projectcontour.v1alpha1.contourDeployment
"ContourDeployment is the schema for a Contour Deployment."
Index
fn new(name)obj metadatafn withAnnotations(annotations)fn withAnnotationsMixin(annotations)fn withClusterName(clusterName)fn withCreationTimestamp(creationTimestamp)fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)fn withDeletionTimestamp(deletionTimestamp)fn withFinalizers(finalizers)fn withFinalizersMixin(finalizers)fn withGenerateName(generateName)fn withGeneration(generation)fn withLabels(labels)fn withLabelsMixin(labels)fn withName(name)fn withNamespace(namespace)fn withOwnerReferences(ownerReferences)fn withOwnerReferencesMixin(ownerReferences)fn withResourceVersion(resourceVersion)fn withSelfLink(selfLink)fn withUid(uid)
obj specfn withResourceLabels(resourceLabels)fn withResourceLabelsMixin(resourceLabels)obj spec.contourfn withKubernetesLogLevel(kubernetesLogLevel)fn withLogLevel(logLevel)fn withReplicas(replicas)obj spec.contour.deploymentobj spec.contour.nodePlacementobj spec.contour.resources
obj spec.envoyfn withExtraVolumeMounts(extraVolumeMounts)fn withExtraVolumeMountsMixin(extraVolumeMounts)fn withExtraVolumes(extraVolumes)fn withExtraVolumesMixin(extraVolumes)fn withLogLevel(logLevel)fn withPodAnnotations(podAnnotations)fn withPodAnnotationsMixin(podAnnotations)fn withReplicas(replicas)fn withWorkloadType(workloadType)obj spec.envoy.daemonSetobj spec.envoy.deploymentobj spec.envoy.extraVolumeMountsobj spec.envoy.extraVolumesfn withName(name)obj spec.envoy.extraVolumes.awsElasticBlockStoreobj spec.envoy.extraVolumes.azureDiskobj spec.envoy.extraVolumes.azureFileobj spec.envoy.extraVolumes.cephfsobj spec.envoy.extraVolumes.cinderobj spec.envoy.extraVolumes.configMapobj spec.envoy.extraVolumes.csiobj spec.envoy.extraVolumes.downwardAPIobj spec.envoy.extraVolumes.emptyDirobj spec.envoy.extraVolumes.ephemeralobj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplatefn withMetadata(metadata)fn withMetadataMixin(metadata)obj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.specfn withAccessModes(accessModes)fn withAccessModesMixin(accessModes)fn withStorageClassName(storageClassName)fn withVolumeMode(volumeMode)fn withVolumeName(volumeName)obj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.dataSourceobj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.dataSourceRefobj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.resourcesobj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.selector
obj spec.envoy.extraVolumes.fcobj spec.envoy.extraVolumes.flexVolumeobj spec.envoy.extraVolumes.flockerobj spec.envoy.extraVolumes.gcePersistentDiskobj spec.envoy.extraVolumes.gitRepoobj spec.envoy.extraVolumes.glusterfsobj spec.envoy.extraVolumes.hostPathobj spec.envoy.extraVolumes.iscsifn withChapAuthDiscovery(chapAuthDiscovery)fn withChapAuthSession(chapAuthSession)fn withFsType(fsType)fn withInitiatorName(initiatorName)fn withIqn(iqn)fn withIscsiInterface(iscsiInterface)fn withLun(lun)fn withPortals(portals)fn withPortalsMixin(portals)fn withReadOnly(readOnly)fn withTargetPortal(targetPortal)obj spec.envoy.extraVolumes.iscsi.secretRef
obj spec.envoy.extraVolumes.nfsobj spec.envoy.extraVolumes.persistentVolumeClaimobj spec.envoy.extraVolumes.photonPersistentDiskobj spec.envoy.extraVolumes.portworxVolumeobj spec.envoy.extraVolumes.projectedfn withDefaultMode(defaultMode)fn withSources(sources)fn withSourcesMixin(sources)obj spec.envoy.extraVolumes.projected.sourcesobj spec.envoy.extraVolumes.projected.sources.configMapobj spec.envoy.extraVolumes.projected.sources.downwardAPIobj spec.envoy.extraVolumes.projected.sources.secretobj spec.envoy.extraVolumes.projected.sources.serviceAccountToken
obj spec.envoy.extraVolumes.quobyteobj spec.envoy.extraVolumes.rbdobj spec.envoy.extraVolumes.scaleIOfn withFsType(fsType)fn withGateway(gateway)fn withProtectionDomain(protectionDomain)fn withReadOnly(readOnly)fn withSslEnabled(sslEnabled)fn withStorageMode(storageMode)fn withStoragePool(storagePool)fn withSystem(system)fn withVolumeName(volumeName)obj spec.envoy.extraVolumes.scaleIO.secretRef
obj spec.envoy.extraVolumes.secretobj spec.envoy.extraVolumes.storageosobj spec.envoy.extraVolumes.vsphereVolume
obj spec.envoy.networkPublishingobj spec.envoy.nodePlacementobj spec.envoy.resources
obj spec.runtimeSettingsfn withEnableExternalNameService(enableExternalNameService)obj spec.runtimeSettings.debugobj spec.runtimeSettings.envoyfn withDefaultHTTPVersions(defaultHTTPVersions)fn withDefaultHTTPVersionsMixin(defaultHTTPVersions)obj spec.runtimeSettings.envoy.clientCertificateobj spec.runtimeSettings.envoy.clusterobj spec.runtimeSettings.envoy.healthobj spec.runtimeSettings.envoy.httpobj spec.runtimeSettings.envoy.httpsobj spec.runtimeSettings.envoy.listenerfn withConnectionBalancer(connectionBalancer)fn withDisableAllowChunkedLength(disableAllowChunkedLength)fn withDisableMergeSlashes(disableMergeSlashes)fn withHttpMaxConcurrentStreams(httpMaxConcurrentStreams)fn withMaxRequestsPerIOCycle(maxRequestsPerIOCycle)fn withServerHeaderTransformation(serverHeaderTransformation)fn withUseProxyProtocol(useProxyProtocol)obj spec.runtimeSettings.envoy.listener.tls
obj spec.runtimeSettings.envoy.loggingobj spec.runtimeSettings.envoy.metricsobj spec.runtimeSettings.envoy.networkobj spec.runtimeSettings.envoy.serviceobj spec.runtimeSettings.envoy.timeoutsfn withConnectTimeout(connectTimeout)fn withConnectionIdleTimeout(connectionIdleTimeout)fn withConnectionShutdownGracePeriod(connectionShutdownGracePeriod)fn withDelayedCloseTimeout(delayedCloseTimeout)fn withMaxConnectionDuration(maxConnectionDuration)fn withRequestTimeout(requestTimeout)fn withStreamIdleTimeout(streamIdleTimeout)
obj spec.runtimeSettings.gatewayobj spec.runtimeSettings.globalExtAuthobj spec.runtimeSettings.healthobj spec.runtimeSettings.httpproxyobj spec.runtimeSettings.ingressobj spec.runtimeSettings.metricsobj spec.runtimeSettings.policyobj spec.runtimeSettings.rateLimitServiceobj spec.runtimeSettings.tracingfn withCustomTags(customTags)fn withCustomTagsMixin(customTags)fn withIncludePodDetail(includePodDetail)fn withMaxPathTagLength(maxPathTagLength)fn withOverallSampling(overallSampling)fn withServiceName(serviceName)obj spec.runtimeSettings.tracing.customTagsobj spec.runtimeSettings.tracing.extensionService
obj spec.runtimeSettings.xdsServer
Fields
fn new
new(name)
new returns an instance of ContourDeployment
obj metadata
"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."
fn metadata.withAnnotations
withAnnotations(annotations)
"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"
fn metadata.withAnnotationsMixin
withAnnotationsMixin(annotations)
"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"
Note: This function appends passed data to existing values
fn metadata.withClusterName
withClusterName(clusterName)
"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."
fn metadata.withCreationTimestamp
withCreationTimestamp(creationTimestamp)
"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."
fn metadata.withDeletionGracePeriodSeconds
withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)
"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."
fn metadata.withDeletionTimestamp
withDeletionTimestamp(deletionTimestamp)
"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."
fn metadata.withFinalizers
withFinalizers(finalizers)
"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."
fn metadata.withFinalizersMixin
withFinalizersMixin(finalizers)
"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."
Note: This function appends passed data to existing values
fn metadata.withGenerateName
withGenerateName(generateName)
"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"
fn metadata.withGeneration
withGeneration(generation)
"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."
fn metadata.withLabels
withLabels(labels)
"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"
fn metadata.withLabelsMixin
withLabelsMixin(labels)
"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"
Note: This function appends passed data to existing values
fn metadata.withName
withName(name)
"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"
fn metadata.withNamespace
withNamespace(namespace)
"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"
fn metadata.withOwnerReferences
withOwnerReferences(ownerReferences)
"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."
fn metadata.withOwnerReferencesMixin
withOwnerReferencesMixin(ownerReferences)
"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."
Note: This function appends passed data to existing values
fn metadata.withResourceVersion
withResourceVersion(resourceVersion)
"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"
fn metadata.withSelfLink
withSelfLink(selfLink)
"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."
fn metadata.withUid
withUid(uid)
"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"
obj spec
"ContourDeploymentSpec specifies options for how a Contour instance should be provisioned."
fn spec.withResourceLabels
withResourceLabels(resourceLabels)
"ResourceLabels is a set of labels to add to the provisioned Contour resources."
fn spec.withResourceLabelsMixin
withResourceLabelsMixin(resourceLabels)
"ResourceLabels is a set of labels to add to the provisioned Contour resources."
