+25

Makefile

··· 419 419 .PHONY: catalog-push 420 420 catalog-push: ## Push a catalog image. 421 421 $(MAKE) docker-push IMG=$(CATALOG_IMG) 422 422 + 423 423 + ##@ Helm 424 424 + 425 425 + .PHONY: helm-sync 426 426 + helm-sync: manifests ## Sync CRDs to Helm chart 427 427 + @echo "Syncing CRDs to helm/loom/crds/" 428 428 + @mkdir -p helm/loom/crds 429 429 + cp config/crd/bases/*.yaml helm/loom/crds/ 430 430 + 431 431 + .PHONY: helm-lint 432 432 + helm-lint: ## Lint Helm chart 433 433 + helm lint helm/loom 434 434 + 435 435 + .PHONY: helm-template 436 436 + helm-template: ## Render Helm templates for validation 437 437 + helm template test helm/loom --set spindle.hostname=test.example.com --set spindle.owner=did:plc:test --debug 438 438 + 439 439 + .PHONY: helm-package 440 440 + helm-package: helm-sync ## Package Helm chart 441 441 + helm package helm/loom 442 442 + 443 443 + .PHONY: version-sync 444 444 + version-sync: ## Sync versions to Chart.yaml 445 445 + @sed -i 's/^version: .*/version: $(VERSION)/' helm/loom/Chart.yaml 446 446 + @sed -i 's/^appVersion: .*/appVersion: "$(VERSION)"/' helm/loom/Chart.yaml

+18

helm/loom/Chart.yaml

··· 1 1 + apiVersion: v2 2 2 + name: loom 3 3 + description: A Kubernetes operator that runs CI/CD pipelines from tangled.org 4 4 + type: application 5 5 + version: 0.0.1 6 6 + appVersion: "0.0.1" 7 7 + home: https://github.com/tangled-sh/loom 8 8 + sources: 9 9 + - https://github.com/tangled-sh/loom 10 10 + maintainers: 11 11 + - name: Evan Jarrett 12 12 + keywords: 13 13 + - kubernetes 14 14 + - operator 15 15 + - ci 16 16 + - cd 17 17 + - pipelines 18 18 + - tangled

