From 490c5adaddcbf46dff9fe39e4ba416c0dfee6e11 Mon Sep 17 00:00:00 2001 From: ctrought <65360454+ctrought@users.noreply.github.com> Date: Sun, 15 May 2022 15:50:16 -0400 Subject: [PATCH 1/7] generate rbac for controller --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index b00c4d5d..80909bb3 100644 --- a/Makefile +++ b/Makefile @@ -69,7 +69,7 @@ undeploy: # Generate manifests e.g. CRD, RBAC etc. manifests: controller-gen - $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=controller-role webhook paths=./pkg/apis/v2beta1 paths=./pkg/apis/v2beta2 output:crd:artifacts:config=config/crd/bases + $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=controller-role webhook paths=./pkg/apis/v2beta1 paths=./pkg/apis/v2beta2 paths=./controllers output:crd:artifacts:config=config/crd/bases cd config/manager && kustomize edit set image controller=${IMG} && cd ../../ kustomize build config/default | sed -e '/creationTimestamp/d' > config/bundle.yaml kustomize build config/samples | sed -e '/creationTimestamp/d' > config/samples/bundle.yaml From 605d580675f9953ff3c2a18da13cd98fd6b65f19 Mon Sep 17 00:00:00 2001 From: ctrought <65360454+ctrought@users.noreply.github.com> Date: Sun, 15 May 2022 15:50:51 -0400 Subject: [PATCH 2/7] remove hostPath mounts, add TZ environment variable --- adapter/deploy/yaml/adapter.yaml | 16 +- adapter/test/samples/socket.yaml | 16 +- config/bundle.yaml | 125 +++++- ...on.kubesphere.io_notificationmanagers.yaml | 103 +++++ config/manager/manager.yaml | 19 +- config/rbac/role.yaml | 16 +- controllers/notificationmanager_controller.go | 38 +- helm/crds/bundle.yaml | 409 ++++++++++++++++++ helm/templates/clusterroles.yaml | 6 + helm/templates/notificationmanagers.yaml | 5 + helm/templates/operator.yaml | 11 +- helm/values.yaml | 3 + pkg/apis/v2beta2/notificationmanager_types.go | 2 + 13 files changed, 692 insertions(+), 77 deletions(-) diff --git a/adapter/deploy/yaml/adapter.yaml b/adapter/deploy/yaml/adapter.yaml index a56c5407..e9a12076 100644 --- a/adapter/deploy/yaml/adapter.yaml +++ b/adapter/deploy/yaml/adapter.yaml @@ -19,10 +19,12 @@ spec: args: - --with-stdout=true imagePullPolicy: Always - volumeMounts: - - mountPath: /etc/localtime - name: host-time - readOnly: true + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace lifecycle: preStop: httpGet: @@ -48,12 +50,6 @@ spec: requests: cpu: 20m memory: 50Mi - volumes: - - hostPath: - path: /etc/localtime - type: "" - name: host-time - --- apiVersion: v1 kind: Service diff --git a/adapter/test/samples/socket.yaml b/adapter/test/samples/socket.yaml index c61bc85f..cb799d9b 100644 --- a/adapter/test/samples/socket.yaml +++ b/adapter/test/samples/socket.yaml @@ -19,16 +19,12 @@ spec: command: - socket-server imagePullPolicy: Always - volumeMounts: - - mountPath: /etc/localtime - name: host-time - readOnly: true - volumes: - - hostPath: - path: /etc/localtime - type: "" - name: host-time - + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace --- apiVersion: v1 kind: Service diff --git a/config/bundle.yaml b/config/bundle.yaml index 5a62ec98..7cd85e5c 100644 --- a/config/bundle.yaml +++ b/config/bundle.yaml @@ -4808,6 +4808,109 @@ spec: description: The default namespace to which notification manager secrets belong. type: string + env: + description: List of environment variable + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using + the previous defined environment variables in the container + and any service environment variables. If a variable cannot + be resolved, the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double $$, ie: + $$(VAR_NAME). Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array groupLabels: description: Labels for grouping notifiations. items: @@ -10925,7 +11028,6 @@ rules: - "" resources: - secrets - - configmaps verbs: - get - list @@ -10958,6 +11060,12 @@ rules: - patch - update - watch +- apiGroups: + - notification.kubesphere.io + resources: + - notificationmanagers/finalizers + verbs: + - update - apiGroups: - notification.kubesphere.io resources: @@ -10966,6 +11074,14 @@ rules: - get - patch - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - get + - list + - watch - apiGroups: - '*' resources: @@ -11127,9 +11243,6 @@ spec: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true - - mountPath: /etc/localtime - name: host-time - readOnly: true - args: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://127.0.0.1:8080/ @@ -11147,10 +11260,6 @@ spec: secret: defaultMode: 420 secretName: notification-manager-webhook-server-cert - - hostPath: - path: /etc/localtime - type: "" - name: host-time --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration diff --git a/config/crd/bases/notification.kubesphere.io_notificationmanagers.yaml b/config/crd/bases/notification.kubesphere.io_notificationmanagers.yaml index f3166130..99474d23 100644 --- a/config/crd/bases/notification.kubesphere.io_notificationmanagers.yaml +++ b/config/crd/bases/notification.kubesphere.io_notificationmanagers.yaml @@ -3668,6 +3668,109 @@ spec: description: The default namespace to which notification manager secrets belong. type: string + env: + description: List of environment variable + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using + the previous defined environment variables in the container + and any service environment variables. If a variable cannot + be resolved, the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double $$, ie: + $$(VAR_NAME). Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array groupLabels: description: Labels for grouping notifiations. items: diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 37e582f9..cb435174 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -31,19 +31,10 @@ spec: requests: cpu: 100m memory: 20Mi - volumeMounts: - - mountPath: /etc/localtime - name: host-time - readOnly: true env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - volumes: - - hostPath: - path: /etc/localtime - type: "" - name: host-time + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace terminationGracePeriodSeconds: 10 diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index b16a626e..c7610df4 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -22,7 +22,6 @@ rules: - "" resources: - secrets - - configmaps verbs: - get - list @@ -55,6 +54,12 @@ rules: - patch - update - watch +- apiGroups: + - notification.kubesphere.io + resources: + - notificationmanagers/finalizers + verbs: + - update - apiGroups: - notification.kubesphere.io