Note: This function appends passed data to existing values
obj spec.contour
"Contour specifies deployment-time settings for the Contour part of the installation, i.e. the xDS server/control plane and associated resources, including things like replica count for the Deployment, and node placement constraints for the pods."
fn spec.contour.withKubernetesLogLevel
withKubernetesLogLevel(kubernetesLogLevel)
"KubernetesLogLevel Enable Kubernetes client debug logging with log level. If unset, defaults to 0."
fn spec.contour.withLogLevel
withLogLevel(logLevel)
"LogLevel sets the log level for Contour Allowed values are \"info\", \"debug\"."
fn spec.contour.withReplicas
withReplicas(replicas)
"Deprecated: Use DeploymentSettings.Replicas instead. \n Replicas is the desired number of Contour replicas. If if unset, defaults to 2. \n if both DeploymentSettings.Replicas and this one is set, use DeploymentSettings.Replicas."
obj spec.contour.deployment
"Deployment describes the settings for running contour as a Deployment."
fn spec.contour.deployment.withReplicas
withReplicas(replicas)
"Replicas is the desired number of replicas."
obj spec.contour.deployment.strategy
"Strategy describes the deployment strategy to use to replace existing pods with new pods."
fn spec.contour.deployment.strategy.withType
withType(type)
"Type of deployment. Can be \"Recreate\" or \"RollingUpdate\". Default is RollingUpdate."
obj spec.contour.deployment.strategy.rollingUpdate
"Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be."
fn spec.contour.deployment.strategy.rollingUpdate.withMaxSurge
withMaxSurge(maxSurge)
"The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods."
fn spec.contour.deployment.strategy.rollingUpdate.withMaxUnavailable
withMaxUnavailable(maxUnavailable)
"The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods."
obj spec.contour.nodePlacement
"NodePlacement describes node scheduling configuration of Contour pods."
fn spec.contour.nodePlacement.withNodeSelector
withNodeSelector(nodeSelector)
"NodeSelector is the simplest recommended form of node selection constraint and specifies a map of key-value pairs. For the pod to be eligible to run on a node, the node must have each of the indicated key-value pairs as labels (it can have additional labels as well). \n If unset, the pod(s) will be scheduled to any available node."
fn spec.contour.nodePlacement.withNodeSelectorMixin
withNodeSelectorMixin(nodeSelector)
"NodeSelector is the simplest recommended form of node selection constraint and specifies a map of key-value pairs. For the pod to be eligible to run on a node, the node must have each of the indicated key-value pairs as labels (it can have additional labels as well). \n If unset, the pod(s) will be scheduled to any available node."
Note: This function appends passed data to existing values
fn spec.contour.nodePlacement.withTolerations
withTolerations(tolerations)
"Tolerations work with taints to ensure that pods are not scheduled onto inappropriate nodes. One or more taints are applied to a node; this marks that the node should not accept any pods that do not tolerate the taints. \n The default is an empty list. \n See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for additional details."
fn spec.contour.nodePlacement.withTolerationsMixin
withTolerationsMixin(tolerations)
"Tolerations work with taints to ensure that pods are not scheduled onto inappropriate nodes. One or more taints are applied to a node; this marks that the node should not accept any pods that do not tolerate the taints. \n The default is an empty list. \n See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for additional details."
Note: This function appends passed data to existing values
obj spec.contour.nodePlacement.tolerations
"Tolerations work with taints to ensure that pods are not scheduled onto inappropriate nodes. One or more taints are applied to a node; this marks that the node should not accept any pods that do not tolerate the taints. \n The default is an empty list. \n See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for additional details."
fn spec.contour.nodePlacement.tolerations.withEffect
withEffect(effect)
"Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute."
fn spec.contour.nodePlacement.tolerations.withKey
withKey(key)
"Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys."
fn spec.contour.nodePlacement.tolerations.withOperator
withOperator(operator)
"Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category."
fn spec.contour.nodePlacement.tolerations.withTolerationSeconds
withTolerationSeconds(tolerationSeconds)
"TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system."
fn spec.contour.nodePlacement.tolerations.withValue
withValue(value)
"Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string."
obj spec.contour.resources
"Compute Resources required by contour container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
fn spec.contour.resources.withClaims
withClaims(claims)
"Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
fn spec.contour.resources.withClaimsMixin
withClaimsMixin(claims)
"Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
Note: This function appends passed data to existing values
fn spec.contour.resources.withLimits
withLimits(limits)
"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
fn spec.contour.resources.withLimitsMixin
withLimitsMixin(limits)
"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
Note: This function appends passed data to existing values
fn spec.contour.resources.withRequests
withRequests(requests)
"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
fn spec.contour.resources.withRequestsMixin
withRequestsMixin(requests)
"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
Note: This function appends passed data to existing values
obj spec.contour.resources.claims
"Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
fn spec.contour.resources.claims.withName
withName(name)
"Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container."
obj spec.envoy
"Envoy specifies deployment-time settings for the Envoy part of the installation, i.e. the xDS client/data plane and associated resources, including things like the workload type to use (DaemonSet or Deployment), node placement constraints for the pods, and various options for the Envoy service."
fn spec.envoy.withExtraVolumeMounts
withExtraVolumeMounts(extraVolumeMounts)
"ExtraVolumeMounts holds the extra volume mounts to add (normally used with extraVolumes)."
fn spec.envoy.withExtraVolumeMountsMixin
withExtraVolumeMountsMixin(extraVolumeMounts)
"ExtraVolumeMounts holds the extra volume mounts to add (normally used with extraVolumes)."
Note: This function appends passed data to existing values
fn spec.envoy.withExtraVolumes
withExtraVolumes(extraVolumes)
"ExtraVolumes holds the extra volumes to add."
fn spec.envoy.withExtraVolumesMixin
withExtraVolumesMixin(extraVolumes)
"ExtraVolumes holds the extra volumes to add."
Note: This function appends passed data to existing values
fn spec.envoy.withLogLevel
withLogLevel(logLevel)
"LogLevel sets the log level for Envoy. Allowed values are \"trace\", \"debug\", \"info\", \"warn\", \"error\", \"critical\", \"off\"."
fn spec.envoy.withPodAnnotations
withPodAnnotations(podAnnotations)
"PodAnnotations defines annotations to add to the Envoy pods."
fn spec.envoy.withPodAnnotationsMixin
withPodAnnotationsMixin(podAnnotations)
"PodAnnotations defines annotations to add to the Envoy pods."
Note: This function appends passed data to existing values
fn spec.envoy.withReplicas
withReplicas(replicas)
"Deprecated: Use DeploymentSettings.Replicas instead. \n Replicas is the desired number of Envoy replicas. If WorkloadType is not \"Deployment\", this field is ignored. Otherwise, if unset, defaults to 2. \n if both DeploymentSettings.Replicas and this one is set, use DeploymentSettings.Replicas."
fn spec.envoy.withWorkloadType
withWorkloadType(workloadType)
"WorkloadType is the type of workload to install Envoy as. Choices are DaemonSet and Deployment. If unset, defaults to DaemonSet."
obj spec.envoy.daemonSet
"DaemonSet describes the settings for running envoy as a DaemonSet. if WorkloadType is Deployment,it's must be nil"
obj spec.envoy.daemonSet.updateStrategy
"Strategy describes the deployment strategy to use to replace existing DaemonSet pods with new pods."
fn spec.envoy.daemonSet.updateStrategy.withType
withType(type)
"Type of daemon set update. Can be \"RollingUpdate\" or \"OnDelete\". Default is RollingUpdate."
obj spec.envoy.daemonSet.updateStrategy.rollingUpdate
"Rolling update config params. Present only if type = \"RollingUpdate\". --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be. Same as Deployment strategy.rollingUpdate. See https://github.com/kubernetes/kubernetes/issues/35345"
fn spec.envoy.daemonSet.updateStrategy.rollingUpdate.withMaxSurge
withMaxSurge(maxSurge)
"The maximum number of nodes with an existing available DaemonSet pod that can have an updated DaemonSet pod during during an update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up to a minimum of 1. Default value is 0. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their a new pod created before the old pod is marked as deleted. The update starts by launching new pods on 30% of nodes. Once an updated pod is available (Ready for at least minReadySeconds) the old DaemonSet pod on that node is marked deleted. If the old pod becomes unavailable for any reason (Ready transitions to false, is evicted, or is drained) an updated pod is immediatedly created on that node without considering surge limits. Allowing surge implies the possibility that the resources consumed by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions during disruption."
fn spec.envoy.daemonSet.updateStrategy.rollingUpdate.withMaxUnavailable
withMaxUnavailable(maxUnavailable)
"The maximum number of DaemonSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up. This cannot be 0 if MaxSurge is 0 Default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update."
obj spec.envoy.deployment
"Deployment describes the settings for running envoy as a Deployment. if WorkloadType is DaemonSet,it's must be nil"
fn spec.envoy.deployment.withReplicas
withReplicas(replicas)
"Replicas is the desired number of replicas."
obj spec.envoy.deployment.strategy
"Strategy describes the deployment strategy to use to replace existing pods with new pods."
fn spec.envoy.deployment.strategy.withType
withType(type)
"Type of deployment. Can be \"Recreate\" or \"RollingUpdate\". Default is RollingUpdate."
obj spec.envoy.deployment.strategy.rollingUpdate
"Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be."
fn spec.envoy.deployment.strategy.rollingUpdate.withMaxSurge
withMaxSurge(maxSurge)
"The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods."
fn spec.envoy.deployment.strategy.rollingUpdate.withMaxUnavailable
withMaxUnavailable(maxUnavailable)
"The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods."
obj spec.envoy.extraVolumeMounts
"ExtraVolumeMounts holds the extra volume mounts to add (normally used with extraVolumes)."
fn spec.envoy.extraVolumeMounts.withMountPath
withMountPath(mountPath)
"Path within the container at which the volume should be mounted. Must not contain ':'."
fn spec.envoy.extraVolumeMounts.withMountPropagation
withMountPropagation(mountPropagation)
"mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10."
fn spec.envoy.extraVolumeMounts.withName
withName(name)
"This must match the Name of a Volume."
fn spec.envoy.extraVolumeMounts.withReadOnly
withReadOnly(readOnly)
"Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false."
fn spec.envoy.extraVolumeMounts.withSubPath
withSubPath(subPath)
"Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root)."
fn spec.envoy.extraVolumeMounts.withSubPathExpr
withSubPathExpr(subPathExpr)
"Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive."
obj spec.envoy.extraVolumes
"ExtraVolumes holds the extra volumes to add."
fn spec.envoy.extraVolumes.withName
withName(name)
"name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names"
obj spec.envoy.extraVolumes.awsElasticBlockStore
"awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"
fn spec.envoy.extraVolumes.awsElasticBlockStore.withFsType
withFsType(fsType)
"fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine"
fn spec.envoy.extraVolumes.awsElasticBlockStore.withPartition
withPartition(partition)
"partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)."
fn spec.envoy.extraVolumes.awsElasticBlockStore.withReadOnly
withReadOnly(readOnly)
"readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"
fn spec.envoy.extraVolumes.awsElasticBlockStore.withVolumeID
withVolumeID(volumeID)
"volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"
obj spec.envoy.extraVolumes.azureDisk
"azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod."
fn spec.envoy.extraVolumes.azureDisk.withCachingMode
withCachingMode(cachingMode)
"cachingMode is the Host Caching mode: None, Read Only, Read Write."
fn spec.envoy.extraVolumes.azureDisk.withDiskName
withDiskName(diskName)
"diskName is the Name of the data disk in the blob storage"
fn spec.envoy.extraVolumes.azureDisk.withDiskURI
withDiskURI(diskURI)
"diskURI is the URI of data disk in the blob storage"
fn spec.envoy.extraVolumes.azureDisk.withFsType
withFsType(fsType)
"fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified."
