cdk8splus29

package module
v2.5.8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 15, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

README ¶

cdk8s+ (cdk8s-plus)

High level constructs for Kubernetes

k8s version npm (JS/TS) PyPI (Python) Maven (Java) Go
1.27.0 Link Link Link Link
1.28.0 Link Link Link Link
1.29.0 Link Link Link Link

cdk8s+ is a software development framework that provides high level abstractions for authoring Kubernetes applications. Built on top of the auto generated building blocks provided by cdk8s, this library includes a hand crafted construct for each native kubernetes object, exposing richer API's with reduced complexity.

📚 Documentation

See cdk8s.io.

✋ Contributing

If you'd like to add a new feature or fix a bug, please visit CONTRIBUTING.md!

âš– License

This project is distributed under the Apache License, Version 2.0.

This module is part of the cdk8s project.

Documentation ¶

Overview ¶

cdk8s+ is a software development framework that provides high level abstractions for authoring Kubernetes applications. cdk8s-plus-29 synthesizes Kubernetes manifests for Kubernetes 1.29.0

Index ¶

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AbstractPod_IsConstruct ¶

func AbstractPod_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func AwsElasticBlockStorePersistentVolume_IsConstruct ¶

func AwsElasticBlockStorePersistentVolume_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func AzureDiskPersistentVolume_IsConstruct ¶

func AzureDiskPersistentVolume_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func BasicAuthSecret_IsConstruct ¶

func BasicAuthSecret_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func ClusterRoleBinding_IsConstruct ¶

func ClusterRoleBinding_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func ClusterRole_IsConstruct ¶

func ClusterRole_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func ConfigMap_IsConstruct ¶

func ConfigMap_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CronJob_IsConstruct ¶

func CronJob_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func DaemonSet_IsConstruct ¶

func DaemonSet_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func Deployment_IsConstruct ¶

func Deployment_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func DockerConfigSecret_IsConstruct ¶

func DockerConfigSecret_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func GCEPersistentDiskPersistentVolume_IsConstruct ¶

func GCEPersistentDiskPersistentVolume_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func Group_IsConstruct ¶

func Group_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func HorizontalPodAutoscaler_IsConstruct ¶

func HorizontalPodAutoscaler_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func Ingress_IsConstruct ¶

func Ingress_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func Job_IsConstruct ¶

func Job_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func Namespace_IsConstruct ¶

func Namespace_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func Namespace_NAME_LABEL ¶

func Namespace_NAME_LABEL() *string

func Namespaces_IsConstruct ¶

func Namespaces_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func NetworkPolicyIpBlock_IsConstruct ¶

func NetworkPolicyIpBlock_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func NetworkPolicy_IsConstruct ¶

func NetworkPolicy_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func NewAbstractPod_Override ¶

func NewAbstractPod_Override(a AbstractPod, scope constructs.Construct, id *string, props *AbstractPodProps)

func NewAwsElasticBlockStorePersistentVolume_Override ¶

func NewAwsElasticBlockStorePersistentVolume_Override(a AwsElasticBlockStorePersistentVolume, scope constructs.Construct, id *string, props *AwsElasticBlockStorePersistentVolumeProps)

func NewAzureDiskPersistentVolume_Override ¶

func NewAzureDiskPersistentVolume_Override(a AzureDiskPersistentVolume, scope constructs.Construct, id *string, props *AzureDiskPersistentVolumeProps)

func NewBasicAuthSecret_Override ¶

func NewBasicAuthSecret_Override(b BasicAuthSecret, scope constructs.Construct, id *string, props *BasicAuthSecretProps)

func NewClusterRoleBinding_Override ¶

func NewClusterRoleBinding_Override(c ClusterRoleBinding, scope constructs.Construct, id *string, props *ClusterRoleBindingProps)

func NewClusterRole_Override ¶

func NewClusterRole_Override(c ClusterRole, scope constructs.Construct, id *string, props *ClusterRoleProps)

func NewConfigMap_Override ¶

func NewConfigMap_Override(c ConfigMap, scope constructs.Construct, id *string, props *ConfigMapProps)

func NewContainerSecurityContext_Override ¶

func NewContainerSecurityContext_Override(c ContainerSecurityContext, props *ContainerSecurityContextProps)

func NewContainer_Override ¶

func NewContainer_Override(c Container, props *ContainerProps)

func NewCronJob_Override ¶

func NewCronJob_Override(c CronJob, scope constructs.Construct, id *string, props *CronJobProps)

func NewDaemonSet_Override ¶

func NewDaemonSet_Override(d DaemonSet, scope constructs.Construct, id *string, props *DaemonSetProps)

func NewDeployment_Override ¶

func NewDeployment_Override(d Deployment, scope constructs.Construct, id *string, props *DeploymentProps)

func NewDockerConfigSecret_Override ¶

func NewDockerConfigSecret_Override(d DockerConfigSecret, scope constructs.Construct, id *string, props *DockerConfigSecretProps)

func NewEnvFrom_Override ¶

func NewEnvFrom_Override(e EnvFrom, configMap IConfigMap, prefix *string, sec ISecret)

func NewEnv_Override ¶

func NewEnv_Override(e Env, sources *[]EnvFrom, variables *map[string]EnvValue)

func NewGCEPersistentDiskPersistentVolume_Override ¶

func NewGCEPersistentDiskPersistentVolume_Override(g GCEPersistentDiskPersistentVolume, scope constructs.Construct, id *string, props *GCEPersistentDiskPersistentVolumeProps)

func NewHorizontalPodAutoscaler_Override ¶

func NewHorizontalPodAutoscaler_Override(h HorizontalPodAutoscaler, scope constructs.Construct, id *string, props *HorizontalPodAutoscalerProps)

func NewIngress_Override ¶

func NewIngress_Override(i Ingress, scope constructs.Construct, id *string, props *IngressProps)

func NewJob_Override ¶

func NewJob_Override(j Job, scope constructs.Construct, id *string, props *JobProps)

func NewLabeledNode_Override ¶

func NewLabeledNode_Override(l LabeledNode, labelSelector *[]NodeLabelQuery)

func NewNamedNode_Override ¶

func NewNamedNode_Override(n NamedNode, name *string)

func NewNamespace_Override ¶

func NewNamespace_Override(n Namespace, scope constructs.Construct, id *string, props *NamespaceProps)

func NewNamespaces_Override ¶

func NewNamespaces_Override(n Namespaces, scope constructs.Construct, id *string, expressions *[]LabelExpression, names *[]*string, labels *map[string]*string)

func NewNetworkPolicy_Override ¶

func NewNetworkPolicy_Override(n NetworkPolicy, scope constructs.Construct, id *string, props *NetworkPolicyProps)