+1386

helm/loom/crds/loom.j5t.io_spindlesets.yaml

··· 1 1 + --- 2 2 + apiVersion: apiextensions.k8s.io/v1 3 3 + kind: CustomResourceDefinition 4 4 + metadata: 5 5 + annotations: 6 6 + controller-gen.kubebuilder.io/version: v0.18.0 7 7 + name: spindlesets.loom.j5t.io 8 8 + spec: 9 9 + group: loom.j5t.io 10 10 + names: 11 11 + kind: SpindleSet 12 12 + listKind: SpindleSetList 13 13 + plural: spindlesets 14 14 + singular: spindleset 15 15 + scope: Namespaced 16 16 + versions: 17 17 + - additionalPrinterColumns: 18 18 + - jsonPath: .spec.pipelineRun.pipelineID 19 19 + name: Pipeline ID 20 20 + type: string 21 21 + - jsonPath: .status.phase 22 22 + name: Phase 23 23 + type: string 24 24 + - jsonPath: .status.runningJobs 25 25 + name: Running 26 26 + type: integer 27 27 + - jsonPath: .status.completedJobs 28 28 + name: Completed 29 29 + type: integer 30 30 + - jsonPath: .status.failedJobs 31 31 + name: Failed 32 32 + type: integer 33 33 + - jsonPath: .metadata.creationTimestamp 34 34 + name: Age 35 35 + type: date 36 36 + name: v1alpha1 37 37 + schema: 38 38 + openAPIV3Schema: 39 39 + description: |- 40 40 + SpindleSet is the Schema for the spindlesets API. 41 41 + SpindleSet is an internal resource that represents a single pipeline execution. 42 42 + It groups Jobs for a pipeline run and provides automatic cleanup via owner references. 43 43 + properties: 44 44 + apiVersion: 45 45 + description: |- 46 46 + APIVersion defines the versioned schema of this representation of an object. 47 47 + Servers should convert recognized schemas to the latest internal value, and 48 48 + may reject unrecognized values. 49 49 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 50 50 + type: string 51 51 + kind: 52 52 + description: |- 53 53 + Kind is a string value representing the REST resource this object represents. 54 54 + Servers may infer this from the endpoint the client submits requests to. 55 55 + Cannot be updated. 56 56 + In CamelCase. 57 57 + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 58 58 + type: string 59 59 + metadata: 60 60 + type: object 61 61 + spec: 62 62 + description: |- 63 63 + SpindleSetSpec defines the desired state of SpindleSet. 64 64 + SpindleSet is an internal resource created by the Loom engine to manage pipeline executions. 65 65 + Users do not create SpindleSet resources directly. 66 66 + properties: 67 67 + pipelineRun: 68 68 + description: |- 69 69 + PipelineRun contains pipeline-specific information for this pipeline execution. 70 70 + This SpindleSet is ephemeral and represents a single pipeline run. 71 71 + properties: 72 72 + cloneCommands: 73 73 + description: |- 74 74 + CloneCommands are the git commands to run in the clone init container. 75 75 + Generated by tangled.org/core/spindle/models.BuildCloneStep(). 76 76 + These commands are self-contained (include repo URL and commit SHA). 77 77 + items: 78 78 + type: string 79 79 + type: array 80 80 + pipelineID: 81 81 + description: PipelineID is the unique identifier for this pipeline 82 82 + run from the knot. 83 83 + type: string 84 84 + secrets: 85 85 + description: |- 86 86 + Secrets contains the repository secrets to inject into workflow Jobs. 87 87 + Retrieved from the secrets vault and stored here for the controller to consume. 88 88 + items: 89 89 + description: SecretData represents a single secret key-value 90 90 + pair for injection into Jobs. 91 91 + properties: 92 92 + key: 93 93 + description: Key is the environment variable name (e.g., 94 94 + "GITHUB_TOKEN"). 95 95 + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ 96 96 + type: string 97 97 + value: 98 98 + description: |- 99 99 + Value is the secret value in plaintext. 100 100 + This field should only be populated transiently during SpindleSet creation 101 101 + and consumed immediately by the controller to create a Kubernetes Secret. 102 102 + type: string 103 103 + required: 104 104 + - key 105 105 + - value 106 106 + type: object 107 107 + type: array 108 108 + skipClone: 109 109 + description: SkipClone indicates whether to skip the clone init 110 110 + container entirely. 111 111 + type: boolean 112 112 + workflows: 113 113 + description: Workflows is the list of workflows to execute in 114 114 + this pipeline. 115 115 + items: 116 116 + description: |- 117 117 + WorkflowSpec defines a workflow to execute as part of a pipeline. 118 118 + This is the canonical workflow definition that matches the .tangled/workflows/*.yaml format. 119 119 + properties: 120 120 + architecture: 121 121 + description: Architecture is the target architecture for 122 122 + this workflow (e.g., "amd64", "arm64"). 123 123 + enum: 124 124 + - amd64 125 125 + - arm64 126 126 + type: string 127 127 + dependencies: 128 128 + description: Dependencies specifies external dependencies 129 129 + for the workflow. 130 130 + properties: 131 131 + nixpkgs: 132 132 + description: Nixpkgs is a list of Nix packages to make 133 133 + available. 134 134 + items: 135 135 + type: string 136 136 + type: array 137 137 + type: object 138 138 + environment: 139 139 + additionalProperties: 140 140 + type: string 141 141 + description: Environment contains workflow-level environment 142 142 + variables. 143 143 + type: object 144 144 + image: 145 145 + description: Image is the container image to use for executing 146 146 + the workflow steps. 147 147 + type: string 148 148 + name: 149 149 + description: Name is the workflow filename (e.g., "workflow-amd64.yaml"). 150 150 + type: string 151 151 + steps: 152 152 + description: Steps is the ordered list of steps to execute 153 153 + in this workflow. 154 154 + items: 155 155 + description: WorkflowStep defines a single step in a workflow. 156 156 + properties: 157 157 + command: 158 158 + description: Command is the shell command to execute. 159 159 + type: string 160 160 + environment: 161 161 + additionalProperties: 162 162 + type: string 163 163 + description: Environment contains step-specific environment 164 164 + variables. 165 165 + type: object 166 166 + name: 167 167 + description: Name is the human-readable name of the 168 168 + step. 169 169 + type: string 170 170 + required: 171 171 + - command 172 172 + - name 173 173 + type: object 174 174 + type: array 175 175 + when: 176 176 + description: When defines conditional execution rules for 177 177 + this workflow. 178 178 + items: 179 179 + description: WorkflowWhen defines conditional execution 180 180 + rules. 181 181 + properties: 182 182 + branch: 183 183 + description: Branch specifies which branches trigger 184 184 + this workflow. 185 185 + items: 186 186 + type: string 187 187 + type: array 188 188 + event: 189 189 + description: Event specifies which events trigger 190 190 + this workflow (e.g., "push", "pull_request"). 191 191 + items: 192 192 + type: string 193 193 + type: array 194 194 + type: object 195 195 + type: array 196 196 + required: 197 197 + - architecture 198 198 + - image 199 199 + - name 200 200 + type: object 201 201 + minItems: 1 202 202 + type: array 203 203 + required: 204 204 + - pipelineID 205 205 + - workflows 206 206 + type: object 207 207 + template: 208 208 + description: |- 209 209 + Template is the pod template configuration for jobs in this SpindleSet. 210 210 + Set internally by the engine from ConfigMap configuration. 211 211 + properties: 212 212 + affinity: 213 213 + description: Affinity defines scheduling constraints for spindle 214 214 + job pods. 215 215 + properties: 216 216 + nodeAffinity: 217 217 + description: Describes node affinity scheduling rules for 218 218 + the pod. 219 219 + properties: 220 220 + preferredDuringSchedulingIgnoredDuringExecution: 221 221 + description: |- 222 222 + The scheduler will prefer to schedule pods to nodes that satisfy 223 223 + the affinity expressions specified by this field, but it may choose 224 224 + a node that violates one or more of the expressions. The node that is 225 225 + most preferred is the one with the greatest sum of weights, i.e. 226 226 + for each node that meets all of the scheduling requirements (resource 227 227 + request, requiredDuringScheduling affinity expressions, etc.), 228 228 + compute a sum by iterating through the elements of this field and adding 229 229 + "weight" to the sum if the node matches the corresponding matchExpressions; the 230 230 + node(s) with the highest sum are the most preferred. 231 231 + items: 232 232 + description: |- 233 233 + An empty preferred scheduling term matches all objects with implicit weight 0 234 234 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). 235 235 + properties: 236 236 + preference: 237 237 + description: A node selector term, associated with 238 238 + the corresponding weight. 239 239 + properties: 240 240 + matchExpressions: 241 241 + description: A list of node selector requirements 242 242 + by node's labels. 243 243 + items: 244 244 + description: |- 245 245 + A node selector requirement is a selector that contains values, a key, and an operator 246 246 + that relates the key and values. 247 247 + properties: 248 248 + key: 249 249 + description: The label key that the selector 250 250 + applies to. 251 251 + type: string 252 252 + operator: 253 253 + description: |- 254 254 + Represents a key's relationship to a set of values. 255 255 + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 256 256 + type: string 257 257 + values: 258 258 + description: |- 259 259 + An array of string values. If the operator is In or NotIn, 260 260 + the values array must be non-empty. If the operator is Exists or DoesNotExist, 261 261 + the values array must be empty. If the operator is Gt or Lt, the values 262 262 + array must have a single element, which will be interpreted as an integer. 263 263 + This array is replaced during a strategic merge patch. 264 264 + items: 265 265 + type: string 266 266 + type: array 267 267 + x-kubernetes-list-type: atomic 268 268 + required: 269 269 + - key 270 270 + - operator 271 271 + type: object 272 272 + type: array 273 273 + x-kubernetes-list-type: atomic 274 274 + matchFields: 275 275 + description: A list of node selector requirements 276 276 + by node's fields. 277 277 + items: 278 278 + description: |- 279 279 + A node selector requirement is a selector that contains values, a key, and an operator 280 280 + that relates the key and values. 281 281 + properties: 282 282 + key: 283 283 + description: The label key that the selector 284 284 + applies to. 285 285 + type: string 286 286 + operator: 287 287 + description: |- 288 288 + Represents a key's relationship to a set of values. 289 289 + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 290 290 + type: string 291 291 + values: 292 292 + description: |- 293 293 + An array of string values. If the operator is In or NotIn, 294 294 + the values array must be non-empty. If the operator is Exists or DoesNotExist, 295 295 + the values array must be empty. If the operator is Gt or Lt, the values 296 296 + array must have a single element, which will be interpreted as an integer. 297 297 + This array is replaced during a strategic merge patch. 298 298 + items: 299 299 + type: string 300 300 + type: array 301 301 + x-kubernetes-list-type: atomic 302 302 + required: 303 303 + - key 304 304 + - operator 305 305 + type: object 306 306 + type: array 307 307 + x-kubernetes-list-type: atomic 308 308 + type: object 309 309 + x-kubernetes-map-type: atomic 310 310 + weight: 311 311 + description: Weight associated with matching the 312 312 + corresponding nodeSelectorTerm, in the range 1-100. 313 313 + format: int32 314 314 + type: integer 315 315 + required: 316 316 + - preference 317 317 + - weight 318 318 + type: object 319 319 + type: array 320 320 + x-kubernetes-list-type: atomic 321 321 + requiredDuringSchedulingIgnoredDuringExecution: 322 322 + description: |- 323 323 + If the affinity requirements specified by this field are not met at 324 324 + scheduling time, the pod will not be scheduled onto the node. 325 325 + If the affinity requirements specified by this field cease to be met 326 326 + at some point during pod execution (e.g. due to an update), the system 327 327 + may or may not try to eventually evict the pod from its node. 328 328 + properties: 329 329 + nodeSelectorTerms: 330 330 + description: Required. A list of node selector terms. 331 331 + The terms are ORed. 332 332 + items: 333 333 + description: |- 334 334 + A null or empty node selector term matches no objects. The requirements of 335 335 + them are ANDed. 336 336 + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. 337 337 + properties: 338 338 + matchExpressions: 339 339 + description: A list of node selector requirements 340 340 + by node's labels. 341 341 + items: 342 342 + description: |- 343 343 + A node selector requirement is a selector that contains values, a key, and an operator 344 344 + that relates the key and values. 345 345 + properties: 346 346 + key: 347 347 + description: The label key that the selector 348 348 + applies to. 349 349 + type: string 350 350 + operator: 351 351 + description: |- 352 352 + Represents a key's relationship to a set of values. 353 353 + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 354 354 + type: string 355 355 + values: 356 356 + description: |- 357 357 + An array of string values. If the operator is In or NotIn, 358 358 + the values array must be non-empty. If the operator is Exists or DoesNotExist, 359 359 + the values array must be empty. If the operator is Gt or Lt, the values 360 360 + array must have a single element, which will be interpreted as an integer. 361 361 + This array is replaced during a strategic merge patch. 362 362 + items: 363 363 + type: string 364 364 + type: array 365 365 + x-kubernetes-list-type: atomic 366 366 + required: 367 367 + - key 368 368 + - operator 369 369 + type: object 370 370 + type: array 371 371 + x-kubernetes-list-type: atomic 372 372 + matchFields: 373 373 + description: A list of node selector requirements 374 374 + by node's fields. 375 375 + items: 376 376 + description: |- 377 377 + A node selector requirement is a selector that contains values, a key, and an operator 378 378 + that relates the key and values. 379 379 + properties: 380 380 + key: 381 381 + description: The label key that the selector 382 382 + applies to. 383 383 + type: string 384 384 + operator: 385 385 + description: |- 386 386 + Represents a key's relationship to a set of values. 