fn spec.envoy.extraVolumes.azureDisk.withKind
withKind(kind)
"kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared"
fn spec.envoy.extraVolumes.azureDisk.withReadOnly
withReadOnly(readOnly)
"readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts."
obj spec.envoy.extraVolumes.azureFile
"azureFile represents an Azure File Service mount on the host and bind mount to the pod."
fn spec.envoy.extraVolumes.azureFile.withReadOnly
withReadOnly(readOnly)
"readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts."
fn spec.envoy.extraVolumes.azureFile.withSecretName
withSecretName(secretName)
"secretName is the name of secret that contains Azure Storage Account Name and Key"
fn spec.envoy.extraVolumes.azureFile.withShareName
withShareName(shareName)
"shareName is the azure share Name"
obj spec.envoy.extraVolumes.cephfs
"cephFS represents a Ceph FS mount on the host that shares a pod's lifetime"
fn spec.envoy.extraVolumes.cephfs.withMonitors
withMonitors(monitors)
"monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
fn spec.envoy.extraVolumes.cephfs.withMonitorsMixin
withMonitorsMixin(monitors)
"monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
Note: This function appends passed data to existing values
fn spec.envoy.extraVolumes.cephfs.withPath
withPath(path)
"path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /"
fn spec.envoy.extraVolumes.cephfs.withReadOnly
withReadOnly(readOnly)
"readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
fn spec.envoy.extraVolumes.cephfs.withSecretFile
withSecretFile(secretFile)
"secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
fn spec.envoy.extraVolumes.cephfs.withUser
withUser(user)
"user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
obj spec.envoy.extraVolumes.cephfs.secretRef
"secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"
fn spec.envoy.extraVolumes.cephfs.secretRef.withName
withName(name)
"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?"
obj spec.envoy.extraVolumes.cinder
"cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md"
fn spec.envoy.extraVolumes.cinder.withFsType
withFsType(fsType)
"fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md"
fn spec.envoy.extraVolumes.cinder.withReadOnly
withReadOnly(readOnly)
"readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md"
fn spec.envoy.extraVolumes.cinder.withVolumeID
withVolumeID(volumeID)
"volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md"
obj spec.envoy.extraVolumes.cinder.secretRef
"secretRef is optional: points to a secret object containing parameters used to connect to OpenStack."
fn spec.envoy.extraVolumes.cinder.secretRef.withName
withName(name)
"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?"
obj spec.envoy.extraVolumes.configMap
"configMap represents a configMap that should populate this volume"
fn spec.envoy.extraVolumes.configMap.withDefaultMode
withDefaultMode(defaultMode)
"defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set."
fn spec.envoy.extraVolumes.configMap.withItems
withItems(items)
"items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'."
fn spec.envoy.extraVolumes.configMap.withItemsMixin
withItemsMixin(items)
"items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'."
Note: This function appends passed data to existing values
fn spec.envoy.extraVolumes.configMap.withName
withName(name)
"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?"
fn spec.envoy.extraVolumes.configMap.withOptional
withOptional(optional)
"optional specify whether the ConfigMap or its keys must be defined"
obj spec.envoy.extraVolumes.configMap.items
"items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'."
fn spec.envoy.extraVolumes.configMap.items.withKey
withKey(key)
"key is the key to project."
fn spec.envoy.extraVolumes.configMap.items.withMode
withMode(mode)
"mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set."
fn spec.envoy.extraVolumes.configMap.items.withPath
withPath(path)
"path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'."
obj spec.envoy.extraVolumes.csi
"csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)."
fn spec.envoy.extraVolumes.csi.withDriver
withDriver(driver)
"driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster."
fn spec.envoy.extraVolumes.csi.withFsType
withFsType(fsType)
"fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply."
fn spec.envoy.extraVolumes.csi.withReadOnly
withReadOnly(readOnly)
"readOnly specifies a read-only configuration for the volume. Defaults to false (read/write)."
fn spec.envoy.extraVolumes.csi.withVolumeAttributes
withVolumeAttributes(volumeAttributes)
"volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values."
fn spec.envoy.extraVolumes.csi.withVolumeAttributesMixin
withVolumeAttributesMixin(volumeAttributes)
"volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values."
Note: This function appends passed data to existing values
obj spec.envoy.extraVolumes.csi.nodePublishSecretRef
"nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed."
fn spec.envoy.extraVolumes.csi.nodePublishSecretRef.withName
withName(name)
"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?"
obj spec.envoy.extraVolumes.downwardAPI
"downwardAPI represents downward API about the pod that should populate this volume"
fn spec.envoy.extraVolumes.downwardAPI.withDefaultMode
withDefaultMode(defaultMode)
"Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set."
fn spec.envoy.extraVolumes.downwardAPI.withItems
withItems(items)
"Items is a list of downward API volume file"
fn spec.envoy.extraVolumes.downwardAPI.withItemsMixin
withItemsMixin(items)
"Items is a list of downward API volume file"
Note: This function appends passed data to existing values
obj spec.envoy.extraVolumes.downwardAPI.items
"Items is a list of downward API volume file"
fn spec.envoy.extraVolumes.downwardAPI.items.withMode
withMode(mode)
"Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set."
fn spec.envoy.extraVolumes.downwardAPI.items.withPath
withPath(path)
"Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'"
obj spec.envoy.extraVolumes.downwardAPI.items.fieldRef
"Required: Selects a field of the pod: only annotations, labels, name and namespace are supported."
fn spec.envoy.extraVolumes.downwardAPI.items.fieldRef.withApiVersion
withApiVersion(apiVersion)
"Version of the schema the FieldPath is written in terms of, defaults to \"v1\"."
fn spec.envoy.extraVolumes.downwardAPI.items.fieldRef.withFieldPath
withFieldPath(fieldPath)
"Path of the field to select in the specified API version."
obj spec.envoy.extraVolumes.downwardAPI.items.resourceFieldRef
"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported."
fn spec.envoy.extraVolumes.downwardAPI.items.resourceFieldRef.withContainerName
withContainerName(containerName)
"Container name: required for volumes, optional for env vars"
fn spec.envoy.extraVolumes.downwardAPI.items.resourceFieldRef.withDivisor
withDivisor(divisor)
"Specifies the output format of the exposed resources, defaults to \"1\
fn spec.envoy.extraVolumes.downwardAPI.items.resourceFieldRef.withResource
withResource(resource)
"Required: resource to select"
obj spec.envoy.extraVolumes.emptyDir
"emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir"
fn spec.envoy.extraVolumes.emptyDir.withMedium
withMedium(medium)
"medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir"
fn spec.envoy.extraVolumes.emptyDir.withSizeLimit
withSizeLimit(sizeLimit)
"sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir"
obj spec.envoy.extraVolumes.ephemeral
"ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time."
obj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate
"Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be <pod name>-<volume name> where <volume name> is the name from the PodSpec.Volumes array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil."
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.withMetadata
withMetadata(metadata)
"May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation."
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.withMetadataMixin
withMetadataMixin(metadata)
"May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation."
Note: This function appends passed data to existing values
obj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec
"The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here."
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.withAccessModes
withAccessModes(accessModes)
"accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1"
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.withAccessModesMixin
withAccessModesMixin(accessModes)
"accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1"
Note: This function appends passed data to existing values
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.withStorageClassName
withStorageClassName(storageClassName)
"storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1"
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.withVolumeMode
withVolumeMode(volumeMode)
"volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec."
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.withVolumeName
withVolumeName(volumeName)
"volumeName is the binding reference to the PersistentVolume backing this claim."
obj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.dataSource
"dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource."
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.dataSource.withApiGroup
withApiGroup(apiGroup)
"APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required."
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.dataSource.withKind
withKind(kind)
"Kind is the type of resource being referenced"
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.dataSource.withName
withName(name)
"Name is the name of resource being referenced"
obj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.dataSourceRef
"dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled."
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.dataSourceRef.withApiGroup
withApiGroup(apiGroup)
"APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required."
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.dataSourceRef.withKind
withKind(kind)
"Kind is the type of resource being referenced"
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.dataSourceRef.withName
withName(name)
"Name is the name of resource being referenced"
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.dataSourceRef.withNamespace
withNamespace(namespace)
"Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled."
obj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.resources
"resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources"
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.resources.withClaims
withClaims(claims)
"Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.resources.withClaimsMixin
withClaimsMixin(claims)
"Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
Note: This function appends passed data to existing values
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.resources.withLimits
withLimits(limits)
"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.resources.withLimitsMixin
withLimitsMixin(limits)
"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
Note: This function appends passed data to existing values
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.resources.withRequests
withRequests(requests)
"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.resources.withRequestsMixin
withRequestsMixin(requests)
"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
Note: This function appends passed data to existing values
obj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.resources.claims
"Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.resources.claims.withName
withName(name)
"Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container."
obj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.selector
"selector is a label query over volumes to consider for binding."
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.selector.withMatchExpressions
withMatchExpressions(matchExpressions)
"matchExpressions is a list of label selector requirements. The requirements are ANDed."
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.selector.withMatchExpressionsMixin
withMatchExpressionsMixin(matchExpressions)
"matchExpressions is a list of label selector requirements. The requirements are ANDed."
Note: This function appends passed data to existing values
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.selector.withMatchLabels
withMatchLabels(matchLabels)
"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed."
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.selector.withMatchLabelsMixin
withMatchLabelsMixin(matchLabels)
"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed."
Note: This function appends passed data to existing values
obj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.selector.matchExpressions
"matchExpressions is a list of label selector requirements. The requirements are ANDed."
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.selector.matchExpressions.withKey
withKey(key)
"key is the label key that the selector applies to."
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.selector.matchExpressions.withOperator
withOperator(operator)
"operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist."
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.selector.matchExpressions.withValues
withValues(values)
"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch."
fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.selector.matchExpressions.withValuesMixin
withValuesMixin(values)
"values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch."
Note: This function appends passed data to existing values
obj spec.envoy.extraVolumes.fc
"fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod."
fn spec.envoy.extraVolumes.fc.withFsType
withFsType(fsType)
"fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine"
fn spec.envoy.extraVolumes.fc.withLun
withLun(lun)
"lun is Optional: FC target lun number"
fn spec.envoy.extraVolumes.fc.withReadOnly
withReadOnly(readOnly)
"readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts."
fn spec.envoy.extraVolumes.fc.withTargetWWNs
withTargetWWNs(targetWWNs)
"targetWWNs is Optional: FC target worldwide names (WWNs)"
fn spec.envoy.extraVolumes.fc.withTargetWWNsMixin
withTargetWWNsMixin(targetWWNs)
"targetWWNs is Optional: FC target worldwide names (WWNs)"
Note: This function appends passed data to existing values
fn spec.envoy.extraVolumes.fc.withWwids
withWwids(wwids)
"wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously."
fn spec.envoy.extraVolumes.fc.withWwidsMixin
withWwidsMixin(wwids)
"wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously."
