mirror of
https://github.com/tailscale/tailscale.git
synced 2026-05-08 05:36:38 +02:00
eea39eaf52
This commit modifies the `DNSConfig` custom resource to allow the user to specify affinity rules on the nameserver pods. Updates: https://github.com/tailscale/tailscale/issues/18556 Signed-off-by: David Bond <davidsbond93@gmail.com>
1112 lines
82 KiB
YAML
1112 lines
82 KiB
YAML
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.17.0
|
|
name: dnsconfigs.tailscale.com
|
|
spec:
|
|
group: tailscale.com
|
|
names:
|
|
kind: DNSConfig
|
|
listKind: DNSConfigList
|
|
plural: dnsconfigs
|
|
shortNames:
|
|
- dc
|
|
singular: dnsconfig
|
|
scope: Cluster
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- description: Service IP address of the nameserver
|
|
jsonPath: .status.nameserver.ip
|
|
name: NameserverIP
|
|
type: string
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: |-
|
|
DNSConfig can be deployed to cluster to make a subset of Tailscale MagicDNS
|
|
names resolvable by cluster workloads. Use this if: A) you need to refer to
|
|
tailnet services, exposed to cluster via Tailscale Kubernetes operator egress
|
|
proxies by the MagicDNS names of those tailnet services (usually because the
|
|
services run over HTTPS)
|
|
B) you have exposed a cluster workload to the tailnet using Tailscale Ingress
|
|
and you also want to refer to the workload from within the cluster over the
|
|
Ingress's MagicDNS name (usually because you have some callback component
|
|
that needs to use the same URL as that used by a non-cluster client on
|
|
tailnet).
|
|
When a DNSConfig is applied to a cluster, Tailscale Kubernetes operator will
|
|
deploy a nameserver for ts.net DNS names and automatically populate it with records
|
|
for any Tailscale egress or Ingress proxies deployed to that cluster.
|
|
Currently you must manually update your cluster DNS configuration to add the
|
|
IP address of the deployed nameserver as a ts.net stub nameserver.
|
|
Instructions for how to do it:
|
|
https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#configuration-of-stub-domain-and-upstream-nameserver-using-coredns (for CoreDNS),
|
|
https://cloud.google.com/kubernetes-engine/docs/how-to/kube-dns (for kube-dns).
|
|
Tailscale Kubernetes operator will write the address of a Service fronting
|
|
the nameserver to dsnconfig.status.nameserver.ip.
|
|
DNSConfig is a singleton - you must not create more than one.
|
|
NB: if you want cluster workloads to be able to refer to Tailscale Ingress
|
|
using its MagicDNS name, you must also annotate the Ingress resource with
|
|
tailscale.com/experimental-forward-cluster-traffic-via-ingress annotation to
|
|
ensure that the proxy created for the Ingress listens on its Pod IP address.
|
|
type: object
|
|
required:
|
|
- spec
|
|
properties:
|
|
apiVersion:
|
|
description: |-
|
|
APIVersion defines the versioned schema of this representation of an object.
|
|
Servers should convert recognized schemas to the latest internal value, and
|
|
may reject unrecognized values.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind is a string value representing the REST resource this object represents.
|
|
Servers may infer this from the endpoint the client submits requests to.
|
|
Cannot be updated.
|
|
In CamelCase.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: |-
|
|
Spec describes the desired DNS configuration.
|
|
More info:
|
|
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
|
|
type: object
|
|
required:
|
|
- nameserver
|
|
properties:
|
|
nameserver:
|
|
description: |-
|
|
Configuration for a nameserver that can resolve ts.net DNS names
|
|
associated with in-cluster proxies for Tailscale egress Services and
|
|
Tailscale Ingresses. The operator will always deploy this nameserver
|
|
when a DNSConfig is applied.
|
|
type: object
|
|
properties:
|
|
image:
|
|
description: Nameserver image. Defaults to tailscale/k8s-nameserver:unstable.
|
|
type: object
|
|
properties:
|
|
repo:
|
|
description: Repo defaults to tailscale/k8s-nameserver.
