From 01ecf95c03b05f03367be20bc14be0b34fdd0b5c Mon Sep 17 00:00:00 2001 From: Ho Kim Date: Wed, 10 Sep 2025 08:36:11 +0000 Subject: [PATCH 1/2] kubevirt: add support for extra annotations Signed-off-by: Ho Kim --- packages/kubevirt/charts/templates/kubevirt.yaml | 8 ++++++++ packages/kubevirt/charts/values.yaml | 6 ++++++ 2 files changed, 14 insertions(+) diff --git a/packages/kubevirt/charts/templates/kubevirt.yaml b/packages/kubevirt/charts/templates/kubevirt.yaml index ee53b648..e7d4bd94 100644 --- a/packages/kubevirt/charts/templates/kubevirt.yaml +++ b/packages/kubevirt/charts/templates/kubevirt.yaml @@ -3,6 +3,14 @@ kind: KubeVirt metadata: name: kubevirt namespace: {{ .Release.Namespace }} + {{- with .Values.kubevirt.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.kubevirt.labels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- with .Values.kubevirt.configuration }} configuration: diff --git a/packages/kubevirt/charts/values.yaml b/packages/kubevirt/charts/values.yaml index b5abb3ac..65ed2c2b 100644 --- a/packages/kubevirt/charts/values.yaml +++ b/packages/kubevirt/charts/values.yaml @@ -21,6 +21,12 @@ operator: memory: 450Mi kubevirt: + # Extra annotations for KubeVirt CR. + # Useful for advanced configuration such as: + # https://kubevirt.io/user-guide/compute/dedicated_cpu_resources/#compute-nodes-with-smt-enabled + annotations: {} + # Extra labels for KubeVirt CR. + labels: {} # Holds kubevirt configurations. Same as the virt-configMap. configuration: {} customizeComponents: {} From c043b66b083953fab5f800d5b5bd03061cd47188 Mon Sep 17 00:00:00 2001 From: Ho Kim Date: Wed, 10 Sep 2025 08:40:13 +0000 Subject: [PATCH 2/2] chore: bump kubevirt chart to 0.6.1 Signed-off-by: Ho Kim --- assets/kubevirt/kubevirt-0.6.1.tgz | Bin 0 -> 44579 bytes charts/kubevirt/0.6.1/.helmignore | 23 + charts/kubevirt/0.6.1/Chart.yaml | 7 + charts/kubevirt/0.6.1/app-readme.md | 1 + charts/kubevirt/0.6.1/crds/kubevirt.yaml | 6544 +++++++++++++++++ charts/kubevirt/0.6.1/templates/NOTES.txt | 2 + charts/kubevirt/0.6.1/templates/_helpers.tpl | 62 + charts/kubevirt/0.6.1/templates/_hooks.tpl | 47 + .../0.6.1/templates/crd-uninstall-hooks.yaml | 55 + .../0.6.1/templates/crd-upgrade-hooks.yaml | 80 + .../0.6.1/templates/kubevirt-operator.yaml | 1424 ++++ .../templates/kubevirt-uninstall-hooks.yaml | 71 + charts/kubevirt/0.6.1/templates/kubevirt.yaml | 44 + .../0.6.1/templates/namespace-hooks.yaml | 60 + charts/kubevirt/0.6.1/values.yaml | 59 + index.html | 6 +- index.yaml | 11 + packages/kubevirt/charts/Chart.yaml | 2 +- packages/kubevirt/package.yaml | 2 +- 19 files changed, 8495 insertions(+), 5 deletions(-) create mode 100644 assets/kubevirt/kubevirt-0.6.1.tgz create mode 100644 charts/kubevirt/0.6.1/.helmignore create mode 100644 charts/kubevirt/0.6.1/Chart.yaml create mode 100644 charts/kubevirt/0.6.1/app-readme.md create mode 100644 charts/kubevirt/0.6.1/crds/kubevirt.yaml create mode 100644 charts/kubevirt/0.6.1/templates/NOTES.txt create mode 100644 charts/kubevirt/0.6.1/templates/_helpers.tpl create mode 100644 charts/kubevirt/0.6.1/templates/_hooks.tpl create mode 100644 charts/kubevirt/0.6.1/templates/crd-uninstall-hooks.yaml create mode 100644 charts/kubevirt/0.6.1/templates/crd-upgrade-hooks.yaml create mode 100644 charts/kubevirt/0.6.1/templates/kubevirt-operator.yaml create mode 100644 charts/kubevirt/0.6.1/templates/kubevirt-uninstall-hooks.yaml create mode 100644 charts/kubevirt/0.6.1/templates/kubevirt.yaml create mode 100644 charts/kubevirt/0.6.1/templates/namespace-hooks.yaml create mode 100644 charts/kubevirt/0.6.1/values.yaml diff --git a/assets/kubevirt/kubevirt-0.6.1.tgz b/assets/kubevirt/kubevirt-0.6.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..04e1724afc5e2f3fc41308cb945014e949738726 GIT binary patch literal 44579 zcmV)iK%&1NiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvHcN;gBD2mVD{uDUMnPs_0q~u4^{nPaHEJb#w^^5K3Sc-G+ znKL&FtlA{essbtiiZYY#``Pcpt6r=JiliQPfIkwMRfWgK#>Rf{n|uZf1!43QtzJCASyue>`Sk1QizhLNh?7j}pU%+VAW2cA za0Sg7N8jf&_(-^XLL&8iDP<;3kB>RNoi2!6=CfP?j~JCerMvgz@6HiTZ7#f18Tc;t9nmoFe!1iCkxJig1=CB*JQ{PgZUf zC)01H&!0Rrm>+E`fWE>>4&qJ-z`*%``Sq*k&GY}_k1xXczmLW;;8-$#`UD}8;su-{ z4hteAUr$9YKp$H5$FWF296$eh`p08^Al-*g5L(qJ#^m|eCx1LSnZDHI10fFjREkri z{*~oPa>)`BtxwU#{5_MG90XAL1R*@16H4S-O$DKh#b;EKv)YdcWgOg})4 zn@^HsgehfG6JSxh9?$Ful6_qypDt zb)!rcIf>yoVriC3IF2D!bRXiMqb&cqSk>`Y_Js*$F^I`6k;{olc03#vFxAhFF$56mf%K3G0X`Cfw0sV5GA>gz)=D#NYIkqsv(w` z#t9&tOO`4uE_z3~?yNRqz5inPA2f%ClVptycB3ocD-yvwMu}uxBXY)B3UUd#I6?xz z=ZL94e=b&gTx|T$sp*%{#qkq_?7z;Uh~-pTSlb`p;}k@OBhWuTSu%EWVQ(5tqa_$F zFOtdW>iP8L%jt9d$_G#vvvipJ1N|!|NzOq(yn-m_M6S;jXZcB!AOVq@+$Cpol7Jy$ zhAsS%Q%O>I4Rf3)>KO2xo{9I2eqc@l6=M5u2foZ%Tsh$N1L#++r2d`{5W+qaLM^DOv332BxnWIKNU!}Xi1sr)4OHO7$q z_x$UZ4gT-d*DnMAcQ5TDa57&T(ub3zLa+-Guj#X;ruw?(T%A_UlG&4s7GOS~Q1shx zX!-#XzyhYl(MSLM=VLz!zt7fk{(oLVk^vV}ne9gu9FqTDot!kz|JScxJP+spKH6`; z9sl9Un@^eMg_eMnw1C*$Fe_Rm_~Z}A|NQ5Z-+r4|UIrZ$tb%&^08Prr>Vid6qe@g~ zA5A|RwSs!{hZS&6VnF{;cP@?4H!t;{B)!V#bMgrtOb(Fk3uvtVe4?j!&H+n6xENuc zD?aC!94Cs=)XbWm`1Hw7VEWeYOErR8gg`UJISN36rJ!k?k&(=D=L8bVh9)E>iUX4j zNyUC1&ej?fuisy(cL`k}kwNrq`s8AcxS?{UlZa7?2^Cg3rhg+6-72AO1U9&anW4>7;fO6!Wb8IC63s zCsfYS!M}>hzlwuKUuIB${A&NRhIN(gRAp=G%uJrE+I*$VtK5meX4GDLZc*)Tb496 zgSNaNti1Ksc08?Mi(Tbep>#9D*f?8WG}D+B(de`vcU zCXQaBQcg`-Oy+CF=Pmt#Lfz+oYlY5lzae+JdLfwtUjRCcNhHyMgVg~#$T&=_{C)7O zyg%zpIREe(<=KMcc;w_G9{;GnyTjR=i9yfowa&XRNR;Z^(Tn-feR+4QF^D>_6U$EZ5=;xnQ@Q@pKmR!?zMYscH`tms93PlZ1G&ddDB`ih+?Kfv zV(j45>Ki?7ZpCmNP#Qm*c$evDP_<3zq3^fQ`dbVCSKG^pVFq_{3mNqPc;4jy{`k!| z!T;-CTFw9K`I8$$<5Ookv=Y>l6eNzZ#EP+_r7^El(Qn?;FSOiL9h7EjzV!U2cGFev zIK%86py$t2cazEFNp*pIhNCIY<&tsotNwa=^CzQWa7#Zo2HFoSfsJ)Pf)(*RF{Z`| z!WsFFvpf^0=)ceb&Io*xK(&90UDW~lZ|m3L+&t8q#=XG(rY{0whpoS^_p~%-7IPQV zimmuSKVJc#ncgj9f&P0(;D1Y~y5t|%9=yc4HetA zz3P)&^_fthwmPv5kBagmtFZ?zs?Kt|EYCFSP1u-(_WY>7i20)7^)|77LX96gDOcmY zRzg*IM{IhJluhxjlKtN}O=|OQc$}brAWCQqRHElEK4(6+i~loX&px=nLH_U6H{ZNy z@_#R%zY6@{eY95o@7%d4ZcW4szkP*FDW+r&LiQ5sE)`TKE99mX@%R+|WAeltUi3ew ze31N}LB!)Su0W&lLFMGWYU2^_j|tw;OAKCSBVhF6z8TCrOYce<~y_Q-U1 zO>`HQySvYOWw`sMaaT<3o|t*ZBAh(YQEeus!n7xggw1eb!!cYiMJ>$uK!^Thc1#qhL0w>u^QD|Kjv~gP8hKTC ztTURdrw99Ie=FSAX(blVMuh2;TO69|yCxn6^-KUS7918>!bGwOj#Hw*AbAc4?QCzs z8#YxOjhMcgKBU4h77rI7i@$4HmkBa{T*W_4FjDbP&1V+>N{A@?xvf1iy+$laAkwkf z+lX9M5N|@ZfrOQ<@nL|rK$8vpxXbzVBY;D#cG00cn0WIy_>{4ZNBTb|FpW#U&a_X*{o@Q1Q87?xyK zyxTI&-`Q-J&22zp%+hg|b+W)EH_c&1L}5a2O!Br{!n>o1#gHXzokA6(VhkyxqT@cl zdqDP)!*=KzBBN-lX#3HUXi;H|s&8(*a+fPc^%K^yVVm}?&b9ZtXx#hWIib9e-v*r96tW4(8k;MC1MRnR^aANeti`&!c3pO8=L}~v^>%p$B+ok;| z#3|7!z-*2*A9Aq535l^Jba4x_C1W@B3{k~m;4`|)X2YMQK+NRH{E9o798^l-f8!^rII%oN3$ zSTecct~`9;?3Y~xiGz@gchW2OxlPc#$0bEE@mWobCAL4-ezX1<_kqeg-fFF*xic@< z8I0f5>epR6XT?dMS53xTpwUog%@_9qijqM40HSz%Cr31L4mGf)4$))xjWESs)Z{y_V9{p*ruC$*KdpLD*6-f6b@CL!mfpQsQWt0+kalEz#$o znHpn&w*EIbia-d(vcc^Ze1E~VsJj*~V93m6R5tFaPjHtP+>Sc3ZDw;1_hI{_z2<7) z+B?XC7OHsoXtYpK!sr&8p+D;e9BY_fI^Wp~huF*GZ0r8+qY4|@rTgiZoJl2Q77$1Y2Kyp@D2*vYDe$a$knZ&8>5kXWPHTKShyYy{oRL@{wVh0 zL3eyVGM(|;F2~71$oc(Fp+g{w7!@oT7Ts1f@_FZ2L>z!BPIT~fg=TZcZ*dU_-u zGY&D~BYA{<;YEgX;UoF`z4w{uCq`%jb(?(nMs?b?i6K?|mVu=KpyY z@Ow38df$3K9>P>F3>C+wfNY$n+1>A*-K$kvZr7;s?#L&w`+3zrtotojOxeRwe^0^u z`xasPJ^CJ-gO#VftY*)8w0m~P%<;o6ZgArMv>+TrT-w6vAc$^)V^k{r3?v&dIEW_iv_di3Yqumf=#HQcnmhO6E8~CfkTLj{T2D)~$% zigj!Jc<`rJuU;NB-&{4{dQp8PVrhzL-0Z&{TnGVOHD5L0`FQc+`sW`m-+VZ`{^7&V z7w^u#dsBN4AzOc>4Nr+JUv%2`(7LDAs~eRA|8#bJ{*7{pmqSG{^BxEl9s|*#g|#}y#8_D!9qxj7EN3!5d4yHd5RRiHo##zO+lS}(Rh|| zCRxOiQ*?cPIoR{7)}C!rN8heF;8<}@;*zr&)R(iAGW!l>6MsyVsN;?$bgf%NOHlLs z+x7M3RqdG$J;2FpNbvd!B1U6zioUMBB1sA?m&McPC$%LM97QW_DxS9yr)K%F-r{CB zN!abBON{zPL^#2wj*uxWRDCzX8J>}ZNCKh>!I-mb^HfgI+1t0ZUj;-FOS4PP<|KjU z7xs$Ese+Cza#VSxuZUT*N?8rZk0aoc%oUdi&F$?<2wyFgQtk_mf1t_w6sgOmX9k&B z-$YTN*6~_ipe%-~+I^4gZOJJ}(Ci-*rzjyb|74$M)zVV$2dYUGJJ5~}Jf~;kJ)<8O zlZ^#-?^@4}wN(miXX_A>ECJr+Gi+J6b36aDIA&BR@K?rn{hXpVpNL0Iy5W5`hW0vo zF`eWICoTJKUhi04qw@)ZG?VMsgrB0{Hpy}gCmy=CS!lzpul`@|ioEYw27IXg_tz&U z_4>TNs-FTz1}|Fc7?9{DqKJM{eE%(m9RV4v{4G%s|I!t zhs$!Tsn~H}vzi zpqWGoV47#22Z(MlX+mN$nKS+$t+1$SD6h(XfyP6F7%Pr>tF-8NckQmu?g45wd(8K>pZ2yA zlPHG#3g>0bb2HrLgOP*w>E=rWslPNdT|(y^+wRq$Tfl+LH@hwL6Ia$qXkOp=xqS^C zUwiJrE#o%{!?A^X@z1?&vFp)TIqP$5f3_#6+A2kjquczo9j5Kyjv3Z6qqRZpZ@oj- zzN-xQ(De1Ox0d_ApyfNN{fahl|G)g>$;-z5|HqS8--P@BKHB~3|B4=bCF%MHcc%O6 zstx?$Yw1+%wd>K!Oo{{Qy!QS32l^#vvJe9|ly2JntzEa5Vu}~qLwy=yDHAXnNAwl? zfN8YcDD0@d$vD$mtW71Kal6X|-crRk;9d5B+j{T%yUz7&Xz$wG;6}sfQL6Cncu)7G zzU!Ihw#vKSF7HisH!zF4S2lU;yxO!_J1@UWh|Z)6?W_1 z6F}#TNAMq&LclxS{{{ayT|$zQ1!Wxe#$4Do!2g|m{qpMu|M&96tLK6LyN~u2y2Mff zrvgca%>JX>B~UcWNuq8|l;P+GFF;J6e1)!;L?Dr8+RYA$B_s)2By48u`ZO#jJr_A5Wu|8+ks7su*9?w?{skIRl`IJ(I* zq(lFn{9!6?vnPL;&hX8XKTKt+{$`vkp8VneeexChh&f@oKo_syh$mCayF8ha81S)q zowL6`nXW{{VmSUBgwNvq<1CwSz;O!GG~VwRL+Ag+%jeDW|LWz};r!o6bLw401i~(m z2H8j&RC4qP$MJ+wG-q6^gzb%lu9tu?N!90)p^UQ?i2-5l;LRvnaF)|pe`Wi&d>|4m z$&J33Q6yQ0*u2{D=WuqugjSsYh{tze`q8cL{6GKtkKdep-Ms%_eRC4-|9ffmD5K3( z^%Z$qn-)G;>HT$)oW3&#sc`ik3f`*66FMPhVMNG!_#Z7*7!j7RV4PG{8aOdbdc$<3 ze#(-Z^sG4#6bfvrQPNR9i)^DzGLN=+!xE1SlRlFE_->a@)$p`jGK#ZQcKAxgOGKDEh z$Q&d|;n_f+$dFw?=Os35o{oC!MA>HJK;iaVm@~c+&DFcMfxT5ti$^-DN-uzDA!<$H4?={M3~1AsAW$J z)Uvnhy-~}7S9%|BcpWyI&(17a5{p9Mt@qi&G^-|X3YPak&ewWQ7VmJj1+P}h&flp6 z@lIzUR`wT2Hjq#ynF}aZSkY)|*G3_EuG#C(L7DA; zYK$pFsLtnka)bn-kwtZ!M0rvOmPT%|->EN@5P_peZ3bw{6=}hubIh5NStQ|*tkDf+ zw`#Ho$16-DFgjelt>#P+fo7ltC;>_&m%vjk4bRr-c1fZon&U_^UIj6L+hE zSoQV2Q|zEKv?Plqa65?hq891iIBy^9)b|LZFDH8D}XGJ%oC;*1_mV33(#t zAdb*1m$oA{f*D{Ax4`ufksCq@;&Gms{l>bN?n8eu*LxvA9_h)(CVX7M@Ojr)gCqiH zIdG&j|+sEDfuBC8qe&R#%N%MruoEn0U)e%v`>P8BMdb3xp zhM4J*P}N)CP2tN#sPp}nq(t_!N}J0ozccAEgiXVwVNT;>Z-*{>-7}f%baGNp2PLLo zp^ZBAl@DExzRN~Box%;!Z}aE|f` zkBd-MVd-@z`W$|o#^1c^gS0ONfz+@w?`)FGq1_`AQXkUiD~h>SG3R(a@aCsU=}0z7 zh>#Qetz;>QdOx<_0N3jMeMymQmCm(o>K?UEn5SXie~0^S$@p1?mh=tpHFTCm-@Mw) z{#AP=U{key8Q3&@W95>aU;e21)xtGECp_Iuj8<>HtkO?Qphn_68yw59E=rKc==}0W z!@MI#jdsRV7EtUHQ$p~CKs={Z$q0lB5_gOBWsHdtqqUc(wOh|1DRRDcvtidus7y%D z5`M{XqB}8claj1TW$5bs^2ZLXlj)Br8AoafCuU%EBw3cM6}PAtryWgWFid5P`a1ME zyL!=YK4}d@J?qj`mi%7pbFtm0(w&KDKtaTS%UJ%vh zFEQRgtJ%5UYVcC?Afj?M)DMMn%WIoWQ@Bi^-LIh8M$rBu`{1}`d5Lnx-c{Uv^zJ?t z)=ivIu_T$%v?(gZ=3X0S+DDv_xERFX`vpBh@0nEpGuae161-+0-ZQCx*(>zSWbXoY zre}R%sJWUIaH`%eVyc8!tzmU=CIVeh#JB~4kJz^aHjw*ENmIC zfp(_>?O>XanQU^YxkfiJ)$>>u8BPqu0ldW>PMc4Dr4^#?j1 z>EJspd6hTYC@sJc0JdCuOE&qoR`tU4qx7D8Jmy$e=4!6N6lyn_l8mTmBpKe%C^~ z7BoNs?P8Cdysv#}uX*09VfTUoDllorSOT54uR&}pQ;!7$pKZaw7YuyCz-L-8@C5^( zZoeM`UzFwVSPY&1se_Dol;t0clCY}_OxHiOmfJCH;(0zMK0<+wTt7ws&*A_1w|`8Y z{paD~f1OPJfB*e&hyQ1)|M-Sy?0|0d7=@n1AgZ_K~` zarj^G=D$5VdG_o-|ECXkOQ@VMJ~1ok;dtz^uq82cVUDf$M+cuMdOe=wdENS{WoC+g z9pkbCe-UN*S&}eQfUnoHaAS@G6z{K$Bf!zJs>rr6*5{W$9;yE{MlOQSmh2X#d9*~? zaxF+?zA%2Nx+|R>;p4lD-tmi&r6m)ZH_+~ETHZ1dQ$#3kX3lX`M6sE1mK<=54jD%g z_ifx%KmV-dLX**RHMdQ~xMum5xtN zN`JxU|7w<0jA8r72Iycy(;GXa2KE_LtEvq4p(PfGG6eHEMB2cjEe=}G>-MW*c_?GK zcxvMq2AC8V@m0;!nhW5QMNVQkHX^t>3dd?=er7A+N{k}%_$&3pB+Bv$F0gH)U+x|7 zbw!Y>6?bYjKMEQXaq|(l@uVJbjjt1e#)p;!6iJA5&jPI~uk@}sZ11actDD=bnpxk~ zT0t{73#?;w6)9~3em`;p(mc@F<%OTyh7UMYhv$WIZNL5g&6EMyZ>Mjq>&1S1{lU|i z>)Wf>hNeZ>jNvx+#XG-i^y{c*20T)va-rEhGrA7s!p6w4AS*EJmpcBKTeV*iTh=?M z`d9~o5h;-Rm`aqf7#-FeW}Z#E`P!2gMFfkUhE^{0j(H#e4$zB#MXBNl?SkYI)5avG z$RsXAIgNp9Mi+CiJSSN}vPK8`k%5;u=x1L`$O^3^O%!7+nVSH7TH;)&ojS5QVM3A2 zIjy}MaV(Y~Osr^xIn47US@#cIXDfH-D^o&Anx{5*>Gjq5Up323BmZk>02P&tcB=!K zIEh_u37ku&IQIxA$+`@birswB_0>6=yQw%evMp)ZI~=Alnv+jhnrJZBpT=UHhr;&R z2WBHyXyAR*tVvsKqd@!tv^wtc#RJ)uVDLkC17mgG}62L1! zIo0ZYMvW*i0{>noX}xZ!Y!zLb>a6enj`g+jkO{2d;1&d|%%C@p6G57dKqsFx`cCH*Q!Pl&NlT)(b zS_^35s4uok9CHA z$xxQ}=$3HBLZ)Z3?X6z*!t`20)w9(rE7#s!Q8{R0A3;CFH)cF=wm;Ontr_VtEdZoJ zi5N#&F^`fXEa#>f3!@%Hc&=_aojp{0VIR5j3PlE2B?=DQv&CSC_RK#+6ZF#(xJkvH z71}4p$%0UvxGboOBa~PyH9LwhDs|`|U`2$>uGcp6ei{XzGWDUGh5DoqNLmKdpXixb z0{QWs;n)4;pia}0G zXV&c41nbS;f27`|nOwIFYa)4d4{BeHd(8^?dLWV32%n1)VYeG#+*{}^+Ee%~@{c?l z&x<}_C@$I|92bq2g1o|V(Vd0nqLJabXlxYWm@r+mwb*jU;kxJ!Lw3=4i28=^qOIY1 zPa(YMA;Nfj2fc$(UNknG7mW$&MdQ(DTxc)aExZ?vl(Bune35^sFWN@HzVmc4UZKBe zM_(*2d>Bg}?l}|~-G4YRdZ3VCv{(HO+A2KQqw9pMz!dKvFZjG||F#H=u*OEkc&lM- zrIBvSP`|sWUm~1O=UINmq8pI=^9iYT>I%!Lv+@pqa=#jacu4u_*mgI|G z;q){_KnyWE>8Zu^w50? zILvNB`mGWt8NHHNic8>xb%MZ$5gulOjazV^LDTo#ymLLZv696w&Lg%PH_wf5WnG11 zFvb6it5VnJ)?N@s`NHzWveLcwS0a6up^romIU=b+(f7};?_)iqw2?<)7X!WaHq~jh zb%o|duj9?=2(oI&&aqWTG$vT8>Fa>HqPP{xfa^uk2#zi9P7)&52Id!vlj$9EkzA`oJpCpuC`>jg`M+kc3H1>_|Y@|ne{bIB6r7 z5Ui~1Kg$JCLa_qokkY6GVPXcFSV#UT`Ww5274Re7u@opFH=ynckhhHApgAT<&Os|H zBAhE})W%C;F<{8Lm{((1j;c#BiQT37FXq~9JL8}MVQQU;TcWeFvkHW6moQKmlciY# z(w3fQxx57a9r+eXP8JK`cZVxKF@BRU9KR-l=h;3ZgU;H!uleU%n}12ZjMpB0D*Hk? zkS+sDBTyH>#*xzZM{N?6}O5C+=F;`B?7sZ{qv1{?{97>(=4^#mPKW@gu?x%{$}-BCM5+ZT1| zBABFZwy2ne^u`FiN$N#hId4Q%5kTUb0SvG%9ny?!yezPy2}g~CT=@18xdd)c{ZTHm)|S_SyNH% zyZ!^Uxz+D_0Duy(Wd8iah0X^tF_JjKh+`VF)Xv9F&a7jIsAE?Thl<>~s<#3lW*`)U zB9>Tlml76?6Px4*VQLO!#;h&^JX8?{C);E+6%T7{X2xXt;ivx#tyq$$P}tqoRGKL< zaAGD?+tFT&xF1&9yL4~f)Ank%G@IfSiVEuQFN&Mn+{vY9MOD(M;&26ci+%}BF1Z$) zwGhZ+H_|YG2ACMN)2}%u^coW?zwh^s9qVUa>$qm4m+HsTi?(F2Z7g#c3ZtW%hg^By zGYO}*_;qHz`L&O&#pk%t^IE;V9^N{%6vXfpRaFam;9bF+VUCjol7bM3OW-#B%)TIf z*)xViRLNw`<0N9#7RhfSXzx&t<*;GklUouu(iVJuPj=uEv_Ir>#&R0hmanjH-|+1m zsGEbUfSKiT!4yH<2HuJTH2GMou)j4>!nnyF)!E<_->AE* znC`$8MvMoCCL4}1HVL_^oVMhciaBr&F*-ppme^|Zb;cUHc9S!Xh}EeL5OkmlKLm+E zbuDBb-8jET4s&MoK!$&QI378t0?(m9`5$aHh`r@vY46^tJezW_WQavk&W&Qu=GV{} zZ6vW8&u9tJP4AeEXzLBh$1J(#{`CNqUKT?AB}w-4ovA{O}yA2pX=$&i(j`@wNsN-TEzm00Zx zpRKjj2E0B-#1(L%SF?JKlWd7s&j&vm7ieWPTYe!G+ZvORf3{@T#%4`!em5fOX*u5rQ_7^ZquD8affQrJ z%P~tap=VO!XsO`mQ(b)4a4oE@M;L1+YM^?dqjAd{tON~UX0yfWcxPPHOSAJ?v;mN+}+P04u? z<`*emczJmh44OB8HYN;_-O^jkV~@=0+u=abeTCt@Rpj7?P@Tt6%h4sD3!gG3N>0}@ zvM5XP1)&ahTVg@1ojE7!L?7G@XFLM(sgFs-wDE8+%?;JO;uQhG!qX)^#dAp3MViSw zLCSGLgE{|q8EOB{P?#cbr}l(#w@6xnpL&fYY~dHNy$xv4cCNr))ZWt8k_^9AOC)!N zc<;N1D>D)a6K>V_?)eA1JfEZfSF7myGsP+V<;eVBC;tA+vH8uXmy0z;zhF18>YeL&_~zZ4b-^mB8mX>fLQWqm=d)`<9b<0Y$Gr&`TD- zAGVhInO)5gR|(;n*SyEzXBo6{*)obtqLL6?y4_doe{J6kr8IXRpP~ z+|@okhz4vXSOOB9D!B6&9j6P}&)in&{1VIMBMY-EJR$$agtW0ie(5w@KI{ssM24yC zHt{&Cl)}Ia3t{c|JLt|E;ZFMuqjMp2<-+TUot8{T9h;YiL<{r%xb^!(!8G_Jfm56~ z_4=jpfAWZ1@*`iSr7^7D<8(w+)QJ1rX$aH+d+gXh3a7cc!4Il4-rpT~N5Q9AL_E$v z+TyTWR(ozaCzt0J_7Ds}^sye1@x0>2+`7Oy-$P?dH3fIHr(;n|R5NWUqeL>D+e>Tp zJce+~arDJVvU@%5SwubpjT!ep?=?_qCu`lo&m=z0IE(X0{!C&d^DHUc#4gYK>+rgc zJrL*)>CJc?xNf+^)zfd7tZwF{IAw%c;}pHIx}TYksEz9gU~>+;5;n6n`uI*v(e*mB zo`rTc>iYH)4Ak~bBbFY!{i8$F4&4oT-oVB$i$3RKwj)svr10)Y;awApi&)Wt!VSV@ z)&246TXTn6?%GF|hv}m3w<#p!x;+% zu;l8_Qdk-n~sy2r~~nBML@FN6Pu@fnf-!5IjMB9><3QzTurd}w8O z`^c-vg!ZD;BwU*z2a7}doYqxqL9R>A<|OggjkTBcvb_{$4Q*=6%#XdeP+H)$2~&q) z)PrEglvwm7T2U?}OFfppvHbJumqlPab1Wdjd`2Y4eE3XS=$Imh)fEp(2_p!zy6F>j zp?NM9jU}Btr;?;#w`lYze$2o2XF=;$fC6@5MmgK!e*jIhp4^4Z2YPD#=m5aYF3 zDW>@xYfWeG1?s1}AHL_k`Vlwz&V4vD%5MD(BZV>PpF6XYW8?j_x>sFacevtqE~b`Z zxLO+3X*~xj44gFq7ooWwk7QPr6Zr#U@+4 z^Vq^j02O3rE{Iy8FE!r|j@ z{HDzedir&H=5iV91S#f9MXm^{4&)HE-up}Jy7*cWt2>FtHpI~)48ka3vQmJaakac| z*~agN;X|juv~jYT+p-T8T>r_`vOG^PNtJvDpg&55w_;YcfQ~) zt@bIvHkDr~&L%go?xA_T^Xk&3r8w&ojUd)3+s_t24NozH~x_Y~MIX!W1$+%MRcLTI> zuJ5c{ND_2I*=@g8Zpv zuFddbvr_rw&@bxe7CzuPPFy*TT{7+3lxctE0GD_HAHXWv_U2FA(SI#h+nfWS%=p5) z=d3>^r&agNOnPW%t#>EOy0+^>Wq@mZ+^0*KCSRFvC-&Qkb(QHIPODS2UQbuOhWQ*K zX-cJ$IXcTFGrGffMaF7JS9Cs$vgBGye5%P77KSyOe#3NF*;46QO^qftxgZalHtsbI%WmrQR6!`P+5EImMdY3njjowJ~KN` z6>$TcDnX00v=-q(_0Lar5|oMUc9O8gQ{Q}}Hq?yJn5;-_^rVeE;eewh`uOfhFM~q@ zD@!~uhJ`tC0rRtpz{O^&pYwm#&>Or{;Y!$iqs1|J5Zzm z)NY?2&jpG&XqZcev@axI>G({cMzyjy{}j$M{&?F7*# zdEq2M3!uPBgl_&M8i86?CbLvN>P!8sNWU7N$^vuH3C(w5E>sui z2?6S#)a*m?NiF?JIz2{AvlyizW_l!aD4Vmd{X&r!t%(|TbgVD0 z{LVR87za0V)yKu&dR1^Ca~(M-^>mCy1$b$}D_1_GE*s-_A=wSkZ*xT}Klnpo>?o?u za^7D>v)ZHn)a4%`s#NTkCux+Is*)%4nZz zZ%F^`Rlg=9`%S|)O5r(x07?MiEJ^x__QTH61gSsT2@bxJnZkr!^BGWa`(2cJjJ>Sb zKO!L|^exbZT%MwSW#Pz?hZ834d*pkysp+lieZ$kid{Tp0?~4y%p&M{d?;Ta=ySU7g z46K zLqze zmZcevZf-G;MI+&IZ=UN)a_$)*NHe)MHLbM$!_1Z#7g|@0!n|d9q$O||@V>-}G4dI) zJ6WS!&iZrUj`X@}rH8#hD)+ z>mrRK$)ctNA7DX*p!6UNm)tYOYlX5Oq$HPAzvU98|Yh3_xN0vgw@T!8I3gkjAo5s-SCGt#Otmdh1<; zZ0q9mh{icsS48ZKz#1aMl*MqF;7B`i?Wz#1byjhQv-Nzf^M6J8SuKUy*=rFkyq8cj zr|jRCMa%V9DWq9i6pk^KWKz766|jL%8K#9nxQLR77!{IZ(!E5}G|pHBD}2g0h$2F* zT0pp8TT@Jn2xQ7{n41Wjum^W^3agV#Piaa<(W1!6=D5AXUIBPrEhW-SU`4d|%SMIf zuiP3Yn8uSDu=k)PRzsY5pbOee=;Sb8SJWv0T{#ClPkLSSOmo!FBTw8I?QEu5AP(_s zt*O2$rggEPtoZrOCx~*ttccs`BXwFkTk4w|WuTdv_L;H|47zDHI(B8U1eQe1{jyJL zeP(e+%~{cOxA1*Mv$f&0G{0x~IwDbu*C<*t)?3b^Y_>R)p5KbFMC(@>1>|ZgTkf+m z1ydEJ{A{2qiffvsE4I*C;nYz2AnL*#+L$IJ5_zfyz6G*aN^yk9)Kf2B7@y1OrJ&>? zoRo#(D(GAdLOC3a7ppewEOAtD)=i{r-9DYDVEW82Rkm}y#u^^8wUWKm4W!9$Svw38 zy8y>}8v#I@h~wBd8^D19_CdjVMI0un2a~0?(Z^||P`#>OA*;L1e z;#r9ROR`wH{l`|bTE`n7H1N*Iu&q7f%tSG4x;^%fiv)=QfUSz$VNaXUx*15ibY>r{K%WNuj8TOQ#m; z%I)#Up<`I;7qV0A2fx~B95Y-O^v>%mZBE%(ppsLteabx=QEu6?+V?|;1wm|*R!Y`4 zTdrZ!X#OBu=w(XM_G78@p@6F)gQ+J@x?e-ihIw!WGh7kLifdObzs%^(5nlPNdDv& zs86+ESXOGyHf2xGxBXSgvx7_f>I>^;+`n zkBkdr(w+1PzqRxUyEgX;gOfH?f{`-PCj>-LYw8n%AbF(S<6hLxFGtt7NU7Y)i5lsi z`^Jc>-47nv`zk?dH-qR|p){6zvlJ-Bo&nF^kKHFBeJANrTzxn2b#$|S&oN*c#Vr;U zv_F6Sy{yUgal!_V<)Y)tNu-V1{sd%P*=VXGShbA9QPr8QkuRvIA^a?pD#pT#><_7* zk118MrzE}HqS2ed1zik3ZoMm0g#Bg4OEAioUN9O-5UEuf$&@=LG-$v!P4k7)X-lTR z5tNFEoc1y_ntv)WctuF!SsR&ZzDxOyb$0Z@lmX%9S04&}iV(yI6kYkOs=-$CwO51< zylsDVbN$1U~&Z1P@GjvpgStI zQJqzKXih5vYbtudbW~*uk9RBghI5?19Zb=pj`AO6LVQ>!H+jjp3au| z2T!jk{9DET-7bKvDm)5nWiw?g*P6gPo8~c3BUHAY<1T5hPq`C$ zqKhUS1EG9yNPG71I6v(k^;FW~=)+RqMYR8%-Vuq~L$B%n}T_LONuD`Vcl_j^t+y3W(KpH)@e$>j_9^@jZkcQ?` z<)4qe0Q}E_-$P|Ui~euN`gVY?>+JqxcaVQwA&p7YPo>l>Ka2HSPbd zHAQA4g_POwVp{K^wlb>dRx<-bMT^Xx$KAK>mJUEEOYxXeFqmfr2}&f~W7teiEXzAe zA2XCms?