Note: This function appends passed data to existing values
obj spec.envoy.extraVolumes.flexVolume
"flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin."
fn spec.envoy.extraVolumes.flexVolume.withDriver
withDriver(driver)
"driver is the name of the driver to use for this volume."
fn spec.envoy.extraVolumes.flexVolume.withFsType
withFsType(fsType)
"fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script."
fn spec.envoy.extraVolumes.flexVolume.withOptions
withOptions(options)
"options is Optional: this field holds extra command options if any."
fn spec.envoy.extraVolumes.flexVolume.withOptionsMixin
withOptionsMixin(options)
"options is Optional: this field holds extra command options if any."
Note: This function appends passed data to existing values
fn spec.envoy.extraVolumes.flexVolume.withReadOnly
withReadOnly(readOnly)
"readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts."
obj spec.envoy.extraVolumes.flexVolume.secretRef
"secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts."
fn spec.envoy.extraVolumes.flexVolume.secretRef.withName
withName(name)
"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?"
obj spec.envoy.extraVolumes.flocker
"flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running"
fn spec.envoy.extraVolumes.flocker.withDatasetName
withDatasetName(datasetName)
"datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated"
fn spec.envoy.extraVolumes.flocker.withDatasetUUID
withDatasetUUID(datasetUUID)
"datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset"
obj spec.envoy.extraVolumes.gcePersistentDisk
"gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk"
fn spec.envoy.extraVolumes.gcePersistentDisk.withFsType
withFsType(fsType)
"fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine"
fn spec.envoy.extraVolumes.gcePersistentDisk.withPartition
withPartition(partition)
"partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk"
fn spec.envoy.extraVolumes.gcePersistentDisk.withPdName
withPdName(pdName)
"pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk"
fn spec.envoy.extraVolumes.gcePersistentDisk.withReadOnly
withReadOnly(readOnly)
"readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk"
obj spec.envoy.extraVolumes.gitRepo
"gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container."
fn spec.envoy.extraVolumes.gitRepo.withDirectory
withDirectory(directory)
"directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name."
fn spec.envoy.extraVolumes.gitRepo.withRepository
withRepository(repository)
"repository is the URL"
fn spec.envoy.extraVolumes.gitRepo.withRevision
withRevision(revision)
"revision is the commit hash for the specified revision."
obj spec.envoy.extraVolumes.glusterfs
"glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md"
fn spec.envoy.extraVolumes.glusterfs.withEndpoints
withEndpoints(endpoints)
"endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod"
fn spec.envoy.extraVolumes.glusterfs.withPath
withPath(path)
"path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod"
fn spec.envoy.extraVolumes.glusterfs.withReadOnly
withReadOnly(readOnly)
"readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod"
obj spec.envoy.extraVolumes.hostPath
"hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write."
fn spec.envoy.extraVolumes.hostPath.withPath
withPath(path)
"path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath"
fn spec.envoy.extraVolumes.hostPath.withType
withType(type)
"type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath"
obj spec.envoy.extraVolumes.iscsi
"iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md"
fn spec.envoy.extraVolumes.iscsi.withChapAuthDiscovery
withChapAuthDiscovery(chapAuthDiscovery)
"chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication"
fn spec.envoy.extraVolumes.iscsi.withChapAuthSession
withChapAuthSession(chapAuthSession)
"chapAuthSession defines whether support iSCSI Session CHAP authentication"
fn spec.envoy.extraVolumes.iscsi.withFsType
withFsType(fsType)
"fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine"
fn spec.envoy.extraVolumes.iscsi.withInitiatorName
withInitiatorName(initiatorName)
"initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
fn spec.envoy.extraVolumes.iscsi.withIqn
withIqn(iqn)
"iqn is the target iSCSI Qualified Name."
fn spec.envoy.extraVolumes.iscsi.withIscsiInterface
withIscsiInterface(iscsiInterface)
"iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp)."
fn spec.envoy.extraVolumes.iscsi.withLun
withLun(lun)
"lun represents iSCSI Target Lun number."
fn spec.envoy.extraVolumes.iscsi.withPortals
withPortals(portals)
"portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)."
fn spec.envoy.extraVolumes.iscsi.withPortalsMixin
withPortalsMixin(portals)
"portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)."
Note: This function appends passed data to existing values
fn spec.envoy.extraVolumes.iscsi.withReadOnly
withReadOnly(readOnly)
"readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false."
fn spec.envoy.extraVolumes.iscsi.withTargetPortal
withTargetPortal(targetPortal)
"targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)."
obj spec.envoy.extraVolumes.iscsi.secretRef
"secretRef is the CHAP Secret for iSCSI target and initiator authentication"
fn spec.envoy.extraVolumes.iscsi.secretRef.withName
withName(name)
"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?"
obj spec.envoy.extraVolumes.nfs
"nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"
fn spec.envoy.extraVolumes.nfs.withPath
withPath(path)
"path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"
fn spec.envoy.extraVolumes.nfs.withReadOnly
withReadOnly(readOnly)
"readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"
fn spec.envoy.extraVolumes.nfs.withServer
withServer(server)
"server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"
obj spec.envoy.extraVolumes.persistentVolumeClaim
"persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims"
fn spec.envoy.extraVolumes.persistentVolumeClaim.withClaimName
withClaimName(claimName)
"claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims"
fn spec.envoy.extraVolumes.persistentVolumeClaim.withReadOnly
withReadOnly(readOnly)
"readOnly Will force the ReadOnly setting in VolumeMounts. Default false."
obj spec.envoy.extraVolumes.photonPersistentDisk
"photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine"
fn spec.envoy.extraVolumes.photonPersistentDisk.withFsType
withFsType(fsType)
"fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified."
fn spec.envoy.extraVolumes.photonPersistentDisk.withPdID
withPdID(pdID)
"pdID is the ID that identifies Photon Controller persistent disk"
obj spec.envoy.extraVolumes.portworxVolume
"portworxVolume represents a portworx volume attached and mounted on kubelets host machine"
fn spec.envoy.extraVolumes.portworxVolume.withFsType
withFsType(fsType)
"fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified."
fn spec.envoy.extraVolumes.portworxVolume.withReadOnly
withReadOnly(readOnly)
"readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts."
fn spec.envoy.extraVolumes.portworxVolume.withVolumeID
withVolumeID(volumeID)
"volumeID uniquely identifies a Portworx volume"
obj spec.envoy.extraVolumes.projected
"projected items for all in one resources secrets, configmaps, and downward API"
fn spec.envoy.extraVolumes.projected.withDefaultMode
withDefaultMode(defaultMode)
"defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set."
fn spec.envoy.extraVolumes.projected.withSources
withSources(sources)
"sources is the list of volume projections"
fn spec.envoy.extraVolumes.projected.withSourcesMixin
withSourcesMixin(sources)
"sources is the list of volume projections"
Note: This function appends passed data to existing values
obj spec.envoy.extraVolumes.projected.sources
"sources is the list of volume projections"
obj spec.envoy.extraVolumes.projected.sources.configMap
"configMap information about the configMap data to project"
fn spec.envoy.extraVolumes.projected.sources.configMap.withItems
withItems(items)
"items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'."
fn spec.envoy.extraVolumes.projected.sources.configMap.withItemsMixin
withItemsMixin(items)
"items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'."
Note: This function appends passed data to existing values
fn spec.envoy.extraVolumes.projected.sources.configMap.withName
withName(name)
"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?"
fn spec.envoy.extraVolumes.projected.sources.configMap.withOptional
withOptional(optional)
"optional specify whether the ConfigMap or its keys must be defined"
obj spec.envoy.extraVolumes.projected.sources.configMap.items
"items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'."
fn spec.envoy.extraVolumes.projected.sources.configMap.items.withKey
withKey(key)
"key is the key to project."
fn spec.envoy.extraVolumes.projected.sources.configMap.items.withMode
withMode(mode)
"mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set."
fn spec.envoy.extraVolumes.projected.sources.configMap.items.withPath
withPath(path)
"path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'."
obj spec.envoy.extraVolumes.projected.sources.downwardAPI
"downwardAPI information about the downwardAPI data to project"
fn spec.envoy.extraVolumes.projected.sources.downwardAPI.withItems
withItems(items)
"Items is a list of DownwardAPIVolume file"
fn spec.envoy.extraVolumes.projected.sources.downwardAPI.withItemsMixin
withItemsMixin(items)
"Items is a list of DownwardAPIVolume file"
Note: This function appends passed data to existing values
obj spec.envoy.extraVolumes.projected.sources.downwardAPI.items
"Items is a list of DownwardAPIVolume file"
fn spec.envoy.extraVolumes.projected.sources.downwardAPI.items.withMode
withMode(mode)
"Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set."
fn spec.envoy.extraVolumes.projected.sources.downwardAPI.items.withPath
withPath(path)
"Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'"
obj spec.envoy.extraVolumes.projected.sources.downwardAPI.items.fieldRef
"Required: Selects a field of the pod: only annotations, labels, name and namespace are supported."
fn spec.envoy.extraVolumes.projected.sources.downwardAPI.items.fieldRef.withApiVersion
withApiVersion(apiVersion)
"Version of the schema the FieldPath is written in terms of, defaults to \"v1\"."
fn spec.envoy.extraVolumes.projected.sources.downwardAPI.items.fieldRef.withFieldPath
withFieldPath(fieldPath)
"Path of the field to select in the specified API version."
obj spec.envoy.extraVolumes.projected.sources.downwardAPI.items.resourceFieldRef
"Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported."
fn spec.envoy.extraVolumes.projected.sources.downwardAPI.items.resourceFieldRef.withContainerName
withContainerName(containerName)
"Container name: required for volumes, optional for env vars"
fn spec.envoy.extraVolumes.projected.sources.downwardAPI.items.resourceFieldRef.withDivisor
withDivisor(divisor)
"Specifies the output format of the exposed resources, defaults to \"1\
fn spec.envoy.extraVolumes.projected.sources.downwardAPI.items.resourceFieldRef.withResource
withResource(resource)
"Required: resource to select"
obj spec.envoy.extraVolumes.projected.sources.secret
"secret information about the secret data to project"
fn spec.envoy.extraVolumes.projected.sources.secret.withItems
withItems(items)
"items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'."
fn spec.envoy.extraVolumes.projected.sources.secret.withItemsMixin
withItemsMixin(items)
"items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'."
