP: + description: The EC2 instance private ip.Default is false. + type: boolean + retryLimit: + description: 'RetryLimit describes how many times fluent-bit + should retry to send data to a specific output. If set + to false fluent-bit will try indefinetly. If set to any + integer N>0 it will try at most N+1 times. Leading zeros + are not allowed (values such as 007, 0150, 01 do not work). + If this property is not defined fluent-bit will use the + default value: 1.' + pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ + type: string + vpcID: + description: The VPC ID for current EC2 instance.Default + is false. + type: boolean + type: object + customPlugin: + description: CustomPlugin defines a Custom plugin configuration. + properties: + config: + type: string + type: object + grep: + description: Grep defines Grep Filter configuration. + properties: + alias: + description: Alias for the plugin + type: string + exclude: + description: 'Exclude records which field matches the regular + expression. Value Format: FIELD REGEX' + type: string + regex: + description: 'Keep records which field matches the regular + expression. Value Format: FIELD REGEX' + type: string + retryLimit: + description: 'RetryLimit describes how many times fluent-bit + should retry to send data to a specific output. If set + to false fluent-bit will try indefinetly. If set to any + integer N>0 it will try at most N+1 times. Leading zeros + are not allowed (values such as 007, 0150, 01 do not work). + If this property is not defined fluent-bit will use the + default value: 1.' + pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ + type: string + type: object + kubernetes: + description: Kubernetes defines Kubernetes Filter configuration. + properties: + alias: + description: Alias for the plugin + type: string + annotations: + description: Include Kubernetes resource annotations in + the extra metadata. + type: boolean + bufferSize: + description: Set the buffer size for HTTP client when reading + responses from Kubernetes API server. + pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ + type: string + cacheUseDockerId: + description: When enabled, metadata will be fetched from + K8s when docker_id is changed. + type: boolean + dnsRetries: + description: DNS lookup retries N times until the network + start working + format: int32 + type: integer + dnsWaitTime: + description: DNS lookup interval between network status + checks + format: int32 + type: integer + dummyMeta: + description: If set, use dummy-meta data (for test/dev purposes) + type: boolean + k8sLoggingExclude: + description: Allow Kubernetes Pods to exclude their logs + from the log processor (read more about it in Kubernetes + Annotations section). + type: boolean + k8sLoggingParser: + description: Allow Kubernetes Pods to suggest a pre-defined + Parser (read more about it in Kubernetes Annotations section) + type: boolean + keepLog: + description: When Keep_Log is disabled, the log field is + removed from the incoming message once it has been successfully + merged (Merge_Log must be enabled as well). + type: boolean + kubeCAFile: + description: CA certificate file + type: string + kubeCAPath: + description: Absolute path to scan for certificate files + type: string + kubeMetaCacheTTL: + description: configurable TTL for K8s cached metadata. By + default, it is set to 0 which means TTL for cache entries + is disabled and cache entries are evicted at random when + capacity is reached. In order to enable this option, you + should set the number to a time interval. For example, + set this value to 60 or 60s and cache entries which have + been created more than 60s will be evicted. + type: string + kubeMetaPreloadCacheDir: + description: If set, Kubernetes meta-data can be cached/pre-loaded + from files in JSON format in this directory, named as + namespace-pod.meta + type: string + kubeTagPrefix: + description: When the source records comes from Tail input + plugin, this option allows to specify what's the prefix + used in Tail configuration. + type: string + kubeTokenFile: + description: Token file + type: string + kubeTokenTTL: + description: configurable 'time to live' for the K8s token. + By default, it is set to 600 seconds. After this time, + the token is reloaded from Kube_Token_File or the Kube_Token_Command. + type: string + kubeURL: + description: API Server end-point + type: string + kubeletHost: + description: kubelet host using for HTTP request, this only + works when Use_Kubelet set to On. + type: string + kubeletPort: + description: kubelet port using for HTTP request, this only + works when useKubelet is set to On. + format: int32 + type: integer + labels: + description: Include Kubernetes resource labels in the extra + metadata. + type: boolean + mergeLog: + description: When enabled, it checks if the log field content + is a JSON string map, if so, it append the map fields + as part of the log structure. + type: boolean + mergeLogKey: + description: When Merge_Log is enabled, the filter tries + to assume the log field from the incoming message is a + JSON string message and make a structured representation + of it at the same level of the log field in the map. Now + if Merge_Log_Key is set (a string name), all the new structured + fields taken from the original log content are inserted + under the new key. + type: string + mergeLogTrim: + description: When Merge_Log is enabled, trim (remove possible + \n or \r) field values. + type: boolean + mergeParser: + description: Optional parser name to specify how to parse + the data contained in the log key. Recommended use is + for developers or testing only. + type: string + regexParser: + description: Set an alternative Parser to process record + Tag and extract pod_name, namespace_name, container_name + and docker_id. The parser must be registered in a parsers + file (refer to parser filter-kube-test as an example). + type: string + retryLimit: + description: 'RetryLimit describes how many times fluent-bit + should retry to send data to a specific output. If set + to false fluent-bit will try indefinetly. If set to any + integer N>0 it will try at most N+1 times. Leading zeros + are not allowed (values such as 007, 0150, 01 do not work). + If this property is not defined fluent-bit will use the + default value: 1.' + pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ + type: string + tlsDebug: + description: Debug level between 0 (nothing) and 4 (every + detail). + format: int32 + type: integer + tlsVerify: + description: When enabled, turns on certificate validation + when connecting to the Kubernetes API server. + type: boolean + useJournal: + description: When enabled, the filter reads logs coming + in Journald format. + type: boolean + useKubelet: + description: This is an optional feature flag to get metadata + information from kubelet instead of calling Kube Server + API to enhance the log. This could mitigate the Kube API + heavy traffic issue for large cluster. + type: boolean + type: object + lua: + description: Lua defines Lua Filter configuration. + properties: + alias: + description: Alias for the plugin + type: string + call: + description: Lua function name that will be triggered to + do filtering. It's assumed that the function is declared + inside the Script defined above. + type: string + protectedMode: + description: If enabled, Lua script will be executed in + protected mode. It prevents to crash when invalid Lua + script is executed. Default is true. + type: boolean + retryLimit: + description: 'RetryLimit describes how many times fluent-bit + should retry to send data to a specific output. If set + to false fluent-bit will try indefinetly. If set to any + integer N>0 it will try at most N+1 times. Leading zeros + are not allowed (values such as 007, 0150, 01 do not work). + If this property is not defined fluent-bit will use the + default value: 1.' + pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ + type: string + script: + description: Path to the Lua script that will be used. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + timeAsTable: + description: By default when the Lua script is invoked, + the record timestamp is passed as a Floating number which + might lead to loss precision when the data is converted + back. If you desire timestamp precision enabling this + option will pass the timestamp as a Lua table with keys + sec for seconds since epoch and nsec for nanoseconds. + type: boolean + typeIntKey: + description: If these keys are matched, the fields are converted + to integer. If more than one key, delimit by space. Note + that starting from Fluent Bit v1.6 integer data types + are preserved and not converted to double as in previous + versions. + items: + type: string + type: array + required: + - call + - script + type: object + modify: + description: Modify defines Modify Filter configuration. + properties: + alias: + description: Alias for the plugin + type: string + conditions: + description: All conditions have to be true for the rules + to be applied. + items: + description: The plugin supports the following conditions + properties: + aKeyMatches: + description: Is true if a key matches regex KEY + type: string + keyDoesNotExist: + additionalProperties: + type: string + description: Is true if KEY does not exist + type: object + keyExists: + description: Is true if KEY exists + type: string + keyValueDoesNotEqual: + additionalProperties: + type: string + description: Is true if KEY exists and its value is + not VALUE + type: object + keyValueDoesNotMatch: + additionalProperties: + type: string + description: Is true if key KEY exists and its value + does not match VALUE + type: object + keyValueEquals: + additionalProperties: + type: string + description: Is true if KEY exists and its value is + VALUE + type: object + keyValueMatches: + additionalProperties: + type: string + description: Is true if key KEY exists and its value + matches VALUE + type: object + matchingKeysDoNotHaveMatchingValues: + additionalProperties: + type: string + description: Is true if all keys matching KEY have + values that do not match VALUE + type: object + matchingKeysHaveMatchingValues: + additionalProperties: + type: string + description: Is true if all keys matching KEY have + values that match VALUE + type: object + noKeyMatches: + description: Is true if no key matches regex KEY + type: string + type: object + type: array + retryLimit: + description: 'RetryLimit describes how many times fluent-bit + should retry to send data to a specific output. If set + to false fluent-bit will try indefinetly. If set to any + integer N>0 it will try at most N+1 times. Leading zeros + are not allowed (values such as 007, 0150, 01 do not work). + If this property is not defined fluent-bit will use the + default value: 1.' + pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ + type: string + rules: + description: Rules are applied in the order they appear, + with each rule operating on the result of the previous + rule. + items: + description: The plugin supports the following rules + properties: + add: + additionalProperties: + type: string + description: Add a key/value pair with key KEY and + value VALUE if KEY does not exist + type: object + copy: + additionalProperties: + type: string + description: Copy a key/value pair with key KEY to + COPIED_KEY if KEY exists AND COPIED_KEY does not + exist + type: object + hardCopy: + additionalProperties: + type: string + description: Copy a key/value pair with key KEY to + COPIED_KEY if KEY exists. If COPIED_KEY already + exists, this field is overwritten + type: object + hardRename: + additionalProperties: + type: string + description: Rename a key/value pair with key KEY + to RENAMED_KEY if KEY exists. If RENAMED_KEY already + exists, this field is overwritten + type: object + remove: + description: Remove a key/value pair with key KEY + if it exists + type: string + removeRegex: + description: Remove all key/value pairs with key matching + regexp KEY + type: string + removeWildcard: + description: Remove all key/value pairs with key matching + wildcard KEY + type: string + rename: + additionalProperties: + type: string + description: Rename a key/value pair with key KEY + to RENAMED_KEY if KEY exists AND RENAMED_KEY does + not exist + type: object + set: + additionalProperties: + type: string + description: Add a key/value pair with key KEY and + value VALUE. If KEY already exists, this field is + overwritten + type: object + type: object + type: array + type: object + multiline: + description: Multiline defines a Multiline configuration. + properties: + alias: + description: Alias for the plugin + type: string + keyContent: + description: Key name that holds the content to process. + Note that a Multiline Parser definition can already specify + the key_content to use, but this option allows to overwrite + that value for the purpose of the filter. + type: string + parser: + description: Specify one or multiple Multiline Parsing definitions + to apply to the content. You can specify multiple multiline + parsers to detect different formats by separating them + with a comma. + type: string + retryLimit: + description: 'RetryLimit describes how many times fluent-bit + should retry to send data to a specific output. If set + to false fluent-bit will try indefinetly. If set to any + integer N>0 it will try at most N+1 times. Leading zeros + are not allowed (values such as 007, 0150, 01 do not work). + If this property is not defined fluent-bit will use the + default value: 1.' + pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ + type: string + required: + - parser + type: object + nest: + description: Nest defines Nest Filter configuration. + properties: + addPrefix: + description: Prefix affected keys with this string + type: string + alias: + description: Alias for the plugin + type: string + nestUnder: + description: Nest records matching the Wildcard under this + key + type: string + nestedUnder: + description: Lift records nested under the Nested_under + key + type: string + operation: + description: Select the operation nest or lift + enum: + - nest + - lift + type: string + removePrefix: + description: Remove prefix from affected keys if it matches + this string + type: string + retryLimit: + description: 'RetryLimit describes how many times fluent-bit + should retry to send data to a specific output. If set + to false fluent-bit will try indefinetly. If set to any + integer N>0 it will try at most N+1 times. Leading zeros + are not allowed (values such as 007, 0150, 01 do not work). + If this property is not defined fluent-bit will use the + default value: 1.' + pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ + type: string + wildcard: + description: Nest records which field matches the wildcard + items: + type: string + type: array + type: object + parser: + description: Parser defines Parser Filter configuration. + properties: + alias: + description: Alias for the plugin + type: string + keyName: + description: Specify field name in record to parse. + type: string + parser: + description: Specify the parser name to interpret the field. + Multiple Parser entries are allowed (split by comma). + type: string + preserveKey: + description: Keep original Key_Name field in the parsed + result. If false, the field will be removed. + type: boolean + reserveData: + description: Keep all other original fields in the parsed + result. If false, all other original fields will be removed. + type: boolean + retryLimit: + description: 'RetryLimit describes how many times fluent-bit + should retry to send data to a specific output. If set + to false fluent-bit will try indefinetly. If set to any + integer N>0 it will try at most N+1 times. Leading zeros + are not allowed (values such as 007, 0150, 01 do not work). + If this property is not defined fluent-bit will use the + default value: 1.' + pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ + type: string + unescapeKey: + description: 'If the key is a escaped string (e.g: stringify + JSON), unescape the string before to apply the parser.' + type: boolean + type: object + recordModifier: + description: RecordModifier defines Record Modifier Filter configuration. + properties: + alias: + description: Alias for the plugin + type: string + allowlistKeys: + description: If the key is not matched, that field is removed. + items: + type: string + type: array + records: + description: Append fields. This parameter needs key and + value pair. + items: + type: string + type: array + removeKeys: + description: If the key is matched, that field is removed. + items: + type: string + type: array + retryLimit: + description: 'RetryLimit describes how many times fluent-bit + should retry to send data to a specific output. If set + to false fluent-bit will try indefinetly. If set to any + integer N>0 it will try at most N+1 times. Leading zeros + are not allowed (values such as 007, 0150, 01 do not work). + If this property is not defined fluent-bit will use the + default value: 1.' + pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ + type: string + uuidKeys: + description: If set, the plugin appends uuid to each record. + The value assigned becomes the key in the map. + items: + type: string + type: array + whitelistKeys: + description: An alias of allowlistKeys for backwards compatibility. + items: + type: string + type: array + type: object + rewriteTag: + description: RewriteTag defines a RewriteTag configuration. + properties: + alias: + description: Alias for the plugin + type: string + emitterName: + description: When the filter emits a record under the new + Tag, there is an internal emitter plugin that takes care + of the job. Since this emitter expose metrics as any other + component of the pipeline, you can use this property to + configure an optional name for it. + type: string + retryLimit: + description: 'RetryLimit describes how many times fluent-bit + should retry to send data to a specific output. If set + to false fluent-bit will try indefinetly. If set to any + integer N>0 it will try at most N+1 times. Leading zeros + are not allowed (values such as 007, 0150, 01 do not work). + If this property is not defined fluent-bit will use the + default value: 1.' + pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ + type: string + rules: + description: 'Defines the matching criteria and the format + of the Tag for the matching record. The Rule format have + four components: KEY REGEX NEW_TAG KEEP.' + items: + type: string + type: array + type: object + throttle: + description: Throttle defines a Throttle configuration. + properties: + alias: + description: Alias for the plugin + type: string + interval: + description: Interval is the time interval expressed in + "sleep" format. e.g. 3s, 1.5m, 0.5h, etc. + pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ + type: string + printStatus: + description: PrintStatus represents whether to print status + messages with current rate and the limits to information + logs. + type: boolean + rate: + description: Rate is the amount of messages for the time. + format: int64 + type: integer + retryLimit: + description: 'RetryLimit describes how many times fluent-bit + should retry to send data to a specific output. If set + to false fluent-bit will try indefinetly. If set to any + integer N>0 it will try at most N+1 times. Leading zeros + are not allowed (values such as 007, 0150, 01 do not work). + If this property is not defined fluent-bit will use the + default value: 1.' + pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ + type: string + window: + description: Window is the amount of intervals to calculate + average over. + format: int64 + type: integer + type: object + type: object + type: array + logLevel: + enum: + - "off" + - error + - warning + - info + - debug + - trace + type: string + match: + description: A pattern to match against the tags of incoming records. + It's case-sensitive and support the star (*) character as a wildcard. + type: string + matchRegex: + description: A regular expression to match against the tags of incoming + records. Use this option if you want to use the full regex syntax. + type: string + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + name: clusterfilters.fluentd.fluent.io +spec: + group: fluentd.fluent.io + names: + kind: ClusterFilter + listKind: ClusterFilterList + plural: clusterfilters + shortNames: + - cfdf + singular: clusterfilter + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterFilter is the Schema for the clusterfilters API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterFilterSpec defines the desired state of ClusterFilter + properties: + filters: + items: + description: Filter defines all available filter plugins and their + parameters. + properties: + customPlugin: + description: Custom plugin type + properties: + config: + type: string + required: + - config + type: object + grep: + description: The filter_grep filter plugin + properties: + and: + items: + description: And defines the parameters for the "and" + plugin + properties: + exclude: + description: Exclude defines the parameters for the + exclude plugin + properties: + key: + type: string + pattern: + type: string + type: object + regexp: + description: Regexp defines the parameters for the + regexp plugin + properties: + key: + type: string + pattern: + type: string + type: object + type: object + type: array + exclude: + items: + description: Exclude defines the parameters for the exclude + plugin + properties: + key: + type: string + pattern: + type: string + type: object + type: array + or: + items: + description: Or defines the parameters for the "or" plugin + properties: + exclude: + description: Exclude defines the parameters for the + exclude plugin + properties: + key: + type: string + pattern: + type: string + type: object + regexp: + description: Regexp defines the parameters for the + regexp plugin + properties: + key: + type: string + pattern: + type: string + type: object + type: object + type: array + regexp: + items: + description: Regexp defines the parameters for the regexp + plugin + properties: + key: + type: string + pattern: + type: string + type: object + type: array + type: object + logLevel: + description: The @log_level parameter specifies the plugin-specific + logging level + type: string + parser: + description: The filter_parser filter plugin + properties: + emitInvalidRecordToError: + description: 'Emits invalid record to @ERROR label. Invalid + cases are: key does not exist;the format is not matched;an + unexpected error. If you want to ignore these errors, + set false.' + type: boolean + hashValueField: + description: Stores the parsed values as a hash value in + a field. + type: string + injectKeyPrefix: + description: Stores the parsed values with the specified + key name prefix. + type: string + keyName: + description: 'Specifies the field name in the record to + parse. Required parameter. i.e: If set keyName to log, + {"key":"value","log":"{\"time\":1622473200,\"user\":1}"} + => {"user":1}' + type: string + parse: + description: Parse defines various parameters for the parse + plugin + properties: + customPatternPath: + description: Path to the file that includes custom grok + patterns. + type: string + estimateCurrentEvent: + description: If true, use Fluent::Eventnow(current time) + as a timestamp when time_key is specified. + type: boolean + expression: + description: Specifies the regular expression for matching + logs. Regular expression also supports i and m suffix. + type: string + grok: + description: Grok Sections + items: + properties: + keepTimeKey: + description: If true, keep time field in the record. + type: boolean + name: + description: The name of this grok section. + type: string + pattern: + description: The pattern of grok. Required parameter. + type: string + timeFormat: + description: Process value using specified format. + This is available only when time_type is string + type: string + timeKey: + description: Specify time field for event time. + If the event doesn't have this field, current + time is used. + type: string + timeZone: + description: Use specified timezone. one can parse/format + the time value in the specified timezone. + type: string + type: object + type: array + grokFailureKey: + description: The key has grok failure reason. + type: string + grokPattern: + description: The pattern of grok. + type: string + grokPatternSeries: + description: Specify grok pattern series set. + type: string + id: + description: The @id parameter specifies a unique name + for the configuration. + type: string + keepTimeKey: + description: If true, keep time field in th record. + type: boolean + localtime: + description: If true, uses local time. + type: boolean + logLevel: + description: The @log_level parameter specifies the + plugin-specific logging level + type: string + multiLineStartRegexp: + description: The regexp to match beginning of multiline. + This is only for "multiline_grok". + type: string + timeFormat: + description: Process value according to the specified + format. This is available only when time_type is string + type: string + timeFormatFallbacks: + description: Uses the specified time format as a fallback + in the specified order. You can parse undetermined + time format by using time_format_fallbacks. This options + is enabled when time_type is mixed. + type: string + timeKey: + description: Specify time field for event time. If the + event doesn't have this field, current time is used. + type: string + timeType: + description: parses/formats value according to this + type, default is string + enum: + - float + - unixtime + - string + - mixed + type: string + timeout: + description: Specify timeout for parse processing. + pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ + type: string + timezone: + description: Uses the specified timezone. + type: string + type: + description: The @type parameter specifies the type + of the plugin. + enum: + - regexp + - apache2 + - apache_error + - nginx + - syslog + - csv + - tsv + - ltsv + - json + - multiline + - none + - grok + - multiline_grok + type: string + types: + description: 'Specify types for converting field into + another, i.e: types user_id:integer,paid:bool,paid_usd_amount:float' + type: string + utc: + description: If true, uses UTC. + type: boolean + required: + - type + type: object + removeKeyNameField: + description: Removes key_name field when parsing is succeeded. + type: boolean + replaceInvalidSequence: + description: If true, invalid string is replaced with safe + characters and re-parse it. + type: boolean + reserveData: + description: 'Keeps the original key-value pair in the parsed + result. Default is false. i.e: If set keyName to log, + reverseData to true, {"key":"value","log":"{\"user\":1,\"num\":2}"} + => {"key":"value","log":"{\"user\":1,\"num\":2}","user":1,"num":2}' + type: boolean + reserveTime: + description: Keeps the original event time in the parsed + result. Default is false. + type: boolean + required: + - keyName + - parse + type: object + recordTransformer: + description: The filter_record_transformer filter plugin + properties: + autoTypecast: + description: Automatically casts the field types. Default + is false. This option is effective only for field values + comprised of a single placeholder. + type: boolean + enableRuby: + description: 'When set to true, the full Ruby syntax is + enabled in the ${...} expression. The default value is + false. i.e: jsonized_record ${record.to_json}' + type: boolean + keepKeys: + description: A list of keys to keep. Only relevant if renew_record + is set to true. + type: string + records: + items: + description: The parameters inside directives + are considered to be new key-value pairs + properties: + key: + description: New field can be defined as key + type: string + value: + description: The value must from Record properties. + See https://docs.fluentd.org/filter/record_transformer#less-than-record-greater-than-directive + type: string + required: + - key + - value + type: object + type: array + removeKeys: + description: A list of keys to delete. Supports nested field + via record_accessor syntax since v1.1.0. + type: string + renewRecord: + description: By default, the record transformer filter mutates + the incoming data. However, if this parameter is set to + true, it modifies a new empty hash instead. + type: boolean + renewTimeKey: + description: renew_time_key foo overwrites the time of events + with a value of the record field foo if exists. The value + of foo must be a Unix timestamp. + type: string + type: object + stdout: + description: The filter_stdout filter plugin + properties: + format: + description: The format section + properties: + delimiter: + description: Delimiter for each field. + type: string + id: + description: The @id parameter specifies a unique name + for the configuration. + type: string + localtime: + description: If true, uses local time. + type: boolean + logLevel: + description: The @log_level parameter specifies the + plugin-specific logging level + type: string + newline: + description: Specify newline characters. + enum: + - lf + - crlf + type: string + outputTag: + description: Output tag field if true. + type: boolean + outputTime: + description: Output time field if true. + type: boolean + timeFormat: + description: Process value according to the specified + format. This is available only when time_type is string + type: string + timeFormatFallbacks: + description: Uses the specified time format as a fallback + in the specified order. You can parse undetermined + time format by using time_format_fallbacks. This options + is enabled when time_type is mixed. + type: string + timeType: + description: parses/formats value according to this + type, default is string + enum: + - float + - unixtime + - string + - mixed + type: string + timezone: + description: Uses the specified timezone. + type: string + type: + description: The @type parameter specifies the type + of the plugin. + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + utc: + description: If true, uses UTC. + type: boolean + type: object + inject: + description: The inject section + properties: + hostname: + description: Hostname value + type: string + hostnameKey: + description: The field name to inject hostname + type: string + inline: + description: Time section + properties: + localtime: + description: If true, uses local time. + type: boolean + timeFormat: + description: Process value according to the specified + format. This is available only when time_type + is string + type: string + timeFormatFallbacks: + description: Uses the specified time format as a + fallback in the specified order. You can parse + undetermined time format by using time_format_fallbacks. + This options is enabled when time_type is mixed. + type: string + timeType: + description: parses/formats value according to this + type, default is string + enum: + - float + - unixtime + - string + - mixed + type: string + timezone: + description: Uses the specified timezone. + type: string + utc: + description: If true, uses UTC. + type: boolean + type: object + tagKey: + description: The field name to inject tag + type: string + timeKey: + description: The field name to inject time + type: string + workerIdKey: + description: The field name to inject worker_id + type: string + type: object + type: object + tag: + description: Which tag to be matched. + type: string + type: object + type: array + type: object + status: + description: ClusterFilterStatus defines the observed state of ClusterFilter + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + name: clusterfluentbitconfigs.fluentbit.fluent.io +spec: + group: fluentbit.fluent.io + names: + kind: ClusterFluentBitConfig + listKind: ClusterFluentBitConfigList + plural: clusterfluentbitconfigs + shortNames: + - cfbc + singular: clusterfluentbitconfig + scope: Cluster + versions: + - name: v1alpha2 + schema: + openAPIV3Schema: + description: ClusterFluentBitConfig is the Schema for the cluster-level fluentbitconfigs + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FluentBitConfigSpec defines the desired state of ClusterFluentBitConfig + properties: + filterSelector: + description: Select filter plugins + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + inputSelector: + description: Select input plugins + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespace: + description: If namespace is defined, then the configmap and secret + for fluent-bit is in this namespace. If it is not defined, it is + in the namespace of the fluentd-operator + type: string + outputSelector: + description: Select output plugins + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + parserSelector: + description: Select parser plugins + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + service: + description: Service defines the global behaviour of the Fluent Bit + engine. + properties: + daemon: + description: If true go to background on start + type: boolean + flushSeconds: + description: Interval to flush output + format: int64 + type: integer + graceSeconds: + description: Wait time on exit + format: int64 + type: integer + hcErrorsCount: + description: 'the error count to meet the unhealthy requirement, + this is a sum for all output plugins in a defined HC_Period, + example for output error: [2022/02/16 10:44:10] [ warn] [engine] + failed to flush chunk ''1-1645008245.491540684.flb'', retry + in 7 seconds: task_id=0, input=forward.1 > output=cloudwatch_logs.3 + (out_id=3)' + format: int64 + minimum: 1 + type: integer + hcPeriod: + description: The time period by second to count the error and + retry failure data point + format: int64 + minimum: 1 + type: integer + hcRetryFailureCount: + description: 'the retry failure count to meet the unhealthy requirement, + this is a sum for all output plugins in a defined HC_Period, + example for retry failure: [2022/02/16 20:11:36] [ warn] [engine] + chunk ''1-1645042288.260516436.flb'' cannot