resources: @@ -63,4 +68,11 @@ rules: - get - patch - update - +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - get + - list + - watch diff --git a/controllers/notificationmanager_controller.go b/controllers/notificationmanager_controller.go index c0226bee..4477a18d 100644 --- a/controllers/notificationmanager_controller.go +++ b/controllers/notificationmanager_controller.go @@ -188,13 +188,6 @@ func (r *NotificationManagerReconciler) mutateDeployment(deploy *appsv1.Deployme Protocol: corev1.ProtocolTCP, }, }, - VolumeMounts: []corev1.VolumeMount{ - { - Name: "host-time", - MountPath: "/etc/localtime", - ReadOnly: true, - }, - }, } if utils.StringIsNil(nm.Spec.DefaultSecretNamespace) { @@ -217,8 +210,12 @@ func (r *NotificationManagerReconciler) mutateDeployment(deploy *appsv1.Deployme } } + if nm.Spec.Env != nil { + newC.Env = append(newC.Env, nm.Spec.Env...) + } + if nm.Spec.VolumeMounts != nil { - newC.VolumeMounts = append(newC.VolumeMounts, nm.Spec.VolumeMounts...) + newC.VolumeMounts = nm.Spec.VolumeMounts } if nm.Spec.Args != nil { @@ -231,17 +228,7 @@ func (r *NotificationManagerReconciler) mutateDeployment(deploy *appsv1.Deployme deploy.Spec.Template.Spec.Containers = append(deploy.Spec.Template.Spec.Containers, *sidecar) } - deploy.Spec.Template.Spec.Volumes = []corev1.Volume{ - { - Name: "host-time", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/etc/localtime", - }, - }, - }, - } - deploy.Spec.Template.Spec.Volumes = append(deploy.Spec.Template.Spec.Volumes, nm.Spec.Volumes...) + deploy.Spec.Template.Spec.Volumes = nm.Spec.Volumes deploy.SetOwnerReferences(nil) return ctrl.SetControllerReference(nm, deploy, r.Scheme) @@ -260,13 +247,13 @@ func (r *NotificationManagerReconciler) mutateTenantSidecar(nm *v2beta2.Notifica } if sidecar.Type == kubesphereSidecar { - return r.generateKubesphereSidecar(sidecar) + return r.generateKubesphereSidecar(sidecar, nm) } return sidecar.Container } -func (r *NotificationManagerReconciler) generateKubesphereSidecar(sidecar *v2beta2.Sidecar) *corev1.Container { +func (r *NotificationManagerReconciler) generateKubesphereSidecar(sidecar *v2beta2.Sidecar, nm *v2beta2.NotificationManager) *corev1.Container { container := sidecar.Container if container == nil { @@ -290,11 +277,10 @@ func (r *NotificationManagerReconciler) generateKubesphereSidecar(sidecar *v2bet } } - container.VolumeMounts = append(container.VolumeMounts, corev1.VolumeMount{ - Name: "host-time", - MountPath: "/etc/localtime", - ReadOnly: true, - }) + if nm.Spec.Env != nil { + container.Env = append(container.Env, nm.Spec.Env...) + } + return container } diff --git a/helm/crds/bundle.yaml b/helm/crds/bundle.yaml index e5d9cd0c..18a39e15 100644 --- a/helm/crds/bundle.yaml +++ b/helm/crds/bundle.yaml @@ -1415,6 +1415,7 @@ spec: labelSelector: description: A label query over a set of resources, in this case pods. +<<<<<<< HEAD properties: matchExpressions: description: matchExpressions is a list of label @@ -1473,6 +1474,8 @@ spec: ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. +======= +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) properties: matchExpressions: description: matchExpressions is a list of label @@ -1522,12 +1525,18 @@ spec: type: object type: object namespaces: +<<<<<<< HEAD description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" +======= + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) items: type: string type: array @@ -1575,6 +1584,7 @@ spec: labelSelector: description: A label query over a set of resources, in this case pods. +<<<<<<< HEAD properties: matchExpressions: description: matchExpressions is a list of label @@ -1628,6 +1638,8 @@ spec: namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. +======= +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) properties: matchExpressions: description: matchExpressions is a list of label @@ -1673,12 +1685,18 @@ spec: type: object type: object namespaces: +<<<<<<< HEAD description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" +======= + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) items: type: string type: array @@ -1770,6 +1788,7 @@ spec: whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. +<<<<<<< HEAD type: object type: object namespaceSelector: @@ -1837,6 +1856,14 @@ spec: listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" +======= + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) items: type: string type: array @@ -1926,6 +1953,7 @@ spec: whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. +<<<<<<< HEAD type: object type: object namespaceSelector: @@ -1988,6 +2016,14 @@ spec: and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" +======= + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) items: type: string type: array @@ -2357,7 +2393,11 @@ spec: pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources +<<<<<<< HEAD allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' +======= + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) type: object requests: additionalProperties: @@ -2369,7 +2409,11 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise +<<<<<<< HEAD to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' +======= + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) type: object type: object serviceAccountName: @@ -2625,6 +2669,7 @@ spec: this volume properties: defaultMode: +<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML @@ -2634,6 +2679,14 @@ spec: be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' +======= + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and the + result can be other mode bits set.' +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer items: @@ -2653,11 +2706,16 @@ spec: description: The key to project. type: string mode: +<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, +======= + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other @@ -2685,9 +2743,14 @@ spec: type: boolean type: object csi: +<<<<<<< HEAD description: CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). +======= + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) properties: driver: description: Driver is the name of the CSI driver that handles @@ -2734,6 +2797,7 @@ spec: properties: defaultMode: description: 'Optional: mode bits to use on created files +<<<<<<< HEAD by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between @@ -2743,6 +2807,13 @@ spec: this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' +======= + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and