Note: This function appends passed data to existing values
fn spec.envoy.extraVolumes.projected.sources.secret.withName
withName(name)
"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?"
fn spec.envoy.extraVolumes.projected.sources.secret.withOptional
withOptional(optional)
"optional field specify whether the Secret or its key must be defined"
obj spec.envoy.extraVolumes.projected.sources.secret.items
"items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'."
fn spec.envoy.extraVolumes.projected.sources.secret.items.withKey
withKey(key)
"key is the key to project."
fn spec.envoy.extraVolumes.projected.sources.secret.items.withMode
withMode(mode)
"mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set."
fn spec.envoy.extraVolumes.projected.sources.secret.items.withPath
withPath(path)
"path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'."
obj spec.envoy.extraVolumes.projected.sources.serviceAccountToken
"serviceAccountToken is information about the serviceAccountToken data to project"
fn spec.envoy.extraVolumes.projected.sources.serviceAccountToken.withAudience
withAudience(audience)
"audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver."
fn spec.envoy.extraVolumes.projected.sources.serviceAccountToken.withExpirationSeconds
withExpirationSeconds(expirationSeconds)
"expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes."
fn spec.envoy.extraVolumes.projected.sources.serviceAccountToken.withPath
withPath(path)
"path is the path relative to the mount point of the file to project the token into."
obj spec.envoy.extraVolumes.quobyte
"quobyte represents a Quobyte mount on the host that shares a pod's lifetime"
fn spec.envoy.extraVolumes.quobyte.withGroup
withGroup(group)
"group to map volume access to Default is no group"
fn spec.envoy.extraVolumes.quobyte.withReadOnly
withReadOnly(readOnly)
"readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false."
fn spec.envoy.extraVolumes.quobyte.withRegistry
withRegistry(registry)
"registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes"
fn spec.envoy.extraVolumes.quobyte.withTenant
withTenant(tenant)
"tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin"
fn spec.envoy.extraVolumes.quobyte.withUser
withUser(user)
"user to map volume access to Defaults to serivceaccount user"
fn spec.envoy.extraVolumes.quobyte.withVolume
withVolume(volume)
"volume is a string that references an already created Quobyte volume by name."
obj spec.envoy.extraVolumes.rbd
"rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md"
fn spec.envoy.extraVolumes.rbd.withFsType
withFsType(fsType)
"fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine"
fn spec.envoy.extraVolumes.rbd.withImage
withImage(image)
"image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
fn spec.envoy.extraVolumes.rbd.withKeyring
withKeyring(keyring)
"keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
fn spec.envoy.extraVolumes.rbd.withMonitors
withMonitors(monitors)
"monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
fn spec.envoy.extraVolumes.rbd.withMonitorsMixin
withMonitorsMixin(monitors)
"monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
Note: This function appends passed data to existing values
fn spec.envoy.extraVolumes.rbd.withPool
withPool(pool)
"pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
fn spec.envoy.extraVolumes.rbd.withReadOnly
withReadOnly(readOnly)
"readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
fn spec.envoy.extraVolumes.rbd.withUser
withUser(user)
"user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
obj spec.envoy.extraVolumes.rbd.secretRef
"secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"
fn spec.envoy.extraVolumes.rbd.secretRef.withName
withName(name)
"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?"
obj spec.envoy.extraVolumes.scaleIO
"scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes."
fn spec.envoy.extraVolumes.scaleIO.withFsType
withFsType(fsType)
"fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\"."
fn spec.envoy.extraVolumes.scaleIO.withGateway
withGateway(gateway)
"gateway is the host address of the ScaleIO API Gateway."
fn spec.envoy.extraVolumes.scaleIO.withProtectionDomain
withProtectionDomain(protectionDomain)
"protectionDomain is the name of the ScaleIO Protection Domain for the configured storage."
fn spec.envoy.extraVolumes.scaleIO.withReadOnly
withReadOnly(readOnly)
"readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts."
fn spec.envoy.extraVolumes.scaleIO.withSslEnabled
withSslEnabled(sslEnabled)
"sslEnabled Flag enable/disable SSL communication with Gateway, default false"
fn spec.envoy.extraVolumes.scaleIO.withStorageMode
withStorageMode(storageMode)
"storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned."
fn spec.envoy.extraVolumes.scaleIO.withStoragePool
withStoragePool(storagePool)
"storagePool is the ScaleIO Storage Pool associated with the protection domain."
fn spec.envoy.extraVolumes.scaleIO.withSystem
withSystem(system)
"system is the name of the storage system as configured in ScaleIO."
fn spec.envoy.extraVolumes.scaleIO.withVolumeName
withVolumeName(volumeName)
"volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source."
obj spec.envoy.extraVolumes.scaleIO.secretRef
"secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail."
fn spec.envoy.extraVolumes.scaleIO.secretRef.withName
withName(name)
"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?"
obj spec.envoy.extraVolumes.secret
"secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret"
fn spec.envoy.extraVolumes.secret.withDefaultMode
withDefaultMode(defaultMode)
"defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set."
fn spec.envoy.extraVolumes.secret.withItems
withItems(items)
"items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'."
fn spec.envoy.extraVolumes.secret.withItemsMixin
withItemsMixin(items)
"items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'."
Note: This function appends passed data to existing values
fn spec.envoy.extraVolumes.secret.withOptional
withOptional(optional)
"optional field specify whether the Secret or its keys must be defined"
fn spec.envoy.extraVolumes.secret.withSecretName
withSecretName(secretName)
"secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret"
obj spec.envoy.extraVolumes.secret.items
"items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'."
fn spec.envoy.extraVolumes.secret.items.withKey
withKey(key)
"key is the key to project."
fn spec.envoy.extraVolumes.secret.items.withMode
withMode(mode)
"mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set."
fn spec.envoy.extraVolumes.secret.items.withPath
withPath(path)
"path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'."
obj spec.envoy.extraVolumes.storageos
"storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes."
fn spec.envoy.extraVolumes.storageos.withFsType
withFsType(fsType)
"fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified."
fn spec.envoy.extraVolumes.storageos.withReadOnly
withReadOnly(readOnly)
"readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts."
fn spec.envoy.extraVolumes.storageos.withVolumeName
withVolumeName(volumeName)
"volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace."
fn spec.envoy.extraVolumes.storageos.withVolumeNamespace
withVolumeNamespace(volumeNamespace)
"volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created."
obj spec.envoy.extraVolumes.storageos.secretRef
"secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted."
fn spec.envoy.extraVolumes.storageos.secretRef.withName
withName(name)
"Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?"
obj spec.envoy.extraVolumes.vsphereVolume
"vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine"
fn spec.envoy.extraVolumes.vsphereVolume.withFsType
withFsType(fsType)
"fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified."
fn spec.envoy.extraVolumes.vsphereVolume.withStoragePolicyID
withStoragePolicyID(storagePolicyID)
"storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName."
fn spec.envoy.extraVolumes.vsphereVolume.withStoragePolicyName
withStoragePolicyName(storagePolicyName)
"storagePolicyName is the storage Policy Based Management (SPBM) profile name."
fn spec.envoy.extraVolumes.vsphereVolume.withVolumePath
withVolumePath(volumePath)
"volumePath is the path that identifies vSphere volume vmdk"
obj spec.envoy.networkPublishing
"NetworkPublishing defines how to expose Envoy to a network."
fn spec.envoy.networkPublishing.withExternalTrafficPolicy
withExternalTrafficPolicy(externalTrafficPolicy)
"ExternalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's \"externally-facing\" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). \n If unset, defaults to \"Local\"."
fn spec.envoy.networkPublishing.withServiceAnnotations
withServiceAnnotations(serviceAnnotations)
"ServiceAnnotations is the annotations to add to the provisioned Envoy service."
fn spec.envoy.networkPublishing.withServiceAnnotationsMixin
withServiceAnnotationsMixin(serviceAnnotations)
"ServiceAnnotations is the annotations to add to the provisioned Envoy service."
Note: This function appends passed data to existing values
fn spec.envoy.networkPublishing.withType
withType(type)
"NetworkPublishingType is the type of publishing strategy to use. Valid values are: \n * LoadBalancerService \n In this configuration, network endpoints for Envoy use container networking. A Kubernetes LoadBalancer Service is created to publish Envoy network endpoints. \n See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer \n * NodePortService \n Publishes Envoy network endpoints using a Kubernetes NodePort Service. \n In this configuration, Envoy network endpoints use container networking. A Kubernetes NodePort Service is created to publish the network endpoints. \n See: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport \n NOTE: When provisioning an Envoy NodePortService, use Gateway Listeners' port numbers to populate the Service's node port values, there's no way to auto-allocate them. \n See: https://github.com/projectcontour/contour/issues/4499 \n * ClusterIPService \n Publishes Envoy network endpoints using a Kubernetes ClusterIP Service. \n In this configuration, Envoy network endpoints use container networking. A Kubernetes ClusterIP Service is created to publish the network endpoints. \n See: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types \n If unset, defaults to LoadBalancerService."
obj spec.envoy.nodePlacement
"NodePlacement describes node scheduling configuration of Envoy pods."
fn spec.envoy.nodePlacement.withNodeSelector
withNodeSelector(nodeSelector)
"NodeSelector is the simplest recommended form of node selection constraint and specifies a map of key-value pairs. For the pod to be eligible to run on a node, the node must have each of the indicated key-value pairs as labels (it can have additional labels as well). \n If unset, the pod(s) will be scheduled to any available node."
fn spec.envoy.nodePlacement.withNodeSelectorMixin
withNodeSelectorMixin(nodeSelector)
"NodeSelector is the simplest recommended form of node selection constraint and specifies a map of key-value pairs. For the pod to be eligible to run on a node, the node must have each of the indicated key-value pairs as labels (it can have additional labels as well). \n If unset, the pod(s) will be scheduled to any available node."
Note: This function appends passed data to existing values
fn spec.envoy.nodePlacement.withTolerations
withTolerations(tolerations)
"Tolerations work with taints to ensure that pods are not scheduled onto inappropriate nodes. One or more taints are applied to a node; this marks that the node should not accept any pods that do not tolerate the taints. \n The default is an empty list. \n See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for additional details."
fn spec.envoy.nodePlacement.withTolerationsMixin
withTolerationsMixin(tolerations)
"Tolerations work with taints to ensure that pods are not scheduled onto inappropriate nodes. One or more taints are applied to a node; this marks that the node should not accept any pods that do not tolerate the taints. \n The default is an empty list. \n See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for additional details."