be retried: task_id=0, + input=tcp.3 > output=cloudwatch_logs.1' + format: int64 + minimum: 1 + type: integer + healthCheck: + description: 'enable Health check feature at http://127.0.0.1:2020/api/v1/health + Note: Enabling this will not automatically configure kubernetes + to use fluentbit''s healthcheck endpoint' + type: boolean + httpListen: + description: Address to listen + pattern: ^\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}$ + type: string + httpPort: + description: Port to listen + format: int32 + maximum: 65535 + minimum: 1 + type: integer + httpServer: + description: If true enable statistics HTTP server + type: boolean + logFile: + description: File to log diagnostic output + type: string + logLevel: + description: Diagnostic level (error/warning/info/debug/trace) + enum: + - "off" + - error + - warning + - info + - debug + - trace + type: string + parsersFile: + description: Optional 'parsers' config file (can be multiple) + type: string + storage: + description: Configure a global environment for the storage layer + in Service. It is recommended to configure the volume and volumeMount + separately for this storage. The hostPath type should be used + for that Volume in Fluentbit daemon set. + properties: + backlogMemLimit: + description: This option configure a hint of maximum value + of memory to use when processing these records + type: string + checksum: + description: Enable the data integrity check when writing + and reading data from the filesystem + enum: + - "on" + - "off" + type: string + deleteIrrecoverableChunks: + description: When enabled, irrecoverable chunks will be deleted + during runtime, and any other irrecoverable chunk located + in the configured storage path directory will be deleted + when Fluent-Bit starts. + enum: + - "on" + - "off" + type: string + maxChunksUp: + description: If the input plugin has enabled filesystem storage + type, this property sets the maximum number of Chunks that + can be up in memory + format: int64 + type: integer + metrics: + description: If http_server option has been enabled in the + Service section, this option registers a new endpoint where + internal metrics of the storage layer can be consumed + enum: + - "on" + - "off" + type: string + path: + description: Select an optional location in the file system + to store streams and chunks of data/ + type: string + sync: + description: Configure the synchronization mode used to store + the data into the file system + enum: + - normal + - full + type: string + type: object + type: object + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + name: clusterfluentdconfigs.fluentd.fluent.io +spec: + group: fluentd.fluent.io + names: + kind: ClusterFluentdConfig + listKind: ClusterFluentdConfigList + plural: clusterfluentdconfigs + shortNames: + - cfdc + singular: clusterfluentdconfig + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterFluentdConfig is the Schema for the clusterfluentdconfigs + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterFluentdConfigSpec defines the desired state of ClusterFluentdConfig + properties: + clusterFilterSelector: + description: Select cluster filter plugins + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + clusterOutputSelector: + description: Select cluster output plugins + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + emit_mode: + description: 'Emit mode. If batch, the plugin will emit events per + labels matched. Enum: record, batch. will make no effect if EnableFilterKubernetes + is set false.' + enum: + - record + - batch + type: string + stickyTags: + description: Sticky tags will match only one record from an event + stream. The same tag will be treated the same way. will make no + effect if EnableFilterKubernetes is set false. + type: string + watchedConstainers: + description: A set of container names. Ignored if left empty. + items: + type: string + type: array + watchedHosts: + description: A set of hosts. Ignored if left empty. + items: + type: string + type: array + watchedLabels: + additionalProperties: + type: string + description: Use this field to filter the logs, will make no effect + if EnableFilterKubernetes is set false. + type: object + watchedNamespaces: + description: A set of namespaces. The whole namespaces would be watched + if left empty. + items: + type: string + type: array + type: object + status: + description: ClusterFluentdConfigStatus defines the observed state of + ClusterFluentdConfig + properties: + messages: + description: Messages defines the plugin errors which is selected + by this fluentdconfig + type: string + state: + description: The state of this fluentd config + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + name: clusterinputs.fluentbit.fluent.io +spec: + group: fluentbit.fluent.io + names: + kind: ClusterInput + listKind: ClusterInputList + plural: clusterinputs + shortNames: + - cfbi + singular: clusterinput + scope: Cluster + versions: + - name: v1alpha2 + schema: + openAPIV3Schema: + description: ClusterInput is the Schema for the inputs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: InputSpec defines the desired state of ClusterInput + properties: + alias: + description: A user friendly alias name for this input plugin. Used + in metrics for distinction of each configured input. + type: string + collectd: + description: Collectd defines the Collectd input plugin configuration + properties: + listen: + description: 'Set the address to listen to, default: 0.0.0.0' + type: string + port: + description: 'Set the port to listen to, default: 25826' + format: int32 + maximum: 65535 + minimum: 1 + type: integer + typesDB: + description: 'Set the data specification file,default: /usr/share/collectd/types.db' + type: string + type: object + customPlugin: + description: CustomPlugin defines Custom Input configuration. + properties: + config: + type: string + type: object + dummy: + description: Dummy defines Dummy Input configuration. + properties: + dummy: + description: Dummy JSON record. + type: string + rate: + description: Events number generated per second. + format: int32 + type: integer + samples: + description: Sample events to generate. + format: int32 + type: integer + tag: + description: Tag name associated to all records comming from this + plugin. + type: string + type: object + fluentBitMetrics: + description: FluentBitMetrics defines Fluent Bit Metrics Input configuration. + properties: + scrapeInterval: + description: The rate at which metrics are collected from the + host operating system. default is 2 seconds. + type: string + scrapeOnStart: + description: Scrape metrics upon start, useful to avoid waiting + for 'scrape_interval' for the first round of metrics. + type: boolean + tag: + type: string + type: object + forward: + description: Forward defines forward input plugin configuration + properties: + bufferMaxSize: + description: Specify maximum buffer memory size used to recieve + a forward message. The value must be according to the Unit Size + specification. + pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ + type: string + bufferchunkSize: + description: Set the initial buffer size to store incoming data. + This value is used too to increase buffer size as required. + The value must be according to the Unit Size specification. + pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ + type: string + listen: + description: Listener network interface. + type: string + port: + description: Port for forward plugin instance. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + tag: + description: in_forward uses the tag value for incoming logs. + If not set it uses tag from incoming log. + type: string + tagPrefix: + description: Adds the prefix to incoming event's tag + type: string + threaded: + description: Threaded mechanism allows input plugin to run in + a separate thread which helps to desaturate the main pipeline. + type: string + unixPath: + description: Specify the path to unix socket to recieve a forward + message. If set, Listen and port are ignnored. + type: string + unixPerm: + description: Set the permission of unix socket file. + type: string + type: object + http: + description: HTTP defines the HTTP input plugin configuration + properties: + bufferChunkSize: + description: This sets the chunk size for incoming incoming JSON + messages. These chunks are then stored/managed in the space + available by buffer_max_size,default 512K. + pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ + type: string + bufferMaxSize: + description: Specify the maximum buffer size in KB to receive + a JSON message,default 4M. + pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ + type: string + listen: + description: The address to listen on,default 0.0.0.0 + type: string + port: + description: The port for Fluent Bit to listen on,default 9880 + format: int32 + maximum: 65535 + minimum: 1 + type: integer + successfulHeader: + description: 'Add an HTTP header key/value pair on success. Multiple + headers can be set. Example: X-Custom custom-answer.' + type: string + successfulResponseCode: + description: It allows to set successful response code. 200, 201 + and 204 are supported,default 201. + format: int32 + type: integer + tagKey: + description: Specify the key name to overwrite a tag. If set, + the tag will be overwritten by a value of the key. + type: string + tls: + description: Fluent Bit provides integrated support for Transport + Layer Security (TLS) and it predecessor Secure Sockets Layer + (SSL) respectively. + properties: + caFile: + description: Absolute path to CA certificate file + type: string + caPath: + description: Absolute path to scan for certificate files + type: string + crtFile: + description: Absolute path to Certificate file + type: string + debug: + description: 'Set TLS debug verbosity level. It accept the + following values: 0 (No debug), 1 (Error), 2 (State change), + 3 (Informational) and 4 Verbose' + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + format: int32 + type: integer + keyFile: + description: Absolute path to private Key file + type: string + keyPassword: + description: Optional password for tls.key_file file + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + verify: + description: Force certificate validation + type: boolean + vhost: + description: Hostname to be used for TLS SNI extension + type: string + type: object + type: object + logLevel: + enum: + - "off" + - error + - warning + - info + - debug + - trace + type: string + mqtt: + description: MQTT defines the MQTT input plugin configuration + properties: + listen: + description: 'Listener network interface, default: 0.0.0.0' + type: string + port: + description: 'TCP port where listening for connections, default: + 1883' + format: int32 + maximum: 65535 + minimum: 1 + type: integer + type: object + nodeExporterMetrics: + description: NodeExporterMetrics defines Node Exporter Metrics Input + configuration. + properties: + path: + properties: + procfs: + description: The mount point used to collect process information + and metrics. + type: string + sysfs: + description: The path in the filesystem used to collect system + metrics. + type: string + type: object + scrapeInterval: + description: The rate at which metrics are collected from the + host operating system, default is 5 seconds. + type: string + tag: + description: Tag name associated to all records comming from this + plugin. + type: string + type: object + openTelemetry: + description: OpenTelemetry defines the OpenTelemetry input plugin + configuration + properties: + bufferChunkSize: + description: This sets the chunk size for incoming incoming JSON + messages. These chunks are then stored/managed in the space + available by buffer_max_size(default 512K). + pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ + type: string + bufferMaxSize: + description: Specify the maximum buffer size in KB to receive + a JSON message(default 4M). + pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ + type: string + listen: + description: The address to listen on,default 0.0.0.0 + type: string + port: + description: The port for Fluent Bit to listen on.default 4318. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + rawTraces: + description: Route trace data as a log message(default false). + type: boolean + successfulResponseCode: + description: It allows to set successful response code. 200, 201 + and 204 are supported(default 201). + format: int32 + type: integer + tagKey: + description: Specify the key name to overwrite a tag. If set, + the tag will be overwritten by a value of the key. + type: string + type: object + prometheusScrapeMetrics: + description: PrometheusScrapeMetrics defines Prometheus Scrape Metrics + Input configuration. + properties: + host: + description: The host of the prometheus metric endpoint that you + want to scrape + type: string + metricsPath: + description: 'The metrics URI endpoint, that must start with a + forward slash, deflaut: /metrics' + type: string + port: + description: The port of the promethes metric endpoint that you + want to scrape + format: int32 + maximum: 65535 + minimum: 1 + type: integer + scrapeInterval: + description: 'The interval to scrape metrics, default: 10s' + type: string + tag: + description: Tag name associated to all records comming from this + plugin + type: string + type: object + systemd: + description: Systemd defines Systemd Input configuration. + properties: + db: + description: Specify the database file to keep track of monitored + files and offsets. + type: string + dbSync: + description: 'Set a default synchronization (I/O) method. values: + Extra, Full, Normal, Off. This flag affects how the internal + SQLite engine do synchronization to disk, for more details about + each option please refer to this section. note: this option + was introduced on Fluent Bit v1.4.6.' + enum: + - Extra + - Full + - Normal + - "Off" + type: string + maxEntries: + description: When Fluent Bit starts, the Journal might have a + high number of logs in the queue. In order to avoid delays and + reduce memory usage, this option allows to specify the maximum + number of log entries that can be processed per round. Once + the limit is reached, Fluent Bit will continue processing the + remaining log entries once Journald performs the notification. + type: integer + maxFields: + description: Set a maximum number of fields (keys) allowed per + record. + type: integer + path: + description: Optional path to the Systemd journal directory, if + not set, the plugin will use default paths to read local-only + logs. + type: string + pauseOnChunksOverlimit: + description: Specifies if the input plugin should be paused (stop + ingesting new data) when the storage.max_chunks_up value is + reached. + enum: + - "on" + - "off" + type: string + readFromTail: + description: Start reading new entries. Skip entries already stored + in Journald. + enum: + - "on" + - "off" + type: string + storageType: + description: Specify the buffering mechanism to use. It can be + memory or filesystem + enum: + - filesystem + - memory + type: string + stripUnderscores: + description: Remove the leading underscore of the Journald field + (key). For example the Journald field _PID becomes the key PID. + enum: + - "on" + - "off" + type: string + systemdFilter: + description: 'Allows to perform a query over logs that contains + a specific Journald key/value pairs, e.g: _SYSTEMD_UNIT=UNIT. + The Systemd_Filter option can be specified multiple times in + the input section to apply multiple filters as required.' + items: + type: string + type: array + systemdFilterType: + description: Define the filter type when Systemd_Filter is specified + multiple times. Allowed values are And and Or. With And a record + is matched only when all of the Systemd_Filter have a match. + With Or a record is matched when any of the Systemd_Filter has + a match. + enum: + - And + - Or + type: string + tag: + description: 'The tag is used to route messages but on Systemd + plugin there is an extra functionality: if the tag includes + a star/wildcard, it will be expanded with the Systemd Unit file + (e.g: host.* => host.UNIT_NAME).' + type: string + type: object + tail: + description: Tail defines Tail Input configuration. + properties: + bufferChunkSize: + description: Set the initial buffer size to read files data. This + value is used too to increase buffer size. The value must be + according to the Unit Size specification. + pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ + type: string + bufferMaxSize: + description: 'Set the limit of the buffer size per monitored file. + When a buffer needs to be increased (e.g: very long lines), + this value is used to restrict how much the memory buffer can + grow. If reading a file exceed this limit, the file is removed + from the monitored file list The value must be according to + the Unit Size specification.' + pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ + type: string + db: + description: Specify the database file to keep track of monitored + files and offsets. + type: string + dbSync: + description: 'Set a default synchronization (I/O) method. Values: + Extra, Full, Normal, Off.' + enum: + - Extra + - Full + - Normal + - "Off" + type: string + disableInotifyWatcher: + description: DisableInotifyWatcher will disable inotify and use + the file stat watcher instead. + type: boolean + dockerMode: + description: If enabled, the plugin will recombine split Docker + log lines before passing them to any parser as configured above. + This mode cannot be used at the same time as Multiline. + type: boolean + dockerModeFlushSeconds: + description: Wait period time in seconds to flush queued unfinished + split lines. + format: int64 + type: integer + dockerModeParser: + description: Specify an optional parser for the first line of + the docker multiline mode. The parser name to be specified must + be registered in the parsers.conf file. + type: string + excludePath: + description: 'Set one or multiple shell patterns separated by + commas to exclude files matching a certain criteria, e.g: exclude_path=*.gz,*.zip' + type: string + ignoredOlder: + description: Ignores records which are older than this time in + seconds. Supports m,h,d (minutes, hours, days) syntax. Default + behavior is to read all records from specified files. Only available + when a Parser is specificied and it can parse the time of a + record. + pattern: ^\d+(m|h|d)?$ + type: string + key: + description: When a message is unstructured (no parser applied), + it's appended as a string under the key name log. This option + allows to define an alternative name for that key. + type: string + memBufLimit: + description: Set a limit of memory that Tail plugin can use when + appending data to the Engine. If the limit is reach, it will + be paused; when the data is flushed it resumes. + type: string + multiline: + description: If enabled, the plugin will try to discover multiline + messages and use the proper parsers to compose the outgoing + messages. Note that when this option is enabled the Parser option + is not used. + type: boolean + multilineFlushSeconds: + description: Wait period time in seconds to process queued multiline + messages + format: int64 + type: integer + multilineParser: + description: This will help to reassembly multiline messages originally + split by Docker or CRI Specify one or Multiline Parser definition + to apply to the content. + type: string + parser: + description: Specify the name of a parser to interpret the entry + as a structured message. + type: string + parserFirstline: + description: Name of the parser that matchs the beginning of a + multiline message. Note that the regular expression defined + in the parser must include a group name (named capture) + type: string + parserN: + description: Optional-extra parser to interpret and structure + multiline entries. This option can be used to define multiple + parsers. + items: + type: string + type: array + path: + description: Pattern specifying a specific log files or multiple + ones through the use of common wildcards. + type: string + pathKey: + description: If enabled, it appends the name of the monitored + file as part of the record. The value assigned becomes the key + in the map. + type: string + pauseOnChunksOverlimit: + description: Specifies if the input plugin should be paused (stop + ingesting new data) when the storage.max_chunks_up value is + reached. + enum: + - "on" + - "off" + type: string + readFromHead: + description: For new discovered files on start (without a database + offset/position), read the content from the head of the file, + not tail. + type: boolean + refreshIntervalSeconds: + description: The interval of refreshing the list of watched files + in seconds. + format: int64 + type: integer + rotateWaitSeconds: + description: Specify the number of extra time in seconds to monitor + a file once is rotated in case some pending data is flushed. + format: int64 + type: integer + skipLongLines: + description: When a monitored file reach it buffer capacity due + to a very long line (Buffer_Max_Size), the default behavior + is to stop monitoring that file. Skip_Long_Lines alter that + behavior and instruct Fluent Bit to skip long lines and continue + processing other lines that fits into the buffer size. + type: boolean + storageType: + description: Specify the buffering mechanism to use. It can be + memory or filesystem + enum: + - filesystem + - memory + type: string + tag: + description: Set a tag (with regex-extract fields) that will be + placed on lines read. E.g. kube... + type: string + tagRegex: + description: Set a regex to exctract fields from the file + type: string + type: object + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + name: clusteroutputs.fluentbit.fluent.io +spec: + group: fluentbit.fluent.io + names: + kind: ClusterOutput + listKind: ClusterOutputList + plural: clusteroutputs + shortNames: + - cfbo + singular: clusteroutput + scope: Cluster + versions: + - name: v1alpha2 + schema: + openAPIV3Schema: + description: ClusterOutput is the Schema for the cluster-level outputs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OutputSpec defines the desired state of ClusterOutput + properties: + alias: + description: A user friendly alias name for this output plugin. Used + in metrics for distinction of each configured output. + type: string + azureBlob: + description: AzureBlob defines AzureBlob Output Configuration + properties: + accountName: + description: Azure Storage account name + type: string + autoCreateContainer: + description: Creates container if ContainerName is not set. + enum: + - "on" + - "off" + type: string + blobType: + description: Specify the desired blob type. Must be `appendblob` + or `blockblob` + enum: + - appendblob + - blockblob + type: string + containerName: + description: Name of the container that will contain the blobs + type: string + emulatorMode: + description: Optional toggle to use an Azure emulator + enum: + - "on" + - "off" + type: string + endpoint: + description: HTTP Service of the endpoint (if using EmulatorMode) + type: string + path: + description: Optional path to store the blobs. + type: string + sharedKey: + description: Specify the Azure Storage Shared Key to authenticate + against the storage account + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + tls: + description: Enable/Disable TLS Encryption. Azure services require + TLS to be enabled. + properties: + caFile: + description: Absolute path to CA certificate file + type: string + caPath: + description: Absolute path to scan for certificate files + type: string + crtFile: + description: Absolute path to Certificate file + type: string + debug: + description: 'Set TLS debug verbosity level. It accept the + following values: 0 (No debug), 1 (Error), 2 (State change), + 3 (Informational) and 4 Verbose' + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + format: int32 + type: integer + keyFile: + description: Absolute path to private Key file + type: string + keyPassword: + description: Optional password for tls.key_file file + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + verify: + description: Force certificate validation + type: boolean + vhost: + description: Hostname to be used for TLS SNI extension + type: string + type: object + required: + - accountName + - containerName + - sharedKey + type: object + azureLogAnalytics: + description: AzureLogAnalytics defines AzureLogAnalytics Output Configuration + properties: + customerID: + description: Customer ID or Workspace ID + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + logType: + description: Name of the event type. + type: string + sharedKey: + description: Specify the primary or the secondary client authentication + key + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + timeGenerated: + description: If set, overrides the timeKey value with the `time-generated-field` + HTTP header value. + type: boolean + timeKey: + description: Specify the name of the key where the timestamp is + stored. + type: string + required: + - customerID + - sharedKey + type: object + cloudWatch: + description: CloudWatch defines CloudWatch Output Configuration + properties: + autoCreateGroup: + description: Automatically create the log group. Defaults to False. + type: boolean + autoRetryRequests: + description: Automatically retry failed requests to CloudWatch + once. Defaults to True. + type: boolean + endpoint: + description: Custom endpoint for CloudWatch logs API + type: string + externalID: + description: Specify an external ID for the STS API. + type: string + logFormat: + description: Optional parameter to tell CloudWatch the format + of the data + type: string + logGroupName: + description: Name of Cloudwatch Log Group to send log records + to + type: string + logGroupTemplate: + description: Template for Log Group name, overrides LogGroupName + if set. + type: string + logKey: + description: If set, only the value of the key will be sent to + CloudWatch + type: string + logRetentionDays: + description: Number of days logs are retained for + enum: + - 1 + - 3 + - 5 + - 7 + - 14 + - 30 + - 60 + - 90 + - 120 + - 150 + - 180 + - 365 + - 400 + - 545 + - 731 + - 1827 + - 3653 + format: int32 + type: integer + logStreamName: + description: The name of the CloudWatch Log Stream to send log + records to + type: string + logStreamPrefix: + description: Prefix for the Log Stream name. Not compatible with + LogStreamName setting + type: string + logStreamTemplate: + description: Template for Log Stream name. Overrides LogStreamPrefix + and LogStreamName if set. + type: string + metricDimensions: + description: Optional lists of lists for dimension keys to be + added to all metrics. Use comma separated strings for one list + of dimensions and semicolon separated strings for list of lists + dimensions. + type: string + metricNamespace: + description: Optional string to represent the CloudWatch namespace. + type: string + region: + description: AWS Region + type: string + roleArn: + description: Role ARN to use for cross-account access + type: string + stsEndpoint: + description: Specify a custom STS endpoint for the AWS STS API + type: string + required: + - region + type: object + customPlugin: + description: CustomPlugin defines Custom Output configuration. + properties: + config: + type: string + type: object + datadog: + description: DataDog defines DataDog Output configuration. + properties: + apikey: + description: Your Datadog API key. + type: string + compress: + description: Compress the payload in GZIP format. Datadog supports + and recommends setting this to gzip. + type: string + dd_message_key: + description: By default, the plugin searches for the key 'log' + and remap the value to the key 'message'. If the property is + set, the plugin will search the property name key. + type: string + dd_service: + description: The human readable name for your service generating + the logs. + type: string + dd_source: + description: A human readable name for the underlying technology + of your service. + type: string + dd_tags: + description: The tags you want to assign to your logs in Datadog. + type: string + host: + description: Host is the Datadog server where you are sending + your logs. + type: string + include_tag_key: + description: If enabled, a tag is appended to output. The key + name is used tag_key property. + type: boolean + json_date_key: + description: Date key name for output. + type: string + provider: + description: To activate the remapping, specify configuration + flag provider. + type: string + proxy: + description: Specify an HTTP Proxy. + type: string + tag_key: + description: The key name of tag. If include_tag_key is false, + This property is ignored. + type: string + tls: + description: TLS controls whether to use end-to-end security communications + security protocol. Datadog recommends setting this to on. + type: boolean + type: object + es: + description: Elasticsearch defines Elasticsearch Output configuration. + properties: + awsAuth: + description: Enable AWS Sigv4 Authentication for Amazon ElasticSearch + Service. + type: string + awsExternalID: + description: External ID for the AWS IAM Role specified with aws_role_arn. + type: string + awsRegion: + description: Specify the AWS region for Amazon ElasticSearch Service. + type: string + awsRoleARN: + description: AWS IAM Role to assume to put records to your Amazon + ES cluster. + type: string + awsSTSEndpoint: + description: Specify the custom sts endpoint to be used with STS + API for Amazon ElasticSearch Service. + type: string + bufferSize: + description: Specify the buffer size used to read the response + from the Elasticsearch HTTP service. This option is useful for + debugging purposes where is required to read full responses, + note that response size grows depending of the number of records + inserted. To set an unlimited amount of memory set this value + to False, otherwise the value must be according to the Unit + Size specification. + pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ + type: string + cloudAuth: + description: Specify the credentials to use to connect to Elastic's + Elasticsearch Service running on Elastic Cloud. + type: string + cloudID: + description: If you are using Elastic's Elasticsearch Service + you can specify the cloud_id of the cluster running. + type: string + compress: + description: Set payload compression mechanism. Option available + is 'gzip' + enum: + - gzip + type: string + currentTimeIndex: + description: Use current time for index generation instead of + message record + type: boolean + generateID: + description: When enabled, generate _id for outgoing records. + This prevents duplicate records when retrying ES. + type: boolean + host: + description: IP address or hostname of the target Elasticsearch + instance + type: string + httpPassword: + description: Password for user defined in HTTP_User + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + httpUser: + description: Optional username credential for Elastic X-Pack access + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + idKey: + description: If set, _id will be the value of the key from incoming + record and Generate_ID option is ignored. + type: string + includeTagKey: + description: When enabled, it append the Tag name to the record. + type: boolean + index: + description: Index name + type: string + logstashDateFormat: + description: Time format (based on strftime) to generate the second + part of the Index name. + type: string + logstashFormat: + description: 'Enable Logstash format compatibility. This option + takes a boolean value: True/False, On/Off' + type: boolean + logstashPrefix: + description: 'When Logstash_Format is enabled, the Index name + is composed using a prefix and the date, e.g: If Logstash_Prefix + is equals to ''mydata'' your index will become ''mydata-YYYY.MM.DD''. + The last string appended belongs to the date when the data is + being generated.' + type: string + logstashPrefixKey: + description: Prefix keys with this string + type: string + path: + description: Elasticsearch accepts new data on HTTP query path + "/_bulk". But it is also possible to serve Elasticsearch behind + a reverse proxy on a subpath. This option defines such path + on the fluent-bit side. It simply adds a path prefix in the + indexing HTTP POST URI. + type: string + pipeline: + description: Newer versions of Elasticsearch allows setting up + filters called pipelines. This option allows defining which + pipeline the database should use. For performance reasons is + strongly suggested parsing and filtering on Fluent Bit side, + avoid pipelines. + type: string + port: + description: TCP port of the target Elasticsearch instance + format: int32 + maximum: 65535 + minimum: 1 + type: integer + replaceDots: + description: When enabled, replace field name dots with underscore, + required by Elasticsearch 2.0-2.3. + type: boolean + suppressTypeName: + description: When enabled, mapping types is removed and Type option + is ignored. Types are deprecated in APIs in v7.0. This options + is for v7.0 or later. + type: string + tagKey: + description: When Include_Tag_Key is enabled, this property defines + the key name for the tag. + type: string + timeKey: + description: When Logstash_Format is enabled, each record will + get a new timestamp field. The Time_Key property defines the + name of that field. + type: string + timeKeyFormat: + description: When Logstash_Format is enabled, this property defines + the format of the timestamp. + type: string + timeKeyNanos: + description: When Logstash_Format is enabled, enabling this property + sends nanosecond precision timestamps. + type: boolean + tls: + description: Fluent Bit provides integrated support for Transport + Layer Security (TLS) and it predecessor Secure Sockets Layer + (SSL) respectively. + properties: + caFile: + description: Absolute path to CA certificate file + type: string + caPath: + description: Absolute path to scan for certificate files + type: string + crtFile: + description: Absolute path to Certificate file + type: string + debug: + description: 'Set TLS debug verbosity level. It accept the + following values: 0 (No debug), 1 (Error), 2 (State change), + 3 (Informational) and 4 Verbose' + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + format: int32 + type: integer + keyFile: + description: Absolute path to private Key file + type: string + keyPassword: + description: Optional password for tls.key_file file + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + verify: + description: Force certificate validation + type: boolean + vhost: + description: Hostname to be used for TLS SNI extension + type: string + type: object + traceError: + description: When enabled print the elasticsearch API calls to + stdout when elasticsearch returns an error + type: boolean + traceOutput: + description: When enabled print the elasticsearch API calls to + stdout (for diag only) + type: boolean + type: + description: Type name + type: string + type: object + file: + description: File defines File Output configuration. + properties: + delimiter: + description: The character to separate each pair. Applicable only + if format is csv or ltsv. + type: string + file: + description: Set file name to store the records. If not set, the + file name will be the tag associated with the records. + type: string + format: + description: 'The format of the file content. See also Format + section. Default: out_file.' + enum: + - out_file + - plain + - csv + - ltsv + - template + type: string + labelDelimiter: + description: The character to separate each pair. Applicable only + if format is ltsv. + type: string + path: + description: Absolute directory path to store files. If not set, + Fluent Bit will write the files on it's own positioned directory. + type: string + template: + description: The format string. Applicable only if format is template. + type: string + type: object + firehose: + description: Firehose defines Firehose Output configuration. + properties: + autoRetryRequests: + description: Immediately retry failed requests to AWS services + once. This option does not affect the normal Fluent Bit retry + mechanism with backoff. Instead, it enables an immediate retry + with no delay for networking errors, which may help improve + throughput when there are transient/random networking issues. + type: boolean + dataKeys: + description: By default, the whole log record will be sent to + Kinesis. If you specify a key name(s) with this option, then + only those keys and values will be sent to Kinesis. For example, + if you are using the Fluentd Docker log driver, you can specify + data_keys log and only the log message will be sent to Kinesis. + If you specify multiple keys, they should be comma delimited. + type: string + deliveryStream: + description: The name of the Kinesis Firehose Delivery stream + that you want log records sent to. + type: string + endpoint: + description: Specify a custom endpoint for the Kinesis Firehose + API. + type: string + logKey: + description: By default, the whole log record will be sent to + Firehose. If you specify a key name with this option, then only + the value of that key will be sent to Firehose. For example, + if you are using the Fluentd Docker log driver, you can specify + log_key log and only the log message will be sent to Firehose. + type: string + region: + description: The AWS region. + type: string + roleARN: + description: ARN of an IAM role to assume (for cross account access). + type: string + stsEndpoint: + description: Specify a custom endpoint for the STS API; used to + assume your custom role provided with role_arn. + type: string + timeKey: + description: Add the timestamp to the record under this key. By + default, the timestamp from Fluent Bit will not be added to + records sent to Kinesis. + type: string + timeKeyFormat: + description: strftime compliant format string for the timestamp; + for example, %Y-%m-%dT%H *string This option is used with time_key. + You can also use %L for milliseconds and %f for microseconds. + If you are using ECS FireLens, make sure you are running Amazon + ECS Container Agent v1.42.0 or later, otherwise the timestamps + associated with your container logs will only have second precision. + type: string + required: + - deliveryStream + - region + type: object + forward: + description: Forward defines Forward Output configuration. + properties: + emptySharedKey: + description: Use this option to connect to Fluentd with a zero-length + secret. + type: boolean + host: + description: Target host where Fluent-Bit or Fluentd are listening + for Forward messages. + type: string + password: + description: Specify the password corresponding to the username. + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + port: + description: TCP Port of the target service. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + requireAckResponse: + description: Send "chunk"-option and wait for "ack" response from + server. Enables at-least-once and receiving server can control + rate of traffic. (Requires Fluentd v0.14.0+ server) + type: boolean + selfHostname: + description: Default value of the auto-generated certificate common + name (CN). + type: string + sendOptions: + description: Always send options (with "size"=count of messages) + type: boolean + sharedKey: + description: A key string known by the remote Fluentd used for + authorization. + type: string + timeAsInteger: + description: Set timestamps in integer format, it enable compatibility + mode for Fluentd v0.12 series. + type: boolean + tls: + description: Fluent Bit provides integrated support for Transport + Layer Security (TLS) and it predecessor Secure Sockets Layer + (SSL) respectively. + properties: + caFile: + description: Absolute path to CA certificate file + type: string + caPath: + description: Absolute path to scan for certificate files + type: string + crtFile: + description: Absolute path to Certificate file + type: string + debug: + description: 'Set TLS debug verbosity level. It accept the + following values: 0 (No debug), 1 (Error), 2 (State change), + 3 (Informational) and 4 Verbose' + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + format: int32 + type: integer + keyFile: + description: Absolute path to private Key file + type: string + keyPassword: + description: Optional password for tls.key_file file + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + verify: + description: Force certificate validation + type: boolean + vhost: + description: Hostname to be used for TLS SNI extension + type: string + type: object + username: + description: Specify the username to present to a Fluentd server + that enables user_auth. + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + type: object + gelf: + description: Gelf defines GELF Output configuration. + properties: + compress: + description: If transport protocol is udp, it defines if UDP packets + should be compressed. + type: boolean + fullMessageKey: + description: FullMessageKey is the key to use as the long message + that can i.e. contain a backtrace. + type: string + host: + description: IP address or hostname of the target Graylog server. + type: string + hostKey: + description: HostKey is the key which its value is used as the + name of the host, source or application that sent this message. + type: string + levelKey: + description: LevelKey is the key to be used as the log level. + type: string + mode: + description: The protocol to use (tls, tcp or udp). + enum: + - tls + - tcp + - udp + type: string + packetSize: + description: If transport protocol is udp, it sets the size of + packets to be sent. + format: int32 + type: integer + port: + description: The port that the target Graylog server is listening + on. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + shortMessageKey: + description: ShortMessageKey is the key to use as the short message. + type: string + timestampKey: + description: TimestampKey is the key which its value is used as + the timestamp of the message. + type: string + tls: + description: Fluent Bit provides integrated support for Transport + Layer Security (TLS) and it predecessor Secure Sockets Layer + (SSL) respectively. + properties: + caFile: + description: Absolute path to CA certificate file + type: string + caPath: + description: Absolute path to scan for certificate files + type: string + crtFile: + description: Absolute path to Certificate file + type: string + debug: + description: 'Set TLS debug verbosity level. It accept the + following values: 0 (No debug), 1 (Error), 2 (State change), + 3 (Informational) and 4 Verbose' + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + format: int32 + type: integer + keyFile: + description: Absolute path to private Key file + type: string + keyPassword: + description: Optional password for tls.key_file file + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + verify: + description: Force certificate validation + type: boolean + vhost: + description: Hostname to be used for TLS SNI extension + type: string + type: object + type: object + http: + description: HTTP defines HTTP Output configuration. + properties: + allowDuplicatedHeaders: + description: Specify if duplicated headers are allowed. If a duplicated + header is found, the latest key/value set is preserved. + type: boolean + compress: + description: Set payload compression mechanism. Option available + is 'gzip' + type: string + format: + description: Specify the data format to be used in the HTTP request + body, by default it uses msgpack. Other supported formats are + json, json_stream and json_lines and gelf. + enum: + - msgpack + - json + - json_stream + - json_lines + - gelf + type: string + gelfFullMessageKey: + description: Specify the key to use for the full message in gelf + format + type: string + gelfHostKey: + description: Specify the key to use for the host in gelf format + type: string + gelfLevelKey: + description: Specify the key to use for the level in gelf format + type: string + gelfShortMessageKey: + description: Specify the key to use as the short message in gelf + format + type: string + gelfTimestampKey: + description: Specify the key to use for timestamp in gelf format + type: string + headerTag: + description: Specify an optional HTTP header field for the original + message tag. + type: string + headers: + additionalProperties: + type: string + description: Add a HTTP header key/value pair. Multiple headers + can be set. + type: object + host: + description: IP address or hostname of the target HTTP Server + type: string + httpPassword: + description: Basic Auth Password. Requires HTTP_User to be set + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + httpUser: + description: Basic Auth Username + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + jsonDateFormat: + description: 'Specify the format of the date. Supported formats + are double, epoch and iso8601 (eg: 2018-05-30T09:39:52.000681Z)' + type: string + jsonDateKey: + description: Specify the name of the time key in the output record. + To disable the time key just set the value to false. + type: string + port: + description: TCP port of the target HTTP Server + format: int32 + maximum: 65535 + minimum: 1 + type: integer + proxy: + description: Specify an HTTP Proxy. The expected format of this + value is http://host:port. Note that https is not supported + yet. + type: string + tls: + description: HTTP output plugin supports TTL/SSL, for more details + about the properties available and general configuration, please + refer to the TLS/SSL section. + properties: + caFile: + description: Absolute path to CA certificate file + type: string + caPath: + description: Absolute path to scan for certificate files + type: string + crtFile: + description: Absolute path to Certificate file + type: string + debug: + description: 'Set TLS debug verbosity level. It accept the + following values: 0 (No debug), 1 (Error), 2 (State change), + 3 (Informational) and 4 Verbose' + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + format: int32 + type: integer + keyFile: + description: Absolute path to private Key file + type: string + keyPassword: + description: Optional password for tls.key_file file + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + verify: + description: Force certificate validation + type: boolean + vhost: + description: Hostname to be used for TLS SNI extension + type: string + type: object + uri: + description: 'Specify an optional HTTP URI for the target web + server, e.g: /something' + type: string + type: object + influxDB: + description: InfluxDB defines InfluxDB Output configuration. + properties: + autoTags: + description: Automatically tag keys where value is string. + type: boolean + bucket: + description: InfluxDB bucket name where records will be inserted + - if specified, database is ignored and v2 of API is used + type: string + database: + description: InfluxDB database name where records will be inserted. + type: string + host: + description: IP address or hostname of the target InfluxDB service. + format: ipv6 + type: string + httpPassword: + description: Password for user defined in HTTP_User + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + httpToken: + description: Authentication token used with InfluxDB v2 - if specified, + both HTTPUser and HTTPPasswd are ignored + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + httpUser: + description: Optional username for HTTP Basic Authentication + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + org: + description: InfluxDB organization name where the bucket is (v2 + only) + type: string + port: + description: TCP port of the target InfluxDB service. + format: int32 + maximum: 65536 + minimum: 0 + type: integer + sequenceTag: + description: The name of the tag whose value is incremented for + the consecutive simultaneous events. + type: string + tagKeys: + description: List of keys that needs to be tagged + items: + type: string + type: array + tagListKey: + description: Key of the string array optionally contained within + each log record that contains tag keys for that record + type: string + tagsListEnabled: + description: Dynamically tag keys which are in the string array + at Tags_List_Key key. + type: boolean + tls: + description: Fluent Bit provides integrated support for Transport + Layer Security (TLS) and it predecessor Secure Sockets Layer + (SSL) respectively. + properties: + caFile: + description: Absolute path to CA certificate file + type: string + caPath: + description: Absolute path to scan for certificate files + type: string + crtFile: + description: Absolute path to Certificate file + type: string + debug: + description: 'Set TLS debug verbosity level. It accept the + following values: 0 (No debug), 1 (Error), 2 (State change), + 3 (Informational) and 4 Verbose' + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + format: int32 + type: integer + keyFile: + description: Absolute path to private Key file + type: string + keyPassword: + description: Optional password for tls.key_file file + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + verify: + description: Force certificate validation + type: boolean + vhost: + description: Hostname to be used for TLS SNI extension + type: string + type: object + required: + - host + type: object + kafka: + description: Kafka defines Kafka Output configuration. + properties: + brokers: + description: 'Single of multiple list of Kafka Brokers, e.g: 192.168.1.3:9092, + 192.168.1.4:9092.' + type: string + dynamicTopic: + description: adds unknown topics (found in Topic_Key) to Topics. + So in Topics only a default topic needs to be configured + type: boolean + format: + description: 'Specify data format, options available: json, msgpack.' + type: string + messageKey: + description: Optional key to store the message + type: string + messageKeyField: + description: If set, the value of Message_Key_Field in the record + will indicate the message key. If not set nor found in the record, + Message_Key will be used (if set). + type: string + queueFullRetries: + description: Fluent Bit queues data into rdkafka library, if for + some reason the underlying library cannot flush the records + the queue might fills up blocking new addition of records. The + queue_full_retries option set the number of local retries to + enqueue the data. The default value is 10 times, the interval + between each retry is 1 second. Setting the queue_full_retries + value to 0 set's an unlimited number of retries. + format: int64 + type: integer + rdkafka: + additionalProperties: + type: string + description: '{property} can be any librdkafka properties' + type: object + timestampFormat: + description: iso8601 or double + type: string + timestampKey: + description: Set the key to store the record timestamp + type: string + topicKey: + description: 'If multiple Topics exists, the value of Topic_Key + in the record will indicate the topic to use. E.g: if Topic_Key + is router and the record is {"key1": 123, "router": "route_2"}, + Fluent Bit will use topic route_2. Note that if the value of + Topic_Key is not present in Topics, then by default the first + topic in the Topics list will indicate the topic to be used.' + type: string + topics: + description: Single entry or list of topics separated by comma + (,) that Fluent Bit will use to send messages to Kafka. If only + one topic is set, that one will be used for all records. Instead + if multiple topics exists, the one set in the record by Topic_Key + will be used. + type: string + type: object + kinesis: + description: Kinesis defines Kinesis Output configuration. + properties: + autoRetryRequests: + description: Immediately retry failed requests to AWS services + once. This option does not affect the normal Fluent Bit retry + mechanism with backoff. Instead, it enables an immediate retry + with no delay for networking errors, which may help improve + throughput when there are transient/random networking issues. + This option defaults to true. + type: boolean + endpoint: + description: Specify a custom endpoint for the Kinesis API. + type: string + externalID: + description: Specify an external ID for the STS API, can be used + with the role_arn parameter if your role requires an external + ID. + type: string + logKey: + description: By default, the whole log record will be sent to + Kinesis. If you specify a key name with this option, then only + the value of that key will be sent to Kinesis. For example, + if you are using the Fluentd Docker log driver, you can specify + log_key log and only the log message will be sent to Kinesis. + type: string + region: + description: The AWS region. + type: string + roleARN: + description: ARN of an IAM role to assume (for cross account access). + type: string + stream: + description: The name of the Kinesis Streams Delivery stream that + you want log records sent to. + type: string + stsEndpoint: + description: Custom endpoint for the STS API. + type: string + timeKey: + description: Add the timestamp to the record under this key. By + default the timestamp from Fluent Bit will not be added to records + sent to Kinesis. + type: string + timeKeyFormat: + description: strftime compliant format string for the timestamp; + for example, the default is '%Y-%m-%dT%H:%M:%S'. Supports millisecond + precision with '%3N' and supports nanosecond precision with + '%9N' and '%L'; for example, adding '%3N' to support millisecond + '%Y-%m-%dT%H:%M:%S.%3N'. This option is used with time_key. + type: string + required: + - region + - stream + type: object + logLevel: + description: 'Set the plugin''s logging verbosity level. Allowed values + are: off, error, warn, info, debug and trace, Defaults to the SERVICE + section''s Log_Level' + enum: + - "off" + - error + - warning + - info + - debug + - trace + type: string + loki: + description: Loki defines Loki Output configuration. + properties: + autoKubernetesLabels: + description: If set to true, it will add all Kubernetes labels + to the Stream labels. + enum: + - "on" + - "off" + type: string + dropSingleKey: + description: If set to true and after extracting labels only a + single key remains, the log line sent to Loki will be the value + of that key in line_format. + enum: + - "on" + - "off" + type: string + host: + description: Loki hostname or IP address. + type: string + httpPassword: + description: Password for user defined in HTTP_User Set HTTP basic + authentication password + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + httpUser: + description: Set HTTP basic authentication user name. + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + labelKeys: + description: Optional list of record keys that will be placed + as stream labels. This configuration property is for records + key only. + items: + type: string + type: array + labelMapPath: + description: Specify the label map file path. The file defines + how to extract labels from each record. + type: string + labels: + description: Stream labels for API request. It can be multiple + comma separated of strings specifying key=value pairs. In addition + to fixed parameters, it also allows to add custom record keys + (similar to label_keys property). + items: + type: string + type: array + lineFormat: + description: Format to use when flattening the record to a log + line. Valid values are json or key_value. If set to json, the + log line sent to Loki will be the Fluent Bit record dumped as + JSON. If set to key_value, the log line will be each item in + the record concatenated together (separated by a single space) + in the format. + enum: + - json + - key_value + type: string + port: + description: Loki TCP port + format: int32 + maximum: 65535 + minimum: 1 + type: integer + removeKeys: + description: Optional list of keys to remove. + items: + type: string + type: array + tenantID: + description: Tenant ID used by default to push logs to Loki. If + omitted or empty it assumes Loki is running in single-tenant + mode and no X-Scope-OrgID header is sent. + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + tenantIDKey: + description: Specify the name of the key from the original record + that contains the Tenant ID. The value of the key is set as + X-Scope-OrgID of HTTP header. It is useful to set Tenant ID + dynamically. + type: string + tls: + description: Fluent Bit provides integrated support for Transport + Layer Security (TLS) and it predecessor Secure Sockets Layer + (SSL) respectively. + properties: + caFile: + description: Absolute path to CA certificate file + type: string + caPath: + description: Absolute path to scan for certificate files + type: string + crtFile: + description: Absolute path to Certificate file + type: string + debug: + description: 'Set TLS debug verbosity level. It accept the + following values: 0 (No debug), 1 (Error), 2 (State change), + 3 (Informational) and 4 Verbose' + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + format: int32 + type: integer + keyFile: + description: Absolute path to private Key file + type: string + keyPassword: + description: Optional password for tls.key_file file + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + verify: + description: Force certificate validation + type: boolean + vhost: + description: Hostname to be used for TLS SNI extension + type: string + type: object + required: + - host + type: object + match: + description: A pattern to match against the tags of incoming records. + It's case sensitive and support the star (*) character as a wildcard. + type: string + matchRegex: + description: A regular expression to match against the tags of incoming + records. Use this option if you want to use the full regex syntax. + type: string + "null": + description: Null defines Null Output configuration. + type: object + opensearch: + description: OpenSearch defines OpenSearch Output configuration. + properties: + Workers: + description: Enables dedicated thread(s) for this output. Default + value is set since version 1.8.13. For previous versions is + 0. + format: int32 + type: integer + awsAuth: + description: Enable AWS Sigv4 Authentication for Amazon OpenSearch + Service. + type: string + awsExternalID: + description: External ID for the AWS IAM Role specified with aws_role_arn. + type: string + awsRegion: + description: Specify the AWS region for Amazon OpenSearch Service. + type: string + awsRoleARN: + description: AWS IAM Role to assume to put records to your Amazon + cluster. + type: string + awsSTSEndpoint: + description: Specify the custom sts endpoint to be used with STS + API for Amazon OpenSearch Service. + type: string + bufferSize: + description: Specify the buffer size used to read the response + from the OpenSearch HTTP service. This option is useful for + debugging purposes where is required to read full responses, + note that response size grows depending of the number of records + inserted. To set an unlimited amount of memory set this value + to False, otherwise the value must be according to the Unit + Size specification. + pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ + type: string + currentTimeIndex: + description: Use current time for index generation instead of + message record + type: boolean + generateID: + description: When enabled, generate _id for outgoing records. + This prevents duplicate records when retrying OpenSearch. + type: boolean + host: + description: IP address or hostname of the target OpenSearch instance, + default `127.0.0.1` + type: string + httpPassword: + description: Password for user defined in HTTP_User + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + httpUser: + description: Optional username credential for access + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + idKey: + description: If set, _id will be the value of the key from incoming + record and Generate_ID option is ignored. + type: string + includeTagKey: + description: When enabled, it append the Tag name to the record. + type: boolean + index: + description: Index name + type: string + logstashDateFormat: + description: Time format (based on strftime) to generate the second + part of the Index name. + type: string + logstashFormat: + description: 'Enable Logstash format compatibility. This option + takes a boolean value: True/False, On/Off' + type: boolean + logstashPrefix: + description: 'When Logstash_Format is enabled, the Index name + is composed using a prefix and the date, e.g: If Logstash_Prefix + is equals to ''mydata'' your index will become ''mydata-YYYY.MM.DD''. + The last string appended belongs to the date when the data is + being generated.' + type: string + logstashPrefixKey: + description: Prefix keys with this string + type: string + path: + description: OpenSearch accepts new data on HTTP query path "/_bulk". + But it is also possible to serve OpenSearch behind a reverse + proxy on a subpath. This option defines such path on the fluent-bit + side. It simply adds a path prefix in the indexing HTTP POST + URI. + type: string + pipeline: + description: OpenSearch allows to setup filters called pipelines. + This option allows to define which pipeline the database should + use. For performance reasons is strongly suggested to do parsing + and filtering on Fluent Bit side, avoid pipelines. + type: string + port: + description: TCP port of the target OpenSearch instance, default + `9200` + format: int32 + maximum: 65535 + minimum: 1 + type: integer + replaceDots: + description: When enabled, replace field name dots with underscore, + required by Elasticsearch 2.0-2.3. + type: boolean + suppressTypeName: + description: When enabled, mapping types is removed and Type option + is ignored. Types are deprecated in APIs in v7.0. This options + is for v7.0 or later. + type: boolean + tagKey: + description: When Include_Tag_Key is enabled, this property defines + the key name for the tag. + type: string + timeKey: + description: When Logstash_Format is enabled, each record will + get a new timestamp field. The Time_Key property defines the + name of that field. + type: string + timeKeyFormat: + description: When Logstash_Format is enabled, this property defines + the format of the timestamp. + type: string + timeKeyNanos: + description: When Logstash_Format is enabled, enabling this property + sends nanosecond precision timestamps. + type: boolean + tls: + description: Fluent Bit provides integrated support for Transport + Layer Security (TLS) and it predecessor Secure Sockets Layer + (SSL) respectively. + properties: + caFile: + description: Absolute path to CA certificate file + type: string + caPath: + description: Absolute path to scan for certificate files + type: string + crtFile: + description: Absolute path to Certificate file + type: string + debug: + description: 'Set TLS debug verbosity level. It accept the + following values: 0 (No debug), 1 (Error), 2 (State change), + 3 (Informational) and 4 Verbose' + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + format: int32 + type: integer + keyFile: + description: Absolute path to private Key file + type: string + keyPassword: + description: Optional password for tls.key_file file + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + verify: + description: Force certificate validation + type: boolean + vhost: + description: Hostname to be used for TLS SNI extension + type: string + type: object + totalLimitSize: + description: Limit the maximum number of Chunks in the filesystem + for the current output logical destination. + type: string + traceError: + description: When enabled print the elasticsearch API calls to + stdout when elasticsearch returns an error + type: boolean + traceOutput: + description: When enabled print the elasticsearch API calls to + stdout (for diag only) + type: boolean + type: + description: Type name + type: string + writeOperation: + description: Operation to use to write in bulk requests. + type: string + type: object + opentelemetry: + description: OpenTelemetry defines OpenTelemetry Output configuration. + properties: + addLabel: + additionalProperties: + type: string + description: This allows you to add custom labels to all metrics + exposed through the OpenTelemetry exporter. You may have multiple + of these fields. + type: object + header: + additionalProperties: + type: string + description: Add a HTTP header key/value pair. Multiple headers + can be set. + type: object + host: + description: IP address or hostname of the target HTTP Server, + default `127.0.0.1` + type: string + httpPassword: + description: Password for user defined in HTTP_User + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + httpUser: + description: Optional username credential for access + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + logResponsePayload: + description: Log the response payload within the Fluent Bit log. + type: boolean + logsUri: + description: 'Specify an optional HTTP URI for the target web + server listening for logs, e.g: /v1/logs' + type: string + metricsUri: + description: 'Specify an optional HTTP URI for the target web + server listening for metrics, e.g: /v1/metrics' + type: string + port: + description: TCP port of the target OpenSearch instance, default + `80` + format: int32 + maximum: 65535 + minimum: 1 + type: integer + proxy: + description: Specify an HTTP Proxy. The expected format of this + value is http://HOST:PORT. Note that HTTPS is not currently + supported. It is recommended not to set this and to configure + the HTTP proxy environment variables instead as they support + both HTTP and HTTPS. + type: string + tls: + description: Fluent Bit provides integrated support for Transport + Layer Security (TLS) and it predecessor Secure Sockets Layer + (SSL) respectively. + properties: + caFile: + description: Absolute path to CA certificate file + type: string + caPath: + description: Absolute path to scan for certificate files + type: string + crtFile: + description: Absolute path to Certificate file + type: string + debug: + description: 'Set TLS debug verbosity level. It accept the + following values: 0 (No debug), 1 (Error), 2 (State change), + 3 (Informational) and 4 Verbose' + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + format: int32 + type: integer + keyFile: + description: Absolute path to private Key file + type: string + keyPassword: + description: Optional password for tls.key_file file + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + verify: + description: Force certificate validation + type: boolean + vhost: + description: Hostname to be used for TLS SNI extension + type: string + type: object + tracesUri: + description: 'Specify an optional HTTP URI for the target web + server listening for traces, e.g: /v1/traces' + type: string + type: object + prometheusExporter: + description: PrometheusExporter_types defines Prometheus exporter + configuration to expose metrics from Fluent Bit. + properties: + addLabels: + additionalProperties: + type: string + description: This allows you to add custom labels to all metrics + exposed through the prometheus exporter. You may have multiple + of these fields + type: object + host: + description: 'IP address or hostname of the target HTTP Server, + default: 0.0.0.0' + type: string + port: + description: This is the port Fluent Bit will bind to when hosting + prometheus metrics. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - host + type: object + prometheusRemoteWrite: + description: PrometheusRemoteWrite_types defines Prometheus Remote + Write configuration. + properties: + addLabels: + additionalProperties: + type: string + description: This allows you to add custom labels to all metrics + exposed through the prometheus exporter. You may have multiple + of these fields + type: object + headers: + additionalProperties: + type: string + description: Add a HTTP header key/value pair. Multiple headers + can be set. + type: object + host: + description: 'IP address or hostname of the target HTTP Server, + default: 127.0.0.1' + type: string + httpPasswd: + description: Basic Auth Password. Requires HTTP_user to be se + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + httpUser: + description: Basic Auth Username + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + logResponsePayload: + description: 'Log the response payload within the Fluent Bit log,default: + false' + type: boolean + port: + description: TCP port of the target HTTP Serveri, default:80 + format: int32 + maximum: 65535 + minimum: 1 + type: integer + proxy: + description: Specify an HTTP Proxy. The expected format of this + value is http://HOST:PORT. + type: string + tls: + description: Fluent Bit provides integrated support for Transport + Layer Security (TLS) and it predecessor Secure Sockets Layer + (SSL) respectively. + properties: + caFile: + description: Absolute path to CA certificate file + type: string + caPath: + description: Absolute path to scan for certificate files + type: string + crtFile: + description: Absolute path to Certificate file + type: string + debug: + description: 'Set TLS debug verbosity level. It accept the + following values: 0 (No debug), 1 (Error), 2 (State change), + 3 (Informational) and 4 Verbose' + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + format: int32 + type: integer + keyFile: + description: Absolute path to private Key file + type: string + keyPassword: + description: Optional password for tls.key_file file + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + verify: + description: Force certificate validation + type: boolean + vhost: + description: Hostname to be used for TLS SNI extension + type: string + type: object + uri: + description: 'Specify an optional HTTP URI for the target web + server, e.g: /something ,default: /' + type: string + workers: + description: 'Enables dedicated thread(s) for this output. Default + value is set since version 1.8.13. For previous versions is + 0,default : 2' + format: int32 + type: integer + required: + - host + type: object + retry_limit: + description: RetryLimit represents configuration for the scheduler + which can be set independently on each output section. This option + allows to disable retries or impose a limit to try N times and then + discard the data after reaching that limit. + type: string + s3: + description: S3 defines S3 Output configuration. + properties: + AutoRetryRequests: + description: Immediately retry failed requests to AWS services + once. + type: boolean + Bucket: + description: S3 Bucket name + type: string + CannedAcl: + description: Predefined Canned ACL Policy for S3 objects. + type: string + Compression: + description: Compression type for S3 objects. + type: string + ContentType: + description: A standard MIME type for the S3 object; this will + be set as the Content-Type HTTP header. + type: string + Endpoint: + description: Custom endpoint for the S3 API. + type: string + ExternalId: + description: Specify an external ID for the STS API, can be used + with the role_arn parameter if your role requires an external + ID. + type: string + JsonDateFormat: + description: 'Specify the format of the date. Supported formats + are double, epoch, iso8601 (eg: 2018-05-30T09:39:52.000681Z) + and java_sql_timestamp (eg: 2018-05-30 09:39:52.000681)' + type: string + JsonDateKey: + description: Specify the name of the time key in the output record. + To disable the time key just set the value to false. + type: string + LogKey: + description: By default, the whole log record will be sent to + S3. If you specify a key name with this option, then only the + value of that key will be sent to S3. + type: string + PreserveDataOrdering: + description: Normally, when an upload request fails, there is + a high chance for the last received chunk to be swapped with + a later chunk, resulting in data shuffling. This feature prevents + this shuffling by using a queue logic for uploads. + type: boolean + Region: + description: The AWS region of your S3 bucket + type: string + RetryLimit: + description: Integer value to set the maximum number of retries + allowed. + format: int32 + type: integer + RoleArn: + description: ARN of an IAM role to assume + type: string + S3KeyFormat: + description: Format string for keys in S3. + type: string + S3KeyFormatTagDelimiters: + description: A series of characters which will be used to split + the tag into 'parts' for use with the s3_key_format option. + type: string + SendContentMd5: + description: Send the Content-MD5 header with PutObject and UploadPart + requests, as is required when Object Lock is enabled. + type: boolean + StaticFilePath: + description: Disables behavior where UUID string is automatically + appended to end of S3 key name when $UUID is not provided in + s3_key_format. $UUID, time formatters, $TAG, and other dynamic + key formatters all work as expected while this feature is set + to true. + type: boolean + StorageClass: + description: Specify the storage class for S3 objects. If this + option is not specified, objects will be stored with the default + 'STANDARD' storage class. + type: string + StoreDir: + description: Directory to locally buffer data before sending. + type: string + StoreDirLimitSize: + description: The size of the limitation for disk usage in S3. + type: string + StsEndpoint: + description: Custom endpoint for the STS API. + type: string + TotalFileSize: + description: Specifies the size of files in S3. Minimum size is + 1M. With use_put_object On the maximum size is 1G. With multipart + upload mode, the maximum size is 50G. + type: string + UploadChunkSize: + description: 'The size of each ''part'' for multipart uploads. + Max: 50M' + type: string + UploadTimeout: + description: Whenever this amount of time has elapsed, Fluent + Bit will complete an upload and create a new file in S3. For + example, set this value to 60m and you will get a new file every + hour. + type: string + UsePutObject: + description: Use the S3 PutObject API, instead of the multipart + upload API. + type: boolean + required: + - Bucket + - Region + type: object + splunk: + description: Splunk defines Splunk Output Configuration + properties: + Workers: + description: Enables dedicated thread(s) for this output. Default + value `2` is set since version 1.8.13. For previous versions + is 0. + format: int32 + type: integer + channel: + description: Specify X-Splunk-Request-Channel Header for the HTTP + Event Collector interface. + type: string + compress: + description: Set payload compression mechanism. The only available + option is gzip. + type: string + eventFields: + description: Set event fields for the record. This option is an + array and the format is "key_name record_accessor_pattern". + items: + type: string + type: array + eventHost: + description: Specify the key name that contains the host value. + This option allows a record accessors pattern. + type: string + eventIndex: + description: The name of the index by which the event data is + to be indexed. + type: string + eventIndexKey: + description: Set a record key that will populate the index field. + If the key is found, it will have precedence over the value + set in event_index. + type: string + eventKey: + description: Specify the key name that will be used to send a + single value as part of the record. + type: string + eventSource: + description: Set the source value to assign to the event data. + type: string + eventSourcetype: + description: Set the sourcetype value to assign to the event data. + type: string + eventSourcetypeKey: + description: Set a record key that will populate 'sourcetype'. + If the key is found, it will have precedence over the value + set in event_sourcetype. + type: string + host: + description: IP address or hostname of the target OpenSearch instance, + default `127.0.0.1` + type: string + httpBufferSize: + description: 'Buffer size used to receive Splunk HTTP responses: + Default `2M`' + pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ + type: string + httpDebugBadRequest: + description: If the HTTP server response code is 400 (bad request) + and this flag is enabled, it will print the full HTTP request + and response to the stdout interface. This feature is available + for debugging purposes. + type: boolean + httpPassword: + description: Password for user defined in HTTP_User + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + httpUser: + description: Optional username credential for access + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + port: + description: TCP port of the target Splunk instance, default `8088` + format: int32 + maximum: 65535 + minimum: 1 + type: integer + splunkSendRaw: + description: When enabled, the record keys and values are set + in the top level of the map instead of under the event key. + Refer to the Sending Raw Events section from the docs more details + to make this option work properly. + type: boolean + splunkToken: + description: Specify the Authentication Token for the HTTP Event + Collector interface. + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + tls: + description: Fluent Bit provides integrated support for Transport + Layer Security (TLS) and it predecessor Secure Sockets Layer + (SSL) respectively. + properties: + caFile: + description: Absolute path to CA certificate file + type: string + caPath: + description: Absolute path to scan for certificate files + type: string + crtFile: + description: Absolute path to Certificate file + type: string + debug: + description: 'Set TLS debug verbosity level. It accept the + following values: 0 (No debug), 1 (Error), 2 (State change), + 3 (Informational) and 4 Verbose' + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + format: int32 + type: integer + keyFile: + description: Absolute path to private Key file + type: string + keyPassword: + description: Optional password for tls.key_file file + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + verify: + description: Force certificate validation + type: boolean + vhost: + description: Hostname to be used for TLS SNI extension + type: string + type: object + type: object + stackdriver: + description: Stackdriver defines Stackdriver Output Configuration + properties: + autoformatStackdriverTrace: + description: Rewrite the trace field to be formatted for use with + GCP Cloud Trace + type: boolean + customK8sRegex: + description: A custom regex to extract fields from the local_resource_id + of the logs + type: string + exportToProjectID: + description: The GCP Project that should receive the logs + type: string + googleServiceCredentials: + description: Path to GCP Credentials JSON file + type: string + job: + description: Identifier for a grouping of tasks. Required if Resource + is generic_task + type: string + k8sClusterLocation: + description: Location of the cluster that contains the pods/nodes. + Required if Resource is k8s_container, k8s_node, or k8s_pod + type: string + k8sClusterName: + description: Name of the cluster that the pod is running in. Required + if Resource is k8s_container, k8s_node, or k8s_pod + type: string + labels: + description: Optional list of comma separated of strings for key/value + pairs + items: + type: string + type: array + labelsKey: + description: Used by Stackdriver to find related labels and extract + them to LogEntry Labels + type: string + location: + description: GCP/AWS region to store data. Required if Resource + is generic_node or generic_task + type: string + logNameKey: + description: The value of this field is set as the logName field + in Stackdriver + type: string + metadataServer: + description: Metadata Server Prefix + type: string + namespace: + description: Namespace identifier. Required if Resource is generic_node + or generic_task + type: string + nodeID: + description: Node identifier within the namespace. Required if + Resource is generic_node or generic_task + type: string + resource: + description: Set resource types of data + type: string + resourceLabels: + description: Optional list of comma seperated strings. Setting + these fields overrides the Stackdriver monitored resource API + values + items: + type: string + type: array + serviceAccountEmail: + description: Email associated with the service + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + serviceAccountSecret: + description: Private Key associated with the service + properties: + valueFrom: + description: ValueSource defines how to find a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + severityKey: + description: Specify the key that contains the severity information + for the logs + type: string + tagPrefix: + description: Used to validate the tags of logs that when the Resource + is k8s_container, k8s_node, or k8s_pod + type: string + taskID: + description: Identifier for a task within a namespace. Required + if Resource is generic_task + type: string + workers: + description: Number of dedicated threads for the Stackdriver Output + Plugin + format: int32 + type: integer + type: object + stdout: + description: Stdout defines Stdout Output configuration. + properties: + format: + description: Specify the data format to be printed. Supported + formats are msgpack json, json_lines and json_stream. + enum: + - msgpack + - json + - json_lines + - json_stream + type: string + jsonDateFormat: + description: 'Specify the format of the date. Supported formats + are double, iso8601 (eg: 2018-05-30T09:39:52.000681Z) and epoch.' + enum: + - double + - iso8601 + - epoch + type: string + jsonDateKey: + description: Specify the name of the date field in output. + type: string + type: object + syslog: + description: Syslog defines Syslog Output configuration. + properties: + host: + description: Host domain or IP address of the remote Syslog server. + type: string + mode: + description: Mode of the desired transport type, the available + options are tcp, tls and udp. + type: string + port: + description: TCP or UDP port of the remote Syslog server. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + syslogAppnameKey: + description: Key name from the original record that contains the + application name that generated the message. + type: string + syslogFacilityKey: + description: Key from the original record that contains the Syslog + facility number. + type: string + syslogFormat: + description: Syslog protocol format to use, the available options + are rfc3164 and rfc5424. + type: string + syslogHostnameKey: + description: Key name from the original record that contains the + hostname that generated the message. + type: string + syslogMaxSize: + description: Maximum size allowed per message, in bytes. + format: int32 + type: integer + syslogMessageIDKey: + description: Key name from the original record that contains the + Message ID associated to the message. + type: string + syslogMessageKey: + description: Key key name that contains the message to deliver. + type: string + syslogProcessIDKey: + description: Key name from the original record that contains the + Process ID that generated the message. + type: string + syslogSDKey: + description: Key name from the original record that contains the + Structured Data (SD) content. + type: string + syslogSeverityKey: + description: Key from the original record that contains the Syslog + severity number. + type: string + tls: + description: Syslog output plugin supports TTL/SSL, for more details + about the properties available and general configuration, please + refer to the TLS/SSL section. + properties: + caFile: + description: Absolute path to CA certificate file + type: string + caPath: + description: Absolute path to scan for certificate files + type: string + crtFile: + description: Absolute path to Certificate file + type: string + debug: + description: 'Set TLS debug verbosity level. It accept the + following values: 0 (No debug), 1 (Error), 2 (State change), + 3 (Informational) and 4 Verbose' + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + format: int32 + type: integer + keyFile: + description: Absolute path to private Key file + type: string + keyPassword: + description: Optional password for tls.key_file file + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + verify: + description: Force certificate validation + type: boolean + vhost: + description: Hostname to be used for TLS SNI extension + type: string + type: object + type: object + tcp: + description: TCP defines TCP Output configuration. + properties: + format: + description: Specify the data format to be printed. Supported + formats are msgpack json, json_lines and json_stream. + enum: + - msgpack + - json + - json_lines + - json_stream + type: string + host: + description: Target host where Fluent-Bit or Fluentd are listening + for Forward messages. + type: string + jsonDateFormat: + description: 'Specify the format of the date. Supported formats + are double, epoch and iso8601 (eg: 2018-05-30T09:39:52.000681Z)' + enum: + - double + - epoch + - iso8601 + type: string + jsonDateKey: + description: TSpecify the name of the time key in the output record. + To disable the time key just set the value to false. + type: string + port: + description: TCP Port of the target service. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + tls: + description: Fluent Bit provides integrated support for Transport + Layer Security (TLS) and it predecessor Secure Sockets Layer + (SSL) respectively. + properties: + caFile: + description: Absolute path to CA certificate file + type: string + caPath: + description: Absolute path to scan for certificate files + type: string + crtFile: + description: Absolute path to Certificate file + type: string + debug: + description: 'Set TLS debug verbosity level. It accept the + following values: 0 (No debug), 1 (Error), 2 (State change), + 3 (Informational) and 4 Verbose' + enum: + - 0 + - 1 + - 2 + - 3 + - 4 + format: int32 + type: integer + keyFile: + description: Absolute path to private Key file + type: string + keyPassword: + description: Optional password for tls.key_file file + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + verify: + description: Force certificate validation + type: boolean + vhost: + description: Hostname to be used for TLS SNI extension + type: string + type: object + type: object + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + name: clusteroutputs.fluentd.fluent.io +spec: + group: fluentd.fluent.io + names: + kind: ClusterOutput + listKind: ClusterOutputList + plural: clusteroutputs + shortNames: + - cfdo + singular: clusteroutput + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterOutput is the Schema for the clusteroutputs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterOutputSpec defines the desired state of ClusterOutput + properties: + outputs: + items: + description: Output defines all available output plugins and their + parameters + properties: + buffer: + description: buffer section + properties: + calcNumRecords: + description: Calculates the number of records, chunk size, + during chunk resume. + type: string + chunkFormat: + description: ChunkFormat specifies the chunk format for + calc_num_records. + enum: + - msgpack + - text + - auto + type: string + chunkLimitRecords: + description: The max number of events that each chunks can + store in it. + pattern: ^\d+(KB|MB|GB|TB)$ + type: string + chunkLimitSize: + description: 'Buffer parameters The max size of each chunks: + events will be written into chunks until the size of chunks + become this size Default: 8MB (memory) / 256MB (file)' + pattern: ^\d+(KB|MB|GB|TB)$ + type: string + compress: + description: Fluentd will decompress these compressed chunks + automatically before passing them to the output plugin + If gzip is set, Fluentd compresses data records before + writing to buffer chunks. Default:text. + enum: + - text + - gzip + type: string + delayedCommitTimeout: + description: The timeout (seconds) until output plugin decides + if the async write operation has failed. Default is 60s + pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ + type: string + disableChunkBackup: + description: Instead of storing unrecoverable chunks in + the backup directory, just discard them. This option is + new in Fluentd v1.2.6. + type: boolean + flushAtShutdown: + description: Flush parameters This specifies whether to + flush/write all buffer chunks on shutdown or not. + type: boolean + flushInterval: + description: FlushInterval defines the flush interval + pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ + type: string + flushMode: + description: 'FlushMode defines the flush mode: lazy: flushes/writes + chunks once per timekey interval: flushes/writes chunks + per specified time via flush_interval immediate: flushes/writes + chunks immediately after events are appended into chunks + default: equals to lazy if time is specified as chunk + key, interval otherwise' + enum: + - default + - lazy + - interval + - immediate + type: string + flushThreadCount: + description: The number of threads to flush/write chunks + in parallel + pattern: ^\d+$ + type: string + id: + description: The @id parameter specifies a unique name for + the configuration. + type: string + localtime: + description: If true, uses local time. + type: boolean + logLevel: + description: The @log_level parameter specifies the plugin-specific + logging level + type: string + overflowAction: + description: 'OverflowAtction defines the output plugin + behave when its buffer queue is full. Default: throw_exception' + type: string + path: + description: The path where buffer chunks are stored. This + field would make no effect in memory buffer plugin. + type: string + pathSuffix: + description: Changes the suffix of the buffer file. + type: string + queueLimitLength: + description: 'The queue length limitation of this buffer + plugin instance. Default: 0.95' + pattern: ^\d+.?\d+$ + type: string + queuedChunksLimitSize: + description: 'Limit the number of queued chunks. Default: + 1 If a smaller flush_interval is set, e.g. 1s, there are + lots of small queued chunks in the buffer. With file buffer, + it may consume a lot of fd resources when output destination + has a problem. This parameter mitigates such situations.' + minimum: 1 + type: integer + retryExponentialBackoffBase: + description: The base number of exponential backoff for + retries. + pattern: ^\d+(\.[0-9]{0,2})?$ + type: string + retryForever: + description: If true, plugin will ignore retry_timeout and + retry_max_times options and retry flushing forever. + type: boolean + retryMaxInterval: + description: The maximum interval (seconds) for exponential + backoff between retries while failing + pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ + type: string + retryMaxTimes: + description: 'The maximum number of times to retry to flush + the failed chunks. Default: none' + type: integer + retryRandomize: + description: If true, the output plugin will retry after + randomized interval not to do burst retries + type: boolean + retrySecondaryThreshold: + description: The ratio of retry_timeout to switch to use + the secondary while failing. + pattern: ^\d+.?\d+$ + type: string + retryTimeout: + description: Retry parameters The maximum time (seconds) + to retry to flush again the failed chunks, until the plugin + discards the buffer chunks + pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ + type: string + retryType: + description: Output plugin will retry periodically with + fixed intervals. + type: string + retryWait: + description: Wait in seconds before the next retry to flush + or constant factor of exponential backoff + pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ + type: string + tag: + description: The output plugins group events into chunks. + Chunk keys, specified as the argument of section, + control how to group events into chunks. If tag is empty, + which means blank Chunk Keys. Tag also supports Nested + Field, combination of Chunk Keys, placeholders, etc. See + https://docs.fluentd.org/configuration/buffer-section. + type: string + timeFormat: + description: Process value according to the specified format. + This is available only when time_type is string + type: string + timeFormatFallbacks: + description: Uses the specified time format as a fallback + in the specified order. You can parse undetermined time + format by using time_format_fallbacks. This options is + enabled when time_type is mixed. + type: string + timeType: + description: parses/formats value according to this type, + default is string + enum: + - float + - unixtime + - string + - mixed + type: string + timekey: + description: Output plugin will flush chunks per specified + time (enabled when time is specified in chunk keys) + type: string + timekeyWait: + description: Output plugin will write chunks after timekey_wait + seconds later after timekey expiration + type: string + timezone: + description: Uses the specified timezone. + type: string + totalLimitSize: + description: 'The size limitation of this buffer plugin + instance Default: 512MB (memory) / 64GB (file)' + pattern: ^\d+(KB|MB|GB|TB)$ + type: string + type: + description: The @type parameter specifies the type of the + plugin. + enum: + - file + - memory + - file_single + type: string + utc: + description: If true, uses UTC. + type: boolean + required: + - type + type: object + cloudWatch: + description: out_cloudwatch plugin + properties: + autoCreateStream: + type: boolean + awsEcsAuthentication: + type: boolean + awsKeyId: + description: Secret defines the key of a value. + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + awsSecKey: + description: Secret defines the key of a value. + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + awsStsDurationSeconds: + type: string + awsStsEndpointUrl: + type: string + awsStsExternalId: + type: string + awsStsPolicy: + type: string + awsStsRoleArn: + type: string + awsStsSessionName: + type: string + awsUseSts: + type: boolean + concurrency: + type: integer + durationSeconds: + type: string + endpoint: + description: Specify an AWS endpoint to send data to. + type: string + httpProxy: + type: string + includeTimeKey: + type: boolean + jsonHandler: + type: string + localtime: + type: boolean + logGroupAwsTags: + type: string + logGroupAwsTagsKey: + type: string + logGroupName: + type: string + logGroupNameKey: + type: string + logRejectedRequest: + type: string + logStreamName: + type: string + logStreamNameKey: + type: string + maxEventsPerBatch: + type: string + maxMessageLength: + type: string + messageKeys: + type: string + policy: + type: string + putLogEventsDisableRetryLimit: + type: boolean + putLogEventsRetryLimit: + type: string + putLogEventsRetryWait: + type: string + region: + description: The AWS region. + type: string + removeLogGroupAwsTagsKey: + type: boolean + removeLogGroupNameKey: + type: boolean + removeLogStreamNameKey: + type: boolean + removeRetentionInDaysKey: + type: boolean + retentionInDays: + type: string + retentionInDaysKey: + type: string + roleArn: + description: ARN of an IAM role to assume (for cross account + access). + type: string + roleSessionName: + description: Role Session name + type: string + sslVerifyPeer: + type: boolean + useTagAsGroup: + type: string + useTagAsStream: + type: string + webIdentityTokenFile: + description: Web identity token file + type: string + type: object + customPlugin: + description: Custom plugin type + properties: + config: + type: string + required: + - config + type: object + datadog: + description: datadog plugin + properties: + apiKey: + description: This parameter is required in order to authenticate + your fluent agent. + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + compressionLevel: + description: Set the log compression level for HTTP (1 to + 9, 9 being the best ratio) + format: int32 + type: integer + ddHostname: + description: Used by Datadog to identify the host submitting + the logs. + type: string + ddSource: + description: This tells Datadog what integration it is + type: string + ddSourcecategory: + description: Multiple value attribute. Can be used to refine + the source attribute + type: string + ddTags: + description: Custom tags with the following format "key1:value1, + key2:value2" + type: string + host: + description: Proxy endpoint when logs are not directly forwarded + to Datadog + type: string + httpProxy: + description: HTTP proxy, only takes effect if HTTP forwarding + is enabled (use_http). Defaults to HTTP_PROXY/http_proxy + env vars. + type: string + includeTagKey: + description: Automatically include the Fluentd tag in the + record. + type: boolean + maxBackoff: + description: The maximum time waited between each retry + in seconds + format: int32 + type: integer + maxRetries: + description: The number of retries before the output plugin + stops. Set to -1 for unlimited retries + format: int32 + type: integer + noSSLValidation: + description: Disable SSL validation (useful for proxy forwarding) + type: boolean + port: + description: Proxy port when logs are not directly forwarded + to Datadog and ssl is not used + format: int32 + maximum: 65535 + minimum: 1 + type: integer + service: + description: Used by Datadog to correlate between logs, + traces and metrics. + type: string + sslPort: + description: Port used to send logs over a SSL encrypted + connection to Datadog. If use_http is disabled, use 10516 + for the US region and 443 for the EU region. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + tagKey: + description: Where to store the Fluentd tag. + type: string + timestampKey: + description: Name of the attribute which will contain timestamp + of the log event. If nil, timestamp attribute is not added. + type: string + useCompression: + description: Enable log compression for HTTP + type: boolean + useHTTP: + description: Enable HTTP forwarding. If you disable it, + make sure to change the port to 10514 or ssl_port to 10516 + type: boolean + useJson: + description: Event format, if true, the event is sent in + json format. Othwerwise, in plain text. + type: boolean + useSSL: + description: If true, the agent initializes a secure connection + to Datadog. In clear TCP otherwise. + type: boolean + type: object + elasticsearch: + description: out_es plugin + properties: + host: + description: 'The hostname of your Elasticsearch node (default: + localhost).' + type: string + hosts: + description: Hosts defines a list of hosts if you want to + connect to more than one Elasticsearch nodes + type: string + indexName: + description: IndexName defines the placeholder syntax of + Fluentd plugin API. See https://docs.fluentd.org/configuration/buffer-section. + type: string + logstashFormat: + description: 'If true, Fluentd uses the conventional index + name format logstash-%Y.%m.