func NewNode_Override ¶

func NewNode_Override(n Node)

func NewPersistentVolumeClaim_Override ¶

func NewPersistentVolumeClaim_Override(p PersistentVolumeClaim, scope constructs.Construct, id *string, props *PersistentVolumeClaimProps)

func NewPersistentVolume_Override ¶

func NewPersistentVolume_Override(p PersistentVolume, scope constructs.Construct, id *string, props *PersistentVolumeProps)

func NewPodConnections_Override ¶

func NewPodConnections_Override(p PodConnections, instance AbstractPod)

func NewPodDns_Override ¶

func NewPodDns_Override(p PodDns, props *PodDnsProps)

func NewPodScheduling_Override ¶

func NewPodScheduling_Override(p PodScheduling, instance AbstractPod)

func NewPodSecurityContext_Override ¶

func NewPodSecurityContext_Override(p PodSecurityContext, props *PodSecurityContextProps)

func NewPod_Override ¶

func NewPod_Override(p Pod, scope constructs.Construct, id *string, props *PodProps)

func NewPods_Override ¶

func NewPods_Override(p Pods, scope constructs.Construct, id *string, expressions *[]LabelExpression, labels *map[string]*string, namespaces INamespaceSelector)

func NewResourcePermissions_Override ¶

func NewResourcePermissions_Override(r ResourcePermissions, instance Resource)

func NewResource_Override ¶

func NewResource_Override(r Resource, scope constructs.Construct, id *string)

func NewRoleBinding_Override ¶

func NewRoleBinding_Override(r RoleBinding, scope constructs.Construct, id *string, props *RoleBindingProps)

func NewRole_Override ¶

func NewRole_Override(r Role, scope constructs.Construct, id *string, props *RoleProps)

func NewSecret_Override ¶

func NewSecret_Override(s Secret, scope constructs.Construct, id *string, props *SecretProps)

func NewServiceAccountTokenSecret_Override ¶

func NewServiceAccountTokenSecret_Override(s ServiceAccountTokenSecret, scope constructs.Construct, id *string, props *ServiceAccountTokenSecretProps)

func NewServiceAccount_Override ¶

func NewServiceAccount_Override(s ServiceAccount, scope constructs.Construct, id *string, props *ServiceAccountProps)

func NewService_Override ¶

func NewService_Override(s Service, scope constructs.Construct, id *string, props *ServiceProps)

func NewSshAuthSecret_Override ¶

func NewSshAuthSecret_Override(s SshAuthSecret, scope constructs.Construct, id *string, props *SshAuthSecretProps)

func NewStatefulSet_Override ¶

func NewStatefulSet_Override(s StatefulSet, scope constructs.Construct, id *string, props *StatefulSetProps)

func NewTaintedNode_Override ¶

func NewTaintedNode_Override(t TaintedNode, taintSelector *[]NodeTaintQuery)

func NewTlsSecret_Override ¶

func NewTlsSecret_Override(t TlsSecret, scope constructs.Construct, id *string, props *TlsSecretProps)

func NewWorkloadScheduling_Override ¶

func NewWorkloadScheduling_Override(w WorkloadScheduling, instance AbstractPod)

func NewWorkload_Override ¶

func NewWorkload_Override(w Workload, scope constructs.Construct, id *string, props *WorkloadProps)

func PersistentVolumeClaim_IsConstruct ¶

func PersistentVolumeClaim_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func PersistentVolume_IsConstruct ¶

func PersistentVolume_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func Pod_ADDRESS_LABEL ¶

func Pod_ADDRESS_LABEL() *string

func Pod_IsConstruct ¶

func Pod_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func Pods_IsConstruct ¶

func Pods_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func Resource_IsConstruct ¶

func Resource_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func RoleBinding_IsConstruct ¶

func RoleBinding_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func Role_IsConstruct ¶

func Role_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func Secret_IsConstruct ¶

func Secret_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func ServiceAccountTokenSecret_IsConstruct ¶

func ServiceAccountTokenSecret_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func ServiceAccount_IsConstruct ¶

func ServiceAccount_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func Service_IsConstruct ¶

func Service_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func SshAuthSecret_IsConstruct ¶

func SshAuthSecret_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func StatefulSet_IsConstruct ¶

func StatefulSet_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func TlsSecret_IsConstruct ¶

func TlsSecret_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func User_IsConstruct ¶

func User_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func Volume_IsConstruct ¶

func Volume_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func Workload_IsConstruct ¶

func Workload_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

Types ¶

type AbstractPod ¶

type AbstractPod interface {
	Resource
	INetworkPolicyPeer
	IPodSelector
	ISubject
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	AutomountServiceAccountToken() *bool
	Containers() *[]Container
	Dns() PodDns
	DockerRegistryAuth() ISecret
	HostAliases() *[]*HostAlias
	HostNetwork() *bool
	InitContainers() *[]Container
	Isolate() *bool
	// The object kind (e.g. "Deployment").
	Kind() *string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	PodMetadata() cdk8s.ApiObjectMetadataDefinition
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	RestartPolicy() RestartPolicy
	SecurityContext() PodSecurityContext
	ServiceAccount() IServiceAccount
	TerminationGracePeriod() cdk8s.Duration
	Volumes() *[]Volume
	AddContainer(cont *ContainerProps) Container
	AddHostAlias(hostAlias *HostAlias)
	AddInitContainer(cont *ContainerProps) Container
	AddVolume(vol Volume)
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	AttachContainer(cont Container)
	// Return the configuration of this peer.
	// See: INetworkPolicyPeer.toNetworkPolicyPeerConfig()
	//
	ToNetworkPolicyPeerConfig() *NetworkPolicyPeerConfig
	// Convert the peer into a pod selector, if possible.
	// See: INetworkPolicyPeer.toPodSelector()
	//
	ToPodSelector() IPodSelector
	// Return the configuration of this selector.
	// See: IPodSelector.toPodSelectorConfig()
	//
	ToPodSelectorConfig() *PodSelectorConfig
	// Returns a string representation of this construct.
	ToString() *string
	// Return the subject configuration.
	// See: ISubect.toSubjectConfiguration()
	//
	ToSubjectConfiguration() *SubjectConfiguration
}