|AAAxm=9R(H|v=92CzQih1{Zk@EDp()r1`Il7g8 z_2&XZcuA*DhFElD`;dUi8gj(awdRCEZ7!^Y6v~t68EFZTv2l~hbZ8IixPSuvW*$7Q z2Mxkig+?_kAV2W8;4RvKWe5Rb@?X&CH0|cBs<~Sj;@WdnTJx0Bs)o%Ak05>mR2}sN zxM#pp{9&XC^{l(ApSRMMr|YWT7t7CYgI+3#cmB>@9Pao>h2k70jPmz%p#VGVP#=Vc zm{<^*XY*V-8M?>~Zp5gJIa91sFE$nh$_^L%t0&)S+BWq<9iDeTS(k)$4~4T8IGa=5 zg(;)MHd%dR(ECeb;Rbh%f?$50YufXu;9DTiis3>h@Ncmuf~0r;?O&zWl)dk^sqMF@S?t4 z-CWjbvt@nPW{afvpXI;cN}09s3RZOrz3IN9vPJBhC9;ej`(&cL8yoXZY}Y@UmZvV zYudDxnF!zeWz1xH?xRP4e>Q>2n6RVsMQ|q&Q!y3%ZZwKeh?ug8cF!It$JjGJW6?gi zyDE-)V4yNd7Ym}i~cv%Q?35DWt0B*xlR8UOApw)TAd%* zd)i4@{};-oUjLU%7~a+3SF_CS;gkEDJy6m!9<>KsKq5Rg@oNZGXA4yL<`+A63IFH_ z66h;AF#a>bM_X^-$XuzpxBkYe{>TVcF>3`kd5SR}iC|@zL!s>HZlKH|iY^0U;ZJh& zKYhRI*?!r|W?`Y~+3qE%>MLh*^fwJun5*?cd6uTmkc#|#OY<^J%!<&^s_q;b<11JV zFE7o}^@}CJ;K-c8lHYW$>ob)5&BglH5J0?q$i!-F3-ZO zoDQub%Tu!hE+VOpGLQ49Uu7n0c+#$rxATWn5Pj_ z=>KWx`)%I+gvG23>q4Up`)K|Dg!bPkyMKZmwDVI?5we=g&GkE*y_Cd8wxhfpvrsW6*=^0Ob`YXR!0|($2X`t~yK- zI$$$k3XneHIW>&N?EU+nTn6X>bHBAy{-aaZ_Istzw)U)`!4tga&HChH5>*mPXi;JZo70eM1 z?M{&5w$KYhM^Cn*za8c!z+D~%(_}hCu$Wr4OPk3;i%JaR+F}Y{?eTDN`n+M{UtmWA zU|^^Sfgy{JX3r~nZvj`e6l{fXI|c_Fb!;6cfxhUP7WyXOD)Ea_S?gAtw=-{KNP8L{ zYf>wfMk>&z=c5cj#nw=#JdO2B_QA9+D)ax)rZ#%bNXOTSxLrXfc1?WI;SX-4qJn`` zY1)lFIw}x#=<4kBufQxS1Da70Xee+}%+DW+MJe8ISijrDvu>na)x_2jtw# zO`mxA5>h#xpAxwsaQdPZy;d84(skprd zD^mg$TD5D8yMMuflaK);ceBfRtS5hsxLMtV8}sDEj)%KQfGaYf!|i?LW+L|NnSIU;HY*_=}q6TvVC^fkU#Bqr46b^{E<;fE4C1W z2Y6&w)K(I2AUT;WV8sD~(sjYcpOY^U{xZ?@(F!TjtjP{S;hEi@zBKnwc?<^GZA2v$^Cm!?790DKm`XoS2gnLWsw$W zDV1BvsfIH)KgzEjw}XsVzP8Iz+;qC@F_f2UToN?~mNjGe+AvcC_JfZd4b50x1u)DU zaL1g&q&8?zS$;RyXlQWT=8tZG~9f+c9Ze<}2F%l*kvlWiabS4bQ= z23O*aKMI}nT<7XYr;=Y;*4i8{PBu!6S~}_6yV9n%mGY;8=^#?4(wBz1=?)8R(lm#N zzd&+{hLnm(z5sUd%Z~c)2b5wG@of<;zYbJi(%8utd zXg4$OAu$@V#$mAT9c>ESukf*jq6Cbjo)>Gm1Bk=r37S6^84KF4q9G-=*lKc@6Qo?P zP$#vW3{VX_mDF74hRp3x7N;M^+jyHPxx9b*sF?SRbq#RnTk2=}w**bi{hu;ZgoqGj zs)m1RT!HCk~joWx-!t7 zfw3CuhgO^H0(cjU%(fj8q1JSA1<#t4Il)8OFv&fo*2TQinorEM_UJX5tL05s-ZDqF z83jpm+D`UIfrL`Uf>QBU8sV+^WT)TN{2EQg_pimLrSAqqa$`bNTm>$ zIbxm2uehsu<}*8lBDG^|IU`lquUajzfS}Jzg;lR*aG+Ot=tMXPz%c_Nu;x+oVr2g! zf2v3{<=R&q^B~!RcN&}>T^EI$H7o_k7m7lj+_JQf!j8j{%e`M zsDhQt3$J<~&`7PJ7P7w$(ls?DtO1h-8QavjR}llkZXjZxCP$77%*9?6!3U#Vb5 zipHyqN~!VGd$2-}vOowxog~fA4oG{{u3yABW|znkQg+$gHt?~z_~Dy<+tZobP`0q^ z=ei)SGuYlVy_Vrj@Xi7<$sRiTJ+7GlLpQl8*Hp08Lz{+-fO{Ej7JY7|*E!WU*HfyU z%}q-V?z8(f3Nw2I4NvsU5HY+s!)d6nex;y~$2KjCnWst#7fqw#&|o0>etELq*Zj~+ zdZd{Va{QAo1DApn3UsrZe@y!)=Q)f76Ew~(a4gDuKJByTjsyv#N-T8}zv!e*&1(gq zM7%hrFdgq2LdW?k<3RpfC1$9^%Zpm zCoeL}^9G3q_12fsbrZTumj^OOA9QHF@QLN{yXCoIj2qyh!6I4$KtfD7kCJ+d=nuG( zHxpaINLtFsuDe`A&c^V2+_R8Zog8p2Dj`*0OIu+c4m$&sQv?`FrQJ4$B9&+^D->gg zxz&~lH*$UfVqT*6&u7Nf<1o!#e+T4ZwBD3X-`qEb2j6Ia!UfzGmgaMPI|A?3RwCSn z^sb?H7yJQ=lUE^oz74n$dn|MNFClz-Mg{Ui-QUJ?xS<*JBU_raGZ|7d@5DS#0g@^5 zkIHS1u5{v|a`aMwI<7m;+*V_bOQO(&1OaIVly5rz-Tu-Q-p?r@+$w?{1=RU{uhXicY+0(jU)mi zS!n4KX8wFD+@H(nzx)v+U3>)?>6L>a0p9c$yZ1UQRbeQgVBeDzBdnw)gZ!?*D?L-(Wq17ZZ10oRLs|;zxC7wPX%U< zHt+`g%>2hFDTUPQ=bu=NsYDawmk<^Kh_W`&aR#hx`ov9FA3Thyou zd9D|OQb@$&gw{5>V!SBiVqNJJVqF(b3w-kKYXCY;c2~6P5`$4K%l`^=n7hrG7CrK_px~Zj3?%9TH~mA*MoThma7juRc?1<7%>w! zmPA|@Cvy03J+Tk6E!rWekEBQSvt*JT^pBn{dSVS=Cn#fU@-jo3xoNq^* z=oh-mmjV{HY{Ljaz*r<2FrBQ9$yR1W4T?uucNh^yvnnu=Ca2OHk050f>NYbYa6YNO zT^BD|1{Ov90ystZGfAdHfb0C{5~C_t{pVnaYs{BvEKo?P>etWS0($dMw$v3WECWdL zgpx+pvFtB>-AP%TZK!%&F1$YXx+x>v`8l_-x#RyS6lF1Dl)a(}O|iiZ_WXVm9SJD$ zYMMzaK{Lt0jTo9VZ;V;!&IFVx*MsL=@19%+MzO3fHGZEY)1OmMq~ybHS#@|sW3NC) zM+erqNMTDQ<#mP1{h7fFA&? z>RaBUFrJ^2EHq!49STPd+ME}mQek=3?3~_fXEP&s>N)&aUhAJ1{}(p>FKqf>*z~`! z>3?C<|H7vKg-!o|!=|GS*_3l&R4wZ< zhEQsq3zYL8IzWlo<0q>CVopJ+^Ee#}Hg<%q7df~uDo4WOp&ux!hgcC; zrztl_LFZJh;bDt8wUP5+E>V2exYNeBJ4)-<)dKZv&dW`t zE%j>$&?smkwiugiyBb`veLINaswt`?hYpkjerPy)t_-))PXWo|k-npb#m$55G3$^H zWLao=SgghAa2Do|uQ})_BU1nO6urgLIN(TbNu(riek8(u_Z~5-_@rvF@=4YtV<`mV zNyk6bD1%>YCyx62d(~^>y3K)F#-8uFwy(`Kw%8&hdAj1d+GRx*uk>GNFL#6NjoB4piP;_t z(uNp#$UmtX189!FzQ|bBOBh5?HpWoY6_w@0}<`Yzc_z z$wsVB>#yD^`Of89IgV8?lQ26hecJ5a7K)yGhDMxhz77=jhhmm>4Dyr66sy#pN5@@` z+r&AwEmtu#J2JQVnUK&}pYH%SBli9mA}z<_iEPoWys?g0-g-rs$+lj+${IP}-udHH z*(q#FfX=+}5Lo9QNi5hKvk6Bx-TqH1m8!CJkH2meL~6$t7ngy*KyQ|V@j_D)G*Jka z&$E?HAX}t!Zj$Le(?k{=#~!wwyVs^bD~4&GN?Kjn7Rri)nlDWwnC$yLgl;z6K{Y$# z=Np(UWiITNHlqX{@m25f{XXCMcHO7?e)&W3q-mtEg`8l#(vb|IELE-?GMfQPloyoh zI@NLHEC6g7Y}!|cQ;9Y{;T$ZTT*DFBz(=+&F3ook2u~f#vIp>quTJ3sVV6Xl3^wpuA6qFb$V@?5>X~B zx=R}L_otSIN_X_^K4u-}*CRb~? zmb^HMVx3=N(7eF#iuy--0!n)~nze9*W3N)9Xe2Dn8+~^Po5!qTsFOYAvQ|D0IxjLq z>&%~~<~3ykwmMBzQ=`Cy32!lB{OJ=2YnZedFd()n04Lg1`oYp?Tj0-5xrH&Fcd_wJ z&;rvI(+&5-7~W0YOkPE%rb2;kGY+#;IG3!=sMKrTZ7YWszUuyGABBs`jaHLoYaXAl zYtYCOs4LzS9VXB5<`KphKL8_|?&Jg3B4inccTy6I!fyg9F5dntbdoB;6lS2VXfL;~ z>w0gDWy(Fb2OASFQB}zDGxo+!;S0vFQ?G+pH<76Cdio_0W9`yCPj272>mGm^x+&Q& zTbu~#`i!GBy7kmPZ3lh3kTFx*UPX@s($(vPUPh5^`W#H9Qr{$TL5Jc&P~_V?F9MhFf|^Higv84wLtxX-TfFiN%1Oy zk;vzx)$Wd(0Qmk=w==pSbI51DXvPQgaTH9z!Ff=EV_{Q02bqGq83>yBQ}ng{lF1+j zOU4nJ;>oKyz?koz<(M+dcvX)kYKzfs;UGU{(4=Tsu46+3VAw&Bjb1dW8EfpoSw z&5P1Wx>I4Jxo*Q{&L)%x8UMk^FSyJINIht?Kq^Kv(E!ECvO_=$hxy>W7uH>KUO1{E z-H$aZZ?iL^vv#1V3omOeu#14IN4tJrb^tuNy>Ce_EpoH{Ha(i+H!h82hSSnu*$FEZ zq@rGBVmT6HZPV3gv_A;-Dh`!F_+MBBG>pJsv0wY_Xi=QlvTXiCZG^QQ+nB}(O}i&T z5b4qQ_i@xo%*FT7*_~yXsz0Wz1!|!%EVs0-+K(Dy_Pgy;6y2ZwDb zD{5iy;6w_U30dKo_={y{2RKdlI_|r<-Ug2W7n1lrB`4wN22OuC<62F1hRX!#g&#u} z0;O>J{b$aJ_H&fvMy^_Kn8OV%5$f`0r&nd(M@uptDooXBpDp91n#YCr=aEp_0s15^ zja|k|jihbH7kUqrkr;!GZVF`^{qEx7g4A2aiArqHS}|4evWET<&3u{PJr&ha1P#$? z;3xKh1L}4~97oH>OQ3HrazDqI(#nOOu8y5?)S)Zb6y378By_B2Fw@kXykylz5N$=- zKaW{J>;zsm0R|ZFyOf;t$Z>GcKPmXMTaFj;1$_)>vQTVaKv#G`=q~dPkD|BJM_1PnFtH&8Q3{6?9KCOlA#Q|V znr4ie5r4_IMR7l!JroYYfBwp^vj#{B=}m2yM+q$dSe%#+VIl=;H0V(R4CIN!Wz;$6 zF@#or27e?D2&55VfW?%h%xF$P76BKr-#fr>CpLi_$g3TUZ{z}hX8m*Iiq-1chrAJH zfdyXXa@+Ju_BS&-k`}9mAy#f{I|QjS<`ok^FRp*jleBymKKl4gezlrNl@2-0Mi{KjPuLH`M#K&>-A%L@BKc&i~D+}_&D&x{=T@|+4TE3xV!s#@7wBXhH>)Lv)_>mR#%G$39^@vBF%YgT-Ye#O64pei%*?0A_qnCyfU=@Oo zy)Ma-9s9A0K8>0ABdU;4DOO#h$lbz5ONG>k10`6YbsxMZ7pMFU%>6SB{+3$nGX|!S z%v=uSr=O)VW-b|vZJ&g!kD$4gITXC34wYRF)TFB(FvCp8=qhLq%k(uq{Mx<#!i&A) zt92mvS=eRa{4vGm(zRRpZR-HOh2G)^;J|(ydV62UohYP91{{KhRHc*D&s zR5G1I7$)eH)43jgQ?MpvTQqY9B7-P*>*{d5NDE3UU7y9ucFC6z*1_Lx2WyNaJ@k9t zeT*x(Y9h{uR(;HglzHk$$V8Z(x_mkxdW)p^P_5!0;gww4wNsHfc0{H+UA*71VzI1Q z@*I;EZm5}IJ2}?kH$K^Hw;Ww%F=j$mfY!3k?BG9W>ux>^kuVlgJ)HHq+~8wAU43QS zXlmM4+0XwYWIESxOqvSei{9qv2lsSxK|pOmXu!4-W@;L49(;PYQ!awIdFY1iX1A{8 z1Lt%S@`7ET-7KBTYjPl8dvz?-8)1P~B@I=f71$h{BS?rUNHQ8*ff=H6`moSg5$oG* z*cL$8`pF|{COkIDuQ&Fg(m#G_(yIA9*2?V%Uift&c#}?tY(zKO`i)abwhAA(4sj)s zMR;0Em?EwL8AwZ$k;3r`FnK-%`v|@$20xcxqKdlp&OnH6c1F_ARclf-EybQ^LK9Xi zHs{GoR<2GT(4GrUwN@}$`xWY@Rkf*CGugiDk&k2MDcWUky zKdSt1(LiceQi`aZjCtbvLb!Z!Dr{3bHz_1Dl8K0nePVmBOnfZR&((gthA+>sFTc*` ziN=Y%=&_9CYqSsB?eXlR^POSf$HKI;*2#6_B1#^dm5t7sl?fp`8EG6{gHaBe{#?wj zq7VA{`L)FMz0!Jky433T5#YCyrtY;0X0r_E`PFj)KefggCNwsQe(Ff?JuN_j$pcDYJq@K?ju<*MyU9>o361upv^_-GCJrMsT6kV6bvo@)pesobJhS1X zEESap(yX~@M9R~3d_2SE-u>hrNM-7Gl*?q(v6+ zcSyh-B4YYNqT`;?ZHH*{n`Z0SK*)VMQGYX%N!3a9XMmz}2Q>tnT}X#wv~3-YDBIuD zQ1mVT|2DwQd$Ui$a~4QCD;h2(O}jR*=L#C$9NwQfl6`4z<&ID9hSs*As+C2SjI;`1 z;V~wS&#Ski2VmYpO^vPoP_Fa~D&$8JAwgc~-Bn}2XI;fz*=ospQhoqyu)ifD`{Kr| z%YNCFSIRw|CC-MlAN}G%E~t|WuZR>(?NF(3+|79m!dYYTlQumx`*q7EEbo4iME#lw z4d6glCPJ{RP*r!!O! z&r$a+0+u^W3C{CWrdGkzSl!v5b7hdkPK8(3;AQX4F%8upOKU`V*Y{D?>leQs=S-H) zbJ&GcnstC_6;V&wn>MOVxYf^TION}GAZNI-eoC|rC~4P- zaMGfe0|VzB$AXHF6BEwbjjd7l(wTJ_HEcX~opt{CQ*;`CM241JCyrgbic@qQ{voT%tr$tMgksOSfX68ypH|=3-e;59*8r;BD$LoI>?SSvLh#v)JXb{TOEmZ~odR0`I~& zbq|nJn}qq(Q=4_NG;N@7Q%EmQMZbu!xF%c?(u&L@=e)#ASB11w8;UNX$ zV*BzsUi7wNAi3a>wnDICmc=IC)6(bu$HByML~YFNP!#6Etw{M`}uyiOylFR=LLEkoTKeeheT86VoCCq&-Rol^Zymt|g5}zXrraK4m zUpU42D>JuQ&BeN_b)QghefLdJ+jAm>^JbsY!`>?NucjZG=@<8{L4gMNn%1(ACpE-8ZgE+#LF!uP>p4%hq;S6}cA!ezuQ9C?4X`Af2mK|Um zjp^Ip2|cuRR@qL!+eP{|@+E0qI=AOqp$*x5x|CVNeVmF^@6au%CWB);3LDJ2uS&IZ ziWwEmB9I}em_G_pk*3QOy(vsXq|Hpb8V5D*2Liw{lTq!Xcu4Gb>)OWt-9&Rz3^kW% z>eMGrOq2XZ2o4L;hk?F!G7rtklv-J!RhWlAAT;c>xW`VR!lKM#1bVox9XFw<1TMgz zeIcwos+i;XOLfOPGfP&}h6`l5`~D@j@{BP_zSF0$IwAl+SMsY876p*j9l%z|Gz!4! z>{A^zpDbft2n*)a+l)l63XVgBeQF950g`8MErmsy`A8CX_*&Q*)VDqf{N zj-M;j9e{xVtnq&-{j>WQTdm;%jAJFj=sPi~)Bo^8sm22TRZ(J~Qz2?%*eo7PDX{F0 zcBnHusmlU#1N*Kqztd9xwCE(mpaNTEmvh0DT{hGUx>2#pqbnVY3^!E=(^2^hjo-Yw z38#6t8y^kMjn6c6O%coNII5@)5ikX9Utag1v!yf9*oRmS4HxU3qh?e19? zJ;D+j#M2;`>QPcQwc|mlA`T%^%s)ANhGIiTG+s1n`|1o|8?%XVA-kO!rgvSnn74)K z8zEaKdc?C%W2wmi&px>N16zxS4JR;+2V&;fH#o%mSmUiwsje&e?Q4wA9<3PCjo!gb zNNMzg9u8u8AbPfdKg4+LFY!H+#Ne_vavqJ>?PNZ$gsmH@*%$YO?YuGAn_Q*4?{~w= zFnY#$ZS$T5M-+9@f!nApN1Rm_`vzK;yDY6j`9qLrEF|A1&xN&R3fy)3KIcT8-+Q%~ zuEi0Cd&C(QJWrqb8(W1{*84Kkq)FQ?R#6y3UDU;!D3bB6+*G00*Ay&!eL`4zRnmE( z`WsI+yxzy5`9m-W$z;hZDkh9?{z#bMdX2)%mDJ$H%Em)0ZnXWC8BIWun+x!DEL)OE zTJiaUp}6Binp%FN>POxtUY6up7^^>It%zV>nOjM0$Ja=Z6TMHV_!jLVj&*{dw zqpPfUKIqT=N5aIdHJkMcb&f~-F%{$Hh@&yL$P8fKRPQqB4J}b4DVxdz9bb%L?&1d# zj9xoyB{|v;bGTT0HJ1Sf`j&nh_q0!&aKITLLZvcb|dhm)*>2B<=gv1<& zp=(Lal(*h%cJjd3foO6wdCLGwz|h@yj%ds!8lz2e5Xz`jHD5A>svlHl&|~GB7pudQ zgrT&E{gU{-!W;?1WI%Ga?wmndc5`vZ;I-+l;!<)ZB#WwN*cRPRAAc-NT7g#7ja3hd zn4#<@-7%oy?p0IG*II)hwJsECBue8@H4s{BuC0TK^jpbs>xTBSc2iqNrCjzQ4$-^6 zTJ}JVKo2b?*E@;?Y1B0ulD&l#E6SUXK@4Ns+>!?Q{~j-bqjMsK@*>M+oN1m>w!1jQ zk!XoGf#iRDI5RquAnVY}{o~VQ4i7S@zr5bg;AVT&rHPPEtPmc|8d~`!j5Sp~#H3Mw z*y1)BV|_t01;N*j^7RNhOU;4yvj@KlbLYkXXwo@*xulizPqKXasWozv2ZoO_M7btm zOIEaaniCEEG-rsxCCoqfewLr6FpQWPDdTV_F{WyM5L#$jR=<3}YF~%tz^Yno>mrc- z%R+_XJ@tk%6^WwLi|K8lU4Ww5GN4FV!kHw&uGwH^q>#k6gO%`jCp~2})dB%<+$t&N z?iQOcgVnAhaz?A<0-Aa+kh$)GpCa0r(8^H~NV7hM$bBs=4dpp8)~1E2=XEaGua6ih zsa%61)q)rS{*QzSEf2xdkrwsQT(n;F8}WB9Y*#$efD0AkDz5dP=`v9})r7m?i_2|2 zKMV6?{PdFRHbYkEh!e150s|9Zv`mQUm<7)sNEAWK3$aF}Hz=NmvUPY-GC__DD+rVrNtY%8QI;DJ~_}pcqRes7TRnuFDh! zA_sDq9SirmqmQ}&9X}zUMX>&yz!-9{N8Drix(4wPUUAmE9=Rk*3wUNNf{tTTU)lHao2H6hLKB9j^0` zq&SHCehi1PWP3`*RY3b6KngVA;o3D_3CeJ&hsvYFxMu}#C`FnN#!G5&vxfbz%kTuD z`L@w%qwIRyIzuFg!Wet?;5F7)ug(pO0H8BXFDZ^X&1w=%^Jf}9d%n&D7~`Etm`XC3 zz}&VA4y=K~GB!B%v=zENO)XM+5&!KJ&9kzR!^k>~MCn+hfQF3QqQ%`yVn9)sDK7i< zhFy6RZJotiIMasIeBH9vEl3J3Gw?DOY3{xs^zeD3)YZ=bQUXn$)%kqZ*HQoHq8E1o$Uxj2CVfg z2p^l-e*gW`N(4Wc(^__Su|JanxEV_(qVi@}eVLuyCuH&N3lm^h-pZ}%9pqY+Tp{S- z=F(|7U`>f-SGyAz2Ltb9h1b@js~EZM$w(7^XlAhj0+lrFrf>|k zp4jIf6_PDhoC?fqW^!?F({zM1=pUt^!EeVKd76vWBwNG;ih`lea2iQuq{x}OKy#Eg zMx|-@RxT%gU07`k&1Dk^hou_``~0K=&c?p#oaU&-;t8%+S)&vNTTHXrh1w0KFcX+x z6z;`{YM>~H9Lkl?Ux=Nwy{V9$ZrL|4*dm$bz66JPi`o^ z69xC8x_dHs4!=YDd%E3+xVbN2PE7Uyg5#R?#icZZD6yXV0DYV0nO`k7ALAAbohHvb z+_i4HI?GL2s6G`4Qa}x#Q;CqDkSPuHM`f{50Mc)WO1G`bvPMYpQ?{F0w~QCtZ9P1E z36{N~$VaUETxj4{!!0w$ll|k*$5I0vALYGJ)6(>12eBKr2Tng4+mUUP0hZvd_Wog80{$kYIZ7G zYZ&__g&~h%VvvI=9Ul+k>~?x9?TAQaZ(eBV)W`1{C;hVblz2dbl`EQso$tTiRPeI; zhYLURJF3Or_32n~KR-b->s&X!!u%yek2YO<`B1x+w+_VW>{uxeG=tHiBvAtMZ!S*W z&~GD6Yp_Rn#XC_MujojO)SSn78Lf=D)VUqRzGCszK;tUW9B6u)6=R;h^ksR zxr-{HZZwSeU7K@WM=gbF3BRK%M`CL<#w=WELlQB(=-_4KGPgPnP{s}&&!!;-`}>D~ zNfQFhP`aRR=^3#^U4yewO5|9#nLw7BN3JCcr6HvU1fDUj+vq1_<~GSSizl@(aDl%* z5c%azTQ)RE)98fmL~SZC&?xlok*|ud*!QAIss5e)1LZ9=#?VsA-(cR*loCROCBTwe%)vd zlll1@1(VR?4IO+y7Grff9l_qeJCAZ{VGYn}-WHBTRw|zKE|?sv&lEFKd4UiAfM1u3ds(1ef;6sT6s~A@v~^^sz1xiLQ<7T`mdbHGKSvoQl)@BY1^#q0(*aD3$3Uq(1Z}^|SP`46 zWKG+>=OI3=)q61zf;cYvpnuE6r`%WQYwRWh<-PI_gq-bjA4mrW0el{6o926)i8~OZ ziK`alNo<)5ro$1eQw#Km>cnV6XS0Mp(L%fZNi5lC>pwjny=eP@K{jtI_aURO*8lHBS^mvVFv5?&Ik7$r~R6^B!Ve~@k3)5L^$G<26Q>-*b7!@ReoUs4r zI87)~pizhV_X-`#Yf8$$zwg(();1g=upAJs+}p_CQV7usOfKDDCrgi{qnSDa_fa9} zd0-IW+MIDj@Wp>Scuorl-wgVwj0(vDqJeWii_vM(dGhz4i9nGazoLQ6KUUrpHzbmU zHuV$cOw!HwuBBDgnuoOpvyPKdGP)qR5yElvsM88&n%IoL;VSf$ZU+Z$V;J4x{`f2K zOJ|c;|JPw#B$dkA&QPN$JvdPuCGp zJ`l1CUwtX1-1%m#L60630ZB;Or#rdwv!cWXsSMJXna?6^b!(Dd0^fC{n|1-o@|ylV z0qqmVQr-6*(0GI{coC_vtE4KbS)T|itTzvn?Oo<-_Iy~A{E6O1R7m@CoNP6HJ$-HL zF)`$5O3En|sbI!WXx1C_jkRmSkZE%UAA_OC?%|Ttux`K~qOqqc3jtk~JJ^cPgvb-zGBa+-^a{>||5(i|vH?qRH__ z8)AV*1*DSxt8u8HC}`*M9)GS;J~L0NY`KY?an&=8p!5DfUl;~1G&0-=LtV&PeKc9e zggJn}#s{{bdKz=jz9pv?_R9{PFSA&l%ju0349Cd#qN1(iHn=WXj0DuAWSE&+j{kf%sN}!8U1OOl7d0*$;`K>dhq@#2(;8#V zjw$deFWy0Ku|t@oJcgbcIBnAXBD0NlY59dvW_+eqr>ysGp+g<=;OG0CL85|AxzFrH z+_%1_xI=;o;$ZrR$;6M}5rl!$#iRjwNt}DP{6TVIJ56{)n?i zLiR?YA+ez~OJvL1fi!&wFadK}sYt*7V_rIIWB{v*RP1GyM;T)IbM}GCNtcBI1xJW{ z{L2h5FRapz@e+G?Bw2|xAO~`_zx}E$M`tFASD>MTUL!C)MVwsN?_F=&*pEo2+ptYM zp1lFV4^}#2AiqX?3mEX6yotFsvBlT#b-AKXU4yqTV59uCODMY_&-{P2ca~3WeNm$> zP@p))-6_!E1SszATAWfS#R3$kK`OYrOR?e(L5jOWa4%4xP~0H_a?`%=ow@(O{r3Bi zwR3i6_Bkhe_GI#$y`J@nym^tQZBJ*XiVCOVT?~X3Fqg!t7u;9=B*6D|;IB?xmM?ST z9)5)}$g1UMJ0nL@jVW_NYe8``yiC3Nfqm4)(An)(hL__bt32dWw0}r%)5QmQz0_6< zrL?P@m3DEzx%6Z$rE|t;4O6>TW2(z3OW~}b0vq~Dlk+bWuZw?zTS>1G_9&&`;1kjc&U$TDgMOD->SALM#hCREd!IrqJcm!!66c}Ok4Mr)|*y! z25r<@Aw14*Q!j)rVLtkUa? zsHyASO`cYKN2)uPh2jY|TLlVuxv$`h2On>CF4*qfKsW_D#O)6UJ`oP6hi|=2_wByw z!-#LG!R7`6A`?(1P#C0E-Xz&8p*d~6!VKaZv+L1KFcjKSx0-#Sr93ghDp$Rfl=ouo z%i^`D+OJRLkQF*@!xfO(wrc%2ZeZ5wd|xKmhO&B`e30k5JB5;ExKoVT2|IMq35$}oAz|{5{2S@r)~$aTcnLN%Y68&_QDhg(*O6rAaiN3Id&u+V zeasFNVgbVrDyY3me?t80`qw}Ghy%{4iyi`h=B}-0AoggYYn2@4YgREkzx<%y{Yj(r z`Pal~PI2LA!A-NXEjaTd&)d=0OPlBz@fyk{t*Um5nm}_!@%L;K?y;{+_nj=@KlGS_ zJ&|>Wi4}h*cCc8HFlO$K`DvsHm=d$P3xK&Beq@ao^EMf8hh=kXncp)bg+cC1d;yKE zuQP&4k{LE^Q(5nGjhU!n1M}*3V__j11f3~yaea;07LBzpS6?79QsS?mC}7WY%pQ@X zbTmcmE~(G_f%g;^WgiO}fadv4lKRFbxyO(nA417VJ1Z21(59XreSeKBvFak(hG$9q zwm{3-2E|i7lR5^aiEb6wiF|I=AvgqA%1K+LjBfP`jQrn_t@^)jy?}7vgoLS+h4FltCg)ct_=JZJhYqqM ziu5?3SO1m-P>Sm_&PdEyWQt6g8dvX$Qr$1gPl&5x4RS*hoi>$hMl^@2b$Qj%fo&$k zpFVDD5A=C>7sg=LH@-DIIwq@kur@rZA1O1}2?j>@n0Y6FzP3=(J@oG`QZY3>wKIgs zNZ%fnMxR^l8^9ycT(p3FU7=9mI}Q#b5xKf#n{F_Bir(&AybDx$o=$9wvcKRAVE90X~u|l z2xTJT<)~&&HQvaLSvP7*+D|2Xfi+1;E_tq#bFZzpojXwX_$jG6_aWU;!%k1IXx_s7 zkswm&x?c>BNnYxmz#-7enA&t|x6uOgq&r`*X8y45=!-C`Sto|GaMhosVEMRJ z&!`XD1kQ{Eys&ZmCO4IZ$w5E-U0wEQ#PzAk_nqS9@_pNPZe7`RA%^&n(Lo?E@wb)J zadt?yY>k1}Iqr4CZo&g+>o(zbTlKqCn¬>$=l~VMB|$*rL=!>mydMbB|0az0Jf8 z;f_eaRk2~`x)WIE>X8#ti^2Z5)4+RpRjoLJ7IWdPt8MYJ;FXDz-i5GZkCTUhJrQ~r z5kmJ&a6F17g70>I_U&$cDScMlk7Rvz{*PwA$eRuy`-kNTz={5y&4fIfe_r}(3>=`p zErHyi27qgs|9}b5t+Xshg2)Lrrx>^#V0lfv=T#7TE=!1_S4I@%HpdeegCblf2J&67 zq3+D7B1-bT{ER8au|Ae^v3Mgxvobz!2IF7lQsOz}C5^~m<&sKrr2Hd}1<#&C4I2d)+iB&ul!cY~A%grar;-|cSLTi3~mb0GA$(W^&Z?l3woxf>iM= z8zIHmhWC4pz0x^JU&%hliJ3l?4akumijIqX!Q{5sisEqom6?h7{2~G+m4k9XML&I4 zAv!GIb&wwz&gB&2li8b23AG^wt`2O5@}ay_=vD~7o7o_f3$lI>=ne9CR7a|o(2a{| z%?gI%pMR(WQ-@5q5}DNLY%tgjTL=`#bKYfyn?#A~4i0KQUnapoQ(9EA!9}W;B0f_0 zm~OC($+t-f+Qdo`;P`$<+syOYzl$EP4*pT&&bxdHnwPQPaS;1lzQhXR?oN;5Or#qrR9 zzyAzGk%uQ|>F3~g$br8r_bQc5?@vI**)Z*h*0Fj3UCg#h@$T@{tKt{p8pU&i8bq=B?iW>xEwRLM zvYe?yy%kl&s_P}inHs;V$$HRCh|wf9zEOVI$&l87x|+#r{|5r|2_^|{_#7q)?v@3 zb=Isx;AU<%{qHEjEk=TuO`{{o;i|(k2g~x}i;)3&jtZ*Q|5=I!h*~IeO_nGitS_ZB z(-khI6#u?+hU^7KJr4d05|&YaFGzdg?c7usS$W97|BgUa9s)6~pc1{md~G1uko<7B zlZsD^5UC9)ajXrntDvVk2pxdst#Hi~MBfg7<=SFXy5FuOJ4^JAqCZPq`JZDfTKW6! zu-w%drU17-t(e>4Zk~QvUhffr!-%|mE}8=FYfv6}C1;)8`iblyG(hI?)jYvNf`}V( z^gCquWBTtj^T;{GFu4poa)Kh}<}5D*qwSywQt^+MfeMI)p@jm3qx!!orxN_Uhk$L} zTmIkcgMGGsm@3u^^&=~dL-tK2a)O6G$R?drQY7jDeIa?M`P^)T4LnEY@t_ zW>)_rL&IF;rD_=av|F-G+|Gcv^8xaNyp~|g%uP^Q@c@6v_66?w=MmM}s60!Y>)a>Hf5G-2*G`VDkWVp2NIXZ+6u=;DR{5GR#7qoDsir0hZQeY z^tdN=(@W~*BZ5e&9&0y7v1wD^>vMFF)XRR?PB}gFj>{6tvLTg+nApzCEUN`uhm}L$ zfzU(!?e1%Y{WVP0m?sV>N%t#q#wZCH^-Xr(@-YC`E7IOp85J^r*$uUNFmKQAfjdN- zEi5>GDgkP`HGjYyQN|MvaI2v<(PPiBC!-7G`>nT1Y=o37k-Cg99@{_NA*y3XY&Z52 zLyT(V5$XCPtmrUYnQG66;fI6Che%pyjzOK!lbSQ4MX|l53xe(BX2Vw{#wxdcdf@1S zd)&Yt+{uAn8HmM@!Bx*}I5DcjT2eg0^sZq&u^YO9%0cHRCxpz~6i?}ohtJ{}haPwX zq614Lh?H%{Lirz<7(w&sxriX;${H6Cq4-%wewP4XZjI@-Y*qQqjhLIn&B~6 z56pXq-9{@ytV0xzooGr-MMS*qW20ea6r4uVFe_flZ$i{do>GS!)c~Xyy0euNLw%F< zo3MCWjQ%t67VYM;y?(?#@&7uO1mVU*36;hwF}heMPheeV9Cwx#Ng;31Fi4!jjgL|o zZ%=_G)%Y1F!rRZR@O*OWlk~>x;MP&ZR%8@bY57#j?8t55(l8u3>CfR(Poe&9d5%|K z3dB2P%q=Vl_BN1mr(4IGWiMWUDGn|07?(Wqt|>?$rPQ)x z>wUJyx1c3=Z9FWNKy3v@%-1Lxk6d3N0!wxeiFu+A8`w*c@PDuD(3UuS42J_3Avto( z#q4PDhmz|RAI<8$SiEd1|EQ7gY6n-x(Ry+2PrrNDvrYKI5OSryGS`bwD_vfcY$lB$ zI#ndeOHL6;)_#Tuv`nO!>)NBRCA$L7akPv)c~hi|tD%X7{wWDD|HE@_u-e8v3~zER6A7Bh)bm%;O>?n>zyN)4j#Z`vOw_~TL4 z$D9rFS`>om-+RFa&0}xqSl~zWS;ilJRx9Po{95ULVQh0wH+K8gk{QRAB`-KZ%iV5d$hI_k6=y+@N+pwfm1(|i=QBxW$kB3#SCC2?VE%k~TkI47%x;zt? zHq9>4J0~xI27GTxN3(q6unO+5P4x@^E)!3rgfuM)vc;asvQZdb?@#aWiJn4n6+I z3cEsQ*zJb6(I_TY#9>D%$qn5Ghj3yX$Bz*^)b0>C9nA3kb)|@&2FXgwAW0Aiu;~@5 zcNjMymV@_Uzs0CXPNY!6mfP0lEkiQ=moc?r)2U;xB>60AXBEX1iP0l5M-sPvF|@bw z#iR|z;2*c5OepySnW7X|)sU_U;j#$Mc@A}a>o?YMesaP&nkMf>?Vlf!Fw@rM_mLg? z4c>;Q3l~zfBrDNr8zzjhEi0t5TUqS)jOu?;Cc1u|WD8GFel= zyK>sCF$SrhB3YkTH?URA{b*4sF)_j_si?cCM3QK0=Gkm4?0W<^6xaY921ac;3hTjl zl`VaKk{lEtHtFYIET^GjfETLIYP4_6UYfh)U3jMD`CaZ1jqRus8|>J=dHU&f7%nX^ zOt@iTW|VR!P5$5;n0k9P%1Fv>2qMFr{yKe{E&KFXtm!0(H#>_il$9qvvVgyiq+;-X zU73tknNGf1)tKwU9F3W9fF<4vw{F-VR+KODm;IsVOiO^p5-2<5SGZ@}{&l<|C=d&u zOpunoRPpvGg6Fj}!hXMkLZj7}jAFy$O~r6axX;fZZj4s6($OA@i?$)3o<;yCwCD*4 z!Yr+X*=OT!`@Zg#B&!Rrg})D#EX;T@W^6X80*;+Aa0@ig%Ftnd5faq7^sEP%>p9In z_2 zVudrO0O6FUK|qk3R_<-U^u$NDpN=euo6bhuTVcKvf94ba!PB3P0+-;mFwzXe-Znl4 zTkPh0V?cB3ltAne>tCq16vz8Ai_&Kq`b={_cK?n~Lh81^SaT8)2|dfHB*db!BVqb# zO2YI534;m$TlnxEf!q(GZB)b%p@fAd~CUV3=kn zq-=cMjs9Mh6De7`MoN~hkdmc2i1MFPxWQU zl1mrK`nbWX|03X?0)It7mv9-A%O8!@X>_f*H?kG&l)L#2UpEeWE=K(Of%aNExp6#9 zGOYD?m|aTxf=woQjJ*WZBt*11&`nB^0o2f-2}!#^NZPfWU-@#m3}*U|hPg)KPsV6P z$QFWh!d9Jh!f@?$!jOM(|L5jfkvGSq66VJr`up}|9UeLOe8y?TlkhMW$70gokl&{y zze-z-@2D{ytv&fFqN<=f_DX>^3_!M}CNo9TZp*g)nuFpyDwRd0jU*?4Da4C$hS^g* zt&+6f!MiEVfV$ox*TC>7qRe*g`j}+}!