Note: This function appends passed data to existing values
obj spec.envoy.nodePlacement.tolerations
"Tolerations work with taints to ensure that pods are not scheduled onto inappropriate nodes. One or more taints are applied to a node; this marks that the node should not accept any pods that do not tolerate the taints. \n The default is an empty list. \n See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for additional details."
fn spec.envoy.nodePlacement.tolerations.withEffect
withEffect(effect)
"Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute."
fn spec.envoy.nodePlacement.tolerations.withKey
withKey(key)
"Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys."
fn spec.envoy.nodePlacement.tolerations.withOperator
withOperator(operator)
"Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category."
fn spec.envoy.nodePlacement.tolerations.withTolerationSeconds
withTolerationSeconds(tolerationSeconds)
"TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system."
fn spec.envoy.nodePlacement.tolerations.withValue
withValue(value)
"Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string."
obj spec.envoy.resources
"Compute Resources required by envoy container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
fn spec.envoy.resources.withClaims
withClaims(claims)
"Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
fn spec.envoy.resources.withClaimsMixin
withClaimsMixin(claims)
"Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
Note: This function appends passed data to existing values
fn spec.envoy.resources.withLimits
withLimits(limits)
"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
fn spec.envoy.resources.withLimitsMixin
withLimitsMixin(limits)
"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
Note: This function appends passed data to existing values
fn spec.envoy.resources.withRequests
withRequests(requests)
"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
fn spec.envoy.resources.withRequestsMixin
withRequestsMixin(requests)
"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
Note: This function appends passed data to existing values
obj spec.envoy.resources.claims
"Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
fn spec.envoy.resources.claims.withName
withName(name)
"Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container."
obj spec.runtimeSettings
"RuntimeSettings is a ContourConfiguration spec to be used when provisioning a Contour instance that will influence aspects of the Contour instance's runtime behavior."
fn spec.runtimeSettings.withEnableExternalNameService
withEnableExternalNameService(enableExternalNameService)
"EnableExternalNameService allows processing of ExternalNameServices \n Contour's default is false for security reasons."
obj spec.runtimeSettings.debug
"Debug contains parameters to enable debug logging and debug interfaces inside Contour."
fn spec.runtimeSettings.debug.withAddress
withAddress(address)
"Defines the Contour debug address interface. \n Contour's default is \"127.0.0.1\"."
fn spec.runtimeSettings.debug.withPort
withPort(port)
"Defines the Contour debug address port. \n Contour's default is 6060."
obj spec.runtimeSettings.envoy
"Envoy contains parameters for Envoy as well as how to optionally configure a managed Envoy fleet."
fn spec.runtimeSettings.envoy.withDefaultHTTPVersions
withDefaultHTTPVersions(defaultHTTPVersions)
"DefaultHTTPVersions defines the default set of HTTPS versions the proxy should accept. HTTP versions are strings of the form \"HTTP/xx\". Supported versions are \"HTTP/1.1\" and \"HTTP/2\". \n Values: HTTP/1.1, HTTP/2 (default: both). \n Other values will produce an error."
fn spec.runtimeSettings.envoy.withDefaultHTTPVersionsMixin
withDefaultHTTPVersionsMixin(defaultHTTPVersions)
"DefaultHTTPVersions defines the default set of HTTPS versions the proxy should accept. HTTP versions are strings of the form \"HTTP/xx\". Supported versions are \"HTTP/1.1\" and \"HTTP/2\". \n Values: HTTP/1.1, HTTP/2 (default: both). \n Other values will produce an error."
Note: This function appends passed data to existing values
obj spec.runtimeSettings.envoy.clientCertificate
"ClientCertificate defines the namespace/name of the Kubernetes secret containing the client certificate and private key to be used when establishing TLS connection to upstream cluster."
fn spec.runtimeSettings.envoy.clientCertificate.withName
withName(name)
fn spec.runtimeSettings.envoy.clientCertificate.withNamespace
withNamespace(namespace)
obj spec.runtimeSettings.envoy.cluster
"Cluster holds various configurable Envoy cluster values that can be set in the config file."
fn spec.runtimeSettings.envoy.cluster.withDnsLookupFamily
withDnsLookupFamily(dnsLookupFamily)
"DNSLookupFamily defines how external names are looked up When configured as V4, the DNS resolver will only perform a lookup for addresses in the IPv4 family. If V6 is configured, the DNS resolver will only perform a lookup for addresses in the IPv6 family. If AUTO is configured, the DNS resolver will first perform a lookup for addresses in the IPv6 family and fallback to a lookup for addresses in the IPv4 family. If ALL is specified, the DNS resolver will perform a lookup for both IPv4 and IPv6 families, and return all resolved addresses. When this is used, Happy Eyeballs will be enabled for upstream connections. Refer to Happy Eyeballs Support for more information. Note: This only applies to externalName clusters. \n See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto.html#envoy-v3-api-enum-config-cluster-v3-cluster-dnslookupfamily for more information. \n Values: auto (default), v4, v6, all. \n Other values will produce an error."
obj spec.runtimeSettings.envoy.health
"Health defines the endpoint Envoy uses to serve health checks. \n Contour's default is { address: \"0.0.0.0\", port: 8002 }."
fn spec.runtimeSettings.envoy.health.withAddress
withAddress(address)
"Defines the health address interface."
fn spec.runtimeSettings.envoy.health.withPort
withPort(port)
"Defines the health port."
obj spec.runtimeSettings.envoy.http
"Defines the HTTP Listener for Envoy. \n Contour's default is { address: \"0.0.0.0\", port: 8080, accessLog: \"/dev/stdout\" }."
fn spec.runtimeSettings.envoy.http.withAccessLog
withAccessLog(accessLog)
"AccessLog defines where Envoy logs are outputted for this listener."
fn spec.runtimeSettings.envoy.http.withAddress
withAddress(address)
"Defines an Envoy Listener Address."
fn spec.runtimeSettings.envoy.http.withPort
withPort(port)
"Defines an Envoy listener Port."
obj spec.runtimeSettings.envoy.https
"Defines the HTTPS Listener for Envoy. \n Contour's default is { address: \"0.0.0.0\", port: 8443, accessLog: \"/dev/stdout\" }."
fn spec.runtimeSettings.envoy.https.withAccessLog
withAccessLog(accessLog)
"AccessLog defines where Envoy logs are outputted for this listener."
fn spec.runtimeSettings.envoy.https.withAddress
withAddress(address)
"Defines an Envoy Listener Address."
fn spec.runtimeSettings.envoy.https.withPort
withPort(port)
"Defines an Envoy listener Port."
obj spec.runtimeSettings.envoy.listener
"Listener hold various configurable Envoy listener values."
fn spec.runtimeSettings.envoy.listener.withConnectionBalancer
withConnectionBalancer(connectionBalancer)
"ConnectionBalancer. If the value is exact, the listener will use the exact connection balancer See https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/listener.proto#envoy-api-msg-listener-connectionbalanceconfig for more information. \n Values: (empty string): use the default ConnectionBalancer, exact: use the Exact ConnectionBalancer. \n Other values will produce an error."
fn spec.runtimeSettings.envoy.listener.withDisableAllowChunkedLength
withDisableAllowChunkedLength(disableAllowChunkedLength)
"DisableAllowChunkedLength disables the RFC-compliant Envoy behavior to strip the \"Content-Length\" header if \"Transfer-Encoding: chunked\" is also set. This is an emergency off-switch to revert back to Envoy's default behavior in case of failures. Please file an issue if failures are encountered. See: https://github.com/projectcontour/contour/issues/3221 \n Contour's default is false."
fn spec.runtimeSettings.envoy.listener.withDisableMergeSlashes
withDisableMergeSlashes(disableMergeSlashes)
"DisableMergeSlashes disables Envoy's non-standard merge_slashes path transformation option which strips duplicate slashes from request URL paths. \n Contour's default is false."
fn spec.runtimeSettings.envoy.listener.withHttpMaxConcurrentStreams
withHttpMaxConcurrentStreams(httpMaxConcurrentStreams)
"Defines the value for SETTINGS_MAX_CONCURRENT_STREAMS Envoy will advertise in the SETTINGS frame in HTTP/2 connections and the limit for concurrent streams allowed for a peer on a single HTTP/2 connection. It is recommended to not set this lower than 100 but this field can be used to bound resource usage by HTTP/2 connections and mitigate attacks like CVE-2023-44487. The default value when this is not set is unlimited."
fn spec.runtimeSettings.envoy.listener.withMaxRequestsPerIOCycle
withMaxRequestsPerIOCycle(maxRequestsPerIOCycle)
"Defines the limit on number of HTTP requests that Envoy will process from a single connection in a single I/O cycle. Requests over this limit are processed in subsequent I/O cycles. Can be used as a mitigation for CVE-2023-44487 when abusive traffic is detected. Configures the http.max_requests_per_io_cycle Envoy runtime setting. The default value when this is not set is no limit."
fn spec.runtimeSettings.envoy.listener.withServerHeaderTransformation
withServerHeaderTransformation(serverHeaderTransformation)
"Defines the action to be applied to the Server header on the response path. When configured as overwrite, overwrites any Server header with \"envoy\". When configured as append_if_absent, if a Server header is present, pass it through, otherwise set it to \"envoy\". When configured as pass_through, pass through the value of the Server header, and do not append a header if none is present. \n Values: overwrite (default), append_if_absent, pass_through \n Other values will produce an error. Contour's default is overwrite."
fn spec.runtimeSettings.envoy.listener.withUseProxyProtocol
withUseProxyProtocol(useProxyProtocol)
"Use PROXY protocol for all listeners. \n Contour's default is false."
obj spec.runtimeSettings.envoy.listener.tls
"TLS holds various configurable Envoy TLS listener values."
fn spec.runtimeSettings.envoy.listener.tls.withCipherSuites
withCipherSuites(cipherSuites)
"CipherSuites defines the TLS ciphers to be supported by Envoy TLS listeners when negotiating TLS 1.2. Ciphers are validated against the set that Envoy supports by default. This parameter should only be used by advanced users. Note that these will be ignored when TLS 1.3 is in use. \n This field is optional; when it is undefined, a Contour-managed ciphersuite list will be used, which may be updated to keep it secure. \n Contour's default list is: - \"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\" - \"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\" - \"ECDHE-ECDSA-AES256-GCM-SHA384\" - \"ECDHE-RSA-AES256-GCM-SHA384\" \n Ciphers provided are validated against the following list: - \"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\" - \"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\" - \"ECDHE-ECDSA-AES128-GCM-SHA256\" - \"ECDHE-RSA-AES128-GCM-SHA256\" - \"ECDHE-ECDSA-AES128-SHA\" - \"ECDHE-RSA-AES128-SHA\" - \"AES128-GCM-SHA256\" - \"AES128-SHA\" - \"ECDHE-ECDSA-AES256-GCM-SHA384\" - \"ECDHE-RSA-AES256-GCM-SHA384\" - \"ECDHE-ECDSA-AES256-SHA\" - \"ECDHE-RSA-AES256-SHA\" - \"AES256-GCM-SHA384\" - \"AES256-SHA\" \n Contour recommends leaving this undefined unless you are sure you must. \n See: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters Note: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS."
fn spec.runtimeSettings.envoy.listener.tls.withCipherSuitesMixin
withCipherSuitesMixin(cipherSuites)
"CipherSuites defines the TLS ciphers to be supported by Envoy TLS listeners when negotiating TLS 1.2. Ciphers are validated against the set that Envoy supports by default. This parameter should only be used by advanced users. Note that these will be ignored when TLS 1.3 is in use. \n This field is optional; when it is undefined, a Contour-managed ciphersuite list will be used, which may be updated to keep it secure. \n Contour's default list is: - \"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\" - \"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\" - \"ECDHE-ECDSA-AES256-GCM-SHA384\" - \"ECDHE-RSA-AES256-GCM-SHA384\" \n Ciphers provided are validated against the following list: - \"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\" - \"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\" - \"ECDHE-ECDSA-AES128-GCM-SHA256\" - \"ECDHE-RSA-AES128-GCM-SHA256\" - \"ECDHE-ECDSA-AES128-SHA\" - \"ECDHE-RSA-AES128-SHA\" - \"AES128-GCM-SHA256\" - \"AES128-SHA\" - \"ECDHE-ECDSA-AES256-GCM-SHA384\" - \"ECDHE-RSA-AES256-GCM-SHA384\" - \"ECDHE-ECDSA-AES256-SHA\" - \"ECDHE-RSA-AES256-SHA\" - \"AES256-GCM-SHA384\" - \"AES256-SHA\" \n Contour recommends leaving this undefined unless you are sure you must. \n See: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters Note: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS."