387 387 + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 388 388 + type: string 389 389 + values: 390 390 + description: |- 391 391 + An array of string values. If the operator is In or NotIn, 392 392 + the values array must be non-empty. If the operator is Exists or DoesNotExist, 393 393 + the values array must be empty. If the operator is Gt or Lt, the values 394 394 + array must have a single element, which will be interpreted as an integer. 395 395 + This array is replaced during a strategic merge patch. 396 396 + items: 397 397 + type: string 398 398 + type: array 399 399 + x-kubernetes-list-type: atomic 400 400 + required: 401 401 + - key 402 402 + - operator 403 403 + type: object 404 404 + type: array 405 405 + x-kubernetes-list-type: atomic 406 406 + type: object 407 407 + x-kubernetes-map-type: atomic 408 408 + type: array 409 409 + x-kubernetes-list-type: atomic 410 410 + required: 411 411 + - nodeSelectorTerms 412 412 + type: object 413 413 + x-kubernetes-map-type: atomic 414 414 + type: object 415 415 + podAffinity: 416 416 + description: Describes pod affinity scheduling rules (e.g. 417 417 + co-locate this pod in the same node, zone, etc. as some 418 418 + other pod(s)). 419 419 + properties: 420 420 + preferredDuringSchedulingIgnoredDuringExecution: 421 421 + description: |- 422 422 + The scheduler will prefer to schedule pods to nodes that satisfy 423 423 + the affinity expressions specified by this field, but it may choose 424 424 + a node that violates one or more of the expressions. The node that is 425 425 + most preferred is the one with the greatest sum of weights, i.e. 426 426 + for each node that meets all of the scheduling requirements (resource 427 427 + request, requiredDuringScheduling affinity expressions, etc.), 428 428 + compute a sum by iterating through the elements of this field and adding 429 429 + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the 430 430 + node(s) with the highest sum are the most preferred. 431 431 + items: 432 432 + description: The weights of all of the matched WeightedPodAffinityTerm 433 433 + fields are added per-node to find the most preferred 434 434 + node(s) 435 435 + properties: 436 436 + podAffinityTerm: 437 437 + description: Required. A pod affinity term, associated 438 438 + with the corresponding weight. 439 439 + properties: 440 440 + labelSelector: 441 441 + description: |- 442 442 + A label query over a set of resources, in this case pods. 443 443 + If it's null, this PodAffinityTerm matches with no Pods. 444 444 + properties: 445 445 + matchExpressions: 446 446 + description: matchExpressions is a list 447 447 + of label selector requirements. The requirements 448 448 + are ANDed. 449 449 + items: 450 450 + description: |- 451 451 + A label selector requirement is a selector that contains values, a key, and an operator that 452 452 + relates the key and values. 453 453 + properties: 454 454 + key: 455 455 + description: key is the label key 456 456 + that the selector applies to. 457 457 + type: string 458 458 + operator: 459 459 + description: |- 460 460 + operator represents a key's relationship to a set of values. 461 461 + Valid operators are In, NotIn, Exists and DoesNotExist. 462 462 + type: string 463 463 + values: 464 464 + description: |- 465 465 + values is an array of string values. If the operator is In or NotIn, 466 466 + the values array must be non-empty. If the operator is Exists or DoesNotExist, 467 467 + the values array must be empty. This array is replaced during a strategic 468 468 + merge patch. 469 469 + items: 470 470 + type: string 471 471 + type: array 472 472 + x-kubernetes-list-type: atomic 473 473 + required: 474 474 + - key 475 475 + - operator 476 476 + type: object 477 477 + type: array 478 478 + x-kubernetes-list-type: atomic 479 479 + matchLabels: 480 480 + additionalProperties: 481 481 + type: string 482 482 + description: |- 483 483 + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 484 484 + map is equivalent to an element of matchExpressions, whose key field is "key", the 485 485 + operator is "In", and the values array contains only "value". The requirements are ANDed. 486 486 + type: object 487 487 + type: object 488 488 + x-kubernetes-map-type: atomic 489 489 + matchLabelKeys: 490 490 + description: |- 491 491 + MatchLabelKeys is a set of pod label keys to select which pods will 492 492 + be taken into consideration. The keys are used to lookup values from the 493 493 + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` 494 494 + to select the group of existing pods which pods will be taken into consideration 495 495 + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 496 496 + pod labels will be ignored. The default value is empty. 497 497 + The same key is forbidden to exist in both matchLabelKeys and labelSelector. 498 498 + Also, matchLabelKeys cannot be set when labelSelector isn't set. 499 499 + items: 500 500 + type: string 501 501 + type: array 502 502 + x-kubernetes-list-type: atomic 503 503 + mismatchLabelKeys: 504 504 + description: |- 505 505 + MismatchLabelKeys is a set of pod label keys to select which pods will 506 506 + be taken into consideration. The keys are used to lookup values from the 507 507 + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` 508 508 + to select the group of existing pods which pods will be taken into consideration 509 509 + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 510 510 + pod labels will be ignored. The default value is empty. 511 511 + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. 512 512 + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. 513 513 + items: 514 514 + type: string 515 515 + type: array 516 516 + x-kubernetes-list-type: atomic 517 517 + namespaceSelector: 518 518 + description: |- 519 519 + A label query over the set of namespaces that the term applies to. 520 520 + The term is applied to the union of the namespaces selected by this field 521 521 + and the ones listed in the namespaces field. 522 522 + null selector and null or empty namespaces list means "this pod's namespace". 523 523 + An empty selector ({}) matches all namespaces. 524 524 + properties: 525 525 + matchExpressions: 526 526 + description: matchExpressions is a list 527 527 + of label selector requirements. The requirements 528 528 + are ANDed. 529 529 + items: 530 530 + description: |- 531 531 + A label selector requirement is a selector that contains values, a key, and an operator that 532 532 + relates the key and values. 533 533 + properties: 534 534 + key: 535 535 + description: key is the label key 536 536 + that the selector applies to. 537 537 + type: string 538 538 + operator: 539 539 + description: |- 540 540 + operator represents a key's relationship to a set of values. 541 541 + Valid operators are In, NotIn, Exists and DoesNotExist. 542 542 + type: string 543 543 + values: 544 544 + description: |- 545 545 + values is an array of string values. If the operator is In or NotIn, 546 546 + the values array must be non-empty. If the operator is Exists or DoesNotExist, 547 547 + the values array must be empty. This array is replaced during a strategic 548 548 + merge patch. 549 549 + items: 550 550 + type: string 551 551 + type: array 552 552 + x-kubernetes-list-type: atomic 553 553 + required: 554 554 + - key 555 555 + - operator 556 556 + type: object 557 557 + type: array 558 558 + x-kubernetes-list-type: atomic 559 559 + matchLabels: 560 560 + additionalProperties: 561 561 + type: string 562 562 + description: |- 563 563 + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 564 564 + map is equivalent to an element of matchExpressions, whose key field is "key", the 565 565 + operator is "In", and the values array contains only "value". The requirements are ANDed. 566 566 + type: object 567 567 + type: object 568 568 + x-kubernetes-map-type: atomic 569 569 + namespaces: 570 570 + description: |- 571 571 + namespaces specifies a static list of namespace names that the term applies to. 572 572 + The term is applied to the union of the namespaces listed in this field 573 573 + and the ones selected by namespaceSelector. 574 574 + null or empty namespaces list and null namespaceSelector means "this pod's namespace". 575 575 + items: 576 576 + type: string 577 577 + type: array 578 578 + x-kubernetes-list-type: atomic 579 579 + topologyKey: 580 580 + description: |- 581 581 + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching 582 582 + the labelSelector in the specified namespaces, where co-located is defined as running on a node 583 583 + whose value of the label with key topologyKey matches that of any node on which any of the 584 584 + selected pods is running. 585 585 + Empty topologyKey is not allowed. 586 586 + type: string 587 587 + required: 588 588 + - topologyKey 589 589 + type: object 590 590 + weight: 591 591 + description: |- 592 592 + weight associated with matching the corresponding podAffinityTerm, 593 593 + in the range 1-100. 594 594 + format: int32 595 595 + type: integer 596 596 + required: 597 597 + - podAffinityTerm 598 598 + - weight 599 599 + type: object 600 600 + type: array 601 601 + x-kubernetes-list-type: atomic 602 602 + requiredDuringSchedulingIgnoredDuringExecution: 603 603 + description: |- 604 604 + If the affinity requirements specified by this field are not met at 605 605 + scheduling time, the pod will not be scheduled onto the node. 606 606 + If the affinity requirements specified by this field cease to be met 607 607 + at some point during pod execution (e.g. due to a pod label update), the 608 608 + system may or may not try to eventually evict the pod from its node. 609 609 + When there are multiple elements, the lists of nodes corresponding to each 610 610 + podAffinityTerm are intersected, i.e. all terms must be satisfied. 611 611 + items: 612 612 + description: |- 613 613 + Defines a set of pods (namely those matching the labelSelector 614 614 + relative to the given namespace(s)) that this pod should be 615 615 + co-located (affinity) or not co-located (anti-affinity) with, 616 616 + where co-located is defined as running on a node whose value of 617 617 + the label with key <topologyKey> matches that of any node on which 618 618 + a pod of the set of pods is running 619 619 + properties: 620 620 + labelSelector: 621 621 + description: |- 622 622 + A label query over a set of resources, in this case pods. 623 623 + If it's null, this PodAffinityTerm matches with no Pods. 624 624 + properties: 625 625 + matchExpressions: 626 626 + description: matchExpressions is a list of label 627 627 + selector requirements. The requirements are 628 628 + ANDed. 629 629 + items: 630 630 + description: |- 631 631 + A label selector requirement is a selector that contains values, a key, and an operator that 632 632 + relates the key and values. 633 633 + properties: 634 634 + key: 635 635 + description: key is the label key that 636 636 + the selector applies to. 637 637 + type: string 638 638 + operator: 639 639 + description: |- 640 640 + operator represents a key's relationship to a set of values. 641 641 + Valid operators are In, NotIn, Exists and DoesNotExist. 642 642 + type: string 643 643 + values: 644 644 + description: |- 645 645 + values is an array of string values. If the operator is In or NotIn, 646 646 + the values array must be non-empty. If the operator is Exists or DoesNotExist, 647 647 + the values array must be empty. This array is replaced during a strategic 648 648 + merge patch. 649 649 + items: 650 650 + type: string 651 651 + type: array 652 652 + x-kubernetes-list-type: atomic 653 653 + required: 654 654 + - key 655 655 + - operator 656 656 + type: object 657 657 + type: array 658 658 + x-kubernetes-list-type: atomic 659 659 + matchLabels: 660 660 + additionalProperties: 661 661 + type: string 662 662 + description: |- 663 663 + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 664 664 + map is equivalent to an element of matchExpressions, whose key field is "key", the 665 665 + operator is "In", and the values array contains only "value". The requirements are ANDed. 666 666 + type: object 667 667 + type: object 668 668 + x-kubernetes-map-type: atomic 669 669 + matchLabelKeys: 670 670 + description: |- 671 671 + MatchLabelKeys is a set of pod label keys to select which pods will 672 672 + be taken into consideration. The keys are used to lookup values from the 673 673 + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` 674 674 + to select the group of existing pods which pods will be taken into consideration 675 675 + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 676 676 + pod labels will be ignored. The default value is empty. 677 677 + The same key is forbidden to exist in both matchLabelKeys and labelSelector. 678 678 + Also, matchLabelKeys cannot be set when labelSelector isn't set. 679 679 + items: 680 680 + type: string 681 681 + type: array 682 682 + x-kubernetes-list-type: atomic 683 683 + mismatchLabelKeys: 684 684 + description: |- 685 685 + MismatchLabelKeys is a set of pod label keys to select which pods will 686 686 + be taken into consideration. The keys are used to lookup values from the 687 687 + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` 688 688 + to select the group of existing pods which pods will be taken into consideration 689 689 + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 690 690 + pod labels will be ignored. The default value is empty. 691 691 + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. 692 692 + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. 693 693 + items: 694 694 + type: string 695 695 + type: array 696 696 + x-kubernetes-list-type: atomic 697 697 + namespaceSelector: 698 698 + description: |- 699 699 + A label query over the set of namespaces that the term applies to. 700 700 + The term is applied to the union of the namespaces selected by this field 701 701 + and the ones listed in the namespaces field. 702 702 + null selector and null or empty namespaces list means "this pod's namespace". 703 703 + An empty selector ({}) matches all namespaces. 704 704 + properties: 705 705 + matchExpressions: 706 706 + description: matchExpressions is a list of label 707 707 + selector requirements. The requirements are 708 708 + ANDed. 709 709 + items: 710 710 + description: |- 711 711 + A label selector requirement is a selector that contains values, a key, and an operator that 712 712 + relates the key and values. 713 713 + properties: 714 714 + key: 715 715 + description: key is the label key that 716 716 + the selector applies to. 717 717 + type: string 718 718 + operator: 719 719 + description: |- 720 720 + operator represents a key's relationship to a set of values. 