|
|
type: string
|
|
tag:
|
|
description: Tag defaults to unstable.
|
|
type: string
|
|
pod:
|
|
description: Pod configuration.
|
|
type: object
|
|
properties:
|
|
affinity:
|
|
description: If specified, applies affinity rules to the pods deployed by the DNSConfig resource.
|
|
type: object
|
|
properties:
|
|
nodeAffinity:
|
|
description: Describes node affinity scheduling rules for the pod.
|
|
type: object
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
The scheduler will prefer to schedule pods to nodes that satisfy
|
|
the affinity expressions specified by this field, but it may choose
|
|
a node that violates one or more of the expressions. The node that is
|
|
most preferred is the one with the greatest sum of weights, i.e.
|
|
for each node that meets all of the scheduling requirements (resource
|
|
request, requiredDuringScheduling affinity expressions, etc.),
|
|
compute a sum by iterating through the elements of this field and adding
|
|
"weight" to the sum if the node matches the corresponding matchExpressions; the
|
|
node(s) with the highest sum are the most preferred.
|
|
type: array
|
|
items:
|
|
description: |-
|
|
An empty preferred scheduling term matches all objects with implicit weight 0
|
|
(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
|
|
type: object
|
|
required:
|
|
- preference
|
|
- weight
|
|
properties:
|
|
preference:
|
|
description: A node selector term, associated with the corresponding weight.
|
|
type: object
|
|
properties:
|
|
matchExpressions:
|
|
description: A list of node selector requirements by node's labels.
|
|
type: array
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
type: object
|
|
required:
|
|
- key
|
|
- operator
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
type: array
|
|
items:
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
x-kubernetes-list-type: atomic
|
|
matchFields:
|
|
description: A list of node selector requirements by node's fields.
|
|
type: array
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
type: object
|
|
required:
|
|
- key
|
|
- operator
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
type: array
|
|
items:
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
x-kubernetes-list-type: atomic
|
|
x-kubernetes-map-type: atomic
|
|
weight:
|
|
description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
|
|
type: integer
|
|
format: int32
|
|
x-kubernetes-list-type: atomic
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
If the affinity requirements specified by this field are not met at
|
|
scheduling time, the pod will not be scheduled onto the node.
|
|
If the affinity requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to an update), the system
|
|
may or may not try to eventually evict the pod from its node.
|
|
type: object
|
|
required:
|
|
- nodeSelectorTerms
|
|
properties:
|
|
nodeSelectorTerms:
|
|
description: Required. A list of node selector terms. The terms are ORed.
|
|
type: array
|
|
items:
|
|
description: |-
|
|
A null or empty node selector term matches no objects. The requirements of
|
|
them are ANDed.
|
|
The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
|
|
type: object
|
|
properties:
|
|
matchExpressions:
|
|
description: A list of node selector requirements by node's labels.
|
|
type: array
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
type: object
|
|
required:
|
|
- key
|
|
- operator
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
type: array
|
|
items:
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
x-kubernetes-list-type: atomic
|
|
matchFields:
|
|
description: A list of node selector requirements by node's fields.
|
|
type: array
|
|
items:
|
|
description: |-
|
|
A node selector requirement is a selector that contains values, a key, and an operator
|
|
that relates the key and values.
|
|
type: object
|
|
required:
|
|
- key
|
|
- operator
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
An array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. If the operator is Gt or Lt, the values
|
|
array must have a single element, which will be interpreted as an integer.
|
|
This array is replaced during a strategic merge patch.
|
|
type: array
|
|
items:
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
x-kubernetes-list-type: atomic
|
|
x-kubernetes-map-type: atomic
|
|
x-kubernetes-list-type: atomic
|
|
x-kubernetes-map-type: atomic
|
|
podAffinity:
|
|
description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
|
|
type: object
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
The scheduler will prefer to schedule pods to nodes that satisfy
|
|
the affinity expressions specified by this field, but it may choose
|
|
a node that violates one or more of the expressions. The node that is
|
|
most preferred is the one with the greatest sum of weights, i.e.