type AbstractPodProps ¶

type AbstractPodProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// Indicates whether a service account token should be automatically mounted.
	// See: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
	//
	// Default: false.
	//
	AutomountServiceAccountToken *bool `field:"optional" json:"automountServiceAccountToken" yaml:"automountServiceAccountToken"`
	// List of containers belonging to the pod.
	//
	// Containers cannot currently be
	// added or removed. There must be at least one container in a Pod.
	//
	// You can add additionnal containers using `podSpec.addContainer()`
	// Default: - No containers. Note that a pod spec must include at least one container.
	//
	Containers *[]*ContainerProps `field:"optional" json:"containers" yaml:"containers"`
	// DNS settings for the pod.
	// See: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
	//
	// Default:  policy: DnsPolicy.CLUSTER_FIRST
	// hostnameAsFQDN: false.
	//
	Dns *PodDnsProps `field:"optional" json:"dns" yaml:"dns"`
	// A secret containing docker credentials for authenticating to a registry.
	// Default: - No auth. Images are assumed to be publicly available.
	//
	DockerRegistryAuth ISecret `field:"optional" json:"dockerRegistryAuth" yaml:"dockerRegistryAuth"`
	// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.
	HostAliases *[]*HostAlias `field:"optional" json:"hostAliases" yaml:"hostAliases"`
	// Host network for the pod.
	// Default: false.
	//
	HostNetwork *bool `field:"optional" json:"hostNetwork" yaml:"hostNetwork"`
	// List of initialization containers belonging to the pod.
	//
	// Init containers are executed in order prior to containers being started.
	// If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy.
	// The name for an init container or normal container must be unique among all containers.
	// Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
	// The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit
	// for each resource type, and then using the max of of that value or the sum of the normal containers.
	// Limits are applied to init containers in a similar fashion.
	//
	// Init containers cannot currently be added ,removed or updated.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
	//
	// Default: - No init containers.
	//
	InitContainers *[]*ContainerProps `field:"optional" json:"initContainers" yaml:"initContainers"`
	// Isolates the pod.
	//
	// This will prevent any ingress or egress connections to / from this pod.
	// You can however allow explicit connections post instantiation by using the `.connections` property.
	// Default: false.
	//
	Isolate *bool `field:"optional" json:"isolate" yaml:"isolate"`
	// Restart policy for all containers within the pod.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
	//
	// Default: RestartPolicy.ALWAYS
	//
	RestartPolicy RestartPolicy `field:"optional" json:"restartPolicy" yaml:"restartPolicy"`
	// SecurityContext holds pod-level security attributes and common container settings.
	// Default:   fsGroupChangePolicy: FsGroupChangePolicy.FsGroupChangePolicy.ALWAYS
	// ensureNonRoot: true.
	//
	SecurityContext *PodSecurityContextProps `field:"optional" json:"securityContext" yaml:"securityContext"`
	// A service account provides an identity for processes that run in a Pod.
	//
	// When you (a human) access the cluster (for example, using kubectl), you are
	// authenticated by the apiserver as a particular User Account (currently this
	// is usually admin, unless your cluster administrator has customized your
	// cluster). Processes in containers inside pods can also contact the
	// apiserver. When they do, they are authenticated as a particular Service
	// Account (for example, default).
	// See: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
	//
	// Default: - No service account.
	//
	ServiceAccount IServiceAccount `field:"optional" json:"serviceAccount" yaml:"serviceAccount"`
	// Grace period until the pod is terminated.
	// Default: Duration.seconds(30)
	//
	TerminationGracePeriod cdk8s.Duration `field:"optional" json:"terminationGracePeriod" yaml:"terminationGracePeriod"`
	// List of volumes that can be mounted by containers belonging to the pod.
	//
	// You can also add volumes later using `podSpec.addVolume()`
	// See: https://kubernetes.io/docs/concepts/storage/volumes
	//
	// Default: - No volumes.
	//
	Volumes *[]Volume `field:"optional" json:"volumes" yaml:"volumes"`
}

Properties for `AbstractPod`.

type AddDeploymentOptions ¶

type AddDeploymentOptions struct {
	// The name of this port within the service.
	//
	// This must be a DNS_LABEL. All
	// ports within a ServiceSpec must have unique names. This maps to the 'Name'
	// field in EndpointPort objects. Optional if only one ServicePort is defined
	// on this service.
	Name *string `field:"optional" json:"name" yaml:"name"`
	// The port on each node on which this service is exposed when type=NodePort or LoadBalancer.
	//
	// Usually assigned by the system. If specified, it will be
	// allocated to the service if unused or else creation of the service will
	// fail. Default is to auto-allocate a port if the ServiceType of this Service
	// requires one.
	// See: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
	//
	// Default: - auto-allocate a port if the ServiceType of this Service requires one.
	//
	NodePort *float64 `field:"optional" json:"nodePort" yaml:"nodePort"`
	// The IP protocol for this port.
	//
	// Supports "TCP", "UDP", and "SCTP". Default is TCP.
	// Default: Protocol.TCP
	//
	Protocol Protocol `field:"optional" json:"protocol" yaml:"protocol"`
	// The port number the service will redirect to.
	// Default: - The value of `port` will be used.
	//
	TargetPort *float64 `field:"optional" json:"targetPort" yaml:"targetPort"`
	// The port number the service will bind to.
	// Default: - Copied from the first container of the deployment.
	//
	Port *float64 `field:"optional" json:"port" yaml:"port"`
}

Options to add a deployment to a service.

type AddDirectoryOptions ¶

type AddDirectoryOptions struct {
	// Glob patterns to exclude when adding files.
	// Default: - include all files.
	//
	Exclude *[]*string `field:"optional" json:"exclude" yaml:"exclude"`
	// A prefix to add to all keys in the config map.
	// Default: "".
	//
	KeyPrefix *string `field:"optional" json:"keyPrefix" yaml:"keyPrefix"`
}

Options for `configmap.addDirectory()`.

type ApiResource ¶

type ApiResource interface {
	IApiEndpoint
	IApiResource
	// The group portion of the API version (e.g. `authorization.k8s.io`).
	ApiGroup() *string
	// The name of the resource type as it appears in the relevant API endpoint.
	//
	// Example:
	//   - "pods" or "pods/log"
	//
	// See: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources
	//
	ResourceType() *string
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
}

Represents information about an API resource type.