721 721 + Valid operators are In, NotIn, Exists and DoesNotExist. 722 722 + type: string 723 723 + values: 724 724 + description: |- 725 725 + values is an array of string values. If the operator is In or NotIn, 726 726 + the values array must be non-empty. If the operator is Exists or DoesNotExist, 727 727 + the values array must be empty. This array is replaced during a strategic 728 728 + merge patch. 729 729 + items: 730 730 + type: string 731 731 + type: array 732 732 + x-kubernetes-list-type: atomic 733 733 + required: 734 734 + - key 735 735 + - operator 736 736 + type: object 737 737 + type: array 738 738 + x-kubernetes-list-type: atomic 739 739 + matchLabels: 740 740 + additionalProperties: 741 741 + type: string 742 742 + description: |- 743 743 + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 744 744 + map is equivalent to an element of matchExpressions, whose key field is "key", the 745 745 + operator is "In", and the values array contains only "value". The requirements are ANDed. 746 746 + type: object 747 747 + type: object 748 748 + x-kubernetes-map-type: atomic 749 749 + namespaces: 750 750 + description: |- 751 751 + namespaces specifies a static list of namespace names that the term applies to. 752 752 + The term is applied to the union of the namespaces listed in this field 753 753 + and the ones selected by namespaceSelector. 754 754 + null or empty namespaces list and null namespaceSelector means "this pod's namespace". 755 755 + items: 756 756 + type: string 757 757 + type: array 758 758 + x-kubernetes-list-type: atomic 759 759 + topologyKey: 760 760 + description: |- 761 761 + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching 762 762 + the labelSelector in the specified namespaces, where co-located is defined as running on a node 763 763 + whose value of the label with key topologyKey matches that of any node on which any of the 764 764 + selected pods is running. 765 765 + Empty topologyKey is not allowed. 766 766 + type: string 767 767 + required: 768 768 + - topologyKey 769 769 + type: object 770 770 + type: array 771 771 + x-kubernetes-list-type: atomic 772 772 + type: object 773 773 + podAntiAffinity: 774 774 + description: Describes pod anti-affinity scheduling rules 775 775 + (e.g. avoid putting this pod in the same node, zone, etc. 776 776 + as some other pod(s)). 777 777 + properties: 778 778 + preferredDuringSchedulingIgnoredDuringExecution: 779 779 + description: |- 780 780 + The scheduler will prefer to schedule pods to nodes that satisfy 781 781 + the anti-affinity expressions specified by this field, but it may choose 782 782 + a node that violates one or more of the expressions. The node that is 783 783 + most preferred is the one with the greatest sum of weights, i.e. 784 784 + for each node that meets all of the scheduling requirements (resource 785 785 + request, requiredDuringScheduling anti-affinity expressions, etc.), 786 786 + compute a sum by iterating through the elements of this field and subtracting 787 787 + "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the 788 788 + node(s) with the highest sum are the most preferred. 789 789 + items: 790 790 + description: The weights of all of the matched WeightedPodAffinityTerm 791 791 + fields are added per-node to find the most preferred 792 792 + node(s) 793 793 + properties: 794 794 + podAffinityTerm: 795 795 + description: Required. A pod affinity term, associated 796 796 + with the corresponding weight. 797 797 + properties: 798 798 + labelSelector: 799 799 + description: |- 800 800 + A label query over a set of resources, in this case pods. 801 801 + If it's null, this PodAffinityTerm matches with no Pods. 802 802 + properties: 803 803 + matchExpressions: 804 804 + description: matchExpressions is a list 805 805 + of label selector requirements. The requirements 806 806 + are ANDed. 807 807 + items: 808 808 + description: |- 809 809 + A label selector requirement is a selector that contains values, a key, and an operator that 810 810 + relates the key and values. 811 811 + properties: 812 812 + key: 813 813 + description: key is the label key 814 814 + that the selector applies to. 815 815 + type: string 816 816 + operator: 817 817 + description: |- 818 818 + operator represents a key's relationship to a set of values. 819 819 + Valid operators are In, NotIn, Exists and DoesNotExist. 820 820 + type: string 821 821 + values: 822 822 + description: |- 823 823 + values is an array of string values. If the operator is In or NotIn, 824 824 + the values array must be non-empty. If the operator is Exists or DoesNotExist, 825 825 + the values array must be empty. This array is replaced during a strategic 826 826 + merge patch. 827 827 + items: 828 828 + type: string 829 829 + type: array 830 830 + x-kubernetes-list-type: atomic 831 831 + required: 832 832 + - key 833 833 + - operator 834 834 + type: object 835 835 + type: array 836 836 + x-kubernetes-list-type: atomic 837 837 + matchLabels: 838 838 + additionalProperties: 839 839 + type: string 840 840 + description: |- 841 841 + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 842 842 + map is equivalent to an element of matchExpressions, whose key field is "key", the 843 843 + operator is "In", and the values array contains only "value". The requirements are ANDed. 844 844 + type: object 845 845 + type: object 846 846 + x-kubernetes-map-type: atomic 847 847 + matchLabelKeys: 848 848 + description: |- 849 849 + MatchLabelKeys is a set of pod label keys to select which pods will 850 850 + be taken into consideration. The keys are used to lookup values from the 851 851 + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` 852 852 + to select the group of existing pods which pods will be taken into consideration 853 853 + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 854 854 + pod labels will be ignored. The default value is empty. 855 855 + The same key is forbidden to exist in both matchLabelKeys and labelSelector. 856 856 + Also, matchLabelKeys cannot be set when labelSelector isn't set. 857 857 + items: 858 858 + type: string 859 859 + type: array 860 860 + x-kubernetes-list-type: atomic 861 861 + mismatchLabelKeys: 862 862 + description: |- 863 863 + MismatchLabelKeys is a set of pod label keys to select which pods will 864 864 + be taken into consideration. The keys are used to lookup values from the 865 865 + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` 866 866 + to select the group of existing pods which pods will be taken into consideration 867 867 + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 868 868 + pod labels will be ignored. The default value is empty. 869 869 + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. 870 870 + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. 871 871 + items: 872 872 + type: string 873 873 + type: array 874 874 + x-kubernetes-list-type: atomic 875 875 + namespaceSelector: 876 876 + description: |- 877 877 + A label query over the set of namespaces that the term applies to. 878 878 + The term is applied to the union of the namespaces selected by this field 879 879 + and the ones listed in the namespaces field. 880 880 + null selector and null or empty namespaces list means "this pod's namespace". 881 881 + An empty selector ({}) matches all namespaces. 882 882 + properties: 883 883 + matchExpressions: 884 884 + description: matchExpressions is a list 885 885 + of label selector requirements. The requirements 886 886 + are ANDed. 887 887 + items: 888 888 + description: |- 889 889 + A label selector requirement is a selector that contains values, a key, and an operator that 890 890 + relates the key and values. 891 891 + properties: 892 892 + key: 893 893 + description: key is the label key 894 894 + that the selector applies to. 895 895 + type: string 896 896 + operator: 897 897 + description: |- 898 898 + operator represents a key's relationship to a set of values. 899 899 + Valid operators are In, NotIn, Exists and DoesNotExist. 900 900 + type: string 901 901 + values: 902 902 + description: |- 903 903 + values is an array of string values. If the operator is In or NotIn, 904 904 + the values array must be non-empty. If the operator is Exists or DoesNotExist, 905 905 + the values array must be empty. This array is replaced during a strategic 906 906 + merge patch. 907 907 + items: 908 908 + type: string 909 909 + type: array 910 910 + x-kubernetes-list-type: atomic 911 911 + required: 912 912 + - key 913 913 + - operator 914 914 + type: object 915 915 + type: array 916 916 + x-kubernetes-list-type: atomic 917 917 + matchLabels: 918 918 + additionalProperties: 919 919 + type: string 920 920 + description: |- 921 921 + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 922 922 + map is equivalent to an element of matchExpressions, whose key field is "key", the 923 923 + operator is "In", and the values array contains only "value". The requirements are ANDed. 924 924 + type: object 925 925 + type: object 926 926 + x-kubernetes-map-type: atomic 927 927 + namespaces: 928 928 + description: |- 929 929 + namespaces specifies a static list of namespace names that the term applies to. 930 930 + The term is applied to the union of the namespaces listed in this field 931 931 + and the ones selected by namespaceSelector. 932 932 + null or empty namespaces list and null namespaceSelector means "this pod's namespace". 933 933 + items: 934 934 + type: string 935 935 + type: array 936 936 + x-kubernetes-list-type: atomic 937 937 + topologyKey: 938 938 + description: |- 939 939 + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching 940 940 + the labelSelector in the specified namespaces, where co-located is defined as running on a node 941 941 + whose value of the label with key topologyKey matches that of any node on which any of the 942 942 + selected pods is running. 943 943 + Empty topologyKey is not allowed. 944 944 + type: string 945 945 + required: 946 946 + - topologyKey 947 947 + type: object 948 948 + weight: 949 949 + description: |- 950 950 + weight associated with matching the corresponding podAffinityTerm, 951 951 + in the range 1-100. 952 952 + format: int32 953 953 + type: integer 954 954 + required: 955 955 + - podAffinityTerm 956 956 + - weight 957 957 + type: object 958 958 + type: array 959 959 + x-kubernetes-list-type: atomic 960 960 + requiredDuringSchedulingIgnoredDuringExecution: 961 961 + description: |- 962 962 + If the anti-affinity requirements specified by this field are not met at 963 963 + scheduling time, the pod will not be scheduled onto the node. 964 964 + If the anti-affinity requirements specified by this field cease to be met 965 965 + at some point during pod execution (e.g. due to a pod label update), the 966 966 + system may or may not try to eventually evict the pod from its node. 967 967 + When there are multiple elements, the lists of nodes corresponding to each 968 968 + podAffinityTerm are intersected, i.e. all terms must be satisfied. 969 969 + items: 970 970 + description: |- 971 971 + Defines a set of pods (namely those matching the labelSelector 972 972 + relative to the given namespace(s)) that this pod should be 973 973 + co-located (affinity) or not co-located (anti-affinity) with, 974 974 + where co-located is defined as running on a node whose value of 975 975 + the label with key <topologyKey> matches that of any node on which 976 976 + a pod of the set of pods is running 977 977 + properties: 978 978 + labelSelector: 979 979 + description: |- 980 980 + A label query over a set of resources, in this case pods. 981 981 + If it's null, this PodAffinityTerm matches with no Pods. 982 982 + properties: 983 983 + matchExpressions: 984 984 + description: matchExpressions is a list of label 985 985 + selector requirements. The requirements are 986 986 + ANDed. 987 987 + items: 988 988 + description: |- 989 989 + A label selector requirement is a selector that contains values, a key, and an operator that 990 990 + relates the key and values. 991 991 + properties: 992 992 + key: 993 993 + description: key is the label key that 994 994 + the selector applies to. 995 995 + type: string 996 996 + operator: 997 997 + description: |- 998 998 + operator represents a key's relationship to a set of values. 999 999 + Valid operators are In, NotIn, Exists and DoesNotExist. 1000 1000 + type: string 1001 1001 + values: 1002 1002 + description: |- 1003 1003 + values is an array of string values. If the operator is In or NotIn, 1004 1004 + the values array must be non-empty. If the operator is Exists or DoesNotExist, 1005 1005 + the values array must be empty. This array is replaced during a strategic 1006 1006 + merge patch. 1007 1007 + items: 1008 1008 + type: string 1009 1009 + type: array 1010 1010 + x-kubernetes-list-type: atomic 1011 1011 + required: 1012 1012 + - key 1013 1013 + - operator 1014 1014 + type: object 1015 1015 + type: array 1016 1016 + x-kubernetes-list-type: atomic 1017 1017 + matchLabels: 1018 1018 + additionalProperties: 1019 1019 + type: string 1020 1020 + description: |- 1021 1021 + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 1022 1022 + map is equivalent to an element of matchExpressions, whose key field is "key", the 1023 1023 + operator is "In", and the values array contains only "value". The requirements are ANDed. 1024 1024 + type: object 1025 1025 + type: object 1026 1026 + x-kubernetes-map-type: atomic 1027 1027 + matchLabelKeys: 1028 1028 + description: |- 1029 1029 + MatchLabelKeys is a set of pod label keys to select which pods will 1030 1030 + be taken into consideration. The keys are used to lookup values from the 1031 1031 + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` 1032 1032 + to select the group of existing pods which pods will be taken into consideration 1033 1033 + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 1034 1034 + pod labels will be ignored. The default value is empty. 1035 1035 + The same key is forbidden to exist in both matchLabelKeys and labelSelector. 1036 1036 + Also, matchLabelKeys cannot be set when labelSelector isn't set. 1037 1037 + items: 1038 1038 + type: string 1039 1039 + type: array 1040 1040 + x-kubernetes-list-type: atomic 1041 1041 + mismatchLabelKeys: 1042 1042 + description: |- 1043 1043 + MismatchLabelKeys is a set of pod label keys to select which pods will 1044 1044 + be taken into consideration. The keys are used to lookup values from the 1045 1045 + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` 1046 1046 + to select the group of existing pods which pods will be taken into consideration 1047 1047 + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming 1048 1048 + pod labels will be ignored. The default value is empty. 