%d (default: false). This option + supersedes the index_name option.' + type: boolean + logstashPrefix: + description: 'LogstashPrefix defines the logstash prefix + index name to write events when logstash_format is true + (default: logstash).' + type: string + password: + description: Optional, The login credentials to connect + to Elasticsearch + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + path: + description: 'Path defines the REST API endpoint of Elasticsearch + to post write requests (default: nil).' + type: string + port: + description: 'The port number of your Elasticsearch node + (default: 9200).' + format: int32 + maximum: 65535 + minimum: 1 + type: integer + scheme: + description: 'Specify https if your Elasticsearch endpoint + supports SSL (default: http).' + type: string + user: + description: Optional, The login credentials to connect + to Elasticsearch + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + type: object + format: + description: format section + properties: + delimiter: + description: Delimiter for each field. + type: string + id: + description: The @id parameter specifies a unique name for + the configuration. + type: string + localtime: + description: If true, uses local time. + type: boolean + logLevel: + description: The @log_level parameter specifies the plugin-specific + logging level + type: string + newline: + description: Specify newline characters. + enum: + - lf + - crlf + type: string + outputTag: + description: Output tag field if true. + type: boolean + outputTime: + description: Output time field if true. + type: boolean + timeFormat: + description: Process value according to the specified format. + This is available only when time_type is string + type: string + timeFormatFallbacks: + description: Uses the specified time format as a fallback + in the specified order. You can parse undetermined time + format by using time_format_fallbacks. This options is + enabled when time_type is mixed. + type: string + timeType: + description: parses/formats value according to this type, + default is string + enum: + - float + - unixtime + - string + - mixed + type: string + timezone: + description: Uses the specified timezone. + type: string + type: + description: The @type parameter specifies the type of the + plugin. + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + utc: + description: If true, uses UTC. + type: boolean + type: object + forward: + description: out_forward plugin + properties: + ackResponseTimeout: + description: This option is used when require_ack_response + is true. This default value is based on popular tcp_syn_retries. + pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ + type: string + connectTimeout: + description: The connection timeout for the socket. When + the connection is timed out during the connection establishment, + Errno::ETIMEDOUT error is raised. + pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ + type: string + dnsRoundRobin: + description: Enable client-side DNS round robin. Uniform + randomly pick an IP address to send data when a hostname + has several IP addresses. heartbeat_type udp is not available + with dns_round_robintrue. Use heartbeat_type tcp or heartbeat_type + none. + type: boolean + expireDnsCache: + description: Sets TTL to expire DNS cache in seconds. Set + 0 not to use DNS Cache. + pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ + type: string + hardTimeout: + description: The hard timeout used to detect server failure. + The default value is equal to the send_timeout parameter. + pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ + type: string + heartbeatInterval: + description: The interval of the heartbeat packer. + pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ + type: string + heartbeatType: + description: Specifies the transport protocol for heartbeats. + Set none to disable. + enum: + - transport + - tcp + - udp + - none + type: string + ignoreNetworkErrorsAtStartup: + description: Ignores DNS resolution and errors at startup + time. + type: boolean + keepalive: + description: Enables the keepalive connection. + type: boolean + keepaliveTimeout: + description: Timeout for keepalive. Default value is nil + which means to keep the connection alive as long as possible. + pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ + type: string + phiFailureDetector: + description: Use the "Phi accrual failure detector" to detect + server failure. + type: boolean + phiThreshold: + description: The threshold parameter used to detect server + faults. + type: integer + recoverWait: + description: The wait time before accepting a server fault + recovery. + pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ + type: string + requireAckResponse: + description: Changes the protocol to at-least-once. The + plugin waits the ack from destination's in_forward plugin. + type: boolean + security: + description: ServiceDiscovery defines the security section + properties: + allowAnonymousSource: + description: Allows the anonymous source. sections + are required, if disabled. + type: string + selfHostname: + description: The hostname. + type: string + sharedKey: + description: The shared key for authentication. + type: string + user: + description: Defines user section directly. + properties: + password: + description: Secret defines the key of a value. + properties: + valueFrom: + description: ValueSource defines how to find + a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + username: + description: Secret defines the key of a value. + properties: + valueFrom: + description: ValueSource defines how to find + a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + type: object + userAuth: + description: If true, user-based authentication is used. + type: string + type: object + sendTimeout: + description: The timeout time when sending event logs. + pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ + type: string + servers: + description: Servers defines the servers section, at least + one is required + items: + description: Server defines the common parameters for + the server plugin + properties: + host: + description: Host defines the IP address or host name + of the server. + type: string + id: + description: The @id parameter specifies a unique + name for the configuration. + type: string + logLevel: + description: The @log_level parameter specifies the + plugin-specific logging level + type: string + name: + description: Name defines the name of the server. + Used for logging and certificate verification in + TLS transport (when the host is the address). + type: string + password: + description: Password defines the password for authentication. + properties: + valueFrom: + description: ValueSource defines how to find a + value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + port: + description: Port defines the port number of the host. + Note that both TCP packets (event stream) and UDP + packets (heartbeat messages) are sent to this port. + type: string + sharedKey: + description: SharedKey defines the shared key per + server. + type: string + standby: + description: Standby marks a node as the standby node + for an Active-Standby model between Fluentd nodes. + type: string + type: + description: The @type parameter specifies the type + of the plugin. + type: string + username: + description: Username defines the username for authentication. + properties: + valueFrom: + description: ValueSource defines how to find a + value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + weight: + description: Weight defines the load balancing weight + type: string + type: object + type: array + serviceDiscovery: + description: ServiceDiscovery defines the service_discovery + section + properties: + confEncoding: + description: The encoding of the configuration file. + type: string + dnsLookup: + description: DnsLookup resolves the hostname to IP address + of the SRV's Target. + type: string + dnsServerHost: + description: DnsServerHost defines the hostname of the + DNS server to request the SRV record. + type: string + hostname: + description: The name in RFC2782. + type: string + id: + description: The @id parameter specifies a unique name + for the configuration. + type: string + interval: + description: Interval defines the interval of sending + requests to DNS server. + type: string + logLevel: + description: The @log_level parameter specifies the + plugin-specific logging level + type: string + path: + description: The path of the target list. Default is + '/etc/fluent/sd.yaml' + type: string + proto: + description: Proto without the underscore in RFC2782. + type: string + server: + description: The server section of this plugin + properties: + host: + description: Host defines the IP address or host + name of the server. + type: string + id: + description: The @id parameter specifies a unique + name for the configuration. + type: string + logLevel: + description: The @log_level parameter specifies + the plugin-specific logging level + type: string + name: + description: Name defines the name of the server. + Used for logging and certificate verification + in TLS transport (when the host is the address). + type: string + password: + description: Password defines the password for authentication. + properties: + valueFrom: + description: ValueSource defines how to find + a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + port: + description: Port defines the port number of the + host. Note that both TCP packets (event stream) + and UDP packets (heartbeat messages) are sent + to this port. + type: string + sharedKey: + description: SharedKey defines the shared key per + server. + type: string + standby: + description: Standby marks a node as the standby + node for an Active-Standby model between Fluentd + nodes. + type: string + type: + description: The @type parameter specifies the type + of the plugin. + type: string + username: + description: Username defines the username for authentication. + properties: + valueFrom: + description: ValueSource defines how to find + a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + weight: + description: Weight defines the load balancing weight + type: string + type: object + service: + description: Service without the underscore in RFC2782. + type: string + type: + description: The @type parameter specifies the type + of the plugin. + enum: + - static + - file + - srv + type: string + required: + - type + type: object + tlsAllowSelfSignedCert: + description: Allows self-signed certificates or not. + type: boolean + tlsCertLogicalStoreName: + description: The certificate logical store name on Windows + system certstore. This parameter is for Windows only. + type: string + tlsCertPath: + description: The additional CA certificate path for TLS. + type: string + tlsCertThumbprint: + description: The certificate thumbprint for searching from + Windows system certstore. This parameter is for Windows + only. + type: string + tlsCertUseEnterpriseStore: + description: Enables the certificate enterprise store on + Windows system certstore. This parameter is for Windows + only. + type: boolean + tlsCiphers: + description: The cipher configuration of TLS transport. + type: string + tlsClientCertPath: + description: The client certificate path for TLS. + type: string + tlsClientPrivateKeyPassphrase: + description: The TLS private key passphrase for the client. + type: string + tlsClientPrivateKeyPath: + description: The client private key path for TLS. + type: string + tlsInsecureMode: + description: Skips all verification of certificates or not. + type: boolean + tlsVerifyHostname: + description: Verifies hostname of servers and certificates + or not in TLS transport. + type: boolean + tlsVersion: + description: The default version of TLS transport. + enum: + - TLSv1_1 + - TLSv1_2 + type: string + verifyConnectionAtStartup: + description: Verify that a connection can be made with one + of out_forward nodes at the time of startup. + type: boolean + required: + - servers + type: object + http: + description: out_http plugin + properties: + auth: + description: Auth section for this plugin + properties: + auth: + description: The method for HTTP authentication. Now + only basic. + type: string + password: + description: The password for basic authentication. + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + username: + description: The username for basic authentication. + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + type: object + contentType: + description: ContentType defines Content-Type for HTTP request. + out_http automatically set Content-Type for built-in formatters + when this parameter is not specified. + type: string + endpoint: + description: Endpoint defines the endpoint for HTTP request. + If you want to use HTTPS, use https prefix. + type: string + errorResponseAsUnrecoverable: + description: Raise UnrecoverableError when the response + code is not SUCCESS. + type: boolean + headers: + description: Headers defines the additional headers for + HTTP request. + type: string + headersFromPlaceholders: + description: Additional placeholder based headers for HTTP + request. If you want to use tag or record field, use this + parameter instead of headers. + type: string + httpMethod: + description: HttpMethod defines the method for HTTP request. + enum: + - post + - put + type: string + jsonArray: + description: JsonArray defines whether to use the array + format of JSON or not + type: boolean + openTimeout: + description: OpenTimeout defines the connection open timeout + in seconds. + type: integer + proxy: + description: Proxy defines the proxy for HTTP request. + type: string + readTimeout: + description: ReadTimeout defines the read timeout in seconds. + type: integer + retryableResponseCodes: + description: The list of retryable response codes. If the + response code is included in this list, out_http retries + the buffer flush. + type: string + sslTimeout: + description: SslTimeout defines the TLS timeout in seconds. + type: integer + tlsCaCertPath: + description: TlsCaCertPath defines the CA certificate path + for TLS. + type: string + tlsCiphers: + description: TlsCiphers defines the cipher suites configuration + of TLS. + type: string + tlsClientCertPath: + description: TlsClientCertPath defines the client certificate + path for TLS. + type: string + tlsPrivateKeyPassphrase: + description: TlsPrivateKeyPassphrase defines the client + private key passphrase for TLS. + type: string + tlsPrivateKeyPath: + description: TlsPrivateKeyPath defines the client private + key path for TLS. + type: string + tlsVerifyMode: + description: TlsVerifyMode defines the verify mode of TLS. + enum: + - peer + - none + type: string + tlsVersion: + description: TlsVersion defines the default version of TLS + transport. + enum: + - TLSv1_1 + - TLSv1_2 + type: string + type: object + inject: + description: inject section + properties: + hostname: + description: Hostname value + type: string + hostnameKey: + description: The field name to inject hostname + type: string + inline: + description: Time section + properties: + localtime: + description: If true, uses local time. + type: boolean + timeFormat: + description: Process value according to the specified + format. This is available only when time_type is string + type: string + timeFormatFallbacks: + description: Uses the specified time format as a fallback + in the specified order. You can parse undetermined + time format by using time_format_fallbacks. This options + is enabled when time_type is mixed. + type: string + timeType: + description: parses/formats value according to this + type, default is string + enum: + - float + - unixtime + - string + - mixed + type: string + timezone: + description: Uses the specified timezone. + type: string + utc: + description: If true, uses UTC. + type: boolean + type: object + tagKey: + description: The field name to inject tag + type: string + timeKey: + description: The field name to inject time + type: string + workerIdKey: + description: The field name to inject worker_id + type: string + type: object + kafka: + description: out_kafka plugin + properties: + brokers: + description: 'The list of all seed brokers, with their host + and port information. Default: localhost:9092' + type: string + compressionCodec: + description: 'The codec the producer uses to compress messages + (default: nil).' + enum: + - gzip + - snappy + type: string + defaultTopic: + description: 'The name of the default topic. (default: nil)' + type: string + requiredAcks: + description: The number of acks required per request. + type: integer + topicKey: + description: The field name for the target topic. If the + field value is app, this plugin writes events to the app + topic. + type: string + useEventTime: + description: Set fluentd event time to Kafka's CreateTime. + type: boolean + type: object + logLevel: + description: The @log_level parameter specifies the plugin-specific + logging level + type: string + loki: + description: out_loki plugin + properties: + dropSingleKey: + description: If a record only has 1 key, then just set the + log line to the value and discard the key. + type: boolean + extractKubernetesLabels: + description: If set to true, it will add all Kubernetes + labels to the Stream labels. + type: boolean + httpPassword: + description: Password for user defined in HTTP_User Set + HTTP basic authentication password + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + httpUser: + description: Set HTTP basic authentication user name. + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + includeThreadLabel: + description: Whether or not to include the fluentd_thread + label when multiple threads are used for flushing + type: boolean + insecure: + description: Disable certificate validation + type: boolean + labelKeys: + description: Optional list of record keys that will be placed + as stream labels. This configuration property is for records + key only. + items: + type: string + type: array + labels: + description: Stream labels for API request. It can be multiple + comma separated of strings specifying key=value pairs. + In addition to fixed parameters, it also allows to add + custom record keys (similar to label_keys property). + items: + type: string + type: array + lineFormat: + description: Format to use when flattening the record to + a log line. Valid values are json or key_value. If set + to json, the log line sent to Loki will be the Fluentd + record dumped as JSON. If set to key_value, the log line + will be each item in the record concatenated together + (separated by a single space) in the format. + enum: + - json + - key_value + type: string + removeKeys: + description: Optional list of record keys that will be removed + from stream labels. This configuration property is for + records key only. + items: + type: string + type: array + tenantID: + description: Tenant ID used by default to push logs to Loki. + If omitted or empty it assumes Loki is running in single-tenant + mode and no X-Scope-OrgID header is sent. + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + tlsCaCertFile: + description: TlsCaCert defines the CA certificate file for + TLS. + type: string + tlsClientCertFile: + description: TlsClientCert defines the client certificate + file for TLS. + type: string + tlsPrivateKeyFile: + description: TlsPrivateKey defines the client private key + file for TLS. + type: string + url: + description: Loki URL. + type: string + required: + - url + type: object + opensearch: + description: out_opensearch plugin + properties: + host: + description: 'The hostname of your Opensearch node (default: + localhost).' + type: string + hosts: + description: Hosts defines a list of hosts if you want to + connect to more than one Openearch nodes + type: string + indexName: + description: IndexName defines the placeholder syntax of + Fluentd plugin API. See https://docs.fluentd.org/configuration/buffer-section. + type: string + logstashFormat: + description: 'If true, Fluentd uses the conventional index + name format logstash-%Y.%m.%d (default: false). This option + supersedes the index_name option.' + type: boolean + logstashPrefix: + description: 'LogstashPrefix defines the logstash prefix + index name to write events when logstash_format is true + (default: logstash).' + type: string + password: + description: Optional, The login credentials to connect + to Opensearch + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + path: + description: 'Path defines the REST API endpoint of Opensearch + to post write requests (default: nil).' + type: string + port: + description: 'The port number of your Opensearch node (default: + 9200).' + format: int32 + maximum: 65535 + minimum: 1 + type: integer + scheme: + description: 'Specify https if your Opensearch endpoint + supports SSL (default: http).' + type: string + user: + description: Optional, The login credentials to connect + to Opensearch + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + type: object + s3: + description: out_s3 plugin + properties: + awsKeyId: + description: The AWS access key id. + type: string + awsSecKey: + description: The AWS secret key. + type: string + forcePathStyle: + description: This prevents AWS SDK from breaking endpoint + URL + type: boolean + path: + description: The path prefix of the files on S3. + type: string + proxyUri: + description: The proxy URL. + type: string + s3Bucket: + description: The Amazon S3 bucket name. + type: string + s3Endpoint: + description: The endpoint URL (like "http://localhost:9000/") + type: string + s3ObjectKeyFormat: + description: The actual S3 path. This is interpolated to + the actual path. + type: string + s3Region: + description: The Amazon S3 region name + type: string + sslVerifyPeer: + description: Verify the SSL certificate of the endpoint. + type: boolean + storeAs: + description: The compression type. + enum: + - gzip + - lzo + - json + - txt + type: string + timeSliceFormat: + description: This timestamp is added to each file name + type: string + type: object + stdout: + description: out_stdout plugin + type: object + tag: + description: Which tag to be matched. + type: string + type: object + type: array + type: object + status: + description: ClusterOutputStatus defines the observed state of ClusterOutput + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + name: clusterparsers.fluentbit.fluent.io +spec: + group: fluentbit.fluent.io + names: + kind: ClusterParser + listKind: ClusterParserList + plural: clusterparsers + shortNames: + - cfbp + singular: clusterparser + scope: Cluster + versions: + - name: v1alpha2 + schema: + openAPIV3Schema: + description: ClusterParser is the Schema for the cluster-level parsers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ParserSpec defines the desired state of ClusterParser + properties: + decoders: + description: 'Decoders are a built-in feature available through the + Parsers file, each Parser definition can optionally set one or multiple + decoders. There are two type of decoders type: Decode_Field and + Decode_Field_As.' + items: + properties: + decodeField: + description: If the content can be decoded in a structured message, + append that structure message (keys and values) to the original + log message. + type: string + decodeFieldAs: + description: Any content decoded (unstructured or structured) + will be replaced in the same key/value, no extra keys are + added. + type: string + type: object + type: array + json: + description: JSON defines json parser configuration. + properties: + timeFormat: + description: Time_Format, eg. %Y-%m-%dT%H:%M:%S %z + type: string + timeKeep: + description: Time_Keep + type: boolean + timeKey: + description: Time_Key + type: string + type: object + logfmt: + description: Logfmt defines logfmt parser configuration. + type: object + ltsv: + description: LTSV defines ltsv parser configuration. + properties: + timeFormat: + description: Time_Format, eg. %Y-%m-%dT%H:%M:%S %z + type: string + timeKeep: + description: Time_Keep + type: boolean + timeKey: + description: Time_Key + type: string + types: + type: string + type: object + regex: + description: Regex defines regex parser configuration. + properties: + regex: + type: string + timeFormat: + description: Time_Format, eg. %Y-%m-%dT%H:%M:%S %z + type: string + timeKeep: + description: Time_Keep + type: boolean + timeKey: + description: Time_Key + type: string + timeOffset: + description: Time_Offset, eg. +0200 + type: string + types: + type: string + type: object + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + name: collectors.fluentbit.fluent.io +spec: + group: fluentbit.fluent.io + names: + kind: Collector + listKind: CollectorList + plural: collectors + shortNames: + - co + singular: collector + scope: Namespaced + versions: + - name: v1alpha2 + schema: + openAPIV3Schema: + description: Collector is the Schema for the fluentbits API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CollectorSpec defines the desired state of FluentBit + properties: + affinity: + description: Pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: Annotations to add to each Fluentbit pod. + type: object + args: + description: Fluent Bit Watcher command line arguments. + items: + type: string + type: array + bufferPath: + description: The path where buffer chunks are stored. + type: string + disableService: + description: By default will build the related service according to + the globalinputs definition. + type: boolean + fluentBitConfigName: + description: Fluentbitconfig object associated with this Fluentbit + type: string + hostNetwork: + description: Host networking is requested for this pod. Use the host's + network namespace. If this option is set, the ports that will be + used must be specified. Default to false. + type: boolean + image: + description: Fluent Bit image. + type: string + imagePullPolicy: + description: Fluent Bit image pull policy. + type: string + imagePullSecrets: + description: Fluent Bit image pull secret + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector + type: object + ports: + description: Ports represents the pod's ports. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and + unique within the pod. Each named port in a pod must have + a unique name. Name for the port that can be referred to by + services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults + to "TCP". + type: string + required: + - containerPort + type: object + type: array + priorityClassName: + description: PriorityClassName represents the pod's priority class. + type: string + pvc: + description: PVC definition + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: 'spec defines the desired characteristics of a volume + requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the provisioner + or an external controller can support the specified data + source, it will create a new volume based on the contents + of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents will be copied + to dataSourceRef, and dataSourceRef contents will be copied + to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not + be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource being + referenced. If APIGroup is not specified, the specified + Kind must be in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object from which + to populate the volume with data, if a non-empty volume + is desired. This may be any object from a non-empty API + group (non core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed + if the type of the specified object matches some installed + volume populator or dynamic provisioner. This field will + replace the functionality of the dataSource field and as + such if both fields are non-empty, they must have the same + value. For backwards compatibility, when namespace isn''t + specified in dataSourceRef, both fields (dataSource and + dataSourceRef) will be set to the same value automatically + if one of them is empty and the other is non-empty. When + namespace is specified in dataSourceRef, dataSource isn''t + set to the same value and must be empty. There are three + important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, + dataSourceRef allows any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values (dropping + them), dataSourceRef preserves all values, and generates + an error if a disallowed value is specified. * While dataSource + only allows local objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this field requires the + AnyVolumeDataSource feature gate to be enabled. (Alpha) + Using the namespace field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource being + referenced. If APIGroup is not specified, the specified + Kind must be in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: Namespace is the namespace of resource being + referenced Note that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant object is + required in the referent namespace to allow that namespace's + owner to accept the reference. See the ReferenceGrant + documentation for details. (Alpha) This field requires + the CrossNamespaceVolumeDataSource feature gate to be + enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources the + volume should have. If RecoverVolumeExpansionFailure feature + is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher + than capacity recorded in the status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the StorageClass + required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not included + in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the PersistentVolume + backing this claim. + type: string + type: object + status: + description: 'status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: allocatedResources is the storage resource within + AllocatedResources tracks the capacity allocated to a PVC. + It may be larger than the actual capacity when a volume + expansion operation is requested. For storage quota, the + larger value from allocatedResources and PVC.spec.resources + is used. If allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation. If a volume expansion + capacity request is lowered, allocatedResources is only + lowered if there are no expansion operations in progress + and if the actual volume capacity is equal or lower than + the requested capacity. This is an alpha field and requires + enabling RecoverVolumeExpansionFailure feature. + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources of the + underlying volume. + type: object + conditions: + description: conditions is the current Condition of persistent + volume claim. If underlying persistent volume is being resized + then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details + about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we probed the + condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: message is the human-readable message indicating + details about last transition. + type: string + reason: + description: reason is a unique, this should be a short, + machine understandable string that gives the reason + for condition's last transition. If it reports "ResizeStarted" + that means the underlying persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is a + valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: phase represents the current phase of PersistentVolumeClaim. + type: string + resizeStatus: + description: resizeStatus stores status of resize operation. + ResizeStatus is not set by default but when expansion is + complete resizeStatus is set to empty string by resize controller + or kubelet. This is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature. + type: string + type: object + type: object + rbacRules: + description: RBACRules represents additional rbac rules which will + be applied to the fluent-bit clusterrole. + items: + description: PolicyRule holds information that describes a policy + rule, but does not contain information about who the rule applies + to or which namespace the rule applies to. + properties: + apiGroups: + description: APIGroups is the name of the APIGroup that contains + the resources. If multiple API groups are specified, any + action requested against one of the enumerated resources in + any API group will be allowed. "" represents the core API + group and "*" represents all API groups. + items: + type: string + type: array + nonResourceURLs: + description: NonResourceURLs is a set of partial urls that a + user should have access to. *s are allowed, but only as the + full, final step in the path Since non-resource URLs are not + namespaced, this field is only applicable for ClusterRoles + referenced from a ClusterRoleBinding. Rules can either apply + to API resources (such as "pods" or "secrets") or non-resource + URL paths (such as "/api"), but not both. + items: + type: string + type: array + resourceNames: + description: ResourceNames is an optional white list of names + that the rule applies to. An empty set means that everything + is allowed. + items: + type: string + type: array + resources: + description: Resources is a list of resources this rule applies + to. '*' represents all resources. + items: + type: string + type: array + verbs: + description: Verbs is a list of Verbs that apply to ALL the + ResourceKinds contained in this rule. '*' represents all verbs. + items: + type: string + type: array + required: + - verbs + type: object + type: array + resources: + description: Compute Resources required by container. + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + runtimeClassName: + description: RuntimeClassName represents the container runtime configuration. + type: string + schedulerName: + description: SchedulerName represents the desired scheduler for the + Fluentbit collector pods + type: string + secrets: + description: The Secrets are mounted into /fluent-bit/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit is + set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions of + any volume. Note that this field cannot be set when spec.os.name + is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will have + no effect on ephemeral volume types such as: secret, configmaps + and emptydir. Valid values are "OnRootMismatch" and "Always". + If not specified, "Always" is used. Note that this field cannot + be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field cannot + be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers in this + pod. Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must be + preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a profile + defined in a file on the node should be used. RuntimeDefault + - the container runtime default profile should be used. + Unconfined - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary GID, + the fsGroup (if specified), and group memberships defined in + the container image for the uid of the container process. If + unspecified, no additional groups are added to any container. + Note that group memberships defined in the container image for + the uid of the container process are still effective, even if + they are not included in this list. Note that this field cannot + be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. Note that this field cannot be set when + spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is alpha-level + and will only be honored by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the feature flag + will result in errors when validating the Pod. All of a + Pod's containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: string + type: object + type: object + service: + description: Service represents configurations on the fluent-bit service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to add to each Fluentbit service. + type: object + labels: + additionalProperties: + type: string + description: Labels to add to each FluentBit service + type: object + name: + description: Name is the name of the FluentBit service. + type: string + type: object + serviceAccountAnnotations: + additionalProperties: + type: string + description: Annotations to add to the Fluentbit service account + type: object + tolerations: + description: Tolerations + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match all + values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod + can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever (do not + evict). Zero and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + volumes: + description: List of volumes that can be mounted by containers belonging + to the pod. + items: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique ID of the persistent disk + resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + description: fsType is Filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'monitors is Required: Monitors is a collection + of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: SecretFile is the + path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: SecretRef is reference + to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder volume attached and + mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to + be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'defaultMode is optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers (Beta + feature). + properties: + driver: + description: driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated + CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef is a reference to the + secret object containing sensitive information to pass + to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the secret + object contains more than one secret, all secret references + are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a Optional: mode bits used to set + permissions on created files by default. Must be an octal + value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to set permissions + on this file, must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'emptyDir represents a temporary directory that + shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the + SizeLimit specified here and the sum of memory limits + of all containers in a pod. The default is nil which means + that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is tied + to the pod that defines it - it will be created before the + pod starts, and deleted when the pod is removed. \n Use this + if: a) the volume is only needed while the pod runs, b) features + of normal volumes like restoring from snapshot or capacity + tracking are needed, c) the storage driver is specified through + a storage class, and d) the storage driver supports dynamic + volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this volume + type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that persist + for longer than the lifecycle of an individual pod. \n Use + CSI for light-weight local ephemeral volumes if the CSI driver + is meant to be used that way - see the documentation of the + driver for more information. \n A pod can use both types of + ephemeral volumes and persistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to + provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the PVC + will be deleted together with the pod. The name of the + PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. + Pod validation will reject the pod if the concatenated + name is not valid for a PVC (for example, too long). \n + An existing PVC with that name that is not owned by the + pod will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC + is meant to be used by the pod, the PVC has to updated + with an owner reference to the pod once the pod exists. + Normally this should not be necessary, but it may be useful + when manually reconstructing a broken cluster. \n This + field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. \n Required, must + not be nil." + properties: + metadata: + description: May contain labels and annotations that + will be copied into the PVC when creating it. No other + fields are allowed and will be rejected during validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the PVC + that gets created from this template. The same fields + as in a PersistentVolumeClaim are also valid here. + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support + the specified data source, it will create a new + volume based on the contents of the specified + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be copied + to dataSourceRef, and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object + from which to populate the volume with data, if + a non-empty volume is desired. This may be any + object from a non-empty API group (non core object) + or a PersistentVolumeClaim object. When this field + is specified, volume binding will only succeed + if the type of the specified object matches some + installed volume populator or dynamic provisioner. + This field will replace the functionality of the + dataSource field and as such if both fields are + non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t + specified in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same value + automatically if one of them is empty and the + other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the + same value and must be empty. There are three + important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types + of objects, dataSourceRef allows any non-core + object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping + them), dataSourceRef preserves all values, and + generates an error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the + namespace field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature gate to + be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If Requests + is omitted for a container, it defaults to + Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem + is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + wwids: + description: 'wwids Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs and + lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: flexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends + on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: 'readOnly is Optional: defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: secretRef is reference + to the secret object containing sensitive information + to pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the plugin + scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: datasetName is Name of the dataset stored as + metadata -> name on the dataset for Flocker should be + considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem type of the volume that + you want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name of the PD resource in + GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'gitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: directory is the target directory name. Must + not contain or start with '..'. If '.' is supplied, the + volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to + false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'path of the directory on the host. If the + path is a symlink, it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to + the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the interface Name that uses + an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI Target Portal List. The + portal is either an IP or ip_addr:port if the port is + other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: targetPortal is iSCSI Target Portal. The Portal + is either an IP or ip_addr:port if the port is other than + default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. Must be a DNS_LABEL and unique + within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will force the NFS export to + be mounted with read-only permissions. Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents a + reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the ReadOnly setting in + VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: defaultMode are the mode bits used to set permissions + on created files by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires decimal + values for mode bits. Directories within the path are + not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the ConfigMap, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to + set permissions on this file, must be + an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the Secret, the volume setup + will error unless it is marked optional. Paths + must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: audience is the intended audience + of the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, the + kubelet volume plugin will proactively rotate + the service account token. The kubelet will + start trying to rotate the token if the token + is older than 80 percent of its time to live + or if the token is older than 24 hours.Defaults + to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: path is the path relative to the + mount point of the file to project the token + into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: group to map volume access to Default is no + group + type: string + readOnly: + description: readOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults to + false. + type: boolean + registry: + description: registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: user to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: + description: 'image is the rados image name. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'pool is the rados pool name. Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is + nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is the rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: storageMode indicates whether the storage for + a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated with + this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the Secret, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: 'secretName is the name of the secret in the + pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: volumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within + a namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies the scope of the + volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name to + override the default behaviour. Set to "default" if you + are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fsType is filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + volumesMounts: + description: Pod volumes to mount into the container's filesystem. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When + not set, MountPropagationNone is used. This field is beta + in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the + container's volume should be mounted. Behaves similarly to + SubPath but environment variable references $(VAR_NAME) are + expanded using the container's environment. Defaults to "" + (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + type: object + status: + description: CollectorStatus defines the observed state of FluentBit + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + name: filters.fluentbit.fluent.io +spec: + group: fluentbit.fluent.io + names: + kind: Filter + listKind: FilterList + plural: filters + shortNames: + - fbf + singular: filter + scope: Namespaced + versions: + - name: v1alpha2 + schema: + openAPIV3Schema: + description: Filter is the Schema for namespace level filter API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FilterSpec defines the desired state of ClusterFilter + properties: + filters: + description: A set of filter plugins in order. + items: + properties: + aws: + description: Aws defines a Aws configuration. + properties: + accountID: + description: The account ID for current EC2 instance.Default + is false. + type: boolean + alias: + description: Alias for the plugin + type: string + amiID: + description: The EC2 instance image id.Default is false. + type: boolean + az: + description: The availability zone; for example, "us-east-1a". + Default is true. + type: boolean + ec2InstanceID: + description: The EC2 instance ID.Default is true. + type: boolean + ec2InstanceType: + description: The EC2 instance type.Default is false. + type: boolean + hostName: + description: The hostname for current EC2 instance.Default + is false. + type: boolean + imdsVersion: + description: Specify which version of the instance metadata + service to use. Valid values are 'v1' or 'v2'. + enum: + - v1 + - v2 + type: string + privateIP: + description: The EC2 instance private ip.Default is false. + type: boolean + retryLimit: + description: 'RetryLimit describes how many times fluent-bit + should retry to send data to a specific output. If set + to false fluent-bit will try indefinetly. If set to any + integer N>0 it will try at most N+1 times. Leading zeros + are not allowed (values such as 007, 0150, 01 do not work). + If this property is not defined fluent-bit will use the + default value: 1.' + pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ + type: string + vpcID: + description: The VPC ID for current EC2 instance.Default + is false. + type: boolean + type: object + customPlugin: + description: CustomPlugin defines a Custom plugin configuration. + properties: + config: + type: string + type: object + grep: + description: Grep defines Grep Filter configuration. + properties: + alias: + description: Alias for the plugin + type: string + exclude: + description: 'Exclude records which field matches the regular + expression. Value Format: FIELD REGEX' + type: string + regex: + description: 'Keep records which field matches the regular + expression. Value Format: FIELD REGEX' + type: string + retryLimit: + description: 'RetryLimit describes how many times fluent-bit + should retry to send data to a specific output. If set + to false fluent-bit will try indefinetly. If set to any + integer N>0 it will try at most N+1 times. Leading zeros + are not allowed (values such as 007, 0150, 01 do not work). + If this property is not defined fluent-bit will use the + default value: 1.' + pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ + type: string + type: object + kubernetes: + description: Kubernetes defines Kubernetes Filter configuration. + properties: + alias: + description: Alias for the plugin + type: string + annotations: + description: Include Kubernetes resource annotations in + the extra metadata. + type: boolean + bufferSize: + description: Set the buffer size for HTTP client when reading + responses from Kubernetes API server. + pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ + type: string + cacheUseDockerId: + description: When enabled, metadata will be fetched from + K8s when docker_id is changed. + type: boolean + dnsRetries: + description: DNS lookup retries N times until the network + start working + format: int32 + type: integer + dnsWaitTime: + description: DNS lookup interval between network status + checks + format: int32 + type: integer + dummyMeta: + description: If set, use dummy-meta data (for test/dev purposes) + type: boolean + k8sLoggingExclude: + description: Allow Kubernetes Pods to exclude their logs + from the log processor (read more about it in Kubernetes + Annotations section). + type: boolean + k8sLoggingParser: + description: Allow Kubernetes Pods to suggest a pre-defined + Parser (read more about it in Kubernetes Annotations section) + type: boolean + keepLog: + description: When Keep_Log is disabled, the log field is + removed from the incoming message once it has been successfully + merged (Merge_Log must be enabled as well). + type: boolean + kubeCAFile: + description: CA certificate file + type: string + kubeCAPath: + description: Absolute path to scan for certificate files + type: string + kubeMetaCacheTTL: + description: configurable TTL for K8s cached metadata. By + default, it is set to 0 which means TTL for cache entries + is disabled and cache entries are evicted at random when + capacity is reached. In order to enable this option, you + should set the number to a time interval. For example, + set this value to 60 or 60s and cache entries which have + been created more than 60s will be evicted. + type: string + kubeMetaPreloadCacheDir: + description: If set, Kubernetes meta-data can be cached/pre-loaded + from files in JSON format in this directory, named as + namespace-pod.meta + type: string + kubeTagPrefix: + description: When the source records comes from Tail input + plugin, this option allows to specify what's the prefix + used in Tail configuration. + type: string + kubeTokenFile: + description: Token file + type: string + kubeTokenTTL: + description: configurable 'time to live' for the K8s token. + By default, it is set to 600 seconds. After this time, + the token is reloaded from Kube_Token_File or the Kube_Token_Command. + type: string + kubeURL: + description: API Server end-point + type: string + kubeletHost: + description: kubelet host using for HTTP request, this only + works when Use_Kubelet set to On. + type: string + kubeletPort: + description: kubelet port using for HTTP request, this only + works when useKubelet is set to On. + format: int32 + type: integer + labels: + description: Include Kubernetes resource labels in the extra + metadata. + type: boolean + mergeLog: + description: When enabled, it checks if the log field content + is a JSON string map, if so, it append the map fields + as part of the log structure. + type: boolean + mergeLogKey: + description: When Merge_Log is enabled, the filter tries + to assume the log field from the incoming message is a + JSON string message and make a structured representation + of it at the same level of the log field in the map. Now + if Merge_Log_Key is set (a string name), all the new structured + fields taken from the original log content are inserted + under the new key. + type: string + mergeLogTrim: + description: When Merge_Log is enabled, trim (remove possible + \n or \r) field values. + type: boolean + mergeParser: + description: Optional parser name to specify how to parse + the data contained in the log key. Recommended use is + for developers or testing only. + type: string + regexParser: + description: Set an alternative Parser to process record + Tag and extract pod_name, namespace_name, container_name + and docker_id. The parser must be registered in a parsers + file (refer to parser filter-kube-test as an example). + type: string + retryLimit: + description: 'RetryLimit describes how many times fluent-bit + should retry to send data to a specific output. If set + to false fluent-bit will try indefinetly. If set to any + integer N>0 it will try at most N+1 times. Leading zeros + are not allowed (values such as 007, 0150, 01 do not work). + If this property is not defined fluent-bit will use the + default value: 1.' + pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ + type: string + tlsDebug: + description: Debug level between 0 (nothing) and 4 (every + detail). + format: int32 + type: integer + tlsVerify: + description: When enabled, turns on certificate validation + when connecting to the Kubernetes API server. + type: boolean + useJournal: + description: When enabled, the filter reads logs coming + in Journald format. + type: boolean + useKubelet: + description: This is an optional feature flag to get metadata + information from kubelet instead of calling Kube Server + API to enhance the log. This could mitigate the Kube API + heavy traffic issue for large cluster. + type: boolean + type: object + lua: + description: Lua defines Lua Filter configuration. + properties: + alias: + description: Alias for the plugin + type: string + call: + description: Lua function name that will be triggered to + do filtering. It's assumed that the function is declared + inside the Script defined above. + type: string + protectedMode: + description: If enabled, Lua script will be executed in + protected mode. It prevents to crash when invalid Lua + script is executed. Default is true. + type: boolean + retryLimit: + description: 'RetryLimit describes how many times fluent-bit + should retry to send data to a specific output. If set + to false fluent-bit will try indefinetly. If set to any + integer N>0 it will try at most N+1 times. Leading zeros + are not allowed (values such as 007, 0150, 01 do not work). + If this property is not defined fluent-bit will use the + default value: 1.' + pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ + type: string + script: + description: Path to the Lua script that will be used. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + timeAsTable: + description: By default when the Lua script is invoked, + the record timestamp is passed as a Floating number which + might lead to loss precision when the data is converted + back. If you desire timestamp precision enabling this + option will pass the timestamp as a Lua table with keys + sec for seconds since epoch and nsec for nanoseconds. + type: boolean + typeIntKey: + description: If these keys are matched, the fields are converted + to integer. If more than one key, delimit by space. Note + that starting from Fluent Bit v1.6 integer data types + are preserved and not converted to double as in previous + versions. + items: + type: string + type: array + required: + - call + - script + type: object + modify: + description: Modify defines Modify Filter configuration. + properties: + alias: + description: Alias for the plugin + type: string + conditions: + description: All conditions have to be true for the rules + to be applied. + items: + description: The plugin supports the following conditions + properties: + aKeyMatches: + description: Is true if a key matches regex KEY + type: string + keyDoesNotExist: + additionalProperties: + type: string + description: Is true if KEY does not exist + type: object + keyExists: + description: Is true if KEY exists + type: string + keyValueDoesNotEqual: + additionalProperties: + type: string + description: Is true if KEY exists and its value is + not VALUE + type: object + keyValueDoesNotMatch: + additionalProperties: + type: string + description: Is true if key KEY exists and its value + does not match VALUE + type: object + keyValueEquals: + additionalProperties: + type: string + description: Is true if KEY exists and its value is + VALUE + type: object + keyValueMatches: + additionalProperties: + type: string + description: Is true if key KEY exists and its value + matches VALUE + type: object + matchingKeysDoNotHaveMatchingValues: + additionalProperties: + type: string + description: Is true if all keys matching KEY have + values that do not match VALUE + type: object + matchingKeysHaveMatchingValues: + additionalProperties: + type: string + description: Is true if all keys matching KEY have + values that match VALUE + type: object + noKeyMatches: + description: Is true if no key matches regex KEY + type: string + type: object + type: array + retryLimit: + description: 'RetryLimit describes how many times fluent-bit + should retry to send data to a specific output. If set + to false fluent-bit will try indefinetly. If set to any + integer N>0 it will try at most N+1 times. Leading zeros + are not allowed (values such as 007, 0150, 01 do not work). + If this property is not defined fluent-bit will use the + default value: 1.' + pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ + type: string + rules: + description: Rules are applied in the order they appear, + with each rule operating on the result of the previous + rule. + items: + description: The plugin supports the following rules + properties: + add: + additionalProperties: + type: string + description: Add a key/value pair with key KEY and + value VALUE if KEY does not exist + type: object + copy: + additionalProperties: + type: string + description: Copy a key/value pair with key KEY to + COPIED_KEY if KEY exists AND COPIED_KEY does not + exist + type: object + hardCopy: + additionalProperties: + type: string + description: Copy a key/value pair with key KEY to + COPIED_KEY if KEY exists. If COPIED_KEY already + exists, this field is overwritten + type: object + hardRename: + additionalProperties: + type: string + description: Rename a key/value pair with key KEY + to RENAMED_KEY if KEY exists. If RENAMED_KEY already + exists, this field is overwritten + type: object + remove: + description: Remove a key/value pair with key KEY + if it exists + type: string + removeRegex: + description: Remove all key/value pairs with key matching + regexp KEY + type: string + removeWildcard: + description: Remove all key/value pairs with key matching + wildcard KEY + type: string + rename: + additionalProperties: + type: string + description: Rename a key/value pair with key KEY + to RENAMED_KEY if KEY exists AND RENAMED_KEY does + not exist + type: object + set: + additionalProperties: + type: string + description: Add a key/value pair with key KEY and + value VALUE. If KEY already exists, this field is + overwritten + type: object + type: object + type: array + type: object + multiline: + description: Multiline defines a Multiline configuration. + properties: + alias: + description: Alias for the plugin + type: string + keyContent: + description: Key name that holds the content to process. + Note that a Multiline Parser definition can already specify + the key_content to use, but this option allows to overwrite + that value for the purpose of the filter. + type: string + parser: + description: Specify one or multiple Multiline Parsing definitions + to apply to the content. You can specify multiple multiline + parsers to detect different formats by separating them + with a comma. + type: string + retryLimit: + description: 'RetryLimit describes how many times fluent-bit + should retry to send data to a specific output. If set + to false fluent-bit will try indefinetly. If set to any + integer N>0 it will try at most N+1 times. Leading zeros + are not allowed (values such as 007, 0150, 01 do not work). + If this property is not defined fluent-bit will use the + default value: 1.' + pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ + type: string + required: + - parser + type: object + nest: + description: Nest defines Nest Filter configuration. + properties: + addPrefix: + description: Prefix affected keys with this string + type: string + alias: + description: Alias for the plugin + type: string + nestUnder: + description: Nest records matching the Wildcard under this + key + type: string + nestedUnder: + description: Lift records nested under the Nested_under + key + type: string + operation: + description: Select the operation nest or lift + enum: + - nest + - lift + type: string + removePrefix: + description: Remove prefix from affected keys if it matches + this string + type: string + retryLimit: + description: 'RetryLimit describes how many times fluent-bit + should retry to send data to a specific output. If set + to false fluent-bit will try indefinetly. If set to any + integer N>0 it will try at most N+1 times. Leading zeros + are not allowed (values such as 007, 0150, 01 do not work). + If this property is not defined fluent-bit will use the + default value: 1.' + pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ + type: string + wildcard: + description: Nest records which field matches the wildcard + items: + type: string + type: array + type: object + parser: + description: Parser defines Parser Filter configuration. + properties: + alias: + description: Alias for the plugin + type: string + keyName: + description: Specify field name in record to parse. + type: string + parser: + description: Specify the parser name to interpret the field. + Multiple Parser entries are allowed (split by comma). + type: string + preserveKey: + description: Keep original Key_Name field in the parsed + result. If false, the field will be removed. + type: boolean + reserveData: + description: Keep all other original fields in the parsed + result. If false, all other original fields will be removed. + type: boolean + retryLimit: + description: 'RetryLimit describes how many times fluent-bit + should retry to send data to a specific output. If set + to false fluent-bit will try indefinetly. If set to any + integer N>0 it will try at most N+1 times. Leading zeros + are not allowed (values such as 007, 0150, 01 do not work). + If this property is not defined fluent-bit will use the + default value: 1.' + pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ + type: string + unescapeKey: + description: 'If the key is a escaped string (e.g: stringify + JSON), unescape the string before to apply the parser.' + type: boolean + type: object + recordModifier: + description: RecordModifier defines Record Modifier Filter configuration. + properties: + alias: + description: Alias for the plugin + type: string + allowlistKeys: + description: If the key is not matched, that field is removed. + items: + type: string + type: array + records: + description: Append fields. This parameter needs key and + value pair. + items: + type: string + type: array + removeKeys: + description: If the key is matched, that field is removed. + items: + type: string + type: array + retryLimit: + description: 'RetryLimit describes how many times fluent-bit + should retry to send data to a specific output. If set + to false fluent-bit will try indefinetly. If set to any + integer N>0 it will try at most N+1 times. Leading zeros + are not allowed (values such as 007, 0150, 01 do not work). + If this property is not defined fluent-bit will use the + default value: 1.' + pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ + type: string + uuidKeys: + description: If set, the plugin appends uuid to each record. + The value assigned becomes the key in the map. + items: + type: string + type: array + whitelistKeys: + description: An alias of allowlistKeys for backwards compatibility. + items: + type: string + type: array + type: object + rewriteTag: + description: RewriteTag defines a RewriteTag configuration. + properties: + alias: + description: Alias for the plugin + type: string + emitterName: + description: When the filter emits a record under the new + Tag, there is an internal emitter plugin that takes care + of the job. Since this emitter expose metrics as any other + component of the pipeline, you can use this property to + configure an optional name for it. + type: string + retryLimit: + description: 'RetryLimit describes how many times fluent-bit + should retry to send data to a specific output. If set + to false fluent-bit will try indefinetly. If set to any + integer N>0 it will try at most N+1 times. Leading zeros + are not allowed (values such as 007, 0150, 01 do not work). + If this property is not defined fluent-bit will use the + default value: 1.' + pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ + type: string + rules: + description: 'Defines the matching criteria and the format + of the Tag for the matching record. The Rule format have + four components: KEY REGEX NEW_TAG KEEP.' + items: + type: string + type: array + type: object + throttle: + description: Throttle defines a Throttle configuration. + properties: + alias: + description: Alias for the plugin + type: string + interval: + description: Interval is the time interval expressed in + "sleep" format. e.g. 3s, 1.5m, 0.5h, etc. + pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ + type: string + printStatus: + description: PrintStatus represents whether to print status + messages with current rate and the limits to information + logs. + type: boolean + rate: + description: Rate is the amount of messages for the time. + format: int64 + type: integer + retryLimit: + description: 'RetryLimit describes how many times fluent-bit + should retry to send data to a specific output. If set + to false fluent-bit will try indefinetly. If set to any + integer N>0 it will try at most N+1 times. Leading zeros + are not allowed (values such as 007, 0150, 01 do not work). + If this property is not defined fluent-bit will use the + default value: 1.' + pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ + type: string + window: + description: Window is the amount of intervals to calculate + average over. + format: int64 + type: integer + type: object + type: object + type: array + logLevel: + enum: + - "off" + - error + - warning + - info + - debug + - trace + type: string + match: + description: A pattern to match against the tags of incoming records. + It's case-sensitive and support the star (*) character as a wildcard. + type: string + matchRegex: + description: A regular expression to match against the tags of incoming + records. Use this option if you want to use the full regex syntax. + type: string + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + name: filters.fluentd.fluent.io +spec: + group: fluentd.fluent.io + names: + kind: Filter + listKind: FilterList + plural: filters + shortNames: + - fdf + singular: filter + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Filter is the Schema for the filters API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FilterSpec defines the desired state of Filter + properties: + filters: + items: + description: Filter defines all available filter plugins and their + parameters. + properties: + customPlugin: + description: Custom plugin type + properties: + config: + type: string + required: + - config + type: object + grep: + description: The filter_grep filter plugin + properties: + and: + items: + description: And defines the parameters for the "and" + plugin + properties: + exclude: + description: Exclude defines the parameters for the + exclude plugin + properties: + key: + type: string + pattern: + type: string + type: object + regexp: + description: Regexp defines the parameters for the + regexp plugin + properties: + key: + type: string + pattern: + type: string + type: object + type: object + type: array + exclude: + items: + description: Exclude defines the parameters for the exclude + plugin + properties: + key: + type: string + pattern: + type: string + type: object + type: array + or: + items: + description: Or defines the parameters for the "or" plugin + properties: + exclude: + description: Exclude defines the parameters for the + exclude plugin + properties: + key: + type: string + pattern: + type: string + type: object + regexp: + description: Regexp defines the parameters for the + regexp plugin + properties: + key: + type: string + pattern: + type: string + type: object + type: object + type: array + regexp: + items: + description: Regexp defines the parameters for the regexp + plugin + properties: + key: + type: string + pattern: + type: string + type: object + type: array + type: object + logLevel: + description: The @log_level parameter specifies the plugin-specific + logging level + type: string + parser: + description: The filter_parser filter plugin + properties: + emitInvalidRecordToError: + description: 'Emits invalid record to @ERROR label. Invalid + cases are: key does not exist;the format is not matched;an + unexpected error. If you want to ignore these errors, + set false.' + type: boolean + hashValueField: + description: Stores the parsed values as a hash value in + a field. + type: string + injectKeyPrefix: + description: Stores the parsed values with the specified + key name prefix. + type: string + keyName: + description: 'Specifies the field name in the record to + parse. Required parameter. i.e: If set keyName to log, + {"key":"value","log":"{\"time\":1622473200,\"user\":1}"} + => {"user":1}' + type: string + parse: + description: Parse defines various parameters for the parse + plugin + properties: + customPatternPath: + description: Path to the file that includes custom grok + patterns. + type: string + estimateCurrentEvent: + description: If true, use Fluent::Eventnow(current time) + as a timestamp when time_key is specified. + type: boolean + expression: + description: Specifies the regular expression for matching + logs. Regular expression also supports i and m suffix. + type: string + grok: + description: Grok Sections + items: + properties: + keepTimeKey: + description: If true, keep time field in the record. + type: boolean + name: + description: The name of this grok section. + type: string + pattern: + description: The pattern of grok. Required parameter. + type: string + timeFormat: + description: Process value using specified format. + This is available only when time_type is string + type: string + timeKey: + description: Specify time field for event time. + If the event doesn't have this field, current + time is used. + type: string + timeZone: + description: Use specified timezone. one can parse/format + the time value in the specified timezone. + type: string + type: object + type: array + grokFailureKey: + description: The key has grok failure reason. + type: string + grokPattern: + description: The pattern of grok. + type: string + grokPatternSeries: + description: Specify grok pattern series set. + type: string + id: + description: The @id parameter specifies a unique name + for the configuration. + type: string + keepTimeKey: + description: If true, keep time field in th record. + type: boolean + localtime: + description: If true, uses local time. + type: boolean + logLevel: + description: The @log_level parameter specifies the + plugin-specific logging level + type: string + multiLineStartRegexp: + description: The regexp to match beginning of multiline. + This is only for "multiline_grok". + type: string + timeFormat: + description: Process value according to the specified + format. This is available only when time_type is string + type: string + timeFormatFallbacks: + description: Uses the specified time format as a fallback + in the specified order. You can parse undetermined + time format by using time_format_fallbacks. This options + is enabled when time_type is mixed. + type: string + timeKey: + description: Specify time field for event time. If the + event doesn't have this field, current time is used. + type: string + timeType: + description: parses/formats value according to this + type, default is string + enum: + - float + - unixtime + - string + - mixed + type: string + timeout: + description: Specify timeout for parse processing. + pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ + type: string + timezone: + description: Uses the specified timezone. + type: string + type: + description: The @type parameter specifies the type + of the plugin. + enum: + - regexp + - apache2 + - apache_error + - nginx + - syslog + - csv + - tsv + - ltsv + - json + - multiline + - none + - grok + - multiline_grok + type: string + types: + description: 'Specify types for converting field into + another, i.e: types user_id:integer,paid:bool,paid_usd_amount:float' + type: string + utc: + description: If true, uses UTC. + type: boolean + required: + - type + type: object + removeKeyNameField: + description: Removes key_name field when parsing is succeeded. + type: boolean + replaceInvalidSequence: + description: If true, invalid string is replaced with safe + characters and re-parse it. + type: boolean + reserveData: + description: 'Keeps the original key-value pair in the parsed + result. Default is false. i.e: If set keyName to log, + reverseData to true, {"key":"value","log":"{\"user\":1,\"num\":2}"} + => {"key":"value","log":"{\"user\":1,\"num\":2}","user":1,"num":2}' + type: boolean + reserveTime: + description: Keeps the original event time in the parsed + result. Default is false. + type: boolean + required: + - keyName + - parse + type: object + recordTransformer: + description: The filter_record_transformer filter plugin + properties: + autoTypecast: + description: Automatically casts the field types. Default + is false. This option is effective only for field values + comprised of a single placeholder. + type: boolean + enableRuby: + description: 'When set to true, the full Ruby syntax is + enabled in the ${...