the + result can be other mode bits set.' +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer items: @@ -2768,11 +2839,16 @@ spec: - fieldPath type: object mode: +<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, +======= + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other @@ -3362,6 +3438,7 @@ spec: and downward API properties: defaultMode: +<<<<<<< HEAD description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts @@ -3370,6 +3447,14 @@ spec: by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +======= + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within + the path are not affected by this setting. This might + be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits + set. +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer sources: @@ -3402,6 +3487,7 @@ spec: description: The key to project. type: string mode: +<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or @@ -3413,6 +3499,15 @@ spec: with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' +======= + description: 'Optional: mode bits to use + on this file, must be a value between + 0 and 0777. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer path: @@ -3467,6 +3562,7 @@ spec: - fieldPath type: object mode: +<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or @@ -3478,6 +3574,15 @@ spec: with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' +======= + description: 'Optional: mode bits to use + on this file, must be a value between + 0 and 0777. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer path: @@ -3543,6 +3648,7 @@ spec: description: The key to project. type: string mode: +<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or @@ -3554,6 +3660,15 @@ spec: with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' +======= + description: 'Optional: mode bits to use + on this file, must be a value between + 0 and 0777. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer path: @@ -3762,6 +3877,7 @@ spec: this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: +<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML @@ -3771,6 +3887,14 @@ spec: be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' +======= + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and the + result can be other mode bits set.' +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer items: @@ -3790,11 +3914,16 @@ spec: description: The key to project. type: string mode: +<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, +======= + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other @@ -4199,6 +4328,7 @@ spec: whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. +<<<<<<< HEAD type: object type: object namespaceSelector: @@ -4266,6 +4396,14 @@ spec: listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" +======= + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) items: type: string type: array @@ -4355,6 +4493,7 @@ spec: whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. +<<<<<<< HEAD type: object type: object namespaceSelector: @@ -4417,6 +4556,14 @@ spec: and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" +======= + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) items: type: string type: array @@ -4462,6 +4609,7 @@ spec: labelSelector: description: A label query over a set of resources, in this case pods. +<<<<<<< HEAD properties: matchExpressions: description: matchExpressions is a list of label @@ -4520,6 +4668,8 @@ spec: ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. +======= +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) properties: matchExpressions: description: matchExpressions is a list of label @@ -4569,12 +4719,18 @@ spec: type: object type: object namespaces: +<<<<<<< HEAD description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" +======= + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) items: type: string type: array @@ -4664,6 +4820,7 @@ spec: whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. +<<<<<<< HEAD type: object type: object namespaceSelector: @@ -4726,6 +4883,14 @@ spec: and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" +======= + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) items: type: string type: array @@ -4808,6 +4973,109 @@ spec: description: The default namespace to which notification manager secrets belong. type: string + env: + description: List of environment variable + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using + the previous defined environment variables in the container + and any service environment variables. If a variable cannot + be resolved, the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double $$, ie: + $$(VAR_NAME). Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array groupLabels: description: Labels for grouping notifiations. items: @@ -5539,7 +5807,11 @@ spec: pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources +<<<<<<< HEAD allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' +======= + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) type: object requests: additionalProperties: @@ -5551,7 +5823,11 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise +<<<<<<< HEAD to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' +======= + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) type: object type: object routePolicy: @@ -5647,10 +5923,16 @@ spec: type: object fieldRef: description: 'Selects a field of the pod: supports +<<<<<<< HEAD metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' +======= + metadata.name, metadata.namespace, metadata.labels, + metadata.annotations, spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) properties: apiVersion: description: Version of the schema the FieldPath @@ -6279,7 +6561,11 @@ spec: type: object resources: description: 'Compute Resources required by this container. +<<<<<<< HEAD Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' +======= + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) properties: limits: additionalProperties: @@ -6289,7 +6575,11 @@ spec: pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute +<<<<<<< HEAD resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' +======= + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) type: object requests: additionalProperties: @@ -6302,7 +6592,11 @@ spec: resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: +<<<<<<< HEAD https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' +======= + https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) type: object type: object securityContext: @@ -6403,6 +6697,7 @@ spec: user: description: User is a SELinux user label that applies to the container. +<<<<<<< HEAD type: string type: object seccompProfile: @@ -6417,6 +6712,8 @@ spec: a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". +======= +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) type: string type: description: "type indicates which kind of seccomp profile @@ -6439,11 +6736,23 @@ spec: description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named +<<<<<<< HEAD by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. +======= + by the GMSACredentialSpecName field. This field is + alpha-level and is only honored by servers that enable + the WindowsGMSA feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) type: string runAsUserName: description: The UserName in Windows to run the entrypoint @@ -6451,7 +6760,13 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext +<<<<<<< HEAD takes precedence. +======= + takes precedence. This field is beta-level and may + be disabled with the WindowsRunAsUserName feature + flag. +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) type: string type: object type: object @@ -6463,7 +6778,12 @@ spec: can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. +<<<<<<< HEAD This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' +======= + This cannot be updated. This is an alpha feature enabled by + the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) properties: exec: description: One and only one of the following should be @@ -6641,7 +6961,11 @@ spec: type: string volumeDevices: description: volumeDevices is the list of block devices to be +<<<<<<< HEAD used by the container. +======= + used by the container. This is a beta feature. +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) items: description: volumeDevice describes a mapping of a raw block device within a container. @@ -7016,6 +7340,7 @@ spec: this volume properties: defaultMode: +<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML @@ -7025,6 +7350,14 @@ spec: be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' +======= + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and the + result can be other mode bits set.' +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer items: @@ -7044,11 +7377,16 @@ spec: description: The key to project. type: string mode: +<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, +======= + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other @@ -7076,9 +7414,14 @@ spec: type: boolean type: object csi: +<<<<<<< HEAD description: CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). +======= + description: CSI (Container Storage Interface) represents storage + that is handled by an external CSI driver (Alpha feature). +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) properties: driver: description: Driver is the name of the CSI driver that handles @@ -7125,6 +7468,7 @@ spec: properties: defaultMode: description: 'Optional: mode bits to use on created files +<<<<<<< HEAD by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between @@ -7134,6 +7478,13 @@ spec: this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' +======= + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and the + result can be other mode bits set.' +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer items: @@ -7159,11 +7510,16 @@ spec: - fieldPath type: object mode: +<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, +======= + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other @@ -7753,6 +8109,7 @@ spec: and downward API properties: defaultMode: +<<<<<<< HEAD description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts @@ -7761,6 +8118,14 @@ spec: by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +======= + description: Mode bits to use on created files by default. + Must be a value between 0 and 0777. Directories within + the path are not affected by this setting. This might + be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits + set. +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer sources: @@ -7793,6 +8158,7 @@ spec: description: The key to project. type: string mode: +<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or @@ -7804,6 +8170,15 @@ spec: with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' +======= + description: 'Optional: mode bits to use + on this file, must be a value between + 0 and 0777. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer path: @@ -7858,6 +8233,7 @@ spec: - fieldPath type: object mode: +<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or @@ -7869,6 +8245,15 @@ spec: with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' +======= + description: 'Optional: mode bits to use + on this file, must be a value between + 0 and 0777. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer path: @@ -7934,6 +8319,7 @@ spec: description: The key to project. type: string mode: +<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or @@ -7945,6 +8331,15 @@ spec: with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' +======= + description: 'Optional: mode bits to use + on this file, must be a value between + 0 and 0777. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer path: @@ -8153,6 +8548,7 @@ spec: this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: +<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML @@ -8162,6 +8558,14 @@ spec: be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' +======= + description: 'Optional: mode bits to use on created files + by default. Must be a value between 0 and 0777. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with other + options that affect the file mode, like fsGroup, and the + result can be other mode bits set.' +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer items: @@ -8181,11 +8585,16 @@ spec: description: The key to project. type: string mode: +<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, +======= + description: 'Optional: mode bits to use on this file, + must be a value between 0 and 0777. If not specified, +>>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other diff --git a/helm/templates/clusterroles.yaml b/helm/templates/clusterroles.yaml index 48ec8697..cacc6aa8 100644 --- a/helm/templates/clusterroles.yaml +++ b/helm/templates/clusterroles.yaml @@ -52,6 +52,12 @@ rules: - patch - update - watch +- apiGroups: + - notification.kubesphere.io + resources: + - notificationmanagers/finalizers + verbs: + - update - apiGroups: - notification.kubesphere.io resources: diff --git a/helm/templates/notificationmanagers.yaml b/helm/templates/notificationmanagers.yaml index ef847820..2a20fcec 100644 --- a/helm/templates/notificationmanagers.yaml +++ b/helm/templates/notificationmanagers.yaml @@ -24,6 +24,11 @@ spec: {{- toYaml .Values.notificationmanager.receivers | nindent 4 }} defaultConfigSelector: {{- toYaml .Values.notificationmanager.defaultConfigSelector | nindent 4 }} + {{- if .Values.timezone }} + env: + - name: TZ + value: {{ .Values.timezone }} + {{- end }} volumeMounts: {{- toYaml .Values.notificationmanager.volumeMounts | nindent 4 }} volumes: diff --git a/helm/templates/operator.yaml b/helm/templates/operator.yaml index b868b966..d66955b9 100644 --- a/helm/templates/operator.yaml +++ b/helm/templates/operator.yaml @@ -42,6 +42,10 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- if .Values.timezone }} + - name: TZ + value: {{ .Values.timezone }} + {{- end }} image: {{ .Values.operator.containers.operator.image.repo }}:{{ .Values.operator.containers.operator.image.tag }} imagePullPolicy: {{ .Values.operator.containers.operator.image.pullPolicy }} name: notification-manager-operator @@ -55,18 +59,11 @@ spec: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true - - mountPath: /etc/localtime - name: host-time - readOnly: true volumes: - name: cert secret: defaultMode: 420 secretName: notification-manager-webhook-server-cert - - hostPath: - path: /etc/localtime - type: "" - name: host-time serviceAccount: notification-manager-sa serviceAccountName: notification-manager-sa nodeSelector: diff --git a/helm/values.yaml b/helm/values.yaml index a7650d76..7246e565 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -5,6 +5,9 @@ hook: postInstall: backoffLimit: 1 +# Set timezone to be injected into containers +# timezone: "America/Toronto" + # value of notification-manager-operator operator: containers: diff --git a/pkg/apis/v2beta2/notificationmanager_types.go b/pkg/apis/v2beta2/notificationmanager_types.go index 61de7b08..f76a0a96 100644 --- a/pkg/apis/v2beta2/notificationmanager_types.go +++ b/pkg/apis/v2beta2/notificationmanager_types.go @@ -123,6 +123,8 @@ type NotificationManagerSpec struct { Receivers *ReceiversSpec `json:"receivers"` // The default namespace to which notification manager secrets belong. DefaultSecretNamespace string `json:"defaultSecretNamespace,omitempty"` + // List of environment variable + Env []v1.EnvVar `json:"env,omitempty"` // List of volumes that can be mounted by containers belonging to the pod. Volumes []v1.Volume `json:"volumes,omitempty"` // Pod volumes to mount into the container's filesystem. From 30791f72ff996b1791aed89bc04907e6e02114a6 Mon Sep 17 00:00:00 2001 From: ctrought <65360454+ctrought@users.noreply.github.com> Date: Sun, 15 May 2022 15:58:18 -0400 Subject: [PATCH 3/7] add finalizers to markers for OwnerReferencesPermissionEnforcement enabled clusters --- controllers/notificationmanager_controller.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/controllers/notificationmanager_controller.go b/controllers/notificationmanager_controller.go index 4477a18d..995d1f41 100644 --- a/controllers/notificationmanager_controller.go +++ b/controllers/notificationmanager_controller.go @@ -60,8 +60,9 @@ type NotificationManagerReconciler struct { // Reconcile reads that state of NotificationManager objects and makes changes based on the state read // and what is in the NotificationManagerSpec -// +kubebuilder:rbac:groups=notification.kubesphere.io,resources=notificationmanagers;receivers;configs,routers,silences,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=notification.kubesphere.io,resources=notificationmanagers;receivers;configs;routers;silences,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=notification.kubesphere.io,resources=notificationmanagers/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=notification.kubesphere.io,resources=notificationmanagers/finalizers,verbs=update // +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch From 47664b91dafd9b51cfd698a203f2a3363ac12900 Mon Sep 17 00:00:00 2001 From: ctrought <65360454+ctrought@users.noreply.github.com> Date: Fri, 27 May 2022 00:00:51 -0400 Subject: [PATCH 4/7] add TZ env var --- adapter/deploy/yaml/adapter.yaml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/adapter/deploy/yaml/adapter.yaml b/adapter/deploy/yaml/adapter.yaml index e9a12076..dc63214f 100644 --- a/adapter/deploy/yaml/adapter.yaml +++ b/adapter/deploy/yaml/adapter.yaml @@ -20,11 +20,8 @@ spec: - --with-stdout=true imagePullPolicy: Always env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace + - name: TZ + value: GMT lifecycle: preStop: httpGet: From 47ab14b78656320e07018734de20113e716ebea2 Mon Sep 17 00:00:00 2001 From: ctrought <65360454+ctrought@users.noreply.github.com> Date: Fri, 27 May 2022 00:22:29 -0400 Subject: [PATCH 5/7] add env to NM schema --- docs/crds/notification-manager.md | 1 + pkg/apis/v2beta2/zz_generated.deepcopy.go | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/docs/crds/notification-manager.md b/docs/crds/notification-manager.md index 9c378c23..83bc9204 100644 --- a/docs/crds/notification-manager.md +++ b/docs/crds/notification-manager.md @@ -68,6 +68,7 @@ A NotificationManager resource allows the user to define: Properties of Notification Manager webhook deployment. - `resources` +- `env` - `image` - `imagePullPolicy` - `replicas` diff --git a/pkg/apis/v2beta2/zz_generated.deepcopy.go b/pkg/apis/v2beta2/zz_generated.deepcopy.go index fdd751c9..c2fe9b7b 100644 --- a/pkg/apis/v2beta2/zz_generated.deepcopy.go +++ b/pkg/apis/v2beta2/zz_generated.deepcopy.go @@ -973,6 +973,13 @@ func (in *NotificationManagerSpec) DeepCopyInto(out *NotificationManagerSpec) { *out = new(ReceiversSpec) (*in).DeepCopyInto(*out) } + if in.Env != nil { + in, out := &in.Env, &out.Env + *out = make([]v1.EnvVar, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Volumes != nil { in, out := &in.Volumes, &out.Volumes *out = make([]v1.Volume, len(*in)) From 1c82cf4423932d7d417c9e3e22901d0c66fc3643 Mon Sep 17 00:00:00 2001 From: ctrought <65360454+ctrought@users.noreply.github.com> Date: Fri, 27 May 2022 00:23:07 -0400 Subject: [PATCH 6/7] update nm rbac markers --- config/bundle.yaml | 16 ++++++++-------- config/rbac/role.yaml | 17 +++++++++-------- controllers/notificationmanager_controller.go | 2 +- helm/templates/clusterroles.yaml | 8 -------- 