1049 1049 + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. 1050 1050 + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. 1051 1051 + items: 1052 1052 + type: string 1053 1053 + type: array 1054 1054 + x-kubernetes-list-type: atomic 1055 1055 + namespaceSelector: 1056 1056 + description: |- 1057 1057 + A label query over the set of namespaces that the term applies to. 1058 1058 + The term is applied to the union of the namespaces selected by this field 1059 1059 + and the ones listed in the namespaces field. 1060 1060 + null selector and null or empty namespaces list means "this pod's namespace". 1061 1061 + An empty selector ({}) matches all namespaces. 1062 1062 + properties: 1063 1063 + matchExpressions: 1064 1064 + description: matchExpressions is a list of label 1065 1065 + selector requirements. The requirements are 1066 1066 + ANDed. 1067 1067 + items: 1068 1068 + description: |- 1069 1069 + A label selector requirement is a selector that contains values, a key, and an operator that 1070 1070 + relates the key and values. 1071 1071 + properties: 1072 1072 + key: 1073 1073 + description: key is the label key that 1074 1074 + the selector applies to. 1075 1075 + type: string 1076 1076 + operator: 1077 1077 + description: |- 1078 1078 + operator represents a key's relationship to a set of values. 1079 1079 + Valid operators are In, NotIn, Exists and DoesNotExist. 1080 1080 + type: string 1081 1081 + values: 1082 1082 + description: |- 1083 1083 + values is an array of string values. If the operator is In or NotIn, 1084 1084 + the values array must be non-empty. If the operator is Exists or DoesNotExist, 1085 1085 + the values array must be empty. This array is replaced during a strategic 1086 1086 + merge patch. 1087 1087 + items: 1088 1088 + type: string 1089 1089 + type: array 1090 1090 + x-kubernetes-list-type: atomic 1091 1091 + required: 1092 1092 + - key 1093 1093 + - operator 1094 1094 + type: object 1095 1095 + type: array 1096 1096 + x-kubernetes-list-type: atomic 1097 1097 + matchLabels: 1098 1098 + additionalProperties: 1099 1099 + type: string 1100 1100 + description: |- 1101 1101 + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels 1102 1102 + map is equivalent to an element of matchExpressions, whose key field is "key", the 1103 1103 + operator is "In", and the values array contains only "value". The requirements are ANDed. 1104 1104 + type: object 1105 1105 + type: object 1106 1106 + x-kubernetes-map-type: atomic 1107 1107 + namespaces: 1108 1108 + description: |- 1109 1109 + namespaces specifies a static list of namespace names that the term applies to. 1110 1110 + The term is applied to the union of the namespaces listed in this field 1111 1111 + and the ones selected by namespaceSelector. 1112 1112 + null or empty namespaces list and null namespaceSelector means "this pod's namespace". 1113 1113 + items: 1114 1114 + type: string 1115 1115 + type: array 1116 1116 + x-kubernetes-list-type: atomic 1117 1117 + topologyKey: 1118 1118 + description: |- 1119 1119 + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching 1120 1120 + the labelSelector in the specified namespaces, where co-located is defined as running on a node 1121 1121 + whose value of the label with key topologyKey matches that of any node on which any of the 1122 1122 + selected pods is running. 1123 1123 + Empty topologyKey is not allowed. 1124 1124 + type: string 1125 1125 + required: 1126 1126 + - topologyKey 1127 1127 + type: object 1128 1128 + type: array 1129 1129 + x-kubernetes-list-type: atomic 1130 1130 + type: object 1131 1131 + type: object 1132 1132 + registryCredentialsSecret: 1133 1133 + description: |- 1134 1134 + RegistryCredentialsSecret is the name of a kubernetes.io/dockerconfigjson secret 1135 1135 + containing registry credentials for buildah to use when pushing images. 1136 1136 + If specified, the secret is mounted at /home/user/.docker/config.json. 1137 1137 + type: string 1138 1138 + resourceProfiles: 1139 1139 + description: |- 1140 1140 + ResourceProfiles is an ordered list of resource configurations based on node labels. 1141 1141 + When creating a job, the first profile matching the workflow's architecture is selected. 1142 1142 + The profile's nodeSelector and resources are applied to the job pod. 1143 1143 + items: 1144 1144 + description: |- 1145 1145 + ResourceProfile defines a resource configuration for spindle jobs based on node labels. 1146 1146 + Profiles are matched against workflow architecture and applied to job pods. 1147 1147 + properties: 1148 1148 + nodeSelector: 1149 1149 + additionalProperties: 1150 1150 + type: string 1151 1151 + description: |- 1152 1152 + NodeSelector defines labels that must match for this profile to be used. 1153 1153 + Must include kubernetes.io/arch to match workflow architecture. 1154 1154 + Additional labels allow differentiation between node types (e.g., node-tier, instance-type). 1155 1155 + type: object 1156 1156 + resources: 1157 1157 + description: Resources defines the compute resource requirements 1158 1158 + for jobs using this profile. 1159 1159 + properties: 1160 1160 + claims: 1161 1161 + description: |- 1162 1162 + Claims lists the names of resources, defined in spec.resourceClaims, 1163 1163 + that are used by this container. 1164 1164 + 1165 1165 + This field depends on the 1166 1166 + DynamicResourceAllocation feature gate. 1167 1167 + 1168 1168 + This field is immutable. It can only be set for containers. 1169 1169 + items: 1170 1170 + description: ResourceClaim references one entry in 1171 1171 + PodSpec.ResourceClaims. 1172 1172 + properties: 1173 1173 + name: 1174 1174 + description: |- 1175 1175 + Name must match the name of one entry in pod.spec.resourceClaims of 1176 1176 + the Pod where this field is used. It makes that resource available 1177 1177 + inside a container. 1178 1178 + type: string 1179 1179 + request: 1180 1180 + description: |- 1181 1181 + Request is the name chosen for a request in the referenced claim. 1182 1182 + If empty, everything from the claim is made available, otherwise 1183 1183 + only the result of this request. 1184 1184 + type: string 1185 1185 + required: 1186 1186 + - name 1187 1187 + type: object 1188 1188 + type: array 1189 1189 + x-kubernetes-list-map-keys: 1190 1190 + - name 1191 1191 + x-kubernetes-list-type: map 1192 1192 + limits: 1193 1193 + additionalProperties: 1194 1194 + anyOf: 1195 1195 + - type: integer 1196 1196 + - type: string 1197 1197 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1198 1198 + x-kubernetes-int-or-string: true 1199 1199 + description: |- 1200 1200 + Limits describes the maximum amount of compute resources allowed. 1201 1201 + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 1202 1202 + type: object 1203 1203 + requests: 1204 1204 + additionalProperties: 1205 1205 + anyOf: 1206 1206 + - type: integer 1207 1207 + - type: string 1208 1208 + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 1209 1209 + x-kubernetes-int-or-string: true 1210 1210 + description: |- 1211 1211 + Requests describes the minimum amount of compute resources required. 1212 1212 + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, 1213 1213 + otherwise to an implementation-defined value. Requests cannot exceed Limits. 1214 1214 + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ 1215 1215 + type: object 1216 1216 + type: object 1217 1217 + required: 1218 1218 + - nodeSelector 1219 1219 + - resources 1220 1220 + type: object 1221 1221 + type: array 1222 1222 + tolerations: 1223 1223 + description: Tolerations allows pods to schedule onto nodes with 1224 1224 + matching taints. 1225 1225 + items: 1226 1226 + description: |- 1227 1227 + The pod this Toleration is attached to tolerates any taint that matches 1228 1228 + the triple <key,value,effect> using the matching operator <operator>. 1229 1229 + properties: 1230 1230 + effect: 1231 1231 + description: |- 1232 1232 + Effect indicates the taint effect to match. Empty means match all taint effects. 1233 1233 + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 1234 1234 + type: string 1235 1235 + key: 1236 1236 + description: |- 1237 1237 + Key is the taint key that the toleration applies to. Empty means match all taint keys. 1238 1238 + If the key is empty, operator must be Exists; this combination means to match all values and all keys. 1239 1239 + type: string 1240 1240 + operator: 1241 1241 + description: |- 1242 1242 + Operator represents a key's relationship to the value. 1243 1243 + Valid operators are Exists and Equal. Defaults to Equal. 1244 1244 + Exists is equivalent to wildcard for value, so that a pod can 1245 1245 + tolerate all taints of a particular category. 1246 1246 + type: string 1247 1247 + tolerationSeconds: 1248 1248 + description: |- 1249 1249 + TolerationSeconds represents the period of time the toleration (which must be 1250 1250 + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, 1251 1251 + it is not set, which means tolerate the taint forever (do not evict). Zero and 1252 1252 + negative values will be treated as 0 (evict immediately) by the system. 1253 1253 + format: int64 1254 1254 + type: integer 1255 1255 + value: 1256 1256 + description: |- 1257 1257 + Value is the taint value the toleration matches to. 1258 1258 + If the operator is Exists, the value should be empty, otherwise just a regular string. 1259 1259 + type: string 1260 1260 + type: object 1261 1261 + type: array 1262 1262 + type: object 1263 1263 + required: 1264 1264 + - pipelineRun 1265 1265 + type: object 1266 1266 + status: 1267 1267 + description: SpindleSetStatus defines the observed state of SpindleSet. 1268 1268 + properties: 1269 1269 + completedJobs: 1270 1270 + description: CompletedJobs is the total number of spindle jobs that 1271 1271 + have completed successfully. 1272 1272 + format: int32 1273 1273 + type: integer 1274 1274 + conditions: 1275 1275 + description: Conditions represent the latest available observations 1276 1276 + of the SpindleSet's state. 1277 1277 + items: 1278 1278 + description: Condition contains details for one aspect of the current 1279 1279 + state of this API Resource. 1280 1280 + properties: 1281 1281 + lastTransitionTime: 1282 1282 + description: |- 1283 1283 + lastTransitionTime is the last time the condition transitioned from one status to another. 1284 1284 + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. 1285 1285 + format: date-time 1286 1286 + type: string 1287 1287 + message: 1288 1288 + description: |- 1289 1289 + message is a human readable message indicating details about the transition. 1290 1290 + This may be an empty string. 1291 1291 + maxLength: 32768 1292 1292 + type: string 1293 1293 + observedGeneration: 1294 1294 + description: |- 1295 1295 + observedGeneration represents the .metadata.generation that the condition was set based upon. 1296 1296 + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date 1297 1297 + with respect to the current state of the instance. 1298 1298 + format: int64 1299 1299 + minimum: 0 1300 1300 + type: integer 1301 1301 + reason: 1302 1302 + description: |- 1303 1303 + reason contains a programmatic identifier indicating the reason for the condition's last transition. 1304 1304 + Producers of specific condition types may define expected values and meanings for this field, 1305 1305 + and whether the values are considered a guaranteed API. 1306 1306 + The value should be a CamelCase string. 1307 1307 + This field may not be empty. 1308 1308 + maxLength: 1024 1309 1309 + minLength: 1 1310 1310 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 1311 1311 + type: string 1312 1312 + status: 1313 1313 + description: status of the condition, one of True, False, Unknown. 1314 1314 + enum: 1315 1315 + - "True" 1316 1316 + - "False" 1317 1317 + - Unknown 1318 1318 + type: string 1319 1319 + type: 1320 1320 + description: type of condition in CamelCase or in foo.example.com/CamelCase. 1321 1321 + maxLength: 316 1322 1322 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 1323 1323 + type: string 1324 1324 + required: 1325 1325 + - lastTransitionTime 1326 1326 + - message 1327 1327 + - reason 1328 1328 + - status 1329 1329 + - type 1330 1330 + type: object 1331 1331 + type: array 1332 1332 + x-kubernetes-list-map-keys: 1333 1333 + - type 1334 1334 + x-kubernetes-list-type: map 1335 1335 + failedJobs: 1336 1336 + description: FailedJobs is the total number of spindle jobs that have 1337 1337 + failed. 1338 1338 + format: int32 1339 1339 + type: integer 1340 1340 + pendingJobs: 1341 1341 + description: PendingJobs is the number of spindle jobs currently pending. 1342 1342 + format: int32 1343 1343 + type: integer 1344 1344 + phase: 1345 1345 + description: Phase represents the current phase of the pipeline execution. 1346 1346 + type: string 1347 1347 + runningJobs: 1348 1348 + description: RunningJobs is the number of spindle jobs currently running. 1349 1349 + format: int32 1350 1350 + type: integer 1351 1351 + workflowStatuses: 1352 1352 + description: WorkflowStatuses tracks the status of individual workflows 1353 1353 + in a pipeline run. 1354 1354 + items: 1355 1355 + description: WorkflowStatus tracks the status of a single workflow 1356 1356 + execution. 1357 1357 + properties: 1358 1358 + completionTime: 1359 1359 + description: CompletionTime is when the workflow finished. 1360 1360 + format: date-time 1361 1361 + type: string 1362 1362 + jobName: 1363 1363 + description: JobName is the name of the Kubernetes Job created 1364 1364 + for this workflow. 1365 1365 + type: string 1366 1366 + name: 1367 1367 + description: Name is the workflow name. 1368 1368 + type: string 1369 1369 + phase: 1370 1370 + description: Phase is the current phase of the workflow (Pending, 1371 1371 + Running, Succeeded, Failed). 1372 1372 + type: string 1373 1373 + startTime: 1374 1374 + description: StartTime is when the workflow started executing. 1375 1375 + format: date-time 1376 1376 + type: string 1377 1377 + required: 1378 1378 + - name 1379 1379 + type: object 1380 1380 + type: array 1381 1381 + type: object 1382 1382 + type: object 1383 1383 + served: true 1384 1384 + storage: true 1385 1385 + subresources: 1386 1386 + status: {}