func ApiResource_API_SERVICES ¶

func ApiResource_API_SERVICES() ApiResource

func ApiResource_BINDINGS ¶

func ApiResource_BINDINGS() ApiResource

func ApiResource_CERTIFICATE_SIGNING_REQUESTS ¶

func ApiResource_CERTIFICATE_SIGNING_REQUESTS() ApiResource

func ApiResource_CLUSTER_ROLES ¶

func ApiResource_CLUSTER_ROLES() ApiResource

func ApiResource_CLUSTER_ROLE_BINDINGS ¶

func ApiResource_CLUSTER_ROLE_BINDINGS() ApiResource

func ApiResource_COMPONENT_STATUSES ¶

func ApiResource_COMPONENT_STATUSES() ApiResource

func ApiResource_CONFIG_MAPS ¶

func ApiResource_CONFIG_MAPS() ApiResource

func ApiResource_CONTROLLER_REVISIONS ¶

func ApiResource_CONTROLLER_REVISIONS() ApiResource

func ApiResource_CRON_JOBS ¶

func ApiResource_CRON_JOBS() ApiResource

func ApiResource_CSI_DRIVERS ¶

func ApiResource_CSI_DRIVERS() ApiResource

func ApiResource_CSI_NODES ¶

func ApiResource_CSI_NODES() ApiResource

func ApiResource_CSI_STORAGE_CAPACITIES ¶

func ApiResource_CSI_STORAGE_CAPACITIES() ApiResource

func ApiResource_CUSTOM_RESOURCE_DEFINITIONS ¶

func ApiResource_CUSTOM_RESOURCE_DEFINITIONS() ApiResource

func ApiResource_Custom ¶

func ApiResource_Custom(options *ApiResourceOptions) ApiResource

API resource information for a custom resource type.

func ApiResource_DAEMON_SETS ¶

func ApiResource_DAEMON_SETS() ApiResource

func ApiResource_DEPLOYMENTS ¶

func ApiResource_DEPLOYMENTS() ApiResource

func ApiResource_ENDPOINTS ¶

func ApiResource_ENDPOINTS() ApiResource

func ApiResource_ENDPOINT_SLICES ¶

func ApiResource_ENDPOINT_SLICES() ApiResource

func ApiResource_EVENTS ¶

func ApiResource_EVENTS() ApiResource

func ApiResource_FLOW_SCHEMAS ¶

func ApiResource_FLOW_SCHEMAS() ApiResource

func ApiResource_HORIZONTAL_POD_AUTOSCALERS ¶

func ApiResource_HORIZONTAL_POD_AUTOSCALERS() ApiResource

func ApiResource_INGRESSES ¶

func ApiResource_INGRESSES() ApiResource

func ApiResource_INGRESS_CLASSES ¶

func ApiResource_INGRESS_CLASSES() ApiResource

func ApiResource_JOBS ¶

func ApiResource_JOBS() ApiResource

func ApiResource_LEASES ¶

func ApiResource_LEASES() ApiResource

func ApiResource_LIMIT_RANGES ¶

func ApiResource_LIMIT_RANGES() ApiResource

func ApiResource_LOCAL_SUBJECT_ACCESS_REVIEWS ¶

func ApiResource_LOCAL_SUBJECT_ACCESS_REVIEWS() ApiResource

func ApiResource_MUTATING_WEBHOOK_CONFIGURATIONS ¶

func ApiResource_MUTATING_WEBHOOK_CONFIGURATIONS() ApiResource

func ApiResource_NAMESPACES ¶

func ApiResource_NAMESPACES() ApiResource

func ApiResource_NETWORK_POLICIES ¶

func ApiResource_NETWORK_POLICIES() ApiResource

func ApiResource_NODES ¶

func ApiResource_NODES() ApiResource

func ApiResource_PERSISTENT_VOLUMES ¶

func ApiResource_PERSISTENT_VOLUMES() ApiResource

func ApiResource_PERSISTENT_VOLUME_CLAIMS ¶

func ApiResource_PERSISTENT_VOLUME_CLAIMS() ApiResource

func ApiResource_PODS ¶

func ApiResource_PODS() ApiResource

func ApiResource_POD_DISRUPTION_BUDGETS ¶

func ApiResource_POD_DISRUPTION_BUDGETS() ApiResource

func ApiResource_POD_TEMPLATES ¶

func ApiResource_POD_TEMPLATES() ApiResource

func ApiResource_PRIORITY_CLASSES ¶

func ApiResource_PRIORITY_CLASSES() ApiResource

func ApiResource_PRIORITY_LEVEL_CONFIGURATIONS ¶

func ApiResource_PRIORITY_LEVEL_CONFIGURATIONS() ApiResource

func ApiResource_REPLICATION_CONTROLLERS ¶

func ApiResource_REPLICATION_CONTROLLERS() ApiResource

func ApiResource_REPLICA_SETS ¶

func ApiResource_REPLICA_SETS() ApiResource

func ApiResource_RESOURCE_QUOTAS ¶

func ApiResource_RESOURCE_QUOTAS() ApiResource

func ApiResource_ROLES ¶

func ApiResource_ROLES() ApiResource

func ApiResource_ROLE_BINDINGS ¶

func ApiResource_ROLE_BINDINGS() ApiResource

func ApiResource_RUNTIME_CLASSES ¶

func ApiResource_RUNTIME_CLASSES() ApiResource

func ApiResource_SECRETS ¶

func ApiResource_SECRETS() ApiResource

func ApiResource_SELF_SUBJECT_ACCESS_REVIEWS ¶

func ApiResource_SELF_SUBJECT_ACCESS_REVIEWS() ApiResource

func ApiResource_SELF_SUBJECT_RULES_REVIEWS ¶

func ApiResource_SELF_SUBJECT_RULES_REVIEWS() ApiResource

func ApiResource_SERVICES ¶

func ApiResource_SERVICES() ApiResource

func ApiResource_SERVICE_ACCOUNTS ¶

func ApiResource_SERVICE_ACCOUNTS() ApiResource

func ApiResource_STATEFUL_SETS ¶

func ApiResource_STATEFUL_SETS() ApiResource

func ApiResource_STORAGE_CLASSES ¶

func ApiResource_STORAGE_CLASSES() ApiResource

func ApiResource_SUBJECT_ACCESS_REVIEWS ¶

func ApiResource_SUBJECT_ACCESS_REVIEWS() ApiResource

func ApiResource_TOKEN_REVIEWS ¶

func ApiResource_TOKEN_REVIEWS() ApiResource

func ApiResource_VALIDATING_WEBHOOK_CONFIGURATIONS ¶

func ApiResource_VALIDATING_WEBHOOK_CONFIGURATIONS() ApiResource

func ApiResource_VOLUME_ATTACHMENTS ¶

func ApiResource_VOLUME_ATTACHMENTS() ApiResource

type ApiResourceOptions ¶

type ApiResourceOptions struct {
	// The group portion of the API version (e.g. `authorization.k8s.io`).
	ApiGroup *string `field:"required" json:"apiGroup" yaml:"apiGroup"`
	// The name of the resource type as it appears in the relevant API endpoint.
	//
	// Example:
	//   - "pods" or "pods/log"
	//
	// See: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources
	//
	ResourceType *string `field:"required" json:"resourceType" yaml:"resourceType"`
}

Options for `ApiResource`.