|
|
for each node that meets all of the scheduling requirements (resource
|
|
request, requiredDuringScheduling affinity expressions, etc.),
|
|
compute a sum by iterating through the elements of this field and adding
|
|
"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
|
|
node(s) with the highest sum are the most preferred.
|
|
type: array
|
|
items:
|
|
description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
|
|
type: object
|
|
required:
|
|
- podAffinityTerm
|
|
- weight
|
|
properties:
|
|
podAffinityTerm:
|
|
description: Required. A pod affinity term, associated with the corresponding weight.
|
|
type: object
|
|
required:
|
|
- topologyKey
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
type: object
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
type: array
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
type: object
|
|
required:
|
|
- key
|
|
- operator
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
type: array
|
|
items:
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
additionalProperties:
|
|
type: string
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
type: array
|
|
items:
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
type: array
|
|
items:
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
type: object
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
type: array
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
type: object
|
|
required:
|
|
- key
|
|
- operator
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
type: array
|
|
items:
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
additionalProperties:
|
|
type: string
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
type: array
|
|
items:
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
weight:
|
|
description: |-
|
|
weight associated with matching the corresponding podAffinityTerm,
|
|
in the range 1-100.
|
|
type: integer
|
|
format: int32
|
|
x-kubernetes-list-type: atomic
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
If the affinity requirements specified by this field are not met at
|
|
scheduling time, the pod will not be scheduled onto the node.
|
|
If the affinity requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to a pod label update), the
|
|
system may or may not try to eventually evict the pod from its node.
|
|
When there are multiple elements, the lists of nodes corresponding to each
|
|
podAffinityTerm are intersected, i.e. all terms must be satisfied.
|
|
type: array
|
|
items:
|
|
description: |-
|
|
Defines a set of pods (namely those matching the labelSelector
|
|
relative to the given namespace(s)) that this pod should be
|
|
co-located (affinity) or not co-located (anti-affinity) with,
|
|
where co-located is defined as running on a node whose value of
|
|
the label with key <topologyKey> matches that of any node on which
|
|
a pod of the set of pods is running
|
|
type: object
|
|
required:
|
|
- topologyKey
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
type: object
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
type: array
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
type: object
|
|
required:
|
|
- key
|
|
- operator
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
type: array
|
|
items:
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
additionalProperties:
|
|
type: string
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
type: array
|
|
items:
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
type: array
|
|
items:
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
type: object
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
type: array
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
type: object
|
|
required:
|
|
- key
|
|
- operator
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
type: array
|
|
items:
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
additionalProperties:
|
|
type: string
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
type: array
|
|
items:
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
podAntiAffinity:
|
|
description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
|
|
type: object
|
|
properties:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
The scheduler will prefer to schedule pods to nodes that satisfy
|
|
the anti-affinity expressions specified by this field, but it may choose
|
|
a node that violates one or more of the expressions. The node that is
|
|
most preferred is the one with the greatest sum of weights, i.e.
|
|
for each node that meets all of the scheduling requirements (resource
|
|
request, requiredDuringScheduling anti-affinity expressions, etc.),
|
|
compute a sum by iterating through the elements of this field and subtracting
|
|
"weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the
|
|
node(s) with the highest sum are the most preferred.
|
|
type: array
|
|
items:
|
|
description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
|
|
type: object
|
|
required:
|
|
- podAffinityTerm
|
|
- weight
|
|
properties:
|
|
podAffinityTerm:
|
|
description: Required. A pod affinity term, associated with the corresponding weight.
|
|
type: object
|
|
required:
|
|
- topologyKey
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
type: object
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
type: array
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
type: object
|
|
required:
|
|
- key
|
|
- operator
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
type: array
|
|
items:
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
additionalProperties:
|
|
type: string
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
type: array
|
|
items:
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
type: array
|
|
items:
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
type: object
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
type: array
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
type: object
|
|
required:
|
|
- key
|
|
- operator
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
type: array
|
|
items:
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
additionalProperties:
|
|
type: string
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
type: array
|
|
items:
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
weight:
|
|
description: |-
|
|
weight associated with matching the corresponding podAffinityTerm,
|
|
in the range 1-100.