(Bie7CBxkDDR9#c)H_&+T)@HN+M9JUbdw1 z0p~L!9ZS-#1(XSuEI7{Ps*Rn(HI6?LWVE!DlR$yT@{`^(pMSQFGl0B;wi_vJuJrBe zEAv&sMhL}&HnE5jaOPKQ`#*gP!fGWwEA|!m9<^PC&d3}Ltm{UZyBvT~7tsZL$m;vb z;Pu5;A|?P!vuEUs*4`DN0q(G5#F31X;3QJ9Bw|HVC2} z8>vWck*6Xjj!UeekmH1Q&NiF6WF)}aXN4PqhjTJrr*?A9CbDQs3PqMu%WmG+YFVsj ziH8#X-d;))VS~eUU$pr=3&pV4nISj~$W6=9S>!o((rddcEX3RRH3wXDiP#4gWreCE1k;+jW)(ct34?P1{{M$9 zEz}8l)6I#OcBA`2U2YfjsKhe9hs&jjW(*{9sm-vcDHWUdno2?jM7|CG61Jt8B@;Xj ztsVItFt|HV^w+NBZuonsXnSZ07K_LCtaL?6NX=Tv&8Ulu59KD=h|;@v7j$vqhi{}2 z9fGK@6SO}5BO{mNX^drMW69w(jkGImTz#p+0DpnHq5i~n@NEZ0-!ov3gurzsRoX2uPuTd{$or3v8Dgm(tm8}KeqHATl$YJ z{eNOh?;XVgbu<1rI98j24~4d<=spjDe9NTDY9DkHyzZY9nO>h z5-6*NbM}X7x{)cjK~eL=iOFOR9NGE zL%S)cfXU|$aOY=WI5X!(%YUPAtrKKspkhx+8gq!X+ZeTnf~v8%Qw2-W0|Mbiq9wZf zyMv3-t%*CJ7xua5+BmO*A{)o%E8zRQ-BR)!w@plpU^ zF_bqq)^k_GC$E=Rr%Ti26zbJ7Dw^Mr%i0%gJ~$a4PXL+&iy}x3#A0tXJ-0{1LD}Yn zpElMqPJ3(kb<3IhOxhF6IJ;AZFS3agPwMPUxYO4&tAu}~OV2I#uV2m|+fp@p)TFF& ze!##_3*7Ukj+Is;*ELB|tYpN=;6MyI9PfPlNK*bWuJiGM{xNp(Z6p_Du_NUgf%)VK P0zp!4PXA;c^U41K`_No3 literal 0 HcmV?d00001 diff --git a/charts/kubevirt/0.6.1/.helmignore b/charts/kubevirt/0.6.1/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/charts/kubevirt/0.6.1/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/kubevirt/0.6.1/Chart.yaml b/charts/kubevirt/0.6.1/Chart.yaml new file mode 100644 index 00000000..f8e45205 --- /dev/null +++ b/charts/kubevirt/0.6.1/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +appVersion: 1.5.2 +description: A Helm chart for KubeVirt +icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg +name: kubevirt +type: application +version: 0.6.1 diff --git a/charts/kubevirt/0.6.1/app-readme.md b/charts/kubevirt/0.6.1/app-readme.md new file mode 100644 index 00000000..631869cb --- /dev/null +++ b/charts/kubevirt/0.6.1/app-readme.md @@ -0,0 +1 @@ +KubeVirt is a virtual machine management add-on for Kubernetes. The aim is to provide a common ground for virtualization solutions on top of Kubernetes. diff --git a/charts/kubevirt/0.6.1/crds/kubevirt.yaml b/charts/kubevirt/0.6.1/crds/kubevirt.yaml new file mode 100644 index 00000000..6bfba694 --- /dev/null +++ b/charts/kubevirt/0.6.1/crds/kubevirt.yaml @@ -0,0 +1,6544 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + operator.kubevirt.io: "" + name: kubevirts.kubevirt.io +spec: + group: kubevirt.io + names: + categories: + - all + kind: KubeVirt + plural: kubevirts + shortNames: + - kv + - kvs + singular: kubevirt + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.phase + name: Phase + type: string + name: v1 + schema: + openAPIV3Schema: + description: KubeVirt represents the object deploying all KubeVirt resources + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + certificateRotateStrategy: + properties: + selfSigned: + properties: + ca: + description: |- + CA configuration + CA certs are kept in the CA bundle as long as they are valid + properties: + duration: + description: The requested 'duration' (i.e. lifetime) + of the Certificate. + type: string + renewBefore: + description: |- + The amount of time before the currently issued certificate's "notAfter" + time that we will begin to attempt to renew the certificate. + type: string + type: object + caOverlapInterval: + description: Deprecated. Use CA.Duration and CA.RenewBefore + instead + type: string + caRotateInterval: + description: Deprecated. Use CA.Duration instead + type: string + certRotateInterval: + description: Deprecated. Use Server.Duration instead + type: string + server: + description: |- + Server configuration + Certs are rotated and discarded + properties: + duration: + description: The requested 'duration' (i.e. lifetime) + of the Certificate. + type: string + renewBefore: + description: |- + The amount of time before the currently issued certificate's "notAfter" + time that we will begin to attempt to renew the certificate. + type: string + type: object + type: object + type: object + configuration: + description: |- + holds kubevirt configurations. + same as the virt-configMap + properties: + additionalGuestMemoryOverheadRatio: + description: |- + AdditionalGuestMemoryOverheadRatio can be used to increase the virtualization infrastructure + overhead. This is useful, since the calculation of this overhead is not accurate and cannot + be entirely known in advance. The ratio that is being set determines by which factor to increase + the overhead calculated by Kubevirt. A higher ratio means that the VMs would be less compromised + by node pressures, but would mean that fewer VMs could be scheduled to a node. + If not set, the default is 1. + type: string + apiConfiguration: + description: |- + ReloadableComponentConfiguration holds all generic k8s configuration options which can + be reloaded by components without requiring a restart. + properties: + restClient: + description: RestClient can be used to tune certain aspects + of the k8s client in use. + properties: + rateLimiter: + description: RateLimiter allows selecting and configuring + different rate limiters for the k8s client. + properties: + tokenBucketRateLimiter: + properties: + burst: + description: |- + Maximum burst for throttle. + If it's zero, the component default will be used + type: integer + qps: + description: |- + QPS indicates the maximum QPS to the apiserver from this client. + If it's zero, the component default will be used + type: number + required: + - burst + - qps + type: object + type: object + type: object + type: object + architectureConfiguration: + properties: + amd64: + properties: + emulatedMachines: + items: + type: string + type: array + x-kubernetes-list-type: atomic + machineType: + type: string + ovmfPath: + type: string + type: object + arm64: + properties: + emulatedMachines: + items: + type: string + type: array + x-kubernetes-list-type: atomic + machineType: + type: string + ovmfPath: + type: string + type: object + defaultArchitecture: + type: string + ppc64le: + properties: + emulatedMachines: + items: + type: string + type: array + x-kubernetes-list-type: atomic + machineType: + type: string + ovmfPath: + type: string + type: object + type: object + autoCPULimitNamespaceLabelSelector: + description: |- + When set, AutoCPULimitNamespaceLabelSelector will set a CPU limit on virt-launcher for VMIs running inside + namespaces that match the label selector. + The CPU limit will equal the number of requested vCPUs. + This setting does not apply to VMIs with dedicated CPUs. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + commonInstancetypesDeployment: + description: CommonInstancetypesDeployment controls the deployment + of common-instancetypes resources + nullable: true + properties: + enabled: + description: Enabled controls the deployment of common-instancetypes + resources, defaults to True. + nullable: true + type: boolean + type: object + controllerConfiguration: + description: |- + ReloadableComponentConfiguration holds all generic k8s configuration options which can + be reloaded by components without requiring a restart. + properties: + restClient: + description: RestClient can be used to tune certain aspects + of the k8s client in use. + properties: + rateLimiter: + description: RateLimiter allows selecting and configuring + different rate limiters for the k8s client. + properties: + tokenBucketRateLimiter: + properties: + burst: + description: |- + Maximum burst for throttle. + If it's zero, the component default will be used + type: integer + qps: + description: |- + QPS indicates the maximum QPS to the apiserver from this client. + If it's zero, the component default will be used + type: number + required: + - burst + - qps + type: object + type: object + type: object + type: object + cpuModel: + type: string + cpuRequest: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + defaultRuntimeClass: + type: string + developerConfiguration: + description: DeveloperConfiguration holds developer options + properties: + cpuAllocationRatio: + description: |- + For each requested virtual CPU, CPUAllocationRatio defines how much physical CPU to request per VMI + from the hosting node. The value is in fraction of a CPU thread (or core on non-hyperthreaded nodes). + For example, a value of 1 means 1 physical CPU thread per VMI CPU thread. + A value of 100 would be 1% of a physical thread allocated for each requested VMI thread. + This option has no effect on VMIs that request dedicated CPUs. More information at: + https://kubevirt.io/user-guide/operations/node_overcommit/#node-cpu-allocation-ratio + Defaults to 10 + type: integer + diskVerification: + description: DiskVerification holds container disks verification + limits + properties: + memoryLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - memoryLimit + type: object + featureGates: + description: FeatureGates is the list of experimental features + to enable. Defaults to none + items: + type: string + type: array + logVerbosity: + description: LogVerbosity sets log verbosity level of various + components + properties: + nodeVerbosity: + additionalProperties: + type: integer + description: NodeVerbosity represents a map of nodes with + a specific verbosity level + type: object + virtAPI: + type: integer + virtController: + type: integer + virtHandler: + type: integer + virtLauncher: + type: integer + virtOperator: + type: integer + type: object + memoryOvercommit: + description: |- + MemoryOvercommit is the percentage of memory we want to give VMIs compared to the amount + given to its parent pod (virt-launcher). For example, a value of 102 means the VMI will + "see" 2% more memory than its parent pod. Values under 100 are effectively "undercommits". + Overcommits can lead to memory exhaustion, which in turn can lead to crashes. Use carefully. + Defaults to 100 + type: integer + minimumClusterTSCFrequency: + description: |- + Allow overriding the automatically determined minimum TSC frequency of the cluster + and fixate the minimum to this frequency. + format: int64 + type: integer + minimumReservePVCBytes: + description: |- + MinimumReservePVCBytes is the amount of space, in bytes, to leave unused on disks. + Defaults to 131072 (128KiB) + format: int64 + type: integer + nodeSelectors: + additionalProperties: + type: string + description: |- + NodeSelectors allows restricting VMI creation to nodes that match a set of labels. + Defaults to none + type: object + pvcTolerateLessSpaceUpToPercent: + description: |- + LessPVCSpaceToleration determines how much smaller, in percentage, disk PVCs are + allowed to be compared to the requested size (to account for various overheads). + Defaults to 10 + type: integer + useEmulation: + description: |- + UseEmulation can be set to true to allow fallback to software emulation + in case hardware-assisted emulation is not available. Defaults to false + type: boolean + type: object + emulatedMachines: + description: Deprecated. Use architectureConfiguration instead. + items: + type: string + type: array + evictionStrategy: + description: |- + EvictionStrategy defines at the cluster level if the VirtualMachineInstance should be + migrated instead of shut-off in case of a node drain. If the VirtualMachineInstance specific + field is set it overrides the cluster level one. + type: string + handlerConfiguration: + description: |- + ReloadableComponentConfiguration holds all generic k8s configuration options which can + be reloaded by components without requiring a restart. + properties: + restClient: + description: RestClient can be used to tune certain aspects + of the k8s client in use. + properties: + rateLimiter: + description: RateLimiter allows selecting and configuring + different rate limiters for the k8s client. + properties: + tokenBucketRateLimiter: + properties: + burst: + description: |- + Maximum burst for throttle. + If it's zero, the component default will be used + type: integer + qps: + description: |- + QPS indicates the maximum QPS to the apiserver from this client. + If it's zero, the component default will be used + type: number + required: + - burst + - qps + type: object + type: object + type: object + type: object + imagePullPolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + instancetype: + description: Instancetype configuration + nullable: true + properties: + referencePolicy: + description: |- + ReferencePolicy defines how an instance type or preference should be referenced by the VM after submission, supported values are: + reference (default) - Where a copy of the original object is stashed in a ControllerRevision and referenced by the VM. + expand - Where the instance type or preference are expanded into the VM if no revisionNames have been populated. + expandAll - Where the instance type or preference are expanded into the VM regardless of revisionNames previously being populated. + enum: + - reference + - expand + - expandAll + nullable: true + type: string + type: object + ksmConfiguration: + description: KSMConfiguration holds the information regarding + the enabling the KSM in the nodes (if available). + properties: + nodeLabelSelector: + description: |- + NodeLabelSelector is a selector that filters in which nodes the KSM will be enabled. + Empty NodeLabelSelector will enable ksm for every node. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + liveUpdateConfiguration: + description: LiveUpdateConfiguration holds defaults for live update + features + properties: + maxCpuSockets: + description: |- + MaxCpuSockets provides a MaxSockets value for VMs that do not provide their own. + For VMs with more sockets than maximum the MaxSockets will be set to equal number of sockets. + format: int32 + type: integer + maxGuest: + anyOf: + - type: integer + - type: string + description: |- + MaxGuest defines the maximum amount memory that can be allocated + to the guest using hotplug. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + maxHotplugRatio: + description: |- + MaxHotplugRatio is the ratio used to define the max amount + of a hotplug resource that can be made available to a VM + when the specific Max* setting is not defined (MaxCpuSockets, MaxGuest) + Example: VM is configured with 512Mi of guest memory, if MaxGuest is not + defined and MaxHotplugRatio is 2 then MaxGuest = 1Gi + defaults to 4 + format: int32 + type: integer + type: object + machineType: + description: Deprecated. Use architectureConfiguration instead. + type: string + mediatedDevicesConfiguration: + description: MediatedDevicesConfiguration holds information about + MDEV types to be defined, if available + properties: + mediatedDeviceTypes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mediatedDevicesTypes: + description: Deprecated. Use mediatedDeviceTypes instead. + items: + type: string + type: array + x-kubernetes-list-type: atomic + nodeMediatedDeviceTypes: + items: + description: NodeMediatedDeviceTypesConfig holds information + about MDEV types to be defined in a specific node that + matches the NodeSelector field. + properties: + mediatedDeviceTypes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mediatedDevicesTypes: + description: Deprecated. Use mediatedDeviceTypes instead. + items: + type: string + type: array + x-kubernetes-list-type: atomic + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the vmi to fit on a node. + Selector which must match a node's labels for the vmi to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + required: + - nodeSelector + type: object + type: array + x-kubernetes-list-type: atomic + type: object + memBalloonStatsPeriod: + format: int32 + type: integer + migrations: + description: |- + MigrationConfiguration holds migration options. + Can be overridden for specific groups of VMs though migration policies. + Visit https://kubevirt.io/user-guide/operations/migration_policies/ for more information. + properties: + allowAutoConverge: + description: |- + AllowAutoConverge allows the platform to compromise performance/availability of VMIs to + guarantee successful VMI live migrations. Defaults to false + type: boolean + allowPostCopy: + description: |- + AllowPostCopy enables post-copy live migrations. Such migrations allow even the busiest VMIs + to successfully live-migrate. However, events like a network failure can cause a VMI crash. + If set to true, migrations will still start in pre-copy, but switch to post-copy when + CompletionTimeoutPerGiB triggers. Defaults to false + type: boolean + allowWorkloadDisruption: + description: |- + AllowWorkloadDisruption indicates that the migration shouldn't be + canceled after acceptableCompletionTime is exceeded. Instead, if + permitted, migration will be switched to post-copy or the VMI will be + paused to allow the migration to complete + type: boolean + bandwidthPerMigration: + anyOf: + - type: integer + - type: string + description: |- + BandwidthPerMigration limits the amount of network bandwidth live migrations are allowed to use. + The value is in quantity per second. Defaults to 0 (no limit) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + completionTimeoutPerGiB: + description: |- + CompletionTimeoutPerGiB is the maximum number of seconds per GiB a migration is allowed to take. + If the timeout is reached, the migration will be either paused, switched + to post-copy or cancelled depending on other settings. Defaults to 150 + format: int64 + type: integer + disableTLS: + description: |- + When set to true, DisableTLS will disable the additional layer of live migration encryption + provided by KubeVirt. This is usually a bad idea. Defaults to false + type: boolean + matchSELinuxLevelOnMigration: + description: |- + By default, the SELinux level of target virt-launcher pods is forced to the level of the source virt-launcher. + When set to true, MatchSELinuxLevelOnMigration lets the CRI auto-assign a random level to the target. + That will ensure the target virt-launcher doesn't share categories with another pod on the node. + However, migrations will fail when using RWX volumes that don't automatically deal with SELinux levels. + type: boolean + network: + description: |- + Network is the name of the CNI network to use for live migrations. By default, migrations go + through the pod network. + type: string + nodeDrainTaintKey: + description: |- + NodeDrainTaintKey defines the taint key that indicates a node should be drained. + Note: this option relies on the deprecated node taint feature. Default: kubevirt.io/drain + type: string + parallelMigrationsPerCluster: + description: |- + ParallelMigrationsPerCluster is the total number of concurrent live migrations + allowed cluster-wide. Defaults to 5 + format: int32 + type: integer + parallelOutboundMigrationsPerNode: + description: |- + ParallelOutboundMigrationsPerNode is the maximum number of concurrent outgoing live migrations + allowed per node. Defaults to 2 + format: int32 + type: integer + progressTimeout: + description: |- + ProgressTimeout is the maximum number of seconds a live migration is allowed to make no progress. + Hitting this timeout means a migration transferred 0 data for that many seconds. The migration is + then considered stuck and therefore cancelled. Defaults to 150 + format: int64 + type: integer + unsafeMigrationOverride: + description: |- + UnsafeMigrationOverride allows live migrations to occur even if the compatibility check + indicates the migration will be unsafe to the guest. Defaults to false + type: boolean + type: object + minCPUModel: + type: string + network: + description: NetworkConfiguration holds network options + properties: + binding: + additionalProperties: + properties: + computeResourceOverhead: + description: |- + ComputeResourceOverhead specifies the resource overhead that should be added to the compute container when using the binding. + version: v1alphav1 + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + domainAttachmentType: + description: |- + DomainAttachmentType is a standard domain network attachment method kubevirt supports. + Supported values: "tap", "managedTap" (since v1.4). + The standard domain attachment can be used instead or in addition to the sidecarImage. + version: 1alphav1 + type: string + downwardAPI: + description: |- + DownwardAPI specifies what kind of data should be exposed to the binding plugin sidecar. + Supported values: "device-info" + version: v1alphav1 + type: string + migration: + description: |- + Migration means the VM using the plugin can be safely migrated + version: 1alphav1 + properties: + method: + description: |- + Method defines a pre-defined migration methodology + version: 1alphav1 + type: string + type: object + networkAttachmentDefinition: + description: |- + NetworkAttachmentDefinition references to a NetworkAttachmentDefinition CR object. + Format: , /. + If namespace is not specified, VMI namespace is assumed. + version: 1alphav1 + type: string + sidecarImage: + description: |- + SidecarImage references a container image that runs in the virt-launcher pod. + The sidecar handles (libvirt) domain configuration and optional services. + version: 1alphav1 + type: string + type: object + type: object + defaultNetworkInterface: + type: string + permitBridgeInterfaceOnPodNetwork: + type: boolean + permitSlirpInterface: + description: |- + DeprecatedPermitSlirpInterface is an alias for the deprecated PermitSlirpInterface. + Deprecated: Removed in v1.3. + type: boolean + type: object + obsoleteCPUModels: + additionalProperties: + type: boolean + type: object + ovmfPath: + description: Deprecated. Use architectureConfiguration instead. + type: string + permittedHostDevices: + description: PermittedHostDevices holds information about devices + allowed for passthrough + properties: + mediatedDevices: + items: + description: MediatedHostDevice represents a host mediated + device allowed for passthrough + properties: + externalResourceProvider: + type: boolean + mdevNameSelector: + type: string + resourceName: + type: string + required: + - mdevNameSelector + - resourceName + type: object + type: array + x-kubernetes-list-type: atomic + pciHostDevices: + items: + description: PciHostDevice represents a host PCI device + allowed for passthrough + properties: + externalResourceProvider: + description: |- + If true, KubeVirt will leave the allocation and monitoring to an + external device plugin + type: boolean + pciVendorSelector: + description: The vendor_id:product_id tuple of the PCI + device + type: string + resourceName: + description: |- + The name of the resource that is representing the device. Exposed by + a device plugin and requested by VMs. Typically of the form + vendor.com/product_name + type: string + required: + - pciVendorSelector + - resourceName + type: object + type: array + x-kubernetes-list-type: atomic + usb: + items: + properties: + externalResourceProvider: + description: |- + If true, KubeVirt will leave the allocation and monitoring to an + external device plugin + type: boolean + resourceName: + description: |- + Identifies the list of USB host devices. + e.g: kubevirt.io/storage, kubevirt.io/bootable-usb, etc + type: string + selectors: + items: + properties: + product: + type: string + vendor: + type: string + required: + - product + - vendor + type: object + type: array + x-kubernetes-list-type: atomic + required: + - resourceName + type: object + type: array + x-kubernetes-list-type: atomic + type: object + seccompConfiguration: + description: SeccompConfiguration holds Seccomp configuration + for Kubevirt components + properties: + virtualMachineInstanceProfile: + description: VirtualMachineInstanceProfile defines what profile + should be used with virt-launcher. Defaults to none + properties: + customProfile: + description: CustomProfile allows to request arbitrary + profile for virt-launcher + properties: + localhostProfile: + type: string + runtimeDefaultProfile: + type: boolean + type: object + type: object + type: object + selinuxLauncherType: + type: string + smbios: + properties: + family: + type: string + manufacturer: + type: string + product: + type: string + sku: + type: string + version: + type: string + type: object + supportContainerResources: + description: SupportContainerResources specifies the resource + requirements for various types of supporting containers such + as container disks/virtiofs/sidecars and hotplug attachment + pods. If omitted a sensible default will be supplied. + items: + description: SupportContainerResources are used to specify the + cpu/memory request and limits for the containers that support + various features of Virtual Machines. These containers are + usually idle and don't require a lot of memory or cpu. + properties: + resources: + description: |- + ResourceRequirementsWithoutClaims describes the compute resource requirements. + This struct was taken from the k8s.ResourceRequirements and cleaned up the 'Claims' field. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: + type: string + required: + - resources + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + supportedGuestAgentVersions: + description: deprecated + items: + type: string + type: array + tlsConfiguration: + description: TLSConfiguration holds TLS options + properties: + ciphers: + items: + type: string + type: array + x-kubernetes-list-type: set + minTLSVersion: + description: |- + MinTLSVersion is a way to specify the minimum protocol version that is acceptable for TLS connections. + Protocol versions are based on the following most common TLS configurations: + + https://ssl-config.mozilla.org/ + + Note that SSLv3.0 is not a supported protocol version due to well known + vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + virtualMachineInstancesPerNode: + type: integer + virtualMachineOptions: + description: VirtualMachineOptions holds the cluster level information + regarding the virtual machine. + properties: + disableFreePageReporting: + description: |- + DisableFreePageReporting disable the free page reporting of + memory balloon device https://libvirt.org/formatdomain.html#memory-balloon-device. + This will have effect only if AutoattachMemBalloon is not false and the vmi is not + requesting any high performance feature (dedicatedCPU/realtime/hugePages), in which free page reporting is always disabled. + type: object + disableSerialConsoleLog: + description: |- + DisableSerialConsoleLog disables logging the auto-attached default serial console. + If not set, serial console logs will be written to a file and then streamed from a container named 'guest-console-log'. + The value can be individually overridden for each VM, not relevant if AutoattachSerialConsole is disabled. + type: object + type: object + vmRolloutStrategy: + description: |- + VMRolloutStrategy defines how live-updatable fields, like CPU sockets, memory, + tolerations, and affinity, are propagated from a VM to its VMI. + enum: + - Stage + - LiveUpdate + nullable: true + type: string + vmStateStorageClass: + description: VMStateStorageClass is the name of the storage class + to use for the PVCs created to preserve VM state, like TPM. + type: string + webhookConfiguration: + description: |- + ReloadableComponentConfiguration holds all generic k8s configuration options which can + be reloaded by components without requiring a restart. + properties: + restClient: + description: RestClient can be used to tune certain aspects + of the k8s client in use. + properties: + rateLimiter: + description: RateLimiter allows selecting and configuring + different rate limiters for the k8s client. + properties: + tokenBucketRateLimiter: + properties: + burst: + description: |- + Maximum burst for throttle. + If it's zero, the component default will be used + type: integer + qps: + description: |- + QPS indicates the maximum QPS to the apiserver from this client. + If it's zero, the component default will be used + type: number + required: + - burst + - qps + type: object + type: object + type: object + type: object + type: object + customizeComponents: + properties: + flags: + description: Configure the value used for deployment and daemonset + resources + properties: + api: + additionalProperties: + type: string + type: object + controller: + additionalProperties: + type: string + type: object + handler: + additionalProperties: + type: string + type: object + type: object + patches: + items: + properties: + patch: + type: string + resourceName: + minLength: 1 + type: string + resourceType: + minLength: 1 + type: string + type: + type: string + required: + - patch + - resourceName + - resourceType + - type + type: object + type: array + x-kubernetes-list-type: atomic + type: object + imagePullPolicy: + description: The ImagePullPolicy to use. + type: string + imagePullSecrets: + description: |- + The imagePullSecrets to pull the container images from + Defaults to none + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + imageRegistry: + description: |- + The image registry to pull the container images from + Defaults to the same registry the operator's container image is pulled from. + type: string + imageTag: + description: |- + The image tag to use for the continer images installed. + Defaults to the same tag as the operator's container image. + type: string + infra: + description: selectors and tolerations that should apply to KubeVirt + infrastructure components + properties: + nodePlacement: + description: |- + nodePlacement describes scheduling configuration for specific + KubeVirt components + properties: + affinity: + description: |- + affinity enables pod affinity/anti-affinity placement expanding the types of constraints + that can be expressed with nodeSelector. + affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector + See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector is the node selector applied to the relevant kind of pods + It specifies a map of key-value pairs: for the pod to be eligible to run on a node, + the node must have each of the indicated key-value pairs as labels + (it can have additional labels as well). + See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + type: object + tolerations: + description: |- + tolerations is a list of tolerations applied to the relevant kind of pods + See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info. + These are additional tolerations other than default ones. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: |- + replicas indicates how many replicas should be created for each KubeVirt infrastructure + component (like virt-api or virt-controller). Defaults to 2. + WARNING: this is an advanced feature that prevents auto-scaling for core kubevirt components. Please use with caution! + type: integer + type: object + monitorAccount: + description: |- + The name of the Prometheus service account that needs read-access to KubeVirt endpoints + Defaults to prometheus-k8s + type: string + monitorNamespace: + description: |- + The namespace Prometheus is deployed in + Defaults to openshift-monitor + type: string + productComponent: + description: |- + Designate the apps.kubevirt.io/component label for KubeVirt components. + Useful if KubeVirt is included as part of a product. + If ProductComponent is not specified, the component label default value is kubevirt. + type: string + productName: + description: |- + Designate the apps.kubevirt.io/part-of label for KubeVirt components. + Useful if KubeVirt is included as part of a product. + If ProductName is not specified, the part-of label will be omitted. + type: string + productVersion: + description: |- + Designate the apps.kubevirt.io/version label for KubeVirt components. + Useful if KubeVirt is included as part of a product. + If ProductVersion is not specified, KubeVirt's version will be used. + type: string + serviceMonitorNamespace: + description: |- + The namespace the service monitor will be deployed + When ServiceMonitorNamespace is set, then we'll install the service monitor object in that namespace + otherwise we will use the monitoring namespace. + type: string + uninstallStrategy: + description: |- + Specifies if kubevirt can be deleted if workloads are still present. + This is mainly a precaution to avoid accidental data loss + type: string + workloadUpdateStrategy: + description: |- + WorkloadUpdateStrategy defines at the cluster level how to handle + automated workload updates + properties: + batchEvictionInterval: + description: |- + BatchEvictionInterval Represents the interval to wait before issuing the next + batch of shutdowns + + Defaults to 1 minute + type: string + batchEvictionSize: + description: |- + BatchEvictionSize Represents the number of VMIs that can be forced updated per + the BatchShutdownInteral interval + + Defaults to 10 + type: integer + workloadUpdateMethods: + description: |- + WorkloadUpdateMethods defines the methods that can be used to disrupt workloads + during automated workload updates. + When multiple methods are present, the least disruptive method takes + precedence over more disruptive methods. For example if both LiveMigrate and Shutdown + methods are listed, only VMs which are not live migratable will be restarted/shutdown + + An empty list defaults to no automated workload updating + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + workloads: + description: selectors and tolerations that should apply to KubeVirt + workloads + properties: + nodePlacement: + description: |- + nodePlacement describes scheduling configuration for specific + KubeVirt components + properties: + affinity: + description: |- + affinity enables pod affinity/anti-affinity placement expanding the types of constraints + that can be expressed with nodeSelector. + affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector + See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector is the node selector applied to the relevant kind of pods + It specifies a map of key-value pairs: for the pod to be eligible to run on a node, + the node must have each of the indicated key-value pairs as labels + (it can have additional labels as well). + See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + type: object + tolerations: + description: |- + tolerations is a list of tolerations applied to the relevant kind of pods + See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info. + These are additional tolerations other than default ones. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: |- + replicas indicates how many replicas should be created for each KubeVirt infrastructure + component (like virt-api or virt-controller). Defaults to 2. + WARNING: this is an advanced feature that prevents auto-scaling for core kubevirt components. Please use with caution! + type: integer + type: object + type: object + status: + description: KubeVirtStatus represents information pertaining to a KubeVirt + deployment. + properties: + conditions: + items: + description: KubeVirtCondition represents a condition of a KubeVirt + deployment + properties: + lastProbeTime: + format: date-time + nullable: true + type: string + lastTransitionTime: + format: date-time + nullable: true + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + defaultArchitecture: + type: string + generations: + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - lastGeneration + - name + - resource + type: object + type: array + x-kubernetes-list-type: atomic + observedDeploymentConfig: + type: string + observedDeploymentID: + type: string + observedGeneration: + format: int64 + type: integer + observedKubeVirtRegistry: + type: string + observedKubeVirtVersion: + type: string + operatorVersion: + type: string + outdatedVirtualMachineInstanceWorkloads: + type: integer + phase: + description: KubeVirtPhase is a label for the phase of a KubeVirt + deployment at the current time. + type: string + targetDeploymentConfig: + type: string + targetDeploymentID: + type: string + targetKubeVirtRegistry: + type: string + targetKubeVirtVersion: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.phase + name: Phase + type: string + deprecated: true + deprecationWarning: kubevirt.io/v1alpha3 is now deprecated and will be removed + in a future release. + name: v1alpha3 + schema: + openAPIV3Schema: + description: KubeVirt represents the object deploying all KubeVirt resources + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + certificateRotateStrategy: + properties: + selfSigned: + properties: + ca: + description: |- + CA configuration + CA certs are kept in the CA bundle as long as they are valid + properties: + duration: + description: The requested 'duration' (i.e. lifetime) + of the Certificate. + type: string + renewBefore: + description: |- + The amount of time before the currently issued certificate's "notAfter" + time that we will begin to attempt to renew the certificate. + type: string + type: object + caOverlapInterval: + description: Deprecated. Use CA.Duration and CA.RenewBefore + instead + type: string + caRotateInterval: + description: Deprecated. Use CA.Duration instead + type: string + certRotateInterval: + description: Deprecated. Use Server.Duration instead + type: string + server: + description: |- + Server configuration + Certs are rotated and discarded + properties: + duration: + description: The requested 'duration' (i.e. lifetime) + of the Certificate. + type: string + renewBefore: + description: |- + The amount of time before the currently issued certificate's "notAfter" + time that we will begin to attempt to renew the certificate. + type: string + type: object + type: object + type: object + configuration: + description: |- + holds kubevirt configurations. + same as the virt-configMap + properties: + additionalGuestMemoryOverheadRatio: + description: |- + AdditionalGuestMemoryOverheadRatio can be used to increase the virtualization infrastructure + overhead. This is useful, since the calculation of this overhead is not accurate and cannot + be entirely known in advance. The ratio that is being set determines by which factor to increase + the overhead calculated by Kubevirt. A higher ratio means that the VMs would be less compromised + by node pressures, but would mean that fewer VMs could be scheduled to a node. + If not set, the default is 1. + type: string + apiConfiguration: + description: |- + ReloadableComponentConfiguration holds all generic k8s configuration options which can + be reloaded by components without requiring a restart. + properties: + restClient: + description: RestClient can be used to tune certain aspects + of the k8s client in use. + properties: + rateLimiter: + description: RateLimiter allows selecting and configuring + different rate limiters for the k8s client. + properties: + tokenBucketRateLimiter: + properties: + burst: + description: |- + Maximum burst for throttle. + If it's zero, the component default will be used + type: integer + qps: + description: |- + QPS indicates the maximum QPS to the apiserver from this client. + If it's zero, the component default will be used + type: number + required: + - burst + - qps + type: object + type: object + type: object + type: object + architectureConfiguration: + properties: + amd64: + properties: + emulatedMachines: + items: + type: string + type: array + x-kubernetes-list-type: atomic + machineType: + type: string + ovmfPath: + type: string + type: object + arm64: + properties: + emulatedMachines: + items: + type: string + type: array + x-kubernetes-list-type: atomic + machineType: + type: string + ovmfPath: + type: string + type: object + defaultArchitecture: + type: string + ppc64le: + properties: + emulatedMachines: + items: + type: string + type: array + x-kubernetes-list-type: atomic + machineType: + type: string + ovmfPath: + type: string + type: object + type: object + autoCPULimitNamespaceLabelSelector: + description: |- + When set, AutoCPULimitNamespaceLabelSelector will set a CPU limit on virt-launcher for VMIs running inside + namespaces that match the label selector. + The CPU limit will equal the number of requested vCPUs. + This setting does not apply to VMIs with dedicated CPUs. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + commonInstancetypesDeployment: + description: CommonInstancetypesDeployment controls the deployment + of common-instancetypes resources + nullable: true + properties: + enabled: + description: Enabled controls the deployment of common-instancetypes + resources, defaults to True. + nullable: true + type: boolean + type: object + controllerConfiguration: + description: |- + ReloadableComponentConfiguration holds all generic k8s configuration options which can + be reloaded by components without requiring a restart. + properties: + restClient: + description: RestClient can be used to tune certain aspects + of the k8s client in use. + properties: + rateLimiter: + description: RateLimiter allows selecting and configuring + different rate limiters for the k8s client. + properties: + tokenBucketRateLimiter: + properties: + burst: + description: |- + Maximum burst for throttle. + If it's zero, the component default will be used + type: integer + qps: + description: |- + QPS indicates the maximum QPS to the apiserver from this client. + If it's zero, the component default will be used + type: number + required: + - burst + - qps + type: object + type: object + type: object + type: object + cpuModel: + type: string + cpuRequest: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + defaultRuntimeClass: + type: string + developerConfiguration: + description: DeveloperConfiguration holds developer options + properties: + cpuAllocationRatio: + description: |- + For each requested virtual CPU, CPUAllocationRatio defines how much physical CPU to request per VMI + from the hosting node. The value is in fraction of a CPU thread (or core on non-hyperthreaded nodes). + For example, a value of 1 means 1 physical CPU thread per VMI CPU thread. + A value of 100 would be 1% of a physical thread allocated for each requested VMI thread. + This option has no effect on VMIs that request dedicated CPUs. More information at: + https://kubevirt.io/user-guide/operations/node_overcommit/#node-cpu-allocation-ratio + Defaults to 10 + type: integer + diskVerification: + description: DiskVerification holds container disks verification + limits + properties: + memoryLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - memoryLimit + type: object + featureGates: + description: FeatureGates is the list of experimental features + to enable. Defaults to none + items: + type: string + type: array + logVerbosity: + description: LogVerbosity sets log verbosity level of various + components + properties: + nodeVerbosity: + additionalProperties: + type: integer + description: NodeVerbosity represents a map of nodes with + a specific verbosity level + type: object + virtAPI: + type: integer + virtController: + type: integer + virtHandler: + type: integer + virtLauncher: + type: integer + virtOperator: + type: integer + type: object + memoryOvercommit: + description: |- + MemoryOvercommit is the percentage of memory we want to give VMIs compared to the amount + given to its parent pod (virt-launcher). For example, a value of 102 means the VMI will + "see" 2% more memory than its parent pod. Values under 100 are effectively "undercommits". + Overcommits can lead to memory exhaustion, which in turn can lead to crashes. Use carefully. + Defaults to 100 + type: integer + minimumClusterTSCFrequency: + description: |- + Allow overriding the automatically determined minimum TSC frequency of the cluster + and fixate the minimum to this frequency. + format: int64 + type: integer + minimumReservePVCBytes: + description: |- + MinimumReservePVCBytes is the amount of space, in bytes, to leave unused on disks. + Defaults to 131072 (128KiB) + format: int64 + type: integer + nodeSelectors: + additionalProperties: + type: string + description: |- + NodeSelectors allows restricting VMI creation to nodes that match a set of labels. + Defaults to none + type: object + pvcTolerateLessSpaceUpToPercent: + description: |- + LessPVCSpaceToleration determines how much smaller, in percentage, disk PVCs are + allowed to be compared to the requested size (to account for various overheads). + Defaults to 10 + type: integer + useEmulation: + description: |- + UseEmulation can be set to true to allow fallback to software emulation + in case hardware-assisted emulation is not available. Defaults to false + type: boolean + type: object + emulatedMachines: + description: Deprecated. Use architectureConfiguration instead. + items: + type: string + type: array + evictionStrategy: + description: |- + EvictionStrategy defines at the cluster level if the VirtualMachineInstance should be + migrated instead of shut-off in case of a node drain. If the VirtualMachineInstance specific + field is set it overrides the cluster level one. + type: string + handlerConfiguration: + description: |- + ReloadableComponentConfiguration holds all generic k8s configuration options which can + be reloaded by components without requiring a restart. + properties: + restClient: + description: RestClient can be used to tune certain aspects + of the k8s client in use. + properties: + rateLimiter: + description: RateLimiter allows selecting and configuring + different rate limiters for the k8s client. + properties: + tokenBucketRateLimiter: + properties: + burst: + description: |- + Maximum burst for throttle. + If it's zero, the component default will be used + type: integer + qps: + description: |- + QPS indicates the maximum QPS to the apiserver from this client. + If it's zero, the component default will be used + type: number + required: + - burst + - qps + type: object + type: object + type: object + type: object + imagePullPolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + instancetype: + description: Instancetype configuration + nullable: true + properties: + referencePolicy: + description: |- + ReferencePolicy defines how an instance type or preference should be referenced by the VM after submission, supported values are: + reference (default) - Where a copy of the original object is stashed in a ControllerRevision and referenced by the VM. + expand - Where the instance type or preference are expanded into the VM if no revisionNames have been populated. + expandAll - Where the instance type or preference are expanded into the VM regardless of revisionNames previously being populated. + enum: + - reference + - expand + - expandAll + nullable: true + type: string + type: object + ksmConfiguration: + description: KSMConfiguration holds the information regarding + the enabling the KSM in the nodes (if available). + properties: + nodeLabelSelector: + description: |- + NodeLabelSelector is a selector that filters in which nodes the KSM will be enabled. + Empty NodeLabelSelector will enable ksm for every node. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + liveUpdateConfiguration: + description: LiveUpdateConfiguration holds defaults for live update + features + properties: + maxCpuSockets: + description: |- + MaxCpuSockets provides a MaxSockets value for VMs that do not provide their own. + For VMs with more sockets than maximum the MaxSockets will be set to equal number of sockets. + format: int32 + type: integer + maxGuest: + anyOf: + - type: integer + - type: string + description: |- + MaxGuest defines the maximum amount memory that can be allocated + to the guest using hotplug. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + maxHotplugRatio: + description: |- + MaxHotplugRatio is the ratio used to define the max amount + of a hotplug resource that can be made available to a VM + when the specific Max* setting is not defined (MaxCpuSockets, MaxGuest) + Example: VM is configured with 512Mi of guest memory, if MaxGuest is not + defined and MaxHotplugRatio is 2 then MaxGuest = 1Gi + defaults to 4 + format: int32 + type: integer + type: object + machineType: + description: Deprecated. Use architectureConfiguration instead. + type: string + mediatedDevicesConfiguration: + description: MediatedDevicesConfiguration holds information about + MDEV types to be defined, if available + properties: + mediatedDeviceTypes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mediatedDevicesTypes: + description: Deprecated. Use mediatedDeviceTypes instead. + items: + type: string + type: array + x-kubernetes-list-type: atomic + nodeMediatedDeviceTypes: + items: + description: NodeMediatedDeviceTypesConfig holds information + about MDEV types to be defined in a specific node that + matches the NodeSelector field. + properties: + mediatedDeviceTypes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mediatedDevicesTypes: + description: Deprecated. Use mediatedDeviceTypes instead. + items: + type: string + type: array + x-kubernetes-list-type: atomic + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the vmi to fit on a node. + Selector which must match a node's labels for the vmi to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + required: + - nodeSelector + type: object + type: array + x-kubernetes-list-type: atomic + type: object + memBalloonStatsPeriod: + format: int32 + type: integer + migrations: + description: |- + MigrationConfiguration holds migration options. + Can be overridden for specific groups of VMs though migration policies. + Visit https://kubevirt.io/user-guide/operations/migration_policies/ for more information. + properties: + allowAutoConverge: + description: |- + AllowAutoConverge allows the platform to compromise performance/availability of VMIs to + guarantee successful VMI live migrations. Defaults to false + type: boolean + allowPostCopy: + description: |- + AllowPostCopy enables post-copy live migrations. Such migrations allow even the busiest VMIs + to successfully live-migrate. However, events like a network failure can cause a VMI crash. + If set to true, migrations will still start in pre-copy, but switch to post-copy when + CompletionTimeoutPerGiB triggers. Defaults to false + type: boolean + allowWorkloadDisruption: + description: |- + AllowWorkloadDisruption indicates that the migration shouldn't be + canceled after acceptableCompletionTime is exceeded. Instead, if + permitted, migration will be switched to post-copy or the VMI will be + paused to allow the migration to complete + type: boolean + bandwidthPerMigration: + anyOf: + - type: integer + - type: string + description: |- + BandwidthPerMigration limits the amount of network bandwidth live migrations are allowed to use. + The value is in quantity per second. Defaults to 0 (no limit) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + completionTimeoutPerGiB: + description: |- + CompletionTimeoutPerGiB is the maximum number of seconds per GiB a migration is allowed to take. + If the timeout is reached, the migration will be either paused, switched + to post-copy or cancelled depending on other settings. Defaults to 150 + format: int64 + type: integer + disableTLS: + description: |- + When set to true, DisableTLS will disable the additional layer of live migration encryption + provided by KubeVirt. This is usually a bad idea. Defaults to false + type: boolean + matchSELinuxLevelOnMigration: + description: |- + By default, the SELinux level of target virt-launcher pods is forced to the level of the source virt-launcher. + When set to true, MatchSELinuxLevelOnMigration lets the CRI auto-assign a random level to the target. + That will ensure the target virt-launcher doesn't share categories with another pod on the node. + However, migrations will fail when using RWX volumes that don't automatically