+106

helm/loom/templates/_helpers.tpl

··· 1 1 + {{/* 2 2 + Expand the name of the chart. 3 3 + */}} 4 4 + {{- define "loom.name" -}} 5 5 + {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 6 + {{- end }} 7 7 + 8 8 + {{/* 9 9 + Create a default fully qualified app name. 10 10 + We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 11 + If release name contains chart name it will be used as a full name. 12 12 + */}} 13 13 + {{- define "loom.fullname" -}} 14 14 + {{- if .Values.fullnameOverride }} 15 15 + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 16 + {{- else }} 17 17 + {{- $name := default .Chart.Name .Values.nameOverride }} 18 18 + {{- if contains $name .Release.Name }} 19 19 + {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 20 + {{- else }} 21 21 + {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 22 + {{- end }} 23 23 + {{- end }} 24 24 + {{- end }} 25 25 + 26 26 + {{/* 27 27 + Create chart name and version as used by the chart label. 28 28 + */}} 29 29 + {{- define "loom.chart" -}} 30 30 + {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 31 + {{- end }} 32 32 + 33 33 + {{/* 34 34 + Common labels 35 35 + */}} 36 36 + {{- define "loom.labels" -}} 37 37 + helm.sh/chart: {{ include "loom.chart" . }} 38 38 + {{ include "loom.selectorLabels" . }} 39 39 + {{- if .Chart.AppVersion }} 40 40 + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 41 + {{- end }} 42 42 + app.kubernetes.io/managed-by: {{ .Release.Service }} 43 43 + {{- end }} 44 44 + 45 45 + {{/* 46 46 + Selector labels 47 47 + */}} 48 48 + {{- define "loom.selectorLabels" -}} 49 49 + app.kubernetes.io/name: {{ include "loom.name" . }} 50 50 + app.kubernetes.io/instance: {{ .Release.Name }} 51 51 + {{- end }} 52 52 + 53 53 + {{/* 54 54 + Controller manager labels 55 55 + */}} 56 56 + {{- define "loom.controllerLabels" -}} 57 57 + control-plane: controller-manager 58 58 + {{ include "loom.selectorLabels" . }} 59 59 + {{- end }} 60 60 + 61 61 + {{/* 62 62 + Create the name of the service account to use 63 63 + */}} 64 64 + {{- define "loom.serviceAccountName" -}} 65 65 + {{- if .Values.serviceAccount.create }} 66 66 + {{- default (printf "%s-controller-manager" (include "loom.fullname" .)) .Values.serviceAccount.name }} 67 67 + {{- else }} 68 68 + {{- default "default" .Values.serviceAccount.name }} 69 69 + {{- end }} 70 70 + {{- end }} 71 71 + 72 72 + {{/* 73 73 + Create the name of the job runner service account 74 74 + */}} 75 75 + {{- define "loom.jobServiceAccountName" -}} 76 76 + {{- printf "%s-spindle-job-runner" (include "loom.fullname" .) }} 77 77 + {{- end }} 78 78 + 79 79 + {{/* 80 80 + Create the image reference 81 81 + */}} 82 82 + {{- define "loom.image" -}} 83 83 + {{- $tag := default .Chart.AppVersion .Values.image.tag }} 84 84 + {{- printf "%s:%s" .Values.image.repository $tag }} 85 85 + {{- end }} 86 86 + 87 87 + {{/* 88 88 + Create the controller manager name 89 89 + */}} 90 90 + {{- define "loom.controllerManagerName" -}} 91 91 + {{- printf "%s-controller-manager" (include "loom.fullname" .) }} 92 92 + {{- end }} 93 93 + 94 94 + {{/* 95 95 + Create the configmap name 96 96 + */}} 97 97 + {{- define "loom.configMapName" -}} 98 98 + {{- printf "%s-config" (include "loom.fullname" .) }} 99 99 + {{- end }} 100 100 + 101 101 + {{/* 102 102 + Create the service name 103 103 + */}} 104 104 + {{- define "loom.serviceName" -}} 105 105 + {{- printf "%s-spindle-service" (include "loom.fullname" .) }} 106 106 + {{- end }}

+24

helm/loom/templates/configmap.yaml

··· 1 1 + apiVersion: v1 2 2 + kind: ConfigMap 3 3 + metadata: 4 4 + name: {{ include "loom.configMapName" . }} 5 5 + namespace: {{ .Release.Namespace }} 6 6 + labels: 7 7 + {{- include "loom.labels" . | nindent 4 }} 8 8 + data: 9 9 + config.yaml: | 10 10 + # Maximum number of concurrent spindle jobs 11 11 + maxConcurrentJobs: {{ .Values.config.maxConcurrentJobs }} 12 12 + 13 13 + # Template for spindle job pods 14 14 + template: 15 15 + # Resource profiles are matched against workflow architecture and node labels. 16 16 + # The first profile matching the workflow's architecture is selected. 17 17 + # Profile's nodeSelector and resources are applied to the job pod. 18 18 + resourceProfiles: 19 19 + {{- range .Values.config.resourceProfiles }} 20 20 + - nodeSelector: 21 21 + {{- toYaml .nodeSelector | nindent 12 }} 22 22 + resources: 23 23 + {{- toYaml .resources | nindent 12 }} 24 24 + {{- end }}