|
|
type: integer
|
|
format: int32
|
|
x-kubernetes-list-type: atomic
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
description: |-
|
|
If the anti-affinity requirements specified by this field are not met at
|
|
scheduling time, the pod will not be scheduled onto the node.
|
|
If the anti-affinity requirements specified by this field cease to be met
|
|
at some point during pod execution (e.g. due to a pod label update), the
|
|
system may or may not try to eventually evict the pod from its node.
|
|
When there are multiple elements, the lists of nodes corresponding to each
|
|
podAffinityTerm are intersected, i.e. all terms must be satisfied.
|
|
type: array
|
|
items:
|
|
description: |-
|
|
Defines a set of pods (namely those matching the labelSelector
|
|
relative to the given namespace(s)) that this pod should be
|
|
co-located (affinity) or not co-located (anti-affinity) with,
|
|
where co-located is defined as running on a node whose value of
|
|
the label with key <topologyKey> matches that of any node on which
|
|
a pod of the set of pods is running
|
|
type: object
|
|
required:
|
|
- topologyKey
|
|
properties:
|
|
labelSelector:
|
|
description: |-
|
|
A label query over a set of resources, in this case pods.
|
|
If it's null, this PodAffinityTerm matches with no Pods.
|
|
type: object
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
type: array
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
type: object
|
|
required:
|
|
- key
|
|
- operator
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
type: array
|
|
items:
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
additionalProperties:
|
|
type: string
|
|
x-kubernetes-map-type: atomic
|
|
matchLabelKeys:
|
|
description: |-
|
|
MatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
|
|
Also, matchLabelKeys cannot be set when labelSelector isn't set.
|
|
type: array
|
|
items:
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
mismatchLabelKeys:
|
|
description: |-
|
|
MismatchLabelKeys is a set of pod label keys to select which pods will
|
|
be taken into consideration. The keys are used to lookup values from the
|
|
incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
|
|
to select the group of existing pods which pods will be taken into consideration
|
|
for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
|
|
pod labels will be ignored. The default value is empty.
|
|
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
|
|
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
|
|
type: array
|
|
items:
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
namespaceSelector:
|
|
description: |-
|
|
A label query over the set of namespaces that the term applies to.
|
|
The term is applied to the union of the namespaces selected by this field
|
|
and the ones listed in the namespaces field.
|
|
null selector and null or empty namespaces list means "this pod's namespace".
|
|
An empty selector ({}) matches all namespaces.
|
|
type: object
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
|
|
type: array
|
|
items:
|
|
description: |-
|
|
A label selector requirement is a selector that contains values, a key, and an operator that
|
|
relates the key and values.
|
|
type: object
|
|
required:
|
|
- key
|
|
- operator
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
operator represents a key's relationship to a set of values.
|
|
Valid operators are In, NotIn, Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: |-
|
|
values is an array of string values. If the operator is In or NotIn,
|
|
the values array must be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced during a strategic
|
|
merge patch.
|
|
type: array
|
|
items:
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
x-kubernetes-list-type: atomic
|
|
matchLabels:
|
|
description: |-
|
|
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
|
|
map is equivalent to an element of matchExpressions, whose key field is "key", the
|
|
operator is "In", and the values array contains only "value". The requirements are ANDed.
|
|
type: object
|
|
additionalProperties:
|
|
type: string
|
|
x-kubernetes-map-type: atomic
|
|
namespaces:
|
|
description: |-
|
|
namespaces specifies a static list of namespace names that the term applies to.
|
|
The term is applied to the union of the namespaces listed in this field
|
|
and the ones selected by namespaceSelector.
|
|
null or empty namespaces list and null namespaceSelector means "this pod's namespace".
|
|
type: array
|
|
items:
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
topologyKey:
|
|
description: |-
|
|
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
|
|
the labelSelector in the specified namespaces, where co-located is defined as running on a node
|
|
whose value of the label with key topologyKey matches that of any node on which any of the
|
|
selected pods is running.
|
|
Empty topologyKey is not allowed.