deal with SELinux levels. + type: boolean + network: + description: |- + Network is the name of the CNI network to use for live migrations. By default, migrations go + through the pod network. + type: string + nodeDrainTaintKey: + description: |- + NodeDrainTaintKey defines the taint key that indicates a node should be drained. + Note: this option relies on the deprecated node taint feature. Default: kubevirt.io/drain + type: string + parallelMigrationsPerCluster: + description: |- + ParallelMigrationsPerCluster is the total number of concurrent live migrations + allowed cluster-wide. Defaults to 5 + format: int32 + type: integer + parallelOutboundMigrationsPerNode: + description: |- + ParallelOutboundMigrationsPerNode is the maximum number of concurrent outgoing live migrations + allowed per node. Defaults to 2 + format: int32 + type: integer + progressTimeout: + description: |- + ProgressTimeout is the maximum number of seconds a live migration is allowed to make no progress. + Hitting this timeout means a migration transferred 0 data for that many seconds. The migration is + then considered stuck and therefore cancelled. Defaults to 150 + format: int64 + type: integer + unsafeMigrationOverride: + description: |- + UnsafeMigrationOverride allows live migrations to occur even if the compatibility check + indicates the migration will be unsafe to the guest. Defaults to false + type: boolean + type: object + minCPUModel: + type: string + network: + description: NetworkConfiguration holds network options + properties: + binding: + additionalProperties: + properties: + computeResourceOverhead: + description: |- + ComputeResourceOverhead specifies the resource overhead that should be added to the compute container when using the binding. + version: v1alphav1 + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + domainAttachmentType: + description: |- + DomainAttachmentType is a standard domain network attachment method kubevirt supports. + Supported values: "tap", "managedTap" (since v1.4). + The standard domain attachment can be used instead or in addition to the sidecarImage. + version: 1alphav1 + type: string + downwardAPI: + description: |- + DownwardAPI specifies what kind of data should be exposed to the binding plugin sidecar. + Supported values: "device-info" + version: v1alphav1 + type: string + migration: + description: |- + Migration means the VM using the plugin can be safely migrated + version: 1alphav1 + properties: + method: + description: |- + Method defines a pre-defined migration methodology + version: 1alphav1 + type: string + type: object + networkAttachmentDefinition: + description: |- + NetworkAttachmentDefinition references to a NetworkAttachmentDefinition CR object. + Format: , /. + If namespace is not specified, VMI namespace is assumed. + version: 1alphav1 + type: string + sidecarImage: + description: |- + SidecarImage references a container image that runs in the virt-launcher pod. + The sidecar handles (libvirt) domain configuration and optional services. + version: 1alphav1 + type: string + type: object + type: object + defaultNetworkInterface: + type: string + permitBridgeInterfaceOnPodNetwork: + type: boolean + permitSlirpInterface: + description: |- + DeprecatedPermitSlirpInterface is an alias for the deprecated PermitSlirpInterface. + Deprecated: Removed in v1.3. + type: boolean + type: object + obsoleteCPUModels: + additionalProperties: + type: boolean + type: object + ovmfPath: + description: Deprecated. Use architectureConfiguration instead. + type: string + permittedHostDevices: + description: PermittedHostDevices holds information about devices + allowed for passthrough + properties: + mediatedDevices: + items: + description: MediatedHostDevice represents a host mediated + device allowed for passthrough + properties: + externalResourceProvider: + type: boolean + mdevNameSelector: + type: string + resourceName: + type: string + required: + - mdevNameSelector + - resourceName + type: object + type: array + x-kubernetes-list-type: atomic + pciHostDevices: + items: + description: PciHostDevice represents a host PCI device + allowed for passthrough + properties: + externalResourceProvider: + description: |- + If true, KubeVirt will leave the allocation and monitoring to an + external device plugin + type: boolean + pciVendorSelector: + description: The vendor_id:product_id tuple of the PCI + device + type: string + resourceName: + description: |- + The name of the resource that is representing the device. Exposed by + a device plugin and requested by VMs. Typically of the form + vendor.com/product_name + type: string + required: + - pciVendorSelector + - resourceName + type: object + type: array + x-kubernetes-list-type: atomic + usb: + items: + properties: + externalResourceProvider: + description: |- + If true, KubeVirt will leave the allocation and monitoring to an + external device plugin + type: boolean + resourceName: + description: |- + Identifies the list of USB host devices. + e.g: kubevirt.io/storage, kubevirt.io/bootable-usb, etc + type: string + selectors: + items: + properties: + product: + type: string + vendor: + type: string + required: + - product + - vendor + type: object + type: array + x-kubernetes-list-type: atomic + required: + - resourceName + type: object + type: array + x-kubernetes-list-type: atomic + type: object + seccompConfiguration: + description: SeccompConfiguration holds Seccomp configuration + for Kubevirt components + properties: + virtualMachineInstanceProfile: + description: VirtualMachineInstanceProfile defines what profile + should be used with virt-launcher. Defaults to none + properties: + customProfile: + description: CustomProfile allows to request arbitrary + profile for virt-launcher + properties: + localhostProfile: + type: string + runtimeDefaultProfile: + type: boolean + type: object + type: object + type: object + selinuxLauncherType: + type: string + smbios: + properties: + family: + type: string + manufacturer: + type: string + product: + type: string + sku: + type: string + version: + type: string + type: object + supportContainerResources: + description: SupportContainerResources specifies the resource + requirements for various types of supporting containers such + as container disks/virtiofs/sidecars and hotplug attachment + pods. If omitted a sensible default will be supplied. + items: + description: SupportContainerResources are used to specify the + cpu/memory request and limits for the containers that support + various features of Virtual Machines. These containers are + usually idle and don't require a lot of memory or cpu. + properties: + resources: + description: |- + ResourceRequirementsWithoutClaims describes the compute resource requirements. + This struct was taken from the k8s.ResourceRequirements and cleaned up the 'Claims' field. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: + type: string + required: + - resources + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + supportedGuestAgentVersions: + description: deprecated + items: + type: string + type: array + tlsConfiguration: + description: TLSConfiguration holds TLS options + properties: + ciphers: + items: + type: string + type: array + x-kubernetes-list-type: set + minTLSVersion: + description: |- + MinTLSVersion is a way to specify the minimum protocol version that is acceptable for TLS connections. + Protocol versions are based on the following most common TLS configurations: + + https://ssl-config.mozilla.org/ + + Note that SSLv3.0 is not a supported protocol version due to well known + vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + virtualMachineInstancesPerNode: + type: integer + virtualMachineOptions: + description: VirtualMachineOptions holds the cluster level information + regarding the virtual machine. + properties: + disableFreePageReporting: + description: |- + DisableFreePageReporting disable the free page reporting of + memory balloon device https://libvirt.org/formatdomain.html#memory-balloon-device. + This will have effect only if AutoattachMemBalloon is not false and the vmi is not + requesting any high performance feature (dedicatedCPU/realtime/hugePages), in which free page reporting is always disabled. + type: object + disableSerialConsoleLog: + description: |- + DisableSerialConsoleLog disables logging the auto-attached default serial console. + If not set, serial console logs will be written to a file and then streamed from a container named 'guest-console-log'. + The value can be individually overridden for each VM, not relevant if AutoattachSerialConsole is disabled. + type: object + type: object + vmRolloutStrategy: + description: |- + VMRolloutStrategy defines how live-updatable fields, like CPU sockets, memory, + tolerations, and affinity, are propagated from a VM to its VMI. + enum: + - Stage + - LiveUpdate + nullable: true + type: string + vmStateStorageClass: + description: VMStateStorageClass is the name of the storage class + to use for the PVCs created to preserve VM state, like TPM. + type: string + webhookConfiguration: + description: |- + ReloadableComponentConfiguration holds all generic k8s configuration options which can + be reloaded by components without requiring a restart. + properties: + restClient: + description: RestClient can be used to tune certain aspects + of the k8s client in use. + properties: + rateLimiter: + description: RateLimiter allows selecting and configuring + different rate limiters for the k8s client. + properties: + tokenBucketRateLimiter: + properties: + burst: + description: |- + Maximum burst for throttle. + If it's zero, the component default will be used + type: integer + qps: + description: |- + QPS indicates the maximum QPS to the apiserver from this client. + If it's zero, the component default will be used + type: number + required: + - burst + - qps + type: object + type: object + type: object + type: object + type: object + customizeComponents: + properties: + flags: + description: Configure the value used for deployment and daemonset + resources + properties: + api: + additionalProperties: + type: string + type: object + controller: + additionalProperties: + type: string + type: object + handler: + additionalProperties: + type: string + type: object + type: object + patches: + items: + properties: + patch: + type: string + resourceName: + minLength: 1 + type: string + resourceType: + minLength: 1 + type: string + type: + type: string + required: + - patch + - resourceName + - resourceType + - type + type: object + type: array + x-kubernetes-list-type: atomic + type: object + imagePullPolicy: + description: The ImagePullPolicy to use. + type: string + imagePullSecrets: + description: |- + The imagePullSecrets to pull the container images from + Defaults to none + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + imageRegistry: + description: |- + The image registry to pull the container images from + Defaults to the same registry the operator's container image is pulled from. + type: string + imageTag: + description: |- + The image tag to use for the continer images installed. + Defaults to the same tag as the operator's container image. + type: string + infra: + description: selectors and tolerations that should apply to KubeVirt + infrastructure components + properties: + nodePlacement: + description: |- + nodePlacement describes scheduling configuration for specific + KubeVirt components + properties: + affinity: + description: |- + affinity enables pod affinity/anti-affinity placement expanding the types of constraints + that can be expressed with nodeSelector. + affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector + See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector is the node selector applied to the relevant kind of pods + It specifies a map of key-value pairs: for the pod to be eligible to run on a node, + the node must have each of the indicated key-value pairs as labels + (it can have additional labels as well). + See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + type: object + tolerations: + description: |- + tolerations is a list of tolerations applied to the relevant kind of pods + See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info. + These are additional tolerations other than default ones. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: |- + replicas indicates how many replicas should be created for each KubeVirt infrastructure + component (like virt-api or virt-controller). Defaults to 2. + WARNING: this is an advanced feature that prevents auto-scaling for core kubevirt components. Please use with caution! + type: integer + type: object + monitorAccount: + description: |- + The name of the Prometheus service account that needs read-access to KubeVirt endpoints + Defaults to prometheus-k8s + type: string + monitorNamespace: + description: |- + The namespace Prometheus is deployed in + Defaults to openshift-monitor + type: string + productComponent: + description: |- + Designate the apps.kubevirt.io/component label for KubeVirt components. + Useful if KubeVirt is included as part of a product. + If ProductComponent is not specified, the component label default value is kubevirt. + type: string + productName: + description: |- + Designate the apps.kubevirt.io/part-of label for KubeVirt components. + Useful if KubeVirt is included as part of a product. + If ProductName is not specified, the part-of label will be omitted. + type: string + productVersion: + description: |- + Designate the apps.kubevirt.io/version label for KubeVirt components. + Useful if KubeVirt is included as part of a product. + If ProductVersion is not specified, KubeVirt's version will be used. + type: string + serviceMonitorNamespace: + description: |- + The namespace the service monitor will be deployed + When ServiceMonitorNamespace is set, then we'll install the service monitor object in that namespace + otherwise we will use the monitoring namespace. + type: string + uninstallStrategy: + description: |- + Specifies if kubevirt can be deleted if workloads are still present. + This is mainly a precaution to avoid accidental data loss + type: string + workloadUpdateStrategy: + description: |- + WorkloadUpdateStrategy defines at the cluster level how to handle + automated workload updates + properties: + batchEvictionInterval: + description: |- + BatchEvictionInterval Represents the interval to wait before issuing the next + batch of shutdowns + + Defaults to 1 minute + type: string + batchEvictionSize: + description: |- + BatchEvictionSize Represents the number of VMIs that can be forced updated per + the BatchShutdownInteral interval + + Defaults to 10 + type: integer + workloadUpdateMethods: + description: |- + WorkloadUpdateMethods defines the methods that can be used to disrupt workloads + during automated workload updates. + When multiple methods are present, the least disruptive method takes + precedence over more disruptive methods. For example if both LiveMigrate and Shutdown + methods are listed, only VMs which are not live migratable will be restarted/shutdown + + An empty list defaults to no automated workload updating + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + workloads: + description: selectors and tolerations that should apply to KubeVirt + workloads + properties: + nodePlacement: + description: |- + nodePlacement describes scheduling configuration for specific + KubeVirt components + properties: + affinity: + description: |- + affinity enables pod affinity/anti-affinity placement expanding the types of constraints + that can be expressed with nodeSelector. + affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector + See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)' + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector is the node selector applied to the relevant kind of pods + It specifies a map of key-value pairs: for the pod to be eligible to run on a node, + the node must have each of the indicated key-value pairs as labels + (it can have additional labels as well). + See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + type: object + tolerations: + description: |- + tolerations is a list of tolerations applied to the relevant kind of pods + See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info. + These are additional tolerations other than default ones. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: |- + replicas indicates how many replicas should be created for each KubeVirt infrastructure + component (like virt-api or virt-controller). Defaults to 2. + WARNING: this is an advanced feature that prevents auto-scaling for core kubevirt components. Please use with caution! + type: integer + type: object + type: object + status: + description: KubeVirtStatus represents information pertaining to a KubeVirt + deployment. + properties: + conditions: + items: + description: KubeVirtCondition represents a condition of a KubeVirt + deployment + properties: + lastProbeTime: + format: date-time + nullable: true + type: string + lastTransitionTime: + format: date-time + nullable: true + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + defaultArchitecture: + type: string + generations: + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - lastGeneration + - name + - resource + type: object + type: array + x-kubernetes-list-type: atomic + observedDeploymentConfig: + type: string + observedDeploymentID: + type: string + observedGeneration: + format: int64 + type: integer + observedKubeVirtRegistry: + type: string + observedKubeVirtVersion: + type: string + operatorVersion: + type: string + outdatedVirtualMachineInstanceWorkloads: + type: integer + phase: + description: KubeVirtPhase is a label for the phase of a KubeVirt + deployment at the current time. + type: string + targetDeploymentConfig: + type: string + targetDeploymentID: + type: string + targetKubeVirtRegistry: + type: string + targetKubeVirtVersion: + type: string + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} diff --git a/charts/kubevirt/0.6.1/templates/NOTES.txt b/charts/kubevirt/0.6.1/templates/NOTES.txt new file mode 100644 index 00000000..6ff75bf8 --- /dev/null +++ b/charts/kubevirt/0.6.1/templates/NOTES.txt @@ -0,0 +1,2 @@ +Verify that all KubeVirt components are installed correctly: + kubectl get all -n {{ .Release.Namespace }} diff --git a/charts/kubevirt/0.6.1/templates/_helpers.tpl b/charts/kubevirt/0.6.1/templates/_helpers.tpl new file mode 100644 index 00000000..81d11b3a --- /dev/null +++ b/charts/kubevirt/0.6.1/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "kubevirt.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kubevirt.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kubevirt.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kubevirt.labels" -}} +helm.sh/chart: {{ include "kubevirt.chart" . }} +{{ include "kubevirt.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kubevirt.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kubevirt.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "kubevirt.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "kubevirt.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/kubevirt/0.6.1/templates/_hooks.tpl b/charts/kubevirt/0.6.1/templates/_hooks.tpl new file mode 100644 index 00000000..45d484a2 --- /dev/null +++ b/charts/kubevirt/0.6.1/templates/_hooks.tpl @@ -0,0 +1,47 @@ +{{/* Hook annotations */}} +{{- define "kubevirt.hook.annotations" -}} + annotations: + "helm.sh/hook": {{ .hookType }} + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": {{ .hookWeight | quote }} +{{- end -}} + +{{/* Namespace modifying hook annotations */}} +{{- define "kubevirt.namespaceHook.annotations" -}} +{{ template "kubevirt.hook.annotations" merge (dict "hookType" "pre-install") . }} +{{- end -}} + +{{/* CRD upgrading hook annotations */}} +{{- define "kubevirt.crdUpgradeHook.annotations" -}} +{{ template "kubevirt.hook.annotations" merge (dict "hookType" "pre-upgrade") . }} +{{- end -}} + +{{/* Custom resource uninstalling hook annotations */}} +{{- define "kubevirt.crUninstallHook.annotations" -}} +{{ template "kubevirt.hook.annotations" merge (dict "hookType" "pre-delete") . }} +{{- end -}} + +{{/* CRD uninstalling hook annotations */}} +{{- define "kubevirt.crdUninstallHook.annotations" -}} +{{ template "kubevirt.hook.annotations" merge (dict "hookType" "post-delete") . }} +{{- end -}} + +{{/* Namespace modifying hook name */}} +{{- define "kubevirt.namespaceHook.name" -}} +{{ include "kubevirt.fullname" . }}-namespace-modify +{{- end }} + +{{/* CRD upgrading hook name */}} +{{- define "kubevirt.crdUpgradeHook.name" -}} +{{ include "kubevirt.fullname" . }}-crd-upgrade +{{- end }} + +{{/* Custom resource uninstalling hook name */}} +{{- define "kubevirt.crUninstallHook.name" -}} +{{ include "kubevirt.fullname" . }}-uninstall +{{- end }} + +{{/* CRD uninstalling hook name */}} +{{- define "kubevirt.crdUninstallHook.name" -}} +{{ include "kubevirt.fullname" . }}-crd-uninstall +{{- end }} diff --git a/charts/kubevirt/0.6.1/templates/crd-uninstall-hooks.yaml b/charts/kubevirt/0.6.1/templates/crd-uninstall-hooks.yaml new file mode 100644 index 00000000..2480b377 --- /dev/null +++ b/charts/kubevirt/0.6.1/templates/crd-uninstall-hooks.yaml @@ -0,0 +1,55 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.crdUninstallHook.name" . }} + {{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 1) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kubevirt.crdUninstallHook.name" . }} + {{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 1) }} +rules: + - apiGroups: [ "apiextensions.k8s.io" ] + resources: [ "customresourcedefinitions" ] + resourceNames: + - "kubevirts.kubevirt.io" + verbs: [ "delete" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kubevirt.crdUninstallHook.name" . }} + {{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 2) }} +subjects: + - kind: ServiceAccount + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.crdUninstallHook.name" . }} +roleRef: + kind: ClusterRole + name: {{ template "kubevirt.crdUninstallHook.name" . }} + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: batch/v1 +kind: Job +metadata: + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.crdUninstallHook.name" . }} + {{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 3) }} +spec: + template: + metadata: + name: {{ template "kubevirt.crdUninstallHook.name" . }} + spec: + serviceAccountName: {{ template "kubevirt.crdUninstallHook.name" . }} + restartPolicy: {{ .Values.hookRestartPolicy }} + containers: + - name: {{ template "kubevirt.crdUninstallHook.name" . }} + image: {{ .Values.hookImage }} + args: + - delete + - customresourcedefinitions + - kubevirts.kubevirt.io + securityContext: + {{- toYaml .Values.hookSecurityContext | nindent 12 }} diff --git a/charts/kubevirt/0.6.1/templates/crd-upgrade-hooks.yaml b/charts/kubevirt/0.6.1/templates/crd-upgrade-hooks.yaml new file mode 100644 index 00000000..dab97791 --- /dev/null +++ b/charts/kubevirt/0.6.1/templates/crd-upgrade-hooks.yaml @@ -0,0 +1,80 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Release.Namespace }} + name: kubevirt-crd-manifest + {{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 1) }} +data: + crd: |- + {{ $.Files.Get "crds/kubevirt.yaml" | nindent 4 }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.crdUpgradeHook.name" . }} + {{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 2) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kubevirt.crdUpgradeHook.name" . }} + {{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 2) }} +rules: + - apiGroups: [ "" ] + resources: [ "configmaps" ] + resourceNames: + - "kubevirt-crd-manifest" + verbs: [ "get" ] + - apiGroups: [ "apiextensions.k8s.io" ] + resources: [ "customresourcedefinitions" ] + resourceNames: + - "kubevirts.kubevirt.io" + verbs: [ "get", "patch" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kubevirt.crdUpgradeHook.name" . }} + {{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 3) }} +subjects: + - kind: ServiceAccount + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.crdUpgradeHook.name" . }} +roleRef: + kind: ClusterRole + name: {{ template "kubevirt.crdUpgradeHook.name" . }} + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: batch/v1 +kind: Job +metadata: + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.crdUpgradeHook.name" . }} + {{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 4) }} +spec: + template: + metadata: + name: {{ template "kubevirt.crdUpgradeHook.name" . }} + spec: + serviceAccountName: {{ template "kubevirt.crdUpgradeHook.name" . }} + restartPolicy: {{ .Values.hookRestartPolicy }} + containers: + - name: {{ template "kubevirt.crdUpgradeHook.name" . }} + securityContext: + {{- toYaml .Values.hookSecurityContext | nindent 12 }} + image: {{ .Values.hookImage }} + args: + - apply + - -f + - /etc/manifests/crd.yaml + volumeMounts: + - name: crd-volume + mountPath: /etc/manifests + volumes: + - name: crd-volume + configMap: + name: kubevirt-crd-manifest + items: + - key: crd + path: crd.yaml diff --git a/charts/kubevirt/0.6.1/templates/kubevirt-operator.yaml b/charts/kubevirt/0.6.1/templates/kubevirt-operator.yaml new file mode 100644 index 00000000..1eda8d60 --- /dev/null +++ b/charts/kubevirt/0.6.1/templates/kubevirt-operator.yaml @@ -0,0 +1,1424 @@ +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: kubevirt-cluster-critical +value: 1000000000 +globalDefault: false +description: "This priority class should be used for core kubevirt components only." +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubevirt.io:operator + labels: + operator.kubevirt.io: "" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + kubevirt.io: "" + name: kubevirt-operator + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + kubevirt.io: "" + name: kubevirt-operator + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: + - "" + resourceNames: + - kubevirt-ca + - kubevirt-export-ca + - kubevirt-virt-handler-certs + - kubevirt-virt-handler-server-certs + - kubevirt-operator-certs + - kubevirt-virt-api-certs + - kubevirt-controller-certs + - kubevirt-exportproxy-certs + resources: + - secrets + verbs: + - create + - get + - list + - watch + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - watch + - patch + - delete + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - create + - get + - list + - watch + - patch + - delete + - apiGroups: + - route.openshift.io + resources: + - routes/custom-host + verbs: + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - delete + - update + - create + - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - list + - get + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - get + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - delete + - update + - create + - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "" + resourceNames: + - kubevirt-export-ca + resources: + - configmaps + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + kubevirt.io: "" + name: kubevirt-operator-rolebinding + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubevirt-operator +subjects: + - kind: ServiceAccount + name: kubevirt-operator + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + kubevirt.io: "" + name: kubevirt-operator +rules: + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - list + - watch + - patch + - update + - patch + - apiGroups: + - "" + resources: + - serviceaccounts + - services + - endpoints + - pods/exec + verbs: + - get + - list + - watch + - create + - update + - delete + - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - patch + - delete + - apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch + - create + - delete + - patch + - apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - watch + - list + - create + - delete + - patch + - apiGroups: + - apps + resources: + - deployments + - daemonsets + verbs: + - get + - list + - watch + - create + - delete + - patch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - delete + - patch + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - create + - get + - list + - watch + - apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - get + - patch + - update + - apiGroups: + - security.openshift.io + resourceNames: + - kubevirt-handler + - kubevirt-controller + resources: + - securitycontextconstraints + verbs: + - get + - list + - watch + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + - validatingadmissionpolicybindings + - validatingadmissionpolicies + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + - prometheusrules + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - patch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - delete + - patch + - apiGroups: + - kubevirt.io + resources: + - virtualmachines + - virtualmachineinstances + verbs: + - get + - list + - watch + - patch + - update + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - apiGroups: + - kubevirt.io + resources: + - virtualmachines/status + verbs: + - patch + - apiGroups: + - kubevirt.io + resources: + - virtualmachineinstancemigrations + verbs: + - create + - get + - list + - watch + - patch + - apiGroups: + - kubevirt.io + resources: + - virtualmachineinstancepresets + verbs: + - watch + - list + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - limitranges + verbs: + - watch + - list + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - list + - watch + - apiGroups: + - snapshot.kubevirt.io + resources: + - virtualmachinesnapshots + - virtualmachinerestores + - virtualmachinesnapshotcontents + verbs: + - get + - list + - watch + - apiGroups: + - cdi.kubevirt.io + resources: + - datasources + - datavolumes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences + verbs: + - get + - list + - watch + - apiGroups: + - migrations.kubevirt.io + resources: + - migrationpolicies + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - create + - list + - get + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - patch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - delete + - create + - patch + - apiGroups: + - "" + resources: + - pods + - configmaps + - endpoints + - services + verbs: + - get + - list + - watch + - delete + - update + - create + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - update + - create + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - apiGroups: + - "" + resources: + - pods/finalizers + verbs: + - update + - apiGroups: + - "" + resources: + - pods/eviction + verbs: + - create + - apiGroups: + - "" + resources: + - pods/status + verbs: + - patch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - list + - apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - watch + - list + - create + - delete + - get + - update + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - update + - delete + - patch + - apiGroups: + - snapshot.kubevirt.io + resources: + - virtualmachinesnapshots + - virtualmachinesnapshots/status + - virtualmachinesnapshots/finalizers + - virtualmachinesnapshotcontents + - virtualmachinesnapshotcontents/status + - virtualmachinesnapshotcontents/finalizers + - virtualmachinerestores + - virtualmachinerestores/status + verbs: + - get + - list + - watch + - create + - update + - delete + - patch + - apiGroups: + - export.kubevirt.io + resources: + - virtualmachineexports + - virtualmachineexports/status + - virtualmachineexports/finalizers + verbs: + - get + - list + - watch + - create + - update + - delete + - patch + - apiGroups: + - pool.kubevirt.io + resources: + - virtualmachinepools + - virtualmachinepools/finalizers + - virtualmachinepools/status + - virtualmachinepools/scale + verbs: + - watch + - list + - create + - delete + - update + - patch + - get + - apiGroups: + - kubevirt.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - kubevirt.io + resources: + - virtualmachines/finalizers + - virtualmachineinstances/finalizers + verbs: + - update + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/stop + - virtualmachineinstances/addvolume + - virtualmachineinstances/removevolume + - virtualmachineinstances/freeze + - virtualmachineinstances/unfreeze + - virtualmachineinstances/reset + - virtualmachineinstances/softreboot + - virtualmachineinstances/sev/setupsession + - virtualmachineinstances/sev/injectlaunchsecret + verbs: + - update + - apiGroups: + - cdi.kubevirt.