type AwsElasticBlockStorePersistentVolume ¶

type AwsElasticBlockStorePersistentVolume interface {
	PersistentVolume
	// Access modes requirement of this claim.
	AccessModes() *[]PersistentVolumeAccessMode
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	// PVC this volume is bound to.
	//
	// Undefined means this volume is not yet
	// claimed by any PVC.
	Claim() IPersistentVolumeClaim
	// File system type of this volume.
	FsType() *string
	// The object kind (e.g. "Deployment").
	Kind() *string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// Volume mode of this volume.
	Mode() PersistentVolumeMode
	// Mount options of this volume.
	MountOptions() *[]*string
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	// Partition of this volume.
	Partition() *float64
	Permissions() ResourcePermissions
	// Whether or not it is mounted as a read-only volume.
	ReadOnly() *bool
	// Reclaim policy of this volume.
	ReclaimPolicy() PersistentVolumeReclaimPolicy
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	// Storage size of this volume.
	Storage() cdk8s.Size
	// Storage class this volume belongs to.
	StorageClassName() *string
	// Volume id of this volume.
	VolumeId() *string
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	// Convert the piece of storage into a concrete volume.
	AsVolume() Volume
	// Bind a volume to a specific claim.
	//
	// Note that you must also bind the claim to the volume.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#binding
	//
	Bind(claim IPersistentVolumeClaim)
	// Reserve a `PersistentVolume` by creating a `PersistentVolumeClaim` that is wired to claim this volume.
	//
	// Note that this method will throw in case the volume is already claimed.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#reserving-a-persistentvolume
	//
	Reserve() PersistentVolumeClaim
	// Returns a string representation of this construct.
	ToString() *string
}

Represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. See: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

func NewAwsElasticBlockStorePersistentVolume ¶

func NewAwsElasticBlockStorePersistentVolume(scope constructs.Construct, id *string, props *AwsElasticBlockStorePersistentVolumeProps) AwsElasticBlockStorePersistentVolume

type AwsElasticBlockStorePersistentVolumeProps ¶

type AwsElasticBlockStorePersistentVolumeProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// Contains all ways the volume can be mounted.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes
	//
	// Default: - No access modes.
	//
	AccessModes *[]PersistentVolumeAccessMode `field:"optional" json:"accessModes" yaml:"accessModes"`
	// Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.
	//
	// Expected to be non-nil when bound.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding
	//
	// Default: - Not bound to a specific claim.
	//
	Claim IPersistentVolumeClaim `field:"optional" json:"claim" yaml:"claim"`
	// A list of mount options, e.g. ["ro", "soft"]. Not validated - mount will simply fail if one is invalid.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options
	//
	// Default: - No options.
	//
	MountOptions *[]*string `field:"optional" json:"mountOptions" yaml:"mountOptions"`
	// When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource.
	//
	// The reclaim policy tells the cluster what to do with
	// the volume after it has been released of its claim.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming
	//
	// Default: PersistentVolumeReclaimPolicy.RETAIN
	//
	ReclaimPolicy PersistentVolumeReclaimPolicy `field:"optional" json:"reclaimPolicy" yaml:"reclaimPolicy"`
	// What is the storage capacity of this volume.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
	//
	// Default: - No specified.
	//
	Storage cdk8s.Size `field:"optional" json:"storage" yaml:"storage"`
	// Name of StorageClass to which this persistent volume belongs.
	// Default: - Volume does not belong to any storage class.
	//
	StorageClassName *string `field:"optional" json:"storageClassName" yaml:"storageClassName"`
	// Defines what type of volume is required by the claim.
	// Default: VolumeMode.FILE_SYSTEM
	//
	VolumeMode PersistentVolumeMode `field:"optional" json:"volumeMode" yaml:"volumeMode"`
	// Unique ID of the persistent disk resource in AWS (Amazon EBS volume).
	//
	// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
	// See: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
	//
	VolumeId *string `field:"required" json:"volumeId" yaml:"volumeId"`
	// Filesystem type of the volume that you want to mount.
	//
	// Tip: Ensure that the filesystem type is supported by the host operating system.
	// See: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
	//
	// Default: 'ext4'.
	//
	FsType *string `field:"optional" json:"fsType" yaml:"fsType"`
	// The partition in the volume that you want to mount.
	//
	// If omitted, the default is to mount by volume name.
	// Examples: For volume /dev/sda1, you specify the partition as "1".
	// Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
	// Default: - No partition.
	//
	Partition *float64 `field:"optional" json:"partition" yaml:"partition"`
	// Specify "true" to force and set the ReadOnly property in VolumeMounts to "true".
	// See: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
	//
	// Default: false.
	//
	ReadOnly *bool `field:"optional" json:"readOnly" yaml:"readOnly"`
}

Properties for `AwsElasticBlockStorePersistentVolume`.

type AwsElasticBlockStoreVolumeOptions ¶

type AwsElasticBlockStoreVolumeOptions struct {
	// Filesystem type of the volume that you want to mount.
	//
	// Tip: Ensure that the filesystem type is supported by the host operating system.
	// See: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
	//
	// Default: 'ext4'.
	//
	FsType *string `field:"optional" json:"fsType" yaml:"fsType"`
	// The volume name.
	// Default: - auto-generated.
	//
	Name *string `field:"optional" json:"name" yaml:"name"`
	// The partition in the volume that you want to mount.
	//
	// If omitted, the default is to mount by volume name.
	// Examples: For volume /dev/sda1, you specify the partition as "1".
	// Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
	// Default: - No partition.
	//
	Partition *float64 `field:"optional" json:"partition" yaml:"partition"`
	// Specify "true" to force and set the ReadOnly property in VolumeMounts to "true".
	// See: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
	//
	// Default: false.
	//
	ReadOnly *bool `field:"optional" json:"readOnly" yaml:"readOnly"`
}

Options of `Volume.fromAwsElasticBlockStore`.

type AzureDiskPersistentVolume ¶

type AzureDiskPersistentVolume interface {
	PersistentVolume
	// Access modes requirement of this claim.
	AccessModes() *[]PersistentVolumeAccessMode
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	// Azure kind of this volume.
	AzureKind() AzureDiskPersistentVolumeKind
	// Caching mode of this volume.
	CachingMode() AzureDiskPersistentVolumeCachingMode
	// PVC this volume is bound to.
	//
	// Undefined means this volume is not yet
	// claimed by any PVC.
	Claim() IPersistentVolumeClaim
	// Disk name of this volume.
	DiskName() *string
	// Disk URI of this volume.
	DiskUri() *string
	// File system type of this volume.
	FsType() *string
	// The object kind (e.g. "Deployment").
	Kind() *string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// Volume mode of this volume.
	Mode() PersistentVolumeMode
	// Mount options of this volume.
	MountOptions() *[]*string
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// Whether or not it is mounted as a read-only volume.
	ReadOnly() *bool
	// Reclaim policy of this volume.
	ReclaimPolicy() PersistentVolumeReclaimPolicy
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	// Storage size of this volume.
	Storage() cdk8s.Size
	// Storage class this volume belongs to.
	StorageClassName() *string
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	// Convert the piece of storage into a concrete volume.
	AsVolume() Volume
	// Bind a volume to a specific claim.
	//
	// Note that you must also bind the claim to the volume.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#binding
	//
	Bind(claim IPersistentVolumeClaim)
	// Reserve a `PersistentVolume` by creating a `PersistentVolumeClaim` that is wired to claim this volume.
	//
	// Note that this method will throw in case the volume is already claimed.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#reserving-a-persistentvolume
	//
	Reserve() PersistentVolumeClaim
	// Returns a string representation of this construct.
	ToString() *string
}

AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.

func NewAzureDiskPersistentVolume ¶

func NewAzureDiskPersistentVolume(scope constructs.Construct, id *string, props *AzureDiskPersistentVolumeProps) AzureDiskPersistentVolume

type AzureDiskPersistentVolumeCachingMode ¶

type AzureDiskPersistentVolumeCachingMode string

Azure disk caching modes.

const (
	// None.
	AzureDiskPersistentVolumeCachingMode_NONE AzureDiskPersistentVolumeCachingMode = "NONE"
	// ReadOnly.
	AzureDiskPersistentVolumeCachingMode_READ_ONLY AzureDiskPersistentVolumeCachingMode = "READ_ONLY"
	// ReadWrite.
	AzureDiskPersistentVolumeCachingMode_READ_WRITE AzureDiskPersistentVolumeCachingMode = "READ_WRITE"
)

type AzureDiskPersistentVolumeKind ¶

type AzureDiskPersistentVolumeKind string

Azure Disk kinds.

const (
	// Multiple blob disks per storage account.
	AzureDiskPersistentVolumeKind_SHARED AzureDiskPersistentVolumeKind = "SHARED"
	// Single blob disk per storage account.
	AzureDiskPersistentVolumeKind_DEDICATED AzureDiskPersistentVolumeKind = "DEDICATED"
	// Azure managed data disk.
	AzureDiskPersistentVolumeKind_MANAGED AzureDiskPersistentVolumeKind = "MANAGED"
)

type AzureDiskPersistentVolumeProps ¶

type AzureDiskPersistentVolumeProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// Contains all ways the volume can be mounted.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes
	//
	// Default: - No access modes.
	//
	AccessModes *[]PersistentVolumeAccessMode `field:"optional" json:"accessModes" yaml:"accessModes"`
	// Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.
	//
	// Expected to be non-nil when bound.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding
	//
	// Default: - Not bound to a specific claim.
	//
	Claim IPersistentVolumeClaim `field:"optional" json:"claim" yaml:"claim"`
	// A list of mount options, e.g. ["ro", "soft"]. Not validated - mount will simply fail if one is invalid.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options
	//
	// Default: - No options.
	//
	MountOptions *[]*string `field:"optional" json:"mountOptions" yaml:"mountOptions"`
	// When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource.
	//
	// The reclaim policy tells the cluster what to do with
	// the volume after it has been released of its claim.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming
	//
	// Default: PersistentVolumeReclaimPolicy.RETAIN
	//
	ReclaimPolicy PersistentVolumeReclaimPolicy `field:"optional" json:"reclaimPolicy" yaml:"reclaimPolicy"`
	// What is the storage capacity of this volume.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
	//
	// Default: - No specified.
	//
	Storage cdk8s.Size `field:"optional" json:"storage" yaml:"storage"`
	// Name of StorageClass to which this persistent volume belongs.
	// Default: - Volume does not belong to any storage class.
	//
	StorageClassName *string `field:"optional" json:"storageClassName" yaml:"storageClassName"`
	// Defines what type of volume is required by the claim.
	// Default: VolumeMode.FILE_SYSTEM
	//
	VolumeMode PersistentVolumeMode `field:"optional" json:"volumeMode" yaml:"volumeMode"`
	// The Name of the data disk in the blob storage.
	DiskName *string `field:"required" json:"diskName" yaml:"diskName"`
	// The URI the data disk in the blob storage.
	DiskUri *string `field:"required" json:"diskUri" yaml:"diskUri"`
	// Host Caching mode.
	// Default: - AzureDiskPersistentVolumeCachingMode.NONE.
	//
	CachingMode AzureDiskPersistentVolumeCachingMode `field:"optional" json:"cachingMode" yaml:"cachingMode"`
	// Filesystem type to mount.
	//
	// Must be a filesystem type supported by the host operating system.
	// Default: 'ext4'.
	//
	FsType *string `field:"optional" json:"fsType" yaml:"fsType"`
	// Kind of disk.
	// Default: AzureDiskPersistentVolumeKind.SHARED
	//
	Kind AzureDiskPersistentVolumeKind `field:"optional" json:"kind" yaml:"kind"`
	// Force the ReadOnly setting in VolumeMounts.
	// Default: false.
	//
	ReadOnly *bool `field:"optional" json:"readOnly" yaml:"readOnly"`
}

Properties for `AzureDiskPersistentVolume`.

type AzureDiskVolumeOptions ¶

type AzureDiskVolumeOptions struct {
	// Host Caching mode.
	// Default: - AzureDiskPersistentVolumeCachingMode.NONE.
	//
	CachingMode AzureDiskPersistentVolumeCachingMode `field:"optional" json:"cachingMode" yaml:"cachingMode"`
	// Filesystem type to mount.
	//
	// Must be a filesystem type supported by the host operating system.
	// Default: 'ext4'.
	//
	FsType *string `field:"optional" json:"fsType" yaml:"fsType"`
	// Kind of disk.
	// Default: AzureDiskPersistentVolumeKind.SHARED
	//
	Kind AzureDiskPersistentVolumeKind `field:"optional" json:"kind" yaml:"kind"`
	// The volume name.
	// Default: - auto-generated.
	//
	Name *string `field:"optional" json:"name" yaml:"name"`
	// Force the ReadOnly setting in VolumeMounts.
	// Default: false.
	//
	ReadOnly *bool `field:"optional" json:"readOnly" yaml:"readOnly"`
}

Options of `Volume.fromAzureDisk`.

type BasicAuthSecret ¶

type BasicAuthSecret interface {
	Secret
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	// Whether or not the secret is immutable.
	Immutable() *bool
	// The object kind (e.g. "Deployment").
	Kind() *string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	// Adds a string data field to the secret.
	AddStringData(key *string, value *string)
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	// Returns EnvValue object from a secret's key.
	EnvValue(key *string, options *EnvValueFromSecretOptions) EnvValue
	// Gets a string data by key or undefined.
	GetStringData(key *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