|
|
type: string
|
|
x-kubernetes-list-type: atomic
|
|
tolerations:
|
|
description: If specified, applies tolerations to the pods deployed by the DNSConfig resource.
|
|
type: array
|
|
items:
|
|
description: |-
|
|
The pod this Toleration is attached to tolerates any taint that matches
|
|
the triple <key,value,effect> using the matching operator <operator>.
|
|
type: object
|
|
properties:
|
|
effect:
|
|
description: |-
|
|
Effect indicates the taint effect to match. Empty means match all taint effects.
|
|
When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
|
|
type: string
|
|
key:
|
|
description: |-
|
|
Key is the taint key that the toleration applies to. Empty means match all taint keys.
|
|
If the key is empty, operator must be Exists; this combination means to match all values and all keys.
|
|
type: string
|
|
operator:
|
|
description: |-
|
|
Operator represents a key's relationship to the value.
|
|
Valid operators are Exists and Equal. Defaults to Equal.
|
|
Exists is equivalent to wildcard for value, so that a pod can
|
|
tolerate all taints of a particular category.
|
|
type: string
|
|
tolerationSeconds:
|
|
description: |-
|
|
TolerationSeconds represents the period of time the toleration (which must be
|
|
of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
|
|
it is not set, which means tolerate the taint forever (do not evict). Zero and
|
|
negative values will be treated as 0 (evict immediately) by the system.
|
|
type: integer
|
|
format: int64
|
|
value:
|
|
description: |-
|
|
Value is the taint value the toleration matches to.
|
|
If the operator is Exists, the value should be empty, otherwise just a regular string.
|
|
type: string
|
|
replicas:
|
|
description: Replicas specifies how many Pods to create. Defaults to 1.
|
|
type: integer
|
|
format: int32
|
|
minimum: 0
|
|
service:
|
|
description: Service configuration.
|
|
type: object
|
|
properties:
|
|
clusterIP:
|
|
description: ClusterIP sets the static IP of the service used by the nameserver.
|
|
type: string
|
|
status:
|
|
description: |-
|
|
Status describes the status of the DNSConfig. This is set
|
|
and managed by the Tailscale operator.
|
|
type: object
|
|
properties:
|
|
conditions:
|
|
type: array
|
|
items:
|
|
description: Condition contains details for one aspect of the current state of this API Resource.
|
|
type: object
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
properties:
|
|
lastTransitionTime:
|
|
description: |-
|
|
lastTransitionTime is the last time the condition transitioned from one status to another.
|
|
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
|
type: string
|
|
format: date-time
|
|
message:
|
|
description: |-
|
|
message is a human readable message indicating details about the transition.
|
|
This may be an empty string.
|
|
type: string
|
|
maxLength: 32768
|
|
observedGeneration:
|
|
description: |-
|
|
observedGeneration represents the .metadata.generation that the condition was set based upon.
|
|
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
|
|
with respect to the current state of the instance.
|
|
type: integer
|
|
format: int64
|
|
minimum: 0
|
|
reason:
|
|
description: |-
|
|
reason contains a programmatic identifier indicating the reason for the condition's last transition.
|
|
Producers of specific condition types may define expected values and meanings for this field,
|
|
and whether the values are considered a guaranteed API.
|
|
The value should be a CamelCase string.
|
|
This field may not be empty.
|
|
type: string
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
status:
|
|
description: status of the condition, one of True, False, Unknown.
|
|
type: string
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
type: string
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
x-kubernetes-list-map-keys:
|
|
- type
|
|
x-kubernetes-list-type: map
|
|
nameserver:
|
|
description: Nameserver describes the status of nameserver cluster resources.
|
|
type: object
|
|
properties:
|
|
ip:
|
|
description: |-
|
|
IP is the ClusterIP of the Service fronting the deployed ts.net nameserver.
|
|
Currently, you must manually update your cluster DNS config to add
|
|
this address as a stub nameserver for ts.net for cluster workloads to be
|
|
able to resolve MagicDNS names associated with egress or Ingress
|
|
proxies.
|
|
The IP address will change if you delete and recreate the DNSConfig.
|
|
type: string
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|