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - get + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences + verbs: + - get + - list + - watch + - apiGroups: + - migrations.kubevirt.io + resources: + - migrationpolicies + verbs: + - get + - list + - watch + - apiGroups: + - clone.kubevirt.io + resources: + - virtualmachineclones + - virtualmachineclones/status + - virtualmachineclones/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - resourcequotas + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - get + - delete + - apiGroups: + - kubevirt.io + resources: + - virtualmachineinstances + verbs: + - update + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - patch + - list + - watch + - get + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - list + - watch + - apiGroups: + - migrations.kubevirt.io + resources: + - migrationpolicies + verbs: + - get + - list + - watch + - apiGroups: + - export.kubevirt.io + resources: + - virtualmachineexports + verbs: + - get + - list + - watch + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - list + - watch + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - list + - apiGroups: + - subresources.kubevirt.io + resources: + - version + - guestfs + verbs: + - get + - list + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachineinstances/console + - virtualmachineinstances/vnc + - virtualmachineinstances/vnc/screenshot + - virtualmachineinstances/portforward + - virtualmachineinstances/guestosinfo + - virtualmachineinstances/filesystemlist + - virtualmachineinstances/userlist + - virtualmachineinstances/sev/fetchcertchain + - virtualmachineinstances/sev/querylaunchmeasurement + - virtualmachineinstances/usbredir + verbs: + - get + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachineinstances/pause + - virtualmachineinstances/unpause + - virtualmachineinstances/addvolume + - virtualmachineinstances/removevolume + - virtualmachineinstances/freeze + - virtualmachineinstances/unfreeze + - virtualmachineinstances/softreboot + - virtualmachineinstances/reset + - virtualmachineinstances/sev/setupsession + - virtualmachineinstances/sev/injectlaunchsecret + verbs: + - update + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/expand-spec + - virtualmachines/portforward + verbs: + - get + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/start + - virtualmachines/stop + - virtualmachines/restart + - virtualmachines/addvolume + - virtualmachines/removevolume + - virtualmachines/memorydump + verbs: + - update + - apiGroups: + - subresources.kubevirt.io + resources: + - expand-vm-spec + verbs: + - update + - apiGroups: + - kubevirt.io + resources: + - virtualmachines + - virtualmachineinstances + - virtualmachineinstancepresets + - virtualmachineinstancereplicasets + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection + - apiGroups: + - kubevirt.io + resources: + - virtualmachineinstancemigrations + verbs: + - get + - list + - watch + - apiGroups: + - snapshot.kubevirt.io + resources: + - virtualmachinesnapshots + - virtualmachinesnapshotcontents + - virtualmachinerestores + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection + - apiGroups: + - export.kubevirt.io + resources: + - virtualmachineexports + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection + - apiGroups: + - clone.kubevirt.io + resources: + - virtualmachineclones + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection + - apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection + - apiGroups: + - pool.kubevirt.io + resources: + - virtualmachinepools + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection + - apiGroups: + - migrations.kubevirt.io + resources: + - migrationpolicies + verbs: + - get + - list + - watch + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachineinstances/console + - virtualmachineinstances/vnc + - virtualmachineinstances/vnc/screenshot + - virtualmachineinstances/portforward + - virtualmachineinstances/guestosinfo + - virtualmachineinstances/filesystemlist + - virtualmachineinstances/userlist + - virtualmachineinstances/sev/fetchcertchain + - virtualmachineinstances/sev/querylaunchmeasurement + - virtualmachineinstances/usbredir + verbs: + - get + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachineinstances/pause + - virtualmachineinstances/unpause + - virtualmachineinstances/addvolume + - virtualmachineinstances/removevolume + - virtualmachineinstances/freeze + - virtualmachineinstances/unfreeze + - virtualmachineinstances/softreboot + - virtualmachineinstances/reset + - virtualmachineinstances/sev/setupsession + - virtualmachineinstances/sev/injectlaunchsecret + verbs: + - update + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/expand-spec + - virtualmachines/portforward + verbs: + - get + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/start + - virtualmachines/stop + - virtualmachines/restart + - virtualmachines/addvolume + - virtualmachines/removevolume + - virtualmachines/memorydump + verbs: + - update + - apiGroups: + - subresources.kubevirt.io + resources: + - expand-vm-spec + verbs: + - update + - apiGroups: + - kubevirt.io + resources: + - virtualmachines + - virtualmachineinstances + - virtualmachineinstancepresets + - virtualmachineinstancereplicasets + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - apiGroups: + - kubevirt.io + resources: + - virtualmachineinstancemigrations + verbs: + - get + - list + - watch + - apiGroups: + - snapshot.kubevirt.io + resources: + - virtualmachinesnapshots + - virtualmachinesnapshotcontents + - virtualmachinerestores + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - apiGroups: + - export.kubevirt.io + resources: + - virtualmachineexports + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - apiGroups: + - clone.kubevirt.io + resources: + - virtualmachineclones + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - apiGroups: + - pool.kubevirt.io + resources: + - virtualmachinepools + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - list + - apiGroups: + - migrations.kubevirt.io + resources: + - migrationpolicies + verbs: + - get + - list + - watch + - apiGroups: + - kubevirt.io + resources: + - kubevirts + verbs: + - get + - list + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/expand-spec + - virtualmachineinstances/guestosinfo + - virtualmachineinstances/filesystemlist + - virtualmachineinstances/userlist + - virtualmachineinstances/sev/fetchcertchain + - virtualmachineinstances/sev/querylaunchmeasurement + verbs: + - get + - apiGroups: + - subresources.kubevirt.io + resources: + - expand-vm-spec + verbs: + - update + - apiGroups: + - kubevirt.io + resources: + - virtualmachines + - virtualmachineinstances + - virtualmachineinstancepresets + - virtualmachineinstancereplicasets + - virtualmachineinstancemigrations + verbs: + - get + - list + - watch + - apiGroups: + - snapshot.kubevirt.io + resources: + - virtualmachinesnapshots + - virtualmachinesnapshotcontents + - virtualmachinerestores + verbs: + - get + - list + - watch + - apiGroups: + - export.kubevirt.io + resources: + - virtualmachineexports + verbs: + - get + - list + - watch + - apiGroups: + - clone.kubevirt.io + resources: + - virtualmachineclones + verbs: + - get + - list + - watch + - apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineinstancetypes + - virtualmachineclusterinstancetypes + - virtualmachinepreferences + - virtualmachineclusterpreferences + verbs: + - get + - list + - watch + - apiGroups: + - pool.kubevirt.io + resources: + - virtualmachinepools + verbs: + - get + - list + - watch + - apiGroups: + - migrations.kubevirt.io + resources: + - migrationpolicies + verbs: + - get + - list + - watch + - apiGroups: + - instancetype.kubevirt.io + resources: + - virtualmachineclusterinstancetypes + - virtualmachineclusterpreferences + verbs: + - get + - list + - watch + - apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/migrate + verbs: + - update + - apiGroups: + - kubevirt.io + resources: + - virtualmachineinstancemigrations + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + kubevirt.io: "" + name: kubevirt-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubevirt-operator +subjects: + - kind: ServiceAccount + name: kubevirt-operator + namespace: {{ .Release.Namespace }} + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + kubevirt.io: virt-operator + name: virt-operator + namespace: {{ .Release.Namespace }} +spec: + replicas: {{ .Values.operator.replicas }} + selector: + matchLabels: + kubevirt.io: virt-operator + strategy: + type: RollingUpdate + template: + metadata: + annotations: + openshift.io/required-scc: restricted-v2 + labels: + kubevirt.io: virt-operator + name: virt-operator + prometheus.kubevirt.io: "true" + name: virt-operator + spec: + affinity: +{{- .Values.operator.affinity | toYaml | nindent 8 }} + containers: + - args: + - --port + - "8443" + - -v + - "2" + command: + - virt-operator + env: + - name: VIRT_OPERATOR_IMAGE + value: {{ .Values.operator.image }}:{{ .Values.operator.version }} + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: KUBEVIRT_VERSION + value: {{ .Values.operator.version }} + image: {{ .Values.operator.image }}:{{ .Values.operator.version }} + imagePullPolicy: {{ .Values.operator.pullPolicy }} + name: virt-operator + ports: + - containerPort: 8443 + name: metrics + protocol: TCP + - containerPort: 8444 + name: webhooks + protocol: TCP + readinessProbe: + httpGet: + path: /metrics + port: 8443 + scheme: HTTPS + initialDelaySeconds: 5 + timeoutSeconds: 10 + resources: +{{- .Values.operator.resources | toYaml | nindent 12 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/virt-operator/certificates + name: kubevirt-operator-certs + readOnly: true + - mountPath: /profile-data + name: profile-data + nodeSelector: + kubernetes.io/os: linux + priorityClassName: kubevirt-cluster-critical + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: kubevirt-operator + tolerations: + - key: CriticalAddonsOnly + operator: Exists + volumes: + - name: kubevirt-operator-certs + secret: + optional: true + secretName: kubevirt-operator-certs + - emptyDir: {} + name: profile-data diff --git a/charts/kubevirt/0.6.1/templates/kubevirt-uninstall-hooks.yaml b/charts/kubevirt/0.6.1/templates/kubevirt-uninstall-hooks.yaml new file mode 100644 index 00000000..1e2ea4ff --- /dev/null +++ b/charts/kubevirt/0.6.1/templates/kubevirt-uninstall-hooks.yaml @@ -0,0 +1,71 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.crUninstallHook.name" . }} + {{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 1) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.crUninstallHook.name" . }} + {{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 1) }} +rules: + - apiGroups: [ "kubevirt.io" ] + resources: [ "kubevirts" ] + resourceNames: + - "kubevirt" + verbs: [ "get", "list", "delete" ] + - apiGroups: [ "apps" ] + resources: [ "deployments", "daemonsets" ] + verbs: [ "get", "list" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.crUninstallHook.name" . }} + {{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 2) }} +subjects: + - kind: ServiceAccount + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.crUninstallHook.name" . }} +roleRef: + kind: Role + name: {{ template "kubevirt.crUninstallHook.name" . }} + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: batch/v1 +kind: Job +metadata: + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.crUninstallHook.name" . }} + {{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 3) }} +spec: + template: + metadata: + name: {{ template "kubevirt.crUninstallHook.name" . }} + spec: + serviceAccountName: {{ template "kubevirt.crUninstallHook.name" . }} + restartPolicy: {{ .Values.hookRestartPolicy }} + containers: + - name: {{ template "kubevirt.crUninstallHook.name" . }} + image: {{ .Values.hookImage }} + securityContext: + {{- toYaml .Values.hookSecurityContext | nindent 12 }} + args: + - delete + - kubevirt + - kubevirt + - name: {{ template "kubevirt.crUninstallHook.name" . }}-cleanup + image: {{ .Values.hookImage }} + securityContext: + {{- toYaml .Values.hookSecurityContext | nindent 12 }} + args: + - wait + - --for=delete + - deployments/virt-api + - deployments/virt-controller + - daemonsets/virt-handler + - --timeout=60s diff --git a/charts/kubevirt/0.6.1/templates/kubevirt.yaml b/charts/kubevirt/0.6.1/templates/kubevirt.yaml new file mode 100644 index 00000000..e7d4bd94 --- /dev/null +++ b/charts/kubevirt/0.6.1/templates/kubevirt.yaml @@ -0,0 +1,44 @@ +apiVersion: kubevirt.io/v1 +kind: KubeVirt +metadata: + name: kubevirt + namespace: {{ .Release.Namespace }} + {{- with .Values.kubevirt.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.kubevirt.labels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with .Values.kubevirt.configuration }} + configuration: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.kubevirt.customizeComponents }} + customizeComponents: + {{- toYaml . | nindent 4 }} + {{- end }} + imagePullPolicy: {{ .Values.kubevirt.imagePullPolicy }} + {{- with .Values.kubevirt.infra }} + infra: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.kubevirt.uninstallStrategy }} + uninstallStrategy: {{ .Values.kubevirt.uninstallStrategy }} + {{- end }} + {{- with .Values.kubevirt.workloads }} + workloads: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.kubevirt.workloadUpdateStrategy }} + workloadUpdateStrategy: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.kubevirt.monitorNamespace }} + monitorNamespace: {{ .Values.kubevirt.monitorNamespace }} + {{- end }} + {{- if .Values.kubevirt.monitorAccount }} + monitorAccount: {{ .Values.kubevirt.monitorAccount }} + {{- end }} diff --git a/charts/kubevirt/0.6.1/templates/namespace-hooks.yaml b/charts/kubevirt/0.6.1/templates/namespace-hooks.yaml new file mode 100644 index 00000000..2fc43180 --- /dev/null +++ b/charts/kubevirt/0.6.1/templates/namespace-hooks.yaml @@ -0,0 +1,60 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.namespaceHook.name" . }} + {{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 1) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kubevirt.namespaceHook.name" . }} + {{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 1) }} +rules: + - apiGroups: [ "" ] + resources: [ "namespaces" ] + resourceNames: + - {{ .Release.Namespace | quote }} + verbs: [ "get", "patch" ] + - apiGroups: [ "management.cattle.io" ] # Rancher + resources: [ "projects" ] + verbs: [ "updatepsa" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kubevirt.namespaceHook.name" . }} + {{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 2) }} +subjects: + - kind: ServiceAccount + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.namespaceHook.name" . }} +roleRef: + kind: ClusterRole + name: {{ template "kubevirt.namespaceHook.name" . }} + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: batch/v1 +kind: Job +metadata: + namespace: {{ .Release.Namespace }} + name: {{ template "kubevirt.namespaceHook.name" . }} + {{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 3) }} +spec: + template: + metadata: + name: {{ template "kubevirt.namespaceHook.name" . }} + spec: + serviceAccountName: {{ template "kubevirt.namespaceHook.name" . }} + restartPolicy: {{ .Values.hookRestartPolicy }} + containers: + - name: {{ template "kubevirt.namespaceHook.name" . }} + securityContext: + {{- toYaml .Values.hookSecurityContext | nindent 12 }} + image: {{ .Values.hookImage }} + args: + - label + - namespace + - {{ .Release.Namespace }} + - kubevirt.io= + - pod-security.kubernetes.io/enforce=privileged diff --git a/charts/kubevirt/0.6.1/values.yaml b/charts/kubevirt/0.6.1/values.yaml new file mode 100644 index 00000000..65ed2c2b --- /dev/null +++ b/charts/kubevirt/0.6.1/values.yaml @@ -0,0 +1,59 @@ +operator: + image: registry.suse.com/suse/sles/15.7/virt-operator + version: 1.5.2-150700.3.5.2 + replicas: 2 + pullPolicy: IfNotPresent + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: kubevirt.io + operator: In + values: + - virt-operator + topologyKey: kubernetes.io/hostname + weight: 1 + resources: + requests: + cpu: 10m + memory: 450Mi + +kubevirt: + # Extra annotations for KubeVirt CR. + # Useful for advanced configuration such as: + # https://kubevirt.io/user-guide/compute/dedicated_cpu_resources/#compute-nodes-with-smt-enabled + annotations: {} + # Extra labels for KubeVirt CR. + labels: {} + # Holds kubevirt configurations. Same as the virt-configMap. + configuration: {} + customizeComponents: {} + # The ImagePullPolicy to use. + imagePullPolicy: IfNotPresent + # Selectors and tolerations that should apply to KubeVirt infrastructure components. + infra: {} + # Specifies if KubeVirt can be deleted if workloads are still present. + # This is mainly a precaution to avoid accidental data loss. + uninstallStrategy: "" + # Selectors and tolerations that should apply to KubeVirt workloads. + workloads: {} + # WorkloadUpdateStrategy defines at the cluster level how to handle automated workload updates. + workloadUpdateStrategy: {} + # Optionally enable ServiceMonitor for prometheus, see + # https://kubevirt.io/user-guide/user_workloads/component_monitoring/ + monitorAccount: "" + monitorNamespace: "" + +hookImage: rancher/kubectl:v1.33.1 +hookRestartPolicy: OnFailure +hookSecurityContext: + seccompProfile: + type: RuntimeDefault + runAsNonRoot: true + runAsUser: 1000 + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL diff --git a/index.html b/index.html index c4942d97..505e1a14 100755 --- a/index.html +++ b/index.html @@ -223,14 +223,14 @@

Charts

- +

kubevirt - (0.6.0@1.5.2) + (0.6.1@1.5.2) github link @@ -420,7 +420,7 @@

Charts

- Generated on: + Generated on: diff --git a/index.yaml b/index.yaml index 93a962d3..c405673d 100755 --- a/index.yaml +++ b/index.yaml @@ -321,6 +321,17 @@ entries: - assets/endpoint-copier-operator/endpoint-copier-operator-0.2.0.tgz version: 0.2.0 kubevirt: + - apiVersion: v2 + appVersion: 1.5.2 + created: "2025-09-10T08:39:10.302290164Z" + description: A Helm chart for KubeVirt + digest: 5738246fe009e06677495a1582e8d6925fbc121d374fe2e797c64c5306931d45 + icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg + name: kubevirt + type: application + urls: + - assets/kubevirt/kubevirt-0.6.1.tgz + version: 0.6.1 - apiVersion: v2 appVersion: 1.5.2 created: "2025-08-28T14:58:57.80883+03:00" diff --git a/packages/kubevirt/charts/Chart.yaml b/packages/kubevirt/charts/Chart.yaml index 778a4d70..f8e45205 100644 --- a/packages/kubevirt/charts/Chart.yaml +++ b/packages/kubevirt/charts/Chart.yaml @@ -4,4 +4,4 @@ description: A Helm chart for KubeVirt icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg name: kubevirt type: application -version: 0.6.0 +version: 0.6.1 diff --git a/packages/kubevirt/package.yaml b/packages/kubevirt/package.yaml index 9e7353d0..907698e5 100644 --- a/packages/kubevirt/package.yaml +++ b/packages/kubevirt/package.yaml @@ -1,2 +1,2 @@ url: local -version: 0.6.0 +version: 0.6.1