+108

helm/loom/templates/deployment.yaml

··· 1 1 + apiVersion: apps/v1 2 2 + kind: Deployment 3 3 + metadata: 4 4 + name: {{ include "loom.controllerManagerName" . }} 5 5 + namespace: {{ .Release.Namespace }} 6 6 + labels: 7 7 + {{- include "loom.labels" . | nindent 4 }} 8 8 + control-plane: controller-manager 9 9 + spec: 10 10 + replicas: {{ .Values.controllerManager.replicas }} 11 11 + selector: 12 12 + matchLabels: 13 13 + {{- include "loom.controllerLabels" . | nindent 6 }} 14 14 + # Use Recreate strategy because we use RWO PVCs that can only attach to one pod 15 15 + strategy: 16 16 + type: Recreate 17 17 + template: 18 18 + metadata: 19 19 + annotations: 20 20 + kubectl.kubernetes.io/default-container: manager 21 21 + labels: 22 22 + {{- include "loom.controllerLabels" . | nindent 8 }} 23 23 + spec: 24 24 + {{- with .Values.imagePullSecrets }} 25 25 + imagePullSecrets: 26 26 + {{- toYaml . | nindent 8 }} 27 27 + {{- end }} 28 28 + serviceAccountName: {{ include "loom.serviceAccountName" . }} 29 29 + terminationGracePeriodSeconds: 10 30 30 + {{- with .Values.controllerManager.nodeAffinity }} 31 31 + affinity: 32 32 + nodeAffinity: 33 33 + requiredDuringSchedulingIgnoredDuringExecution: 34 34 + nodeSelectorTerms: 35 35 + - matchExpressions: 36 36 + {{- if .architectures }} 37 37 + - key: kubernetes.io/arch 38 38 + operator: In 39 39 + values: 40 40 + {{- toYaml .architectures | nindent 20 }} 41 41 + {{- end }} 42 42 + {{- if .operatingSystems }} 43 43 + - key: kubernetes.io/os 44 44 + operator: In 45 45 + values: 46 46 + {{- toYaml .operatingSystems | nindent 20 }} 47 47 + {{- end }} 48 48 + {{- end }} 49 49 + securityContext: 50 50 + {{- toYaml .Values.controllerManager.podSecurityContext | nindent 8 }} 51 51 + containers: 52 52 + - name: manager 53 53 + image: {{ include "loom.image" . }} 54 54 + imagePullPolicy: {{ .Values.image.pullPolicy }} 55 55 + command: 56 56 + - /manager 57 57 + args: 58 58 + - --health-probe-bind-address=:8081 59 59 + env: 60 60 + - name: POD_NAMESPACE 61 61 + valueFrom: 62 62 + fieldRef: 63 63 + fieldPath: metadata.namespace 64 64 + - name: LOOM_IMAGE 65 65 + value: {{ include "loom.image" . | quote }} 66 66 + - name: SPINDLE_SERVER_HOSTNAME 67 67 + value: {{ required "spindle.hostname is required" .Values.spindle.hostname | quote }} 68 68 + - name: SPINDLE_SERVER_OWNER 69 69 + value: {{ required "spindle.owner is required" .Values.spindle.owner | quote }} 70 70 + - name: SPINDLE_SERVER_DB_PATH 71 71 + value: {{ .Values.spindle.dbPath | quote }} 72 72 + - name: SPINDLE_SERVER_LOG_DIR 73 73 + value: {{ .Values.spindle.logDir | quote }} 74 74 + ports: [] 75 75 + securityContext: 76 76 + {{- toYaml .Values.controllerManager.securityContext | nindent 10 }} 77 77 + livenessProbe: 78 78 + httpGet: 79 79 + path: /healthz 80 80 + port: 8081 81 81 + initialDelaySeconds: 15 82 82 + periodSeconds: 20 83 83 + readinessProbe: 84 84 + httpGet: 85 85 + path: /readyz 86 86 + port: 8081 87 87 + initialDelaySeconds: 5 88 88 + periodSeconds: 10 89 89 + resources: 90 90 + {{- toYaml .Values.controllerManager.resources | nindent 10 }} 91 91 + volumeMounts: 92 92 + - name: spindle-logs 93 93 + mountPath: {{ .Values.spindle.logDir }} 94 94 + - name: spindle-db 95 95 + mountPath: /data 96 96 + - name: loom-config 97 97 + mountPath: /etc/loom 98 98 + readOnly: true 99 99 + volumes: 100 100 + - name: spindle-logs 101 101 + persistentVolumeClaim: 102 102 + claimName: {{ include "loom.fullname" . }}-spindle-logs 103 103 + - name: spindle-db 104 104 + persistentVolumeClaim: 105 105 + claimName: {{ include "loom.fullname" . }}-spindle-db 106 106 + - name: loom-config 107 107 + configMap: 108 108 + name: {{ include "loom.configMapName" . }}

+33

helm/loom/templates/pvc.yaml

··· 1 1 + apiVersion: v1 2 2 + kind: PersistentVolumeClaim 3 3 + metadata: 4 4 + name: {{ include "loom.fullname" . }}-spindle-db 5 5 + namespace: {{ .Release.Namespace }} 6 6 + labels: 7 7 + {{- include "loom.labels" . | nindent 4 }} 8 8 + spec: 9 9 + accessModes: 10 10 + - {{ .Values.persistence.db.accessMode }} 11 11 + {{- if .Values.persistence.db.storageClass }} 12 12 + storageClassName: {{ .Values.persistence.db.storageClass | quote }} 13 13 + {{- end }} 14 14 + resources: 15 15 + requests: 16 16 + storage: {{ .Values.persistence.db.size }} 17 17 + --- 18 18 + apiVersion: v1 19 19 + kind: PersistentVolumeClaim 20 20 + metadata: 21 21 + name: {{ include "loom.fullname" . }}-spindle-logs 22 22 + namespace: {{ .Release.Namespace }} 23 23 + labels: 24 24 + {{- include "loom.labels" . | nindent 4 }} 25 25 + spec: 26 26 + accessModes: 27 27 + - {{ .Values.persistence.logs.accessMode }} 28 28 + {{- if .Values.persistence.logs.storageClass }} 29 29 + storageClassName: {{ .Values.persistence.logs.storageClass | quote }} 30 30 + {{- end }} 31 31 + resources: 32 32 + requests: 33 33 + storage: {{ .Values.persistence.logs.size }}

+160

helm/loom/templates/rbac/role.yaml

··· 1 1 + {{- if .Values.rbac.create -}} 2 2 + --- 3 3 + apiVersion: rbac.authorization.k8s.io/v1 4 4 + kind: ClusterRole 5 5 + metadata: 6 6 + name: {{ include "loom.fullname" . }}-manager-role 7 7 + labels: 8 8 + {{- include "loom.labels" . | nindent 4 }} 9 9 + rules: 10 10 + - apiGroups: 11 11 + - "" 12 12 + resources: 13 13 + - nodes 14 14 + verbs: 15 15 + - list 16 16 + - watch 17 17 + - apiGroups: 18 18 + - "" 19 19 + resources: 20 20 + - pods 21 21 + verbs: 22 22 + - get 23 23 + - list 24 24 + - watch 25 25 + - apiGroups: 26 26 + - "" 27 27 + resources: 28 28 + - pods/log 29 29 + verbs: 30 30 + - get 31 31 + - apiGroups: 32 32 + - "" 33 33 + resources: 34 34 + - secrets 35 35 + - services 36 36 + verbs: 37 37 + - create 38 38 + - delete 39 39 + - get 40 40 + - list 41 41 + - patch 42 42 + - update 43 43 + - watch 44 44 + - apiGroups: 45 45 + - batch 46 46 + resources: 47 47 + - jobs 48 48 + verbs: 49 49 + - create 50 50 + - delete 51 51 + - get 52 52 + - list 53 53 + - patch 54 54 + - update 55 55 + - watch 56 56 + - apiGroups: 57 57 + - batch 58 58 + resources: 59 59 + - jobs/status 60 60 + verbs: 61 61 + - get 62 62 + - apiGroups: 63 63 + - loom.j5t.io 64 64 + resources: 65 65 + - spindlesets 66 66 + verbs: 67 67 + - create 68 68 + - delete 69 69 + - get 70 70 + - list 71 71 + - patch 72 72 + - update 73 73 + - watch 74 74 + - apiGroups: 75 75 + - loom.j5t.io 76 76 + resources: 77 77 + - spindlesets/finalizers 78 78 + verbs: 79 79 + - update 80 80 + - apiGroups: 81 81 + - loom.j5t.io 82 82 + resources: 83 83 + - spindlesets/status 84 84 + verbs: 85 85 + - get 86 86 + - patch 87 87 + - update 88 88 + --- 89 89 + apiVersion: rbac.authorization.k8s.io/v1 90 90 + kind: ClusterRoleBinding 91 91 + metadata: 92 92 + name: {{ include "loom.fullname" . }}-manager-rolebinding 93 93 + labels: 94 94 + {{- include "loom.labels" . | nindent 4 }} 95 95 + roleRef: 96 96 + apiGroup: rbac.authorization.k8s.io 97 97 + kind: ClusterRole 98 98 + name: {{ include "loom.fullname" . }}-manager-role 99 99 + subjects: 100 100 + - kind: ServiceAccount 101 101 + name: {{ include "loom.serviceAccountName" . }} 102 102 + namespace: {{ .Release.Namespace }} 103 103 + --- 104 104 + # Leader election role (namespace-scoped) 105 105 + apiVersion: rbac.authorization.k8s.io/v1 106 106 + kind: Role 107 107 + metadata: 108 108 + name: {{ include "loom.fullname" . }}-leader-election-role 109 109 + namespace: {{ .Release.Namespace }} 110 110 + labels: 111 111 + {{- include "loom.labels" . | nindent 4 }} 112 112 + rules: 113 113 + - apiGroups: 114 114 + - "" 115 115 + resources: 116 116 + - configmaps 117 117 + verbs: 118 118 + - get 119 119 + - list 120 120 + - watch 121 121 + - create 122 122 + - update 123 123 + - patch 124 124 + - delete 125 125 + - apiGroups: 126 126 + - coordination.k8s.io 127 127 + resources: 128 128 + - leases 129 129 + verbs: 130 130 + - get 131 131 + - list 132 132 + - watch 133 133 + - create 134 134 + - update 135 135 + - patch 136 136 + - delete 137 137 + - apiGroups: 138 138 + - "" 139 139 + resources: 140 140 + - events 141 141 + verbs: 142 142 + - create 143 143 + - patch 144 144 + --- 145 145 + apiVersion: rbac.authorization.k8s.io/v1 146 146 + kind: RoleBinding 147 147 + metadata: 148 148 + name: {{ include "loom.fullname" . }}-leader-election-rolebinding 149 149 + namespace: {{ .Release.Namespace }} 150 150 + labels: 151 151 + {{- include "loom.labels" . | nindent 4 }} 152 152 + roleRef: 153 153 + apiGroup: rbac.authorization.k8s.io 154 154 + kind: Role 155 155 + name: {{ include "loom.fullname" . }}-leader-election-role 156 156 + subjects: 157 157 + - kind: ServiceAccount 158 158 + name: {{ include "loom.serviceAccountName" . }} 159 159 + namespace: {{ .Release.Namespace }} 160 160 + {{- end }}