4 files changed, 18 insertions(+), 25 deletions(-) diff --git a/config/bundle.yaml b/config/bundle.yaml index 7cd85e5c..b2465528 100644 --- a/config/bundle.yaml +++ b/config/bundle.yaml @@ -11024,6 +11024,14 @@ rules: - patch - update - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -11074,14 +11082,6 @@ rules: - get - patch - update -- apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - verbs: - - get - - list - - watch - apiGroups: - '*' resources: diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index c7610df4..895becd9 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -18,6 +18,14 @@ rules: - patch - update - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -68,11 +76,4 @@ rules: - get - patch - update -- apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - verbs: - - get - - list - - watch +helm/templates/roles.yaml \ No newline at end of file diff --git a/controllers/notificationmanager_controller.go b/controllers/notificationmanager_controller.go index 995d1f41..6161fbf3 100644 --- a/controllers/notificationmanager_controller.go +++ b/controllers/notificationmanager_controller.go @@ -66,7 +66,7 @@ type NotificationManagerReconciler struct { // +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch -// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=rolebindings,verbs=get;list;watch; +// +kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;watch func (r *NotificationManagerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { diff --git a/helm/templates/clusterroles.yaml b/helm/templates/clusterroles.yaml index cacc6aa8..2cb5a8bd 100644 --- a/helm/templates/clusterroles.yaml +++ b/helm/templates/clusterroles.yaml @@ -66,14 +66,6 @@ rules: - get - patch - update -- apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - verbs: - - get - - list - - watch --- apiVersion: rbac.authorization.k8s.io/v1 From ef0603ed84ff25aeaec6eb3a288127c09da83205 Mon Sep 17 00:00:00 2001 From: ctrought <65360454+ctrought@users.noreply.github.com> Date: Wed, 15 Jun 2022 12:35:07 -0400 Subject: [PATCH 7/7] rebase --- config/bundle.yaml | 2 +- ...on.kubesphere.io_notificationmanagers.yaml | 2 +- config/rbac/role.yaml | 1 - helm/crds/bundle.yaml | 308 +----------------- 4 files changed, 3 insertions(+), 310 deletions(-) diff --git a/config/bundle.yaml b/config/bundle.yaml index b2465528..be5dd074 100644 --- a/config/bundle.yaml +++ b/config/bundle.yaml @@ -4849,7 +4849,7 @@ spec: type: object fieldRef: description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' properties: diff --git a/config/crd/bases/notification.kubesphere.io_notificationmanagers.yaml b/config/crd/bases/notification.kubesphere.io_notificationmanagers.yaml index 99474d23..8d19b11d 100644 --- a/config/crd/bases/notification.kubesphere.io_notificationmanagers.yaml +++ b/config/crd/bases/notification.kubesphere.io_notificationmanagers.yaml @@ -3709,7 +3709,7 @@ spec: type: object fieldRef: description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' properties: diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 895becd9..4c5b82bb 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -76,4 +76,3 @@ rules: - get - patch - update -helm/templates/roles.yaml \ No newline at end of file diff --git a/helm/crds/bundle.yaml b/helm/crds/bundle.yaml index 18a39e15..07cb9510 100644 --- a/helm/crds/bundle.yaml +++ b/helm/crds/bundle.yaml @@ -1415,7 +1415,6 @@ spec: labelSelector: description: A label query over a set of resources, in this case pods. -<<<<<<< HEAD properties: matchExpressions: description: matchExpressions is a list of label @@ -1474,8 +1473,6 @@ spec: ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. -======= ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) properties: matchExpressions: description: matchExpressions is a list of label @@ -1525,18 +1522,12 @@ spec: type: object type: object namespaces: -<<<<<<< HEAD description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" -======= - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) items: type: string type: array @@ -1584,7 +1575,6 @@ spec: labelSelector: description: A label query over a set of resources, in this case pods. -<<<<<<< HEAD properties: matchExpressions: description: matchExpressions is a list of label @@ -1638,8 +1628,6 @@ spec: namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. -======= ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) properties: matchExpressions: description: matchExpressions is a list of label @@ -1685,18 +1673,12 @@ spec: type: object type: object namespaces: -<<<<<<< HEAD description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" -======= - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) items: type: string type: array @@ -1788,7 +1770,6 @@ spec: whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. -<<<<<<< HEAD type: object type: object namespaceSelector: @@ -1856,14 +1837,6 @@ spec: listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" -======= - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) items: type: string type: array @@ -1953,7 +1926,6 @@ spec: whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. -<<<<<<< HEAD type: object type: object namespaceSelector: @@ -2016,14 +1988,6 @@ spec: and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" -======= - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) items: type: string type: array @@ -2393,11 +2357,7 @@ spec: pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources -<<<<<<< HEAD allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' -======= - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) type: object requests: additionalProperties: @@ -2409,11 +2369,7 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise -<<<<<<< HEAD to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' -======= - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) type: object type: object serviceAccountName: @@ -2669,7 +2625,6 @@ spec: this volume properties: defaultMode: -<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML @@ -2679,14 +2634,6 @@ spec: be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' -======= - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and the - result can be other mode bits set.' ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer items: @@ -2706,16 +2653,11 @@ spec: description: The key to project. type: string mode: -<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, -======= - description: 'Optional: mode bits to use on this file, - must be a value between 0 and 0777. If not specified, ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other @@ -2743,14 +2685,9 @@ spec: type: boolean type: object csi: -<<<<<<< HEAD description: CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). -======= - description: CSI (Container Storage Interface) represents storage - that is handled by an external CSI driver (Alpha feature). ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) properties: driver: description: Driver is the name of the CSI driver that handles @@ -2797,7 +2734,6 @@ spec: properties: defaultMode: description: 'Optional: mode bits to use on created files -<<<<<<< HEAD by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between @@ -2807,13 +2743,6 @@ spec: this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' -======= - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and the - result can be other mode bits set.' ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer items: @@ -2839,16 +2768,11 @@ spec: - fieldPath type: object mode: -<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, -======= - description: 'Optional: mode bits to use on this file, - must be a value between 0 and 0777. If not specified, ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other @@ -3438,7 +3362,6 @@ spec: and downward API properties: defaultMode: -<<<<<<< HEAD description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts @@ -3447,14 +3370,6 @@ spec: by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. -======= - description: Mode bits to use on created files by default. - Must be a value between 0 and 0777. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits - set. ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer sources: @@ -3487,7 +3402,6 @@ spec: description: The key to project. type: string mode: -<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or @@ -3499,15 +3413,6 @@ spec: with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' -======= - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer path: @@ -3562,7 +3467,6 @@ spec: - fieldPath type: object mode: -<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or @@ -3574,15 +3478,6 @@ spec: with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' -======= - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer path: @@ -3648,7 +3543,6 @@ spec: description: The key to project. type: string mode: -<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or @@ -3660,15 +3554,6 @@ spec: with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' -======= - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer path: @@ -3877,7 +3762,6 @@ spec: this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: -<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML @@ -3887,14 +3771,6 @@ spec: be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' -======= - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and the - result can be other mode bits set.' ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer items: @@ -3914,16 +3790,11 @@ spec: description: The key to project. type: string mode: -<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, -======= - description: 'Optional: mode bits to use on this file, - must be a value between 0 and 0777. If not specified, ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other @@ -4328,7 +4199,6 @@ spec: whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. -<<<<<<< HEAD type: object type: object namespaceSelector: @@ -4396,14 +4266,6 @@ spec: listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" -======= - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) items: type: string type: array @@ -4493,7 +4355,6 @@ spec: whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. -<<<<<<< HEAD type: object type: object namespaceSelector: @@ -4556,14 +4417,6 @@ spec: and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" -======= - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) items: type: string type: array @@ -4609,7 +4462,6 @@ spec: labelSelector: description: A label query over a set of resources, in this case pods. -<<<<<<< HEAD properties: matchExpressions: description: matchExpressions is a list of label @@ -4668,8 +4520,6 @@ spec: ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. -======= ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) properties: matchExpressions: description: matchExpressions is a list of label @@ -4719,18 +4569,12 @@ spec: type: object type: object namespaces: -<<<<<<< HEAD description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" -======= - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) items: type: string type: array @@ -4820,7 +4664,6 @@ spec: whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. -<<<<<<< HEAD type: object type: object namespaceSelector: @@ -4883,14 +4726,6 @@ spec: and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" -======= - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) items: type: string type: array @@ -5014,7 +4849,7 @@ spec: type: object fieldRef: description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' properties: @@ -5807,11 +5642,7 @@ spec: pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources -<<<<<<< HEAD allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' -======= - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) type: object requests: additionalProperties: @@ -5823,11 +5654,7 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise -<<<<<<< HEAD to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' -======= - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) type: object type: object routePolicy: @@ -5923,16 +5750,10 @@ spec: type: object fieldRef: description: 'Selects a field of the pod: supports -<<<<<<< HEAD metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' -======= - metadata.name, metadata.namespace, metadata.labels, - metadata.annotations, spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) properties: apiVersion: description: Version of the schema the FieldPath @@ -6561,11 +6382,7 @@ spec: type: object resources: description: 'Compute Resources required by this container. -<<<<<<< HEAD Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' -======= - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) properties: limits: additionalProperties: @@ -6575,11 +6392,7 @@ spec: pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute -<<<<<<< HEAD resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' -======= - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) type: object requests: additionalProperties: @@ -6592,11 +6405,7 @@ spec: resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: -<<<<<<< HEAD https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' -======= - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) type: object type: object securityContext: @@ -6697,7 +6506,6 @@ spec: user: description: User is a SELinux user label that applies to the container. -<<<<<<< HEAD type: string type: object seccompProfile: @@ -6712,8 +6520,6 @@ spec: a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". -======= ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) type: string type: description: "type indicates which kind of seccomp profile @@ -6736,23 +6542,11 @@ spec: description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named -<<<<<<< HEAD by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. -======= - by the GMSACredentialSpecName field. This field is - alpha-level and is only honored by servers that enable - the WindowsGMSA feature flag. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. This field is alpha-level - and is only honored by servers that enable the WindowsGMSA - feature flag. ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) type: string runAsUserName: description: The UserName in Windows to run the entrypoint @@ -6760,13 +6554,7 @@ spec: in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext -<<<<<<< HEAD takes precedence. -======= - takes precedence. This field is beta-level and may - be disabled with the WindowsRunAsUserName feature - flag. ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) type: string type: object type: object @@ -6778,12 +6566,7 @@ spec: can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. -<<<<<<< HEAD This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' -======= - This cannot be updated. This is an alpha feature enabled by - the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) properties: exec: description: One and only one of the following should be @@ -6961,11 +6744,7 @@ spec: type: string volumeDevices: description: volumeDevices is the list of block devices to be -<<<<<<< HEAD used by the container. -======= - used by the container. This is a beta feature. ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) items: description: volumeDevice describes a mapping of a raw block device within a container. @@ -7340,7 +7119,6 @@ spec: this volume properties: defaultMode: -<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML @@ -7350,14 +7128,6 @@ spec: be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' -======= - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and the - result can be other mode bits set.' ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer items: @@ -7377,16 +7147,11 @@ spec: description: The key to project. type: string mode: -<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, -======= - description: 'Optional: mode bits to use on this file, - must be a value between 0 and 0777. If not specified, ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other @@ -7414,14 +7179,9 @@ spec: type: boolean type: object csi: -<<<<<<< HEAD description: CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). -======= - description: CSI (Container Storage Interface) represents storage - that is handled by an external CSI driver (Alpha feature). ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) properties: driver: description: Driver is the name of the CSI driver that handles @@ -7468,7 +7228,6 @@ spec: properties: defaultMode: description: 'Optional: mode bits to use on created files -<<<<<<< HEAD by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between @@ -7478,13 +7237,6 @@ spec: this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' -======= - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and the - result can be other mode bits set.' ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer items: @@ -7510,16 +7262,11 @@ spec: - fieldPath type: object mode: -<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, -======= - description: 'Optional: mode bits to use on this file, - must be a value between 0 and 0777. If not specified, ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other @@ -8109,7 +7856,6 @@ spec: and downward API properties: defaultMode: -<<<<<<< HEAD description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts @@ -8118,14 +7864,6 @@ spec: by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. -======= - description: Mode bits to use on created files by default. - Must be a value between 0 and 0777. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits - set. ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer sources: @@ -8158,7 +7896,6 @@ spec: description: The key to project. type: string mode: -<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or @@ -8170,15 +7907,6 @@ spec: with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' -======= - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer path: @@ -8233,7 +7961,6 @@ spec: - fieldPath type: object mode: -<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or @@ -8245,15 +7972,6 @@ spec: with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' -======= - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer path: @@ -8319,7 +8037,6 @@ spec: description: The key to project. type: string mode: -<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or @@ -8331,15 +8048,6 @@ spec: with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' -======= - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer path: @@ -8548,7 +8256,6 @@ spec: this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: -<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML @@ -8558,14 +8265,6 @@ spec: be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' -======= - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and the - result can be other mode bits set.' ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) format: int32 type: integer items: @@ -8585,16 +8284,11 @@ spec: description: The key to project. type: string mode: -<<<<<<< HEAD description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, -======= - description: 'Optional: mode bits to use on this file, - must be a value between 0 and 0777. If not specified, ->>>>>>> 41601e2 (remove hostPath mounts, add TZ environment variable) the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other