Note: This function appends passed data to existing values
fn spec.runtimeSettings.envoy.listener.tls.withMinimumProtocolVersion
withMinimumProtocolVersion(minimumProtocolVersion)
"MinimumProtocolVersion is the minimum TLS version this vhost should negotiate. \n Values: 1.2 (default), 1.3. \n Other values will produce an error."
obj spec.runtimeSettings.envoy.logging
"Logging defines how Envoy's logs can be configured."
fn spec.runtimeSettings.envoy.logging.withAccessLogFormat
withAccessLogFormat(accessLogFormat)
"AccessLogFormat sets the global access log format. \n Values: envoy (default), json. \n Other values will produce an error."
fn spec.runtimeSettings.envoy.logging.withAccessLogFormatString
withAccessLogFormatString(accessLogFormatString)
"AccessLogFormatString sets the access log format when format is set to envoy. When empty, Envoy's default format is used."
fn spec.runtimeSettings.envoy.logging.withAccessLogJSONFields
withAccessLogJSONFields(accessLogJSONFields)
"AccessLogJSONFields sets the fields that JSON logging will output when AccessLogFormat is json."
fn spec.runtimeSettings.envoy.logging.withAccessLogJSONFieldsMixin
withAccessLogJSONFieldsMixin(accessLogJSONFields)
"AccessLogJSONFields sets the fields that JSON logging will output when AccessLogFormat is json."
Note: This function appends passed data to existing values
fn spec.runtimeSettings.envoy.logging.withAccessLogLevel
withAccessLogLevel(accessLogLevel)
"AccessLogLevel sets the verbosity level of the access log. \n Values: info (default, meaning all requests are logged), error and disabled. \n Other values will produce an error."
obj spec.runtimeSettings.envoy.metrics
"Metrics defines the endpoint Envoy uses to serve metrics. \n Contour's default is { address: \"0.0.0.0\", port: 8002 }."
fn spec.runtimeSettings.envoy.metrics.withAddress
withAddress(address)
"Defines the metrics address interface."
fn spec.runtimeSettings.envoy.metrics.withPort
withPort(port)
"Defines the metrics port."
obj spec.runtimeSettings.envoy.metrics.tls
"TLS holds TLS file config details. Metrics and health endpoints cannot have same port number when metrics is served over HTTPS."
fn spec.runtimeSettings.envoy.metrics.tls.withCaFile
withCaFile(caFile)
"CA filename."
fn spec.runtimeSettings.envoy.metrics.tls.withCertFile
withCertFile(certFile)
"Client certificate filename."
fn spec.runtimeSettings.envoy.metrics.tls.withKeyFile
withKeyFile(keyFile)
"Client key filename."
obj spec.runtimeSettings.envoy.network
"Network holds various configurable Envoy network values."
fn spec.runtimeSettings.envoy.network.withAdminPort
withAdminPort(adminPort)
"Configure the port used to access the Envoy Admin interface. If configured to port \"0\" then the admin interface is disabled. \n Contour's default is 9001."
fn spec.runtimeSettings.envoy.network.withNumTrustedHops
withNumTrustedHops(numTrustedHops)
"XffNumTrustedHops defines the number of additional ingress proxy hops from the right side of the x-forwarded-for HTTP header to trust when determining the origin client’s IP address. \n See https://www.envoyproxy.io/docs/envoy/v1.17.0/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto?highlight=xff_num_trusted_hops for more information. \n Contour's default is 0."
obj spec.runtimeSettings.envoy.service
"Service holds Envoy service parameters for setting Ingress status. \n Contour's default is { namespace: \"projectcontour\", name: \"envoy\" }."
fn spec.runtimeSettings.envoy.service.withName
withName(name)
fn spec.runtimeSettings.envoy.service.withNamespace
withNamespace(namespace)
obj spec.runtimeSettings.envoy.timeouts
"Timeouts holds various configurable timeouts that can be set in the config file."
fn spec.runtimeSettings.envoy.timeouts.withConnectTimeout
withConnectTimeout(connectTimeout)
"ConnectTimeout defines how long the proxy should wait when establishing connection to upstream service. If not set, a default value of 2 seconds will be used. \n See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-connect-timeout for more information."
fn spec.runtimeSettings.envoy.timeouts.withConnectionIdleTimeout
withConnectionIdleTimeout(connectionIdleTimeout)
"ConnectionIdleTimeout defines how long the proxy should wait while there are no active requests (for HTTP/1.1) or streams (for HTTP/2) before terminating an HTTP connection. Set to \"infinity\" to disable the timeout entirely. \n See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-idle-timeout for more information."
fn spec.runtimeSettings.envoy.timeouts.withConnectionShutdownGracePeriod
withConnectionShutdownGracePeriod(connectionShutdownGracePeriod)
"ConnectionShutdownGracePeriod defines how long the proxy will wait between sending an initial GOAWAY frame and a second, final GOAWAY frame when terminating an HTTP/2 connection. During this grace period, the proxy will continue to respond to new streams. After the final GOAWAY frame has been sent, the proxy will refuse new streams. \n See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-drain-timeout for more information."
fn spec.runtimeSettings.envoy.timeouts.withDelayedCloseTimeout
withDelayedCloseTimeout(delayedCloseTimeout)
"DelayedCloseTimeout defines how long envoy will wait, once connection close processing has been initiated, for the downstream peer to close the connection before Envoy closes the socket associated with the connection. \n Setting this timeout to 'infinity' will disable it, equivalent to setting it to '0' in Envoy. Leaving it unset will result in the Envoy default value being used. \n See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-delayed-close-timeout for more information."
fn spec.runtimeSettings.envoy.timeouts.withMaxConnectionDuration
withMaxConnectionDuration(maxConnectionDuration)
"MaxConnectionDuration defines the maximum period of time after an HTTP connection has been established from the client to the proxy before it is closed by the proxy, regardless of whether there has been activity or not. Omit or set to \"infinity\" for no max duration. \n See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-max-connection-duration for more information."
fn spec.runtimeSettings.envoy.timeouts.withRequestTimeout
withRequestTimeout(requestTimeout)
"RequestTimeout sets the client request timeout globally for Contour. Note that this is a timeout for the entire request, not an idle timeout. Omit or set to \"infinity\" to disable the timeout entirely. \n See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-request-timeout for more information."
fn spec.runtimeSettings.envoy.timeouts.withStreamIdleTimeout
withStreamIdleTimeout(streamIdleTimeout)
"StreamIdleTimeout defines how long the proxy should wait while there is no request activity (for HTTP/1.1) or stream activity (for HTTP/2) before terminating the HTTP request or stream. Set to \"infinity\" to disable the timeout entirely. \n See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-stream-idle-timeout for more information."
obj spec.runtimeSettings.gateway
"Gateway contains parameters for the gateway-api Gateway that Contour is configured to serve traffic."
fn spec.runtimeSettings.gateway.withControllerName
withControllerName(controllerName)
"ControllerName is used to determine whether Contour should reconcile a GatewayClass. The string takes the form of \"projectcontour.io/
obj spec.runtimeSettings.gateway.gatewayRef
"GatewayRef defines a specific Gateway that this Contour instance corresponds to. If set, Contour will reconcile only this gateway, and will not reconcile any gateway classes. Exactly one of ControllerName or GatewayRef must be set."
fn spec.runtimeSettings.gateway.gatewayRef.withName
withName(name)
fn spec.runtimeSettings.gateway.gatewayRef.withNamespace
withNamespace(namespace)
obj spec.runtimeSettings.globalExtAuth
"GlobalExternalAuthorization allows envoys external authorization filter to be enabled for all virtual hosts."
fn spec.runtimeSettings.globalExtAuth.withFailOpen
withFailOpen(failOpen)
"If FailOpen is true, the client request is forwarded to the upstream service even if the authorization server fails to respond. This field should not be set in most cases. It is intended for use only while migrating applications from internal authorization to Contour external authorization."
fn spec.runtimeSettings.globalExtAuth.withResponseTimeout
withResponseTimeout(responseTimeout)
"ResponseTimeout configures maximum time to wait for a check response from the authorization server. Timeout durations are expressed in the Go Duration format. Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\". The string \"infinity\" is also a valid input and specifies no timeout."
obj spec.runtimeSettings.globalExtAuth.authPolicy
"AuthPolicy sets a default authorization policy for client requests. This policy will be used unless overridden by individual routes."
fn spec.runtimeSettings.globalExtAuth.authPolicy.withContext
withContext(context)
"Context is a set of key/value pairs that are sent to the authentication server in the check request. If a context is provided at an enclosing scope, the entries are merged such that the inner scope overrides matching keys from the outer scope."
fn spec.runtimeSettings.globalExtAuth.authPolicy.withContextMixin
withContextMixin(context)
"Context is a set of key/value pairs that are sent to the authentication server in the check request. If a context is provided at an enclosing scope, the entries are merged such that the inner scope overrides matching keys from the outer scope."