Create a secret for basic authentication. See: https://kubernetes.io/docs/concepts/configuration/secret/#basic-authentication-secret

func NewBasicAuthSecret ¶

func NewBasicAuthSecret(scope constructs.Construct, id *string, props *BasicAuthSecretProps) BasicAuthSecret

type BasicAuthSecretProps ¶

type BasicAuthSecretProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).
	//
	// If not set to true, the field can be modified at any time.
	// Default: false.
	//
	Immutable *bool `field:"optional" json:"immutable" yaml:"immutable"`
	// The password or token for authentication.
	Password *string `field:"required" json:"password" yaml:"password"`
	// The user name for authentication.
	Username *string `field:"required" json:"username" yaml:"username"`
}

Options for `BasicAuthSecret`.

type Capability ¶ added in v2.3.0

type Capability string

Capability - complete list of POSIX capabilities.

const (
	// ALL.
	Capability_ALL Capability = "ALL"
	// CAP_AUDIT_CONTROL.
	Capability_AUDIT_CONTROL Capability = "AUDIT_CONTROL"
	// CAP_AUDIT_READ.
	Capability_AUDIT_READ Capability = "AUDIT_READ"
	// CAP_AUDIT_WRITE.
	Capability_AUDIT_WRITE Capability = "AUDIT_WRITE"
	// CAP_BLOCK_SUSPEND.
	Capability_BLOCK_SUSPEND Capability = "BLOCK_SUSPEND"
	// CAP_BPF.
	Capability_BPF Capability = "BPF"
	// CAP_CHECKPOINT_RESTORE.
	Capability_CHECKPOINT_RESTORE Capability = "CHECKPOINT_RESTORE"
	// CAP_CHOWN.
	Capability_CHOWN Capability = "CHOWN"
	// CAP_DAC_OVERRIDE.
	Capability_DAC_OVERRIDE Capability = "DAC_OVERRIDE"
	// CAP_DAC_READ_SEARCH.
	Capability_DAC_READ_SEARCH Capability = "DAC_READ_SEARCH"
	// CAP_FOWNER.
	Capability_FOWNER Capability = "FOWNER"
	// CAP_FSETID.
	Capability_FSETID Capability = "FSETID"
	// CAP_IPC_LOCK.
	Capability_IPC_LOCK Capability = "IPC_LOCK"
	// CAP_IPC_OWNER.
	Capability_IPC_OWNER Capability = "IPC_OWNER"
	// CAP_KILL.
	Capability_KILL Capability = "KILL"
	// CAP_LEASE.
	Capability_LEASE Capability = "LEASE"
	// CAP_LINUX_IMMUTABLE.
	Capability_LINUX_IMMUTABLE Capability = "LINUX_IMMUTABLE"
	// CAP_MAC_ADMIN.
	Capability_MAC_ADMIN Capability = "MAC_ADMIN"
	// CAP_MAC_OVERRIDE.
	Capability_MAC_OVERRIDE Capability = "MAC_OVERRIDE"
	// CAP_MKNOD.
	Capability_MKNOD Capability = "MKNOD"
	// CAP_NET_ADMIN.
	Capability_NET_ADMIN Capability = "NET_ADMIN"
	// CAP_NET_BIND_SERVICE.
	Capability_NET_BIND_SERVICE Capability = "NET_BIND_SERVICE"
	// CAP_NET_BROADCAST.
	Capability_NET_BROADCAST Capability = "NET_BROADCAST"
	// CAP_NET_RAW.
	Capability_NET_RAW Capability = "NET_RAW"
	// CAP_PERFMON.
	Capability_PERFMON Capability = "PERFMON"
	// CAP_SETGID.
	Capability_SETGID Capability = "SETGID"
	// CAP_SETFCAP.
	Capability_SETFCAP Capability = "SETFCAP"
	// CAP_SETPCAP.
	Capability_SETPCAP Capability = "SETPCAP"
	// CAP_SETUID.
	Capability_SETUID Capability = "SETUID"
	// CAP_SYS_ADMIN.
	Capability_SYS_ADMIN Capability = "SYS_ADMIN"
	// CAP_SYS_BOOT.
	Capability_SYS_BOOT Capability = "SYS_BOOT"
	// CAP_SYS_CHROOT.
	Capability_SYS_CHROOT Capability = "SYS_CHROOT"
	// CAP_SYS_MODULE.
	Capability_SYS_MODULE Capability = "SYS_MODULE"
	// CAP_SYS_NICE.
	Capability_SYS_NICE Capability = "SYS_NICE"
	// CAP_SYS_PACCT.
	Capability_SYS_PACCT Capability = "SYS_PACCT"
	// CAP_SYS_PTRACE.
	Capability_SYS_PTRACE Capability = "SYS_PTRACE"
	// CAP_SYS_RAWIO.
	Capability_SYS_RAWIO Capability = "SYS_RAWIO"
	// CAP_SYS_RESOURCE.
	Capability_SYS_RESOURCE Capability = "SYS_RESOURCE"
	// CAP_SYS_TIME.
	Capability_SYS_TIME Capability = "SYS_TIME"
	// CAP_SYS_TTY_CONFIG.
	Capability_SYS_TTY_CONFIG Capability = "SYS_TTY_CONFIG"
	// CAP_SYSLOG.
	Capability_SYSLOG Capability = "SYSLOG"
	// CAP_WAKE_ALARM.
	Capability_WAKE_ALARM Capability = "WAKE_ALARM"
)