+33

helm/loom/templates/rbac/service_account.yaml

··· 1 1 + {{- if .Values.serviceAccount.create -}} 2 2 + apiVersion: v1 3 3 + kind: ServiceAccount 4 4 + metadata: 5 5 + name: {{ include "loom.serviceAccountName" . }} 6 6 + namespace: {{ .Release.Namespace }} 7 7 + labels: 8 8 + {{- include "loom.labels" . | nindent 4 }} 9 9 + {{- with .Values.serviceAccount.annotations }} 10 10 + annotations: 11 11 + {{- toYaml . | nindent 4 }} 12 12 + {{- end }} 13 13 + {{- with .Values.imagePullSecrets }} 14 14 + imagePullSecrets: 15 15 + {{- toYaml . | nindent 2 }} 16 16 + {{- end }} 17 17 + --- 18 18 + # ServiceAccount for spindle Job pods 19 19 + # This account has ZERO Kubernetes API permissions for security isolation 20 20 + # Jobs should not need to interact with the Kubernetes API 21 21 + apiVersion: v1 22 22 + kind: ServiceAccount 23 23 + metadata: 24 24 + name: {{ include "loom.jobServiceAccountName" . }} 25 25 + namespace: {{ .Release.Namespace }} 26 26 + labels: 27 27 + {{- include "loom.labels" . | nindent 4 }} 28 28 + automountServiceAccountToken: false 29 29 + {{- with .Values.imagePullSecrets }} 30 30 + imagePullSecrets: 31 31 + {{- toYaml . | nindent 2 }} 32 32 + {{- end }} 33 33 + {{- end }}

+16

helm/loom/templates/service.yaml

··· 1 1 + apiVersion: v1 2 2 + kind: Service 3 3 + metadata: 4 4 + name: {{ include "loom.serviceName" . }} 5 5 + namespace: {{ .Release.Namespace }} 6 6 + labels: 7 7 + {{- include "loom.labels" . | nindent 4 }} 8 8 + spec: 9 9 + type: {{ .Values.service.type }} 10 10 + selector: 11 11 + {{- include "loom.controllerLabels" . | nindent 4 }} 12 12 + ports: 13 13 + - name: spindle-http 14 14 + port: {{ .Values.service.port }} 15 15 + protocol: TCP 16 16 + targetPort: {{ .Values.service.port }}

+21

helm/loom/templates/servicemonitor.yaml

··· 1 1 + {{- if .Values.prometheus.enabled }} 2 2 + apiVersion: monitoring.coreos.com/v1 3 3 + kind: ServiceMonitor 4 4 + metadata: 5 5 + name: {{ include "loom.fullname" . }} 6 6 + namespace: {{ .Release.Namespace }} 7 7 + labels: 8 8 + {{- include "loom.labels" . | nindent 4 }} 9 9 + spec: 10 10 + selector: 11 11 + matchLabels: 12 12 + {{- include "loom.controllerLabels" . | nindent 6 }} 13 13 + endpoints: 14 14 + - port: https 15 15 + scheme: https 16 16 + path: /metrics 17 17 + interval: {{ .Values.prometheus.serviceMonitor.interval }} 18 18 + scrapeTimeout: {{ .Values.prometheus.serviceMonitor.scrapeTimeout }} 19 19 + tlsConfig: 20 20 + insecureSkipVerify: true 21 21 + {{- end }}

+17

helm/loom/templates/tests/test-connection.yaml

··· 1 1 + apiVersion: v1 2 2 + kind: Pod 3 3 + metadata: 4 4 + name: "{{ include "loom.fullname" . }}-test-connection" 5 5 + namespace: {{ .Release.Namespace }} 6 6 + labels: 7 7 + {{- include "loom.labels" . | nindent 4 }} 8 8 + annotations: 9 9 + "helm.sh/hook": test 10 10 + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 11 11 + spec: 12 12 + containers: 13 13 + - name: wget 14 14 + image: busybox 15 15 + command: ['wget'] 16 16 + args: ['{{ include "loom.serviceName" . }}:{{ .Values.service.port }}'] 17 17 + restartPolicy: Never

+21

helm/loom/templates/tests/test-crds.yaml

··· 1 1 + apiVersion: v1 2 2 + kind: Pod 3 3 + metadata: 4 4 + name: "{{ include "loom.fullname" . }}-test-crds" 5 5 + namespace: {{ .Release.Namespace }} 6 6 + labels: 7 7 + {{- include "loom.labels" . | nindent 4 }} 8 8 + annotations: 9 9 + "helm.sh/hook": test 10 10 + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 11 11 + spec: 12 12 + serviceAccountName: {{ include "loom.serviceAccountName" . }} 13 13 + containers: 14 14 + - name: kubectl 15 15 + image: bitnami/kubectl:latest 16 16 + command: ['kubectl'] 17 17 + args: 18 18 + - 'get' 19 19 + - 'crd' 20 20 + - 'spindlesets.loom.j5t.io' 21 21 + restartPolicy: Never

+141

helm/loom/values.yaml

··· 1 1 + # Default values for loom. 2 2 + 3 3 + # Image configuration 4 4 + image: 5 5 + repository: atcr.io/evan.jarrett.net/loom 6 6 + pullPolicy: Always 7 7 + # Overrides the image tag whose default is the chart appVersion. 8 8 + tag: "" 9 9 + 10 10 + imagePullSecrets: 11 11 + - name: atcr-login 12 12 + 13 13 + # Controller manager configuration 14 14 + controllerManager: 15 15 + replicas: 1 16 16 + resources: 17 17 + limits: 18 18 + cpu: 500m 19 19 + memory: 128Mi 20 20 + requests: 21 21 + cpu: 10m 22 22 + memory: 64Mi 23 23 + securityContext: 24 24 + allowPrivilegeEscalation: false 25 25 + capabilities: 26 26 + drop: 27 27 + - "ALL" 28 28 + podSecurityContext: 29 29 + runAsNonRoot: true 30 30 + runAsUser: 65532 31 31 + fsGroup: 65532 32 32 + seccompProfile: 33 33 + type: RuntimeDefault 34 34 + # Node affinity for controller (targets amd64 by default) 35 35 + nodeAffinity: 36 36 + architectures: 37 37 + - amd64 38 38 + operatingSystems: 39 39 + - linux 40 40 + 41 41 + # Spindle server configuration 42 42 + spindle: 43 43 + # Required: external hostname for the spindle server 44 44 + hostname: "" 45 45 + # Required: DID identifier for the owner 46 46 + owner: "" 47 47 + # Database path inside the container 48 48 + dbPath: /data/spindle.db 49 49 + # Log directory inside the container 50 50 + logDir: /tmp/spindle-logs 51 51 + 52 52 + # Persistence configuration 53 53 + persistence: 54 54 + db: 55 55 + size: 1Gi 56 56 + # storageClass: "" - use default if not specified 57 57 + storageClass: "" 58 58 + accessMode: ReadWriteOnce 59 59 + logs: 60 60 + size: 5Gi 61 61 + # storageClass: "" - use default if not specified 62 62 + storageClass: "" 63 63 + accessMode: ReadWriteOnce 64 64 + 65 65 + # Loom configuration 66 66 + config: 67 67 + # Maximum number of concurrent spindle jobs 68 68 + maxConcurrentJobs: 5 69 69 + # Resource profiles for pipeline jobs (matched by architecture) 70 70 + resourceProfiles: 71 71 + # ARM large nodes (8-core, 16GB) - labeled with node-tier: large 72 72 + - nodeSelector: 73 73 + kubernetes.io/arch: arm64 74 74 + node-tier: large 75 75 + resources: 76 76 + requests: 77 77 + cpu: "2" 78 78 + memory: "4Gi" 79 79 + limits: 80 80 + cpu: "6" 81 81 + memory: "12Gi" 82 82 + # ARM small nodes (4-core, 8GB) - fallback for arm64 83 83 + - nodeSelector: 84 84 + kubernetes.io/arch: arm64 85 85 + resources: 86 86 + requests: 87 87 + cpu: "1" 88 88 + memory: "2Gi" 89 89 + limits: 90 90 + cpu: "3" 91 91 + memory: "6Gi" 92 92 + # AMD64 nodes 93 93 + - nodeSelector: 94 94 + kubernetes.io/arch: amd64 95 95 + resources: 96 96 + requests: 97 97 + cpu: "4" 98 98 + memory: "4Gi" 99 99 + limits: 100 100 + cpu: "8" 101 101 + memory: "8Gi" 102 102 + 103 103 + # Service configuration 104 104 + service: 105 105 + type: ClusterIP 106 106 + port: 6555 107 107 + 108 108 + # RBAC configuration 109 109 + rbac: 110 110 + create: true 111 111 + 112 112 + # ServiceAccount configuration 113 113 + serviceAccount: 114 114 + create: true 115 115 + # Annotations to add to the service account 116 116 + annotations: {} 117 117 + # The name of the service account to use. 118 118 + # If not set and create is true, a name is generated using the fullname template 119 119 + name: "" 120 120 + 121 121 + # CRD configuration 122 122 + crds: 123 123 + # Install CRDs as part of the Helm release 124 124 + install: true 125 125 + # Keep CRDs when the Helm release is deleted 126 126 + keep: true 127 127 + 128 128 + # Prometheus monitoring 129 129 + prometheus: 130 130 + enabled: false 131 131 + # ServiceMonitor configuration (requires prometheus-operator) 132 132 + serviceMonitor: 133 133 + interval: 30s 134 134 + scrapeTimeout: 10s 135 135 + 136 136 + # Pod security policy labels for namespace 137 137 + podSecurityPolicy: 138 138 + # Privileged policy allows Unconfined seccomp for buildah user namespaces 139 139 + enforce: privileged 140 140 + audit: privileged 141 141 + warn: privileged