Note: This function appends passed data to existing values
fn spec.runtimeSettings.globalExtAuth.authPolicy.withDisabled
withDisabled(disabled)
"When true, this field disables client request authentication for the scope of the policy."
obj spec.runtimeSettings.globalExtAuth.extensionRef
"ExtensionServiceRef specifies the extension resource that will authorize client requests."
fn spec.runtimeSettings.globalExtAuth.extensionRef.withApiVersion
withApiVersion(apiVersion)
"API version of the referent. If this field is not specified, the default \"projectcontour.io/v1alpha1\" will be used"
fn spec.runtimeSettings.globalExtAuth.extensionRef.withName
withName(name)
"Name of the referent. \n More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names"
fn spec.runtimeSettings.globalExtAuth.extensionRef.withNamespace
withNamespace(namespace)
"Namespace of the referent. If this field is not specifies, the namespace of the resource that targets the referent will be used. \n More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/"
obj spec.runtimeSettings.globalExtAuth.withRequestBody
"WithRequestBody specifies configuration for sending the client request's body to authorization server."
fn spec.runtimeSettings.globalExtAuth.withRequestBody.withAllowPartialMessage
withAllowPartialMessage(allowPartialMessage)
"If AllowPartialMessage is true, then Envoy will buffer the body until MaxRequestBytes are reached."
fn spec.runtimeSettings.globalExtAuth.withRequestBody.withMaxRequestBytes
withMaxRequestBytes(maxRequestBytes)
"MaxRequestBytes sets the maximum size of message body ExtAuthz filter will hold in-memory."
fn spec.runtimeSettings.globalExtAuth.withRequestBody.withPackAsBytes
withPackAsBytes(packAsBytes)
"If PackAsBytes is true, the body sent to Authorization Server is in raw bytes."
obj spec.runtimeSettings.health
"Health defines the endpoints Contour uses to serve health checks. \n Contour's default is { address: \"0.0.0.0\", port: 8000 }."
fn spec.runtimeSettings.health.withAddress
withAddress(address)
"Defines the health address interface."
fn spec.runtimeSettings.health.withPort
withPort(port)
"Defines the health port."
obj spec.runtimeSettings.httpproxy
"HTTPProxy defines parameters on HTTPProxy."
fn spec.runtimeSettings.httpproxy.withDisablePermitInsecure
withDisablePermitInsecure(disablePermitInsecure)
"DisablePermitInsecure disables the use of the permitInsecure field in HTTPProxy. \n Contour's default is false."
fn spec.runtimeSettings.httpproxy.withRootNamespaces
withRootNamespaces(rootNamespaces)
"Restrict Contour to searching these namespaces for root ingress routes."
fn spec.runtimeSettings.httpproxy.withRootNamespacesMixin
withRootNamespacesMixin(rootNamespaces)
"Restrict Contour to searching these namespaces for root ingress routes."
Note: This function appends passed data to existing values
obj spec.runtimeSettings.httpproxy.fallbackCertificate
"FallbackCertificate defines the namespace/name of the Kubernetes secret to use as fallback when a non-SNI request is received."
fn spec.runtimeSettings.httpproxy.fallbackCertificate.withName
withName(name)
fn spec.runtimeSettings.httpproxy.fallbackCertificate.withNamespace
withNamespace(namespace)
obj spec.runtimeSettings.ingress
"Ingress contains parameters for ingress options."
fn spec.runtimeSettings.ingress.withClassNames
withClassNames(classNames)
"Ingress Class Names Contour should use."
fn spec.runtimeSettings.ingress.withClassNamesMixin
withClassNamesMixin(classNames)
"Ingress Class Names Contour should use."
Note: This function appends passed data to existing values
fn spec.runtimeSettings.ingress.withStatusAddress
withStatusAddress(statusAddress)
"Address to set in Ingress object status."
obj spec.runtimeSettings.metrics
"Metrics defines the endpoint Contour uses to serve metrics. \n Contour's default is { address: \"0.0.0.0\", port: 8000 }."
fn spec.runtimeSettings.metrics.withAddress
withAddress(address)
"Defines the metrics address interface."
fn spec.runtimeSettings.metrics.withPort
withPort(port)
"Defines the metrics port."
obj spec.runtimeSettings.metrics.tls
"TLS holds TLS file config details. Metrics and health endpoints cannot have same port number when metrics is served over HTTPS."
fn spec.runtimeSettings.metrics.tls.withCaFile
withCaFile(caFile)
"CA filename."
fn spec.runtimeSettings.metrics.tls.withCertFile
withCertFile(certFile)
"Client certificate filename."
fn spec.runtimeSettings.metrics.tls.withKeyFile
withKeyFile(keyFile)
"Client key filename."
obj spec.runtimeSettings.policy
"Policy specifies default policy applied if not overridden by the user"
fn spec.runtimeSettings.policy.withApplyToIngress
withApplyToIngress(applyToIngress)
"ApplyToIngress determines if the Policies will apply to ingress objects \n Contour's default is false."
obj spec.runtimeSettings.policy.requestHeaders
"RequestHeadersPolicy defines the request headers set/removed on all routes"
fn spec.runtimeSettings.policy.requestHeaders.withRemove
withRemove(remove)
fn spec.runtimeSettings.policy.requestHeaders.withRemoveMixin
withRemoveMixin(remove)
Note: This function appends passed data to existing values
fn spec.runtimeSettings.policy.requestHeaders.withSet
withSet(set)
fn spec.runtimeSettings.policy.requestHeaders.withSetMixin
withSetMixin(set)
Note: This function appends passed data to existing values
obj spec.runtimeSettings.policy.responseHeaders
"ResponseHeadersPolicy defines the response headers set/removed on all routes"
fn spec.runtimeSettings.policy.responseHeaders.withRemove
withRemove(remove)
fn spec.runtimeSettings.policy.responseHeaders.withRemoveMixin
withRemoveMixin(remove)
Note: This function appends passed data to existing values
fn spec.runtimeSettings.policy.responseHeaders.withSet
withSet(set)
fn spec.runtimeSettings.policy.responseHeaders.withSetMixin
withSetMixin(set)
Note: This function appends passed data to existing values
obj spec.runtimeSettings.rateLimitService
"RateLimitService optionally holds properties of the Rate Limit Service to be used for global rate limiting."
fn spec.runtimeSettings.rateLimitService.withDomain
withDomain(domain)
"Domain is passed to the Rate Limit Service."
fn spec.runtimeSettings.rateLimitService.withEnableResourceExhaustedCode
withEnableResourceExhaustedCode(enableResourceExhaustedCode)
"EnableResourceExhaustedCode enables translating error code 429 to grpc code RESOURCE_EXHAUSTED. When disabled it's translated to UNAVAILABLE"
fn spec.runtimeSettings.rateLimitService.withEnableXRateLimitHeaders
withEnableXRateLimitHeaders(enableXRateLimitHeaders)
"EnableXRateLimitHeaders defines whether to include the X-RateLimit headers X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset (as defined by the IETF Internet-Draft linked below), on responses to clients when the Rate Limit Service is consulted for a request. \n ref. https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html"
fn spec.runtimeSettings.rateLimitService.withFailOpen
withFailOpen(failOpen)
"FailOpen defines whether to allow requests to proceed when the Rate Limit Service fails to respond with a valid rate limit decision within the timeout defined on the extension service."
obj spec.runtimeSettings.rateLimitService.extensionService
"ExtensionService identifies the extension service defining the RLS."
fn spec.runtimeSettings.rateLimitService.extensionService.withName
withName(name)
fn spec.runtimeSettings.rateLimitService.extensionService.withNamespace
withNamespace(namespace)
obj spec.runtimeSettings.tracing
"Tracing defines properties for exporting trace data to OpenTelemetry."
fn spec.runtimeSettings.tracing.withCustomTags
withCustomTags(customTags)
"CustomTags defines a list of custom tags with unique tag name."
fn spec.runtimeSettings.tracing.withCustomTagsMixin
withCustomTagsMixin(customTags)
"CustomTags defines a list of custom tags with unique tag name."
Note: This function appends passed data to existing values
fn spec.runtimeSettings.tracing.withIncludePodDetail
withIncludePodDetail(includePodDetail)
"IncludePodDetail defines a flag. If it is true, contour will add the pod name and namespace to the span of the trace. the default is true. Note: The Envoy pods MUST have the HOSTNAME and CONTOUR_NAMESPACE environment variables set for this to work properly."
fn spec.runtimeSettings.tracing.withMaxPathTagLength
withMaxPathTagLength(maxPathTagLength)
"MaxPathTagLength defines maximum length of the request path to extract and include in the HttpUrl tag. contour's default is 256."
fn spec.runtimeSettings.tracing.withOverallSampling
withOverallSampling(overallSampling)
"OverallSampling defines the sampling rate of trace data. contour's default is 100."
fn spec.runtimeSettings.tracing.withServiceName
withServiceName(serviceName)
"ServiceName defines the name for the service. contour's default is contour."
obj spec.runtimeSettings.tracing.customTags
"CustomTags defines a list of custom tags with unique tag name."
fn spec.runtimeSettings.tracing.customTags.withLiteral
withLiteral(literal)
"Literal is a static custom tag value. Precisely one of Literal, RequestHeaderName must be set."
fn spec.runtimeSettings.tracing.customTags.withRequestHeaderName
withRequestHeaderName(requestHeaderName)
"RequestHeaderName indicates which request header the label value is obtained from. Precisely one of Literal, RequestHeaderName must be set."
fn spec.runtimeSettings.tracing.customTags.withTagName
withTagName(tagName)
"TagName is the unique name of the custom tag."
obj spec.runtimeSettings.tracing.extensionService
"ExtensionService identifies the extension service defining the otel-collector."
fn spec.runtimeSettings.tracing.extensionService.withName
withName(name)
fn spec.runtimeSettings.tracing.extensionService.withNamespace
withNamespace(namespace)
obj spec.runtimeSettings.xdsServer
"XDSServer contains parameters for the xDS server."
fn spec.runtimeSettings.xdsServer.withAddress
withAddress(address)
"Defines the xDS gRPC API address which Contour will serve. \n Contour's default is \"0.0.0.0\"."
fn spec.runtimeSettings.xdsServer.withPort
withPort(port)
"Defines the xDS gRPC API port which Contour will serve. \n Contour's default is 8001."
fn spec.runtimeSettings.xdsServer.withType
withType(type)
"Defines the XDSServer to use for contour serve. \n Values: contour (default), envoy. \n Other values will produce an error."
obj spec.runtimeSettings.xdsServer.tls
"TLS holds TLS file config details. \n Contour's default is { caFile: \"/certs/ca.crt\", certFile: \"/certs/tls.cert\", keyFile: \"/certs/tls.key\", insecure: false }."
fn spec.runtimeSettings.xdsServer.tls.withCaFile
withCaFile(caFile)
"CA filename."
fn spec.runtimeSettings.xdsServer.tls.withCertFile
withCertFile(certFile)
"Client certificate filename."
fn spec.runtimeSettings.xdsServer.tls.withInsecure
withInsecure(insecure)
"Allow serving the xDS gRPC API without TLS."
fn spec.runtimeSettings.xdsServer.tls.withKeyFile
withKeyFile(keyFile)
"Client key filename."