} expression. The default value is + false. i.e: jsonized_record ${record.to_json}' + type: boolean + keepKeys: + description: A list of keys to keep. Only relevant if renew_record + is set to true. + type: string + records: + items: + description: The parameters inside directives + are considered to be new key-value pairs + properties: + key: + description: New field can be defined as key + type: string + value: + description: The value must from Record properties. + See https://docs.fluentd.org/filter/record_transformer#less-than-record-greater-than-directive + type: string + required: + - key + - value + type: object + type: array + removeKeys: + description: A list of keys to delete. Supports nested field + via record_accessor syntax since v1.1.0. + type: string + renewRecord: + description: By default, the record transformer filter mutates + the incoming data. However, if this parameter is set to + true, it modifies a new empty hash instead. + type: boolean + renewTimeKey: + description: renew_time_key foo overwrites the time of events + with a value of the record field foo if exists. The value + of foo must be a Unix timestamp. + type: string + type: object + stdout: + description: The filter_stdout filter plugin + properties: + format: + description: The format section + properties: + delimiter: + description: Delimiter for each field. + type: string + id: + description: The @id parameter specifies a unique name + for the configuration. + type: string + localtime: + description: If true, uses local time. + type: boolean + logLevel: + description: The @log_level parameter specifies the + plugin-specific logging level + type: string + newline: + description: Specify newline characters. + enum: + - lf + - crlf + type: string + outputTag: + description: Output tag field if true. + type: boolean + outputTime: + description: Output time field if true. + type: boolean + timeFormat: + description: Process value according to the specified + format. This is available only when time_type is string + type: string + timeFormatFallbacks: + description: Uses the specified time format as a fallback + in the specified order. You can parse undetermined + time format by using time_format_fallbacks. This options + is enabled when time_type is mixed. + type: string + timeType: + description: parses/formats value according to this + type, default is string + enum: + - float + - unixtime + - string + - mixed + type: string + timezone: + description: Uses the specified timezone. + type: string + type: + description: The @type parameter specifies the type + of the plugin. + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + utc: + description: If true, uses UTC. + type: boolean + type: object + inject: + description: The inject section + properties: + hostname: + description: Hostname value + type: string + hostnameKey: + description: The field name to inject hostname + type: string + inline: + description: Time section + properties: + localtime: + description: If true, uses local time. + type: boolean + timeFormat: + description: Process value according to the specified + format. This is available only when time_type + is string + type: string + timeFormatFallbacks: + description: Uses the specified time format as a + fallback in the specified order. You can parse + undetermined time format by using time_format_fallbacks. + This options is enabled when time_type is mixed. + type: string + timeType: + description: parses/formats value according to this + type, default is string + enum: + - float + - unixtime + - string + - mixed + type: string + timezone: + description: Uses the specified timezone. + type: string + utc: + description: If true, uses UTC. + type: boolean + type: object + tagKey: + description: The field name to inject tag + type: string + timeKey: + description: The field name to inject time + type: string + workerIdKey: + description: The field name to inject worker_id + type: string + type: object + type: object + tag: + description: Which tag to be matched. + type: string + type: object + type: array + type: object + status: + description: FilterStatus defines the observed state of Filter + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + name: fluentbitconfigs.fluentbit.fluent.io +spec: + group: fluentbit.fluent.io + names: + kind: FluentBitConfig + listKind: FluentBitConfigList + plural: fluentbitconfigs + shortNames: + - fbc + singular: fluentbitconfig + scope: Namespaced + versions: + - name: v1alpha2 + schema: + openAPIV3Schema: + description: FluentBitConfig is the Schema for the API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: NamespacedFluentBitCfgSpec defines the desired state of FluentBit + properties: + clusterParserSelector: + description: Select cluster level parser config + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + filterSelector: + description: Select filter plugins + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + outputSelector: + description: Select output plugins + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + parserSelector: + description: Select parser plugins + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + name: fluentbits.fluentbit.fluent.io +spec: + group: fluentbit.fluent.io + names: + kind: FluentBit + listKind: FluentBitList + plural: fluentbits + shortNames: + - fb + singular: fluentbit + scope: Namespaced + versions: + - name: v1alpha2 + schema: + openAPIV3Schema: + description: FluentBit is the Schema for the fluentbits API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FluentBitSpec defines the desired state of FluentBit + properties: + affinity: + description: Pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: Annotations to add to each Fluentbit pod. + type: object + args: + description: Fluent Bit Watcher command line arguments. + items: + type: string + type: array + command: + description: Fluent Bit Watcher command. + items: + type: string + type: array + containerLogRealPath: + description: Container log path + type: string + containerSecurityContext: + description: ContainerSecurityContext holds container-level security + attributes. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process + can gain more privileges than its parent process. This bool + directly controls if the no_new_privs flag will be set on the + container process. AllowPrivilegeEscalation is true always when + the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container + runtime. Note that this field cannot be set when spec.os.name + is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the host. Defaults + to false. Note that this field cannot be set when spec.os.name + is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for + the containers. The default is DefaultProcMount which uses the + container runtime defaults for readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. Note that this field cannot be set when spec.os.name + is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. If + seccomp options are provided at both the pod & container level, + the container options override the pod options. Note that this + field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must be + preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a profile + defined in a file on the node should be used. RuntimeDefault + - the container runtime default profile should be used. + Unconfined - no profile should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will + be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is alpha-level + and will only be honored by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the feature flag + will result in errors when validating the Pod. All of a + Pod's containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: string + type: object + type: object + disableService: + description: DisableService tells if the fluentbit service should + be deployed. + type: boolean + dnsPolicy: + description: Set DNS policy for the pod. Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' + or 'None'. + type: string + envVars: + description: EnvVars represent environment variables that can be passed + to fluentbit pods. + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using + the previously defined environment variables in the container + and any service environment variables. If a variable cannot + be resolved, the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the + string literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + fluentBitConfigName: + description: Fluentbitconfig object associated with this Fluentbit + type: string + hostNetwork: + description: Host networking is requested for this pod. Use the host's + network namespace. If this option is set, the ports that will be + used must be specified. Default to false. + type: boolean + image: + description: Fluent Bit image. + type: string + imagePullPolicy: + description: Fluent Bit image pull policy. + type: string + imagePullSecrets: + description: Fluent Bit image pull secret + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: InitContainers represents the pod's init containers. + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components + that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag + will result in errors when validating the Pod. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + internalMountPropagation: + description: MountPropagation option for internal mounts + enum: + - None + - HostToContainer + - Bidirectional + type: string + labels: + additionalProperties: + type: string + description: Labels to add to each FluentBit pod + type: object + livenessProbe: + description: LivenessProbe represents the pod's liveness probe. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command is + simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. This + is a beta field and requires enabling GRPCContainerProbe feature + gate. + properties: + port: + description: Port number of the gRPC service. Number must + be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to place + in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior is defined + by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod + IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows + repeated headers. + items: + description: HTTPHeader describes a custom header to be + used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults + to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate + gracefully upon probe failure. The grace period is the duration + in seconds after the processes running in the pod are sent a + termination signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer than the expected + cleanup time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). This is a + beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + metricsPort: + description: MetricsPort is the port used by the metrics server. If + this option is set, HttpPort from ClusterFluentBitConfig needs to + match this value. Default is 2020. + format: int32 + type: integer + namespaceFluentBitCfgSelector: + description: NamespacedFluentBitCfgSelector selects the namespace + FluentBitConfig associated with this FluentBit + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nodeSelector: + additionalProperties: + type: string + description: NodeSelector + type: object + ports: + description: Ports represents the pod's ports. + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, + this must be a valid port number, 0 < x < 65536. If HostNetwork + is specified, this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and + unique within the pod. Each named port in a pod must have + a unique name. Name for the port that can be referred to by + services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults + to "TCP". + type: string + required: + - containerPort + type: object + type: array + positionDB: + description: Storage for position db. You will use it if tail input + is enabled. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount by + volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition for + /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique ID of the persistent disk + resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob storage + type: string + fsType: + description: fsType is Filesystem type to mount. Must be a + filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple blob + disks per storage account Dedicated: single blob disk per + storage account Managed: azure managed data disk (only + in managed availability set). defaults to shared' + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'monitors is Required: Monitors is a collection + of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: SecretFile is the path + to key ring for User, default is /etc/ceph/user.secret More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: SecretRef is reference + to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder volume attached and mounted + on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to + be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: points to a secret object + containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'defaultMode is optional: mode bits used to set + permissions on created files by default. Must be an octal + value between 0000 and 0777 or a decimal value between 0 + and 511. YAML accepts both octal and decimal values, JSON + requires decimal values for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect + the file mode, like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + ConfigMap, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to set + permissions on this file. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, the + volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: path is the relative path of the file to + map the key to. May not be an absolute path. May not + contain the path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers (Beta + feature). + properties: + driver: + description: driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". If + not provided, the empty value is passed to the associated + CSI driver which will determine the default filesystem to + apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef is a reference to the secret + object containing sensitive information to pass to the CSI + driver to complete the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may be empty if no secret + is required. If the secret object contains more than one + secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a Optional: mode bits used to set permissions + on created files by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. Directories within + the path are not affected by this setting. This might be + in conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to set permissions + on this file, must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, the + volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'emptyDir represents a temporary directory that shares + a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the SizeLimit + specified here and the sum of memory limits of all containers + in a pod. The default is nil which means that the limit + is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a volume that is handled by + a cluster storage driver. The volume's lifecycle is tied to + the pod that defines it - it will be created before the pod + starts, and deleted when the pod is removed. \n Use this if: + a) the volume is only needed while the pod runs, b) features + of normal volumes like restoring from snapshot or capacity tracking + are needed, c) the storage driver is specified through a storage + class, and d) the storage driver supports dynamic volume provisioning + through a PersistentVolumeClaim (see EphemeralVolumeSource for + more information on the connection between this volume type + and PersistentVolumeClaim). \n Use PersistentVolumeClaim or + one of the vendor-specific APIs for volumes that persist for + longer than the lifecycle of an individual pod. \n Use CSI for + light-weight local ephemeral volumes if the CSI driver is meant + to be used that way - see the documentation of the driver for + more information. \n A pod can use both types of ephemeral volumes + and persistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to + provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the PVC will + be deleted together with the pod. The name of the PVC will + be `-` where `` is the + name from the `PodSpec.Volumes` array entry. Pod validation + will reject the pod if the concatenated name is not valid + for a PVC (for example, too long). \n An existing PVC with + that name that is not owned by the pod will *not* be used + for the pod to avoid using an unrelated volume by mistake. + Starting the pod is then blocked until the unrelated PVC + is removed. If such a pre-created PVC is meant to be used + by the pod, the PVC has to updated with an owner reference + to the pod once the pod exists. Normally this should not + be necessary, but it may be useful when manually reconstructing + a broken cluster. \n This field is read-only and no changes + will be made by Kubernetes to the PVC after it has been + created. \n Required, must not be nil." + properties: + metadata: + description: May contain labels and annotations that will + be copied into the PVC when creating it. No other fields + are allowed and will be rejected during validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the PVC + that gets created from this template. The same fields + as in a PersistentVolumeClaim are also valid here. + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support + the specified data source, it will create a new + volume based on the contents of the specified data + source. When the AnyVolumeDataSource feature gate + is enabled, dataSource contents will be copied to + dataSourceRef, and dataSourceRef contents will be + copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a + non-empty API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both fields + are non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one + of them is empty and the other is non-empty. When + namespace is specified in dataSourceRef, dataSource + isn''t set to the same value and must be empty. + There are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef allows + any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, + and generates an error if a disallowed value is + specified. * While dataSource only allows local + objects, dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the namespace + field of dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept the + reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It + can only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of + one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes + that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem is + implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + wwids: + description: 'wwids Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs and lun + must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: flexVolume represents a generic volume resource that + is provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for this + volume. + type: string + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends + on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: 'readOnly is Optional: defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: secretRef is reference + to the secret object containing sensitive information to + pass to the plugin scripts. This may be empty if no secret + object is specified. If the secret object contains more + than one secret, all secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: datasetName is Name of the dataset stored as + metadata -> name on the dataset for Flocker should be considered + as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem type of the volume that + you want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount by + volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition for + /dev/sda is "0" (or you can leave the property empty). More + info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name of the PD resource in + GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'gitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision a + container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: directory is the target directory name. Must + not contain or start with '..'. If '.' is supplied, the + volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs mount on the host + that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to the + pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + initiatorName: + description: initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, + new iSCSI interface : will be + created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the interface Name that uses + an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI Target Portal List. The + portal is either an IP or ip_addr:port if the port is other + than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: targetPortal is iSCSI Target Portal. The Portal + is either an IP or ip_addr:port if the port is other than + default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + nfs: + description: 'nfs represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will force the NFS export to be + mounted with read-only permissions. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents a reference + to a PersistentVolumeClaim in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: defaultMode are the mode bits used to set permissions + on created files by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires decimal + values for mode bits. Directories within the path are not + affected by this setting. This might be in conflict with + other options that affect the file mode, like fsGroup, and + the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. Must + be an octal value between 0000 and 0777 + or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON + requires decimal values for mode bits. If + not specified, the volume defaultMode will + be used. This might be in conflict with + other options that affect the file mode, + like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be an + absolute path. May not contain the path + element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to + set permissions on this file, must be an + octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both + octal and decimal values, JSON requires + decimal values for mode bits. If not specified, + the volume defaultMode will be used. This + might be in conflict with other options + that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. Must + be an octal value between 0000 and 0777 + or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON + requires decimal values for mode bits. If + not specified, the volume defaultMode will + be used. This might be in conflict with + other options that affect the file mode, + like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be an + absolute path. May not contain the path + element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: audience is the intended audience of + the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds is the requested + duration of validity of the service account token. + As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service + account token. The kubelet will start trying to + rotate the token if the token is older than 80 + percent of its time to live or if the token is + older than 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: path is the path relative to the mount + point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: group to map volume access to Default is no group + type: string + readOnly: + description: readOnly here will force the Quobyte volume to + be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: user to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising + the machine' + type: string + image: + description: 'image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection of Ceph monitors. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'pool is the rados pool name. Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is the rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO API + Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO Protection + Domain for the configured storage. + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: storageMode indicates whether the storage for + a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: volumeName is the name of a volume already created + in the ScaleIO system that is associated with this volume + source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode bits used to set + permissions on created files by default. Must be an octal + value between 0000 and 0777 or a decimal value between 0 + and 511. YAML accepts both octal and decimal values, JSON + requires decimal values for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect + the file mode, like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the + Secret, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to set + permissions on this file. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, the + volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, + like fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + path: + description: path is the relative path of the file to + map the key to. May not be an absolute path. May not + contain the path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: 'secretName is the name of the secret in the + pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: volumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within a + namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies the scope of the volume + within StorageOS. If no namespace is specified then the + Pod's namespace will be used. This allows the Kubernetes + name scoping to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override the + default behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do not pre-exist + within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fsType is filesystem type to mount. Must be a + filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based Management + (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + type: object + priorityClassName: + description: PriorityClassName represents the pod's priority class. + type: string + rbacRules: + description: RBACRules represents additional rbac rules which will + be applied to the fluent-bit clusterrole. + items: + description: PolicyRule holds information that describes a policy + rule, but does not contain information about who the rule applies + to or which namespace the rule applies to. + properties: + apiGroups: + description: APIGroups is the name of the APIGroup that contains + the resources. If multiple API groups are specified, any + action requested against one of the enumerated resources in + any API group will be allowed. "" represents the core API + group and "*" represents all API groups. + items: + type: string + type: array + nonResourceURLs: + description: NonResourceURLs is a set of partial urls that a + user should have access to. *s are allowed, but only as the + full, final step in the path Since non-resource URLs are not + namespaced, this field is only applicable for ClusterRoles + referenced from a ClusterRoleBinding. Rules can either apply + to API resources (such as "pods" or "secrets") or non-resource + URL paths (such as "/api"), but not both. + items: + type: string + type: array + resourceNames: + description: ResourceNames is an optional white list of names + that the rule applies to. An empty set means that everything + is allowed. + items: + type: string + type: array + resources: + description: Resources is a list of resources this rule applies + to. '*' represents all resources. + items: + type: string + type: array + verbs: + description: Verbs is a list of Verbs that apply to ALL the + ResourceKinds contained in this rule. '*' represents all verbs. + items: + type: string + type: array + required: + - verbs + type: object + type: array + readinessProbe: + description: ReadinessProbe represents the pod's readiness probe. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside + the container, the working directory for the command is + root ('/') in the container's filesystem. The command is + simply exec'd, it is not run inside a shell, so traditional + shell instructions ('|', etc) won't work. To use a shell, + you need to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. This + is a beta field and requires enabling GRPCContainerProbe feature + gate. + properties: + port: + description: Port number of the gRPC service. Number must + be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to place + in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior is defined + by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod + IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows + repeated headers. + items: + description: HTTPHeader describes a custom header to be + used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults + to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started + before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default + to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. + Number must be in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate + gracefully upon probe failure. The grace period is the duration + in seconds after the processes running in the pod are sent a + termination signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer than the expected + cleanup time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). This is a + beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by container. + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + runtimeClassName: + description: RuntimeClassName represents the container runtime configuration. + type: string + schedulerName: + description: SchedulerName represents the desired scheduler for fluent-bit + pods. + type: string + secrets: + description: The Secrets are mounted into /fluent-bit/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit is + set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions of + any volume. Note that this field cannot be set when spec.os.name + is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will have + no effect on ephemeral volume types such as: secret, configmaps + and emptydir. Valid values are "OnRootMismatch" and "Always". + If not specified, "Always" is used. Note that this field cannot + be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field cannot + be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers in this + pod. Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must be + preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a profile + defined in a file on the node should be used. RuntimeDefault + - the container runtime default profile should be used. + Unconfined - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary GID, + the fsGroup (if specified), and group memberships defined in + the container image for the uid of the container process. If + unspecified, no additional groups are added to any container. + Note that group memberships defined in the container image for + the uid of the container process are still effective, even if + they are not included in this list. Note that this field cannot + be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. Note that this field cannot be set when + spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is alpha-level + and will only be honored by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the feature flag + will result in errors when validating the Pod. All of a + Pod's containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: string + type: object + type: object + service: + description: Service represents configurations on the fluent-bit service. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to add to each Fluentbit service. + type: object + labels: + additionalProperties: + type: string + description: Labels to add to each FluentBit service + type: object + name: + description: Name is the name of the FluentBit service. + type: string + type: object + serviceAccountAnnotations: + additionalProperties: + type: string + description: Annotations to add to the Fluentbit service account + type: object + tolerations: + description: Tolerations + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match all + values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod + can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever (do not + evict). Zero and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + volumes: + description: List of volumes that can be mounted by containers belonging + to the pod. + items: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique ID of the persistent disk + resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + description: fsType is Filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'monitors is Required: Monitors is a collection + of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: SecretFile is the + path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: SecretRef is reference + to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder volume attached and + mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to + be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'defaultMode is optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers (Beta + feature). + properties: + driver: + description: driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated + CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef is a reference to the + secret object containing sensitive information to pass + to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the secret + object contains more than one secret, all secret references + are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a Optional: mode bits used to set + permissions on created files by default. Must be an octal + value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to set permissions + on this file, must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'emptyDir represents a temporary directory that + shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the + SizeLimit specified here and the sum of memory limits + of all containers in a pod. The default is nil which means + that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is tied + to the pod that defines it - it will be created before the + pod starts, and deleted when the pod is removed. \n Use this + if: a) the volume is only needed while the pod runs, b) features + of normal volumes like restoring from snapshot or capacity + tracking are needed, c) the storage driver is specified through + a storage class, and d) the storage driver supports dynamic + volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this volume + type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that persist + for longer than the lifecycle of an individual pod. \n Use + CSI for light-weight local ephemeral volumes if the CSI driver + is meant to be used that way - see the documentation of the + driver for more information. \n A pod can use both types of + ephemeral volumes and persistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to + provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the PVC + will be deleted together with the pod. The name of the + PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. + Pod validation will reject the pod if the concatenated + name is not valid for a PVC (for example, too long). \n + An existing PVC with that name that is not owned by the + pod will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC + is meant to be used by the pod, the PVC has to updated + with an owner reference to the pod once the pod exists. + Normally this should not be necessary, but it may be useful + when manually reconstructing a broken cluster. \n This + field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. \n Required, must + not be nil." + properties: + metadata: + description: May contain labels and annotations that + will be copied into the PVC when creating it. No other + fields are allowed and will be rejected during validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the PVC + that gets created from this template. The same fields + as in a PersistentVolumeClaim are also valid here. + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support + the specified data source, it will create a new + volume based on the contents of the specified + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be copied + to dataSourceRef, and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object + from which to populate the volume with data, if + a non-empty volume is desired. This may be any + object from a non-empty API group (non core object) + or a PersistentVolumeClaim object. When this field + is specified, volume binding will only succeed + if the type of the specified object matches some + installed volume populator or dynamic provisioner. + This field will replace the functionality of the + dataSource field and as such if both fields are + non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t + specified in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same value + automatically if one of them is empty and the + other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the + same value and must be empty. There are three + important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types + of objects, dataSourceRef allows any non-core + object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping + them), dataSourceRef preserves all values, and + generates an error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the + namespace field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature gate to + be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If Requests + is omitted for a container, it defaults to + Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem + is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + wwids: + description: 'wwids Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs and + lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: flexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends + on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: 'readOnly is Optional: defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: secretRef is reference + to the secret object containing sensitive information + to pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the plugin + scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: datasetName is Name of the dataset stored as + metadata -> name on the dataset for Flocker should be + considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem type of the volume that + you want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name of the PD resource in + GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'gitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: directory is the target directory name. Must + not contain or start with '..'. If '.' is supplied, the + volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to + false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'path of the directory on the host. If the + path is a symlink, it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to + the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the interface Name that uses + an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI Target Portal List. The + portal is either an IP or ip_addr:port if the port is + other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: targetPortal is iSCSI Target Portal. The Portal + is either an IP or ip_addr:port if the port is other than + default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. Must be a DNS_LABEL and unique + within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will force the NFS export to + be mounted with read-only permissions. Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents a + reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the ReadOnly setting in + VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: defaultMode are the mode bits used to set permissions + on created files by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires decimal + values for mode bits. Directories within the path are + not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the ConfigMap, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to + set permissions on this file, must be + an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the Secret, the volume setup + will error unless it is marked optional. Paths + must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: audience is the intended audience + of the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, the + kubelet volume plugin will proactively rotate + the service account token. The kubelet will + start trying to rotate the token if the token + is older than 80 percent of its time to live + or if the token is older than 24 hours.Defaults + to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: path is the path relative to the + mount point of the file to project the token + into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: group to map volume access to Default is no + group + type: string + readOnly: + description: readOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults to + false. + type: boolean + registry: + description: registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: user to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: + description: 'image is the rados image name. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'pool is the rados pool name. Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is + nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is the rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: storageMode indicates whether the storage for + a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated with + this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the Secret, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: 'secretName is the name of the secret in the + pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: volumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within + a namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies the scope of the + volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name to + override the default behaviour. Set to "default" if you + are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fsType is filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + volumesMounts: + description: Pod volumes to mount into the container's filesystem. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When + not set, MountPropagationNone is used. This field is beta + in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the + container's volume should be mounted. Behaves similarly to + SubPath but environment variable references $(VAR_NAME) are + expanded using the container's environment. Defaults to "" + (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + type: object + status: + description: FluentBitStatus defines the observed state of FluentBit + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + name: fluentdconfigs.fluentd.fluent.io +spec: + group: fluentd.fluent.io + names: + kind: FluentdConfig + listKind: FluentdConfigList + plural: fluentdconfigs + shortNames: + - fdc + singular: fluentdconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: FluentdConfig is the Schema for the fluentdconfigs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FluentdConfigSpec defines the desired state of FluentdConfig + properties: + clusterFilterSelector: + description: Select cluster filter plugins + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + clusterOutputSelector: + description: Select cluster output plugins + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + emit_mode: + description: 'Emit mode. If batch, the plugin will emit events per + labels matched. Enum: record, batch. will make no effect if EnableFilterKubernetes + is set false.' + enum: + - record + - batch + type: string + filterSelector: + description: Select namespaced filter plugins + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + outputSelector: + description: Select namespaced output plugins + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + stickyTags: + description: Sticky tags will match only one record from an event + stream. The same tag will be treated the same way. will make no + effect if EnableFilterKubernetes is set false. + type: string + watchedConstainers: + description: A set of container names. Ignored if left empty. + items: + type: string + type: array + watchedHosts: + description: A set of hosts. Ignored if left empty. + items: + type: string + type: array + watchedLabels: + additionalProperties: + type: string + description: Use this field to filter the logs, will make no effect + if EnableFilterKubernetes is set false. + type: object + type: object + status: + description: FluentdConfigStatus defines the observed state of FluentdConfig + properties: + messages: + description: Messages defines the plugin errors which is selected + by this fluentdconfig + type: string + state: + description: The state of this fluentd config + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + name: fluentds.fluentd.fluent.io +spec: + group: fluentd.fluent.io + names: + kind: Fluentd + listKind: FluentdList + plural: fluentds + shortNames: + - fd + singular: fluentd + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Fluentd is the Schema for the fluentds API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FluentdSpec defines the desired state of Fluentd + properties: + affinity: + description: Pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: Annotations to add to each Fluentd pod. + type: object + args: + description: Fluentd Watcher command line arguments. + items: + type: string + type: array + buffer: + description: Buffer definition + properties: + disableBufferVolume: + description: Enabled buffer pvc by default. + type: boolean + emptyDir: + description: Represents an empty directory for a pod. Empty directory + volumes support ownership management and SELinux relabeling. + properties: + medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the SizeLimit + specified here and the sum of memory limits of all containers + in a pod. The default is nil which means that the limit + is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + hostPath: + description: Volume definition. + properties: + path: + description: 'path of the directory on the host. If the path + is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + pvc: + description: PVC definition + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: 'spec defines the desired characteristics of + a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the provisioner + or an external controller can support the specified + data source, it will create a new volume based on the + contents of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef contents + will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, then + dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty + API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic provisioner. + This field will replace the functionality of the dataSource + field and as such if both fields are non-empty, they + must have the same value. For backwards compatibility, + when namespace isn''t specified in dataSourceRef, both + fields (dataSource and dataSourceRef) will be set to + the same value automatically if one of them is empty + and the other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the same + value and must be empty. There are three important differences + between dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, + and generates an error if a disallowed value is specified. + * While dataSource only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource feature gate + to be enabled. (Alpha) Using the namespace field of + dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant object + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the + ReferenceGrant documentation for details. (Alpha) + This field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify resource + requirements that are lower than previous value but + must still be higher than capacity recorded in the status + field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used by + this container. \n This is an alpha field and requires + enabling the DynamicResourceAllocation feature gate. + \n This field is immutable. It can only be set for + containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the Pod + where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the StorageClass + required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is + required by the claim. Value of Filesystem is implied + when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: allocatedResources is the storage resource + within AllocatedResources tracks the capacity allocated + to a PVC. It may be larger than the actual capacity + when a volume expansion operation is requested. For + storage quota, the larger value from allocatedResources + and PVC.spec.resources is used. If allocatedResources + is not set, PVC.spec.resources alone is used for quota + calculation. If a volume expansion capacity request + is lowered, allocatedResources is only lowered if there + are no expansion operations in progress and if the actual + volume capacity is equal or lower than the requested + capacity. This is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature. + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: conditions is the current Condition of persistent + volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we probed + the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time the + condition transitioned from one status to another. + format: date-time + type: string + message: + description: message is the human-readable message + indicating details about last transition. + type: string + reason: + description: reason is a unique, this should be + a short, machine understandable string that gives + the reason for condition's last transition. If + it reports "ResizeStarted" that means the underlying + persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: phase represents the current phase of PersistentVolumeClaim. + type: string + resizeStatus: + description: resizeStatus stores status of resize operation. + ResizeStatus is not set by default but when expansion + is complete resizeStatus is set to empty string by resize + controller or kubelet. This is an alpha field and requires + enabling RecoverVolumeExpansionFailure feature. + type: string + type: object + type: object + type: object + containerSecurityContext: + description: ContainerSecurityContext represents the security context + for the fluentd container. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process + can gain more privileges than its parent process. This bool + directly controls if the no_new_privs flag will be set on the + container process. AllowPrivilegeEscalation is true always when + the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container + runtime. Note that this field cannot be set when spec.os.name + is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the host. Defaults + to false. Note that this field cannot be set when spec.os.name + is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for + the containers. The default is DefaultProcMount which uses the + container runtime defaults for readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. Note that this field cannot be set when spec.os.name + is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. If + seccomp options are provided at both the pod & container level, + the container options override the pod options. Note that this + field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must be + preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a profile + defined in a file on the node should be used. RuntimeDefault + - the container runtime default profile should be used. + Unconfined - no profile should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will + be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is alpha-level + and will only be honored by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the feature flag + will result in errors when validating the Pod. All of a + Pod's containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: string + type: object + type: object + defaultFilterSelector: + description: Select cluster filter plugins used to filter for the + default cluster output + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + defaultOutputSelector: + description: Select cluster output plugins used to send all logs that + did not match any route to the matching outputs + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + disableService: + description: By default will build the related service according to + the globalinputs definition. + type: boolean + envVars: + description: EnvVars represent environment variables that can be passed + to fluentd pods. + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using + the previously defined environment variables in the container + and any service environment variables. If a variable cannot + be resolved, the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the + string literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + fluentdCfgSelector: + description: FluentdCfgSelector defines the selectors to select the + fluentd config CRs. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + globalInputs: + description: Fluentd global inputs. + items: + description: Input defines all available input plugins and their + parameters + properties: + forward: + description: in_forward plugin + properties: + addTagPrefix: + description: Adds the prefix to the incoming event's tag. + type: string + bind: + description: The port to listen to, default is "0.0.0.0" + type: string + chunkSizeLimit: + description: The size limit of the received chunk. If the + chunk size is larger than this value, the received chunk + is dropped. + pattern: ^\d+(KB|MB|GB|TB)$ + type: string + chunkSizeWarnLimit: + description: The warning size limit of the received chunk. + If the chunk size is larger than this value, a warning + message will be sent. + pattern: ^\d+(KB|MB|GB|TB)$ + type: string + client: + description: The security section of client plugin + properties: + host: + description: The IP address or hostname of the client. + This is exclusive with Network. + type: string + network: + description: The network address specification. This + is exclusive with Host. + type: string + sharedKey: + description: The shared key per client. + type: string + users: + description: The array of usernames. + type: string + type: object + denyKeepalive: + description: The connections will be disconnected right + after receiving a message, if true. + type: boolean + lingerTimeout: + description: The timeout used to set the linger option. + type: integer + port: + description: The port to listen to, default is 24224. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + resolveHostname: + description: Tries to resolve hostname from IP addresses + or not. + type: boolean + security: + description: The security section of forward plugin + properties: + allowAnonymousSource: + description: Allows the anonymous source. sections + are required, if disabled. + type: string + selfHostname: + description: The hostname. + type: string + sharedKey: + description: The shared key for authentication. + type: string + user: + description: Defines user section directly. + properties: + password: + description: Secret defines the key of a value. + properties: + valueFrom: + description: ValueSource defines how to find + a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + username: + description: Secret defines the key of a value. + properties: + valueFrom: + description: ValueSource defines how to find + a value's key. + properties: + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + type: object + userAuth: + description: If true, user-based authentication is used. + type: string + type: object + sendKeepalivePacket: + description: Enables the TCP keepalive for sockets. + type: boolean + skipInvalidEvent: + description: Skips the invalid incoming event. + type: boolean + sourceAddressKey: + description: The field name of the client's source address. + If set, the client's address will be set to its key. + type: string + sourceHostnameKey: + description: The field name of the client's hostname. If + set, the client's hostname will be set to its key. + type: string + tag: + description: in_forward uses incoming event's tag by default + (See Protocol Section). If the tag parameter is set, its + value is used instead. + type: string + transport: + description: The transport section of forward plugin + properties: + caCertPath: + description: for Cert generated + type: string + caPath: + description: for Cert signed by public CA + type: string + caPrivateKeyPassphrase: + type: string + caPrivateKeyPath: + type: string + certPath: + type: string + certVerifier: + description: other parameters + type: string + ciphers: + type: string + clientCertAuth: + type: boolean + insecure: + type: boolean + privateKeyPassphrase: + type: string + privateKeyPath: + type: string + protocol: + description: 'The protocal name of this plugin, i.e: + tls' + type: string + version: + type: string + type: object + user: + description: The security section of user plugin + properties: + password: + description: Secret defines the key of a value. + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + username: + description: Secret defines the key of a value. + properties: + valueFrom: + description: ValueSource defines how to find a value's + key. + properties: + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + type: object + type: object + http: + description: in_http plugin + properties: + addHttpHeaders: + description: Adds HTTP_ prefix headers to the record. + type: boolean + addRemoteAddr: + description: 'Adds REMOTE_ADDR field to the record. The + value of REMOTE_ADDR is the client''s address. i.e: X-Forwarded-For: + host1, host2' + type: string + bind: + description: The port to listen to, default is "0.0.0.0" + type: string + bodySizeLimit: + description: The size limit of the POSTed element. + pattern: ^\d+(KB|MB|GB|TB)$ + type: string + corsAllOrigins: + description: Whitelist domains for CORS. + type: string + corsAllowCredentials: + description: Add Access-Control-Allow-Credentials header. + It's needed when a request's credentials mode is include + type: string + keepaliveTimeout: + description: The timeout limit for keeping the connection + alive. + pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ + type: string + parse: + description: The parse section of http plugin + properties: + customPatternPath: + description: Path to the file that includes custom grok + patterns. + type: string + estimateCurrentEvent: + description: If true, use Fluent::Eventnow(current time) + as a timestamp when time_key is specified. + type: boolean + expression: + description: Specifies the regular expression for matching + logs. Regular expression also supports i and m suffix. + type: string + grok: + description: Grok Sections + items: + properties: + keepTimeKey: + description: If true, keep time field in the record. + type: boolean + name: + description: The name of this grok section. + type: string + pattern: + description: The pattern of grok. Required parameter. + type: string + timeFormat: + description: Process value using specified format. + This is available only when time_type is string + type: string + timeKey: + description: Specify time field for event time. + If the event doesn't have this field, current + time is used. + type: string + timeZone: + description: Use specified timezone. one can parse/format + the time value in the specified timezone. + type: string + type: object + type: array + grokFailureKey: + description: The key has grok failure reason. + type: string + grokPattern: + description: The pattern of grok. + type: string + grokPatternSeries: + description: Specify grok pattern series set. + type: string + id: + description: The @id parameter specifies a unique name + for the configuration. + type: string + keepTimeKey: + description: If true, keep time field in th record. + type: boolean + localtime: + description: If true, uses local time. + type: boolean + logLevel: + description: The @log_level parameter specifies the + plugin-specific logging level + type: string + multiLineStartRegexp: + description: The regexp to match beginning of multiline. + This is only for "multiline_grok". + type: string + timeFormat: + description: Process value according to the specified + format. This is available only when time_type is string + type: string + timeFormatFallbacks: + description: Uses the specified time format as a fallback + in the specified order. You can parse undetermined + time format by using time_format_fallbacks. This options + is enabled when time_type is mixed. + type: string + timeKey: + description: Specify time field for event time. If the + event doesn't have this field, current time is used. + type: string + timeType: + description: parses/formats value according to this + type, default is string + enum: + - float + - unixtime + - string + - mixed + type: string + timeout: + description: Specify timeout for parse processing. + pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ + type: string + timezone: + description: Uses the specified timezone. + type: string + type: + description: The @type parameter specifies the type + of the plugin. + enum: + - regexp + - apache2 + - apache_error + - nginx + - syslog + - csv + - tsv + - ltsv + - json + - multiline + - none + - grok + - multiline_grok + type: string + types: + description: 'Specify types for converting field into + another, i.e: types user_id:integer,paid:bool,paid_usd_amount:float' + type: string + utc: + description: If true, uses UTC. + type: boolean + required: + - type + type: object + port: + description: The port to listen to, default is 9880. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + respondsWithEmptyImg: + description: Responds with an empty GIF image of 1x1 pixel + (rather than an empty string). + type: boolean + transport: + description: The transport section of http plugin + properties: + caCertPath: + description: for Cert generated + type: string + caPath: + description: for Cert signed by public CA + type: string + caPrivateKeyPassphrase: + type: string + caPrivateKeyPath: + type: string + certPath: + type: string + certVerifier: + description: other parameters + type: string + ciphers: + type: string + clientCertAuth: + type: boolean + insecure: + type: boolean + privateKeyPassphrase: + type: string + privateKeyPath: + type: string + protocol: + description: 'The protocal name of this plugin, i.e: + tls' + type: string + version: + type: string + type: object + type: object + id: + description: The @id parameter specifies a unique name for the + configuration. + type: string + label: + description: The @label parameter is to route the input events + to