type ClusterRole ¶

type ClusterRole interface {
	Resource
	IClusterRole
	IRole
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	// The object kind (e.g. "Deployment").
	Kind() *string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	// Rules associaated with this Role.
	//
	// Returns a copy, use `allow` to add rules.
	Rules() *[]*ClusterRolePolicyRule
	// Aggregate rules from roles matching this label selector.
	Aggregate(key *string, value *string)
	// Add permission to perform a list of HTTP verbs on a collection of resources.
	// See: https://kubernetes.io/docs/reference/access-authn-authz/authorization/#determine-the-request-verb
	//
	Allow(verbs *[]*string, endpoints ...IApiEndpoint)
	// Add "create" permission for the resources.
	AllowCreate(endpoints ...IApiEndpoint)
	// Add "delete" permission for the resources.
	AllowDelete(endpoints ...IApiEndpoint)
	// Add "deletecollection" permission for the resources.
	AllowDeleteCollection(endpoints ...IApiEndpoint)
	// Add "get" permission for the resources.
	AllowGet(endpoints ...IApiEndpoint)
	// Add "list" permission for the resources.
	AllowList(endpoints ...IApiEndpoint)
	// Add "patch" permission for the resources.
	AllowPatch(endpoints ...IApiEndpoint)
	// Add "get", "list", and "watch" permissions for the resources.
	AllowRead(endpoints ...IApiEndpoint)
	// Add "get", "list", "watch", "create", "update", "patch", "delete", and "deletecollection" permissions for the resources.
	AllowReadWrite(endpoints ...IApiEndpoint)
	// Add "update" permission for the resources.
	AllowUpdate(endpoints ...IApiEndpoint)
	// Add "watch" permission for the resources.
	AllowWatch(endpoints ...IApiEndpoint)
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	// Create a ClusterRoleBinding that binds the permissions in this ClusterRole to a list of subjects, without namespace restrictions.
	Bind(subjects ...ISubject) ClusterRoleBinding
	// Create a RoleBinding that binds the permissions in this ClusterRole to a list of subjects, that will only apply to the given namespace.
	BindInNamespace(namespace *string, subjects ...ISubject) RoleBinding
	// Combines the rules of the argument ClusterRole into this ClusterRole using aggregation labels.
	Combine(rol ClusterRole)
	// Returns a string representation of this construct.
	ToString() *string
}

ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.

func NewClusterRole ¶

func NewClusterRole(scope constructs.Construct, id *string, props *ClusterRoleProps) ClusterRole

type ClusterRoleBinding ¶

type ClusterRoleBinding interface {
	Resource
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	// The object kind (e.g. "Deployment").
	Kind() *string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	Role() IClusterRole
	Subjects() *[]ISubject
	// Adds a subject to the role.
	AddSubjects(subjects ...ISubject)
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	// Returns a string representation of this construct.
	ToString() *string
}

A ClusterRoleBinding grants permissions cluster-wide to a user or set of users.

func NewClusterRoleBinding ¶

func NewClusterRoleBinding(scope constructs.Construct, id *string, props *ClusterRoleBindingProps) ClusterRoleBinding

type ClusterRoleBindingProps ¶

type ClusterRoleBindingProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// The role to bind to.
	Role IClusterRole `field:"required" json:"role" yaml:"role"`
}

Properties for `ClusterRoleBinding`.

type ClusterRolePolicyRule ¶

type ClusterRolePolicyRule struct {
	// Endpoints this rule applies to.
	//
	// Can be either api resources
	// or non api resources.
	Endpoints *[]IApiEndpoint `field:"required" json:"endpoints" yaml:"endpoints"`
	// Verbs to allow.
	//
	// (e.g ['get', 'watch'])
	Verbs *[]*string `field:"required" json:"verbs" yaml:"verbs"`
}

Policy rule of a `ClusterRole.

type ClusterRoleProps ¶

type ClusterRoleProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// Specify labels that should be used to locate ClusterRoles, whose rules will be automatically filled into this ClusterRole's rules.
	AggregationLabels *map[string]*string `field:"optional" json:"aggregationLabels" yaml:"aggregationLabels"`
	// A list of rules the role should allow.
	// Default: [].
	//
	Rules *[]*ClusterRolePolicyRule `field:"optional" json:"rules" yaml:"rules"`
}

Properties for `ClusterRole`.

type CommandProbeOptions ¶

type CommandProbeOptions struct {
	// Minimum consecutive failures for the probe to be considered failed after having succeeded.
	//
	// Defaults to 3. Minimum value is 1.
	// Default: 3.
	//
	FailureThreshold *float64 `field:"optional" json:"failureThreshold" yaml:"failureThreshold"`
	// Number of seconds after the container has started before liveness probes are initiated.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
	//
	// Default: - immediate.
	//
	InitialDelaySeconds cdk8s.Duration `field:"optional" json:"initialDelaySeconds" yaml:"initialDelaySeconds"`
	// How often (in seconds) to perform the probe.
	//
	// Default to 10 seconds. Minimum value is 1.
	// Default: Duration.seconds(10) Minimum value is 1.
	//
	PeriodSeconds cdk8s.Duration `field:"optional" json:"periodSeconds" yaml:"periodSeconds"`
	// Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1.
	//
	// Must be 1 for liveness and startup. Minimum value is 1.
	// Default: 1 Must be 1 for liveness and startup. Minimum value is 1.
	//
	SuccessThreshold *float64 `field:"optional" json:"successThreshold" yaml:"successThreshold"`
	// Number of seconds after which the probe times out.
	//
	// Defaults to 1 second. Minimum value is 1.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
	//
	// Default: Duration.seconds(1)
	//
	TimeoutSeconds cdk8s.Duration `field:"optional" json:"timeoutSeconds" yaml:"timeoutSeconds"`
}

Options for `Probe.fromCommand()`.

type CommonSecretProps ¶

type CommonSecretProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).
	//
	// If not set to true, the field can be modified at any time.
	// Default: false.
	//
	Immutable *bool `field:"optional" json:"immutable" yaml:"immutable"`
}

Common properties for `Secret`.

type ConcurrencyPolicy ¶

type ConcurrencyPolicy string

Concurrency policy for CronJobs.

const (
	// This policy allows to run job concurrently.
	ConcurrencyPolicy_ALLOW ConcurrencyPolicy = "ALLOW"
	// This policy does not allow to run job concurrently.
	//
	// It does not let a new job to be scheduled if the previous one is not finished yet.
	ConcurrencyPolicy_FORBID ConcurrencyPolicy = "FORBID"
	// This policy replaces the currently running job if a new job is being scheduled.
	ConcurrencyPolicy_REPLACE ConcurrencyPolicy = "REPLACE"
)

type ConfigMap ¶

type ConfigMap interface {
	Resource
	IConfigMap
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	// The binary data associated with this config map.
	//
	// Returns a copy. To add data records, use `addBinaryData()` or `addData()`.
	BinaryData() *map[string]*string
	// The data associated with this config map.
	//
	// Returns an copy. To add data records, use `addData()` or `addBinaryData()`.
	Data() *map[string]*string
	// Whether or not this config map is immutable.
	Immutable() *bool
	// The object kind (e.g. "Deployment").
	Kind() *string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	// Adds a binary data entry to the config map.
	//
	// BinaryData can contain byte
	// sequences that are not in the UTF-8 range.
	AddBinaryData(key *string, value *string)
	// Adds a data entry to the config map.
	AddData(key *string, value *string)
	// Adds a directory to the ConfigMap.
	AddDirectory(localDir *string, options *AddDirectoryOptions)
	// Adds a file to the ConfigMap.
	AddFile(localFile *string, key *string)
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	// Returns a string representation of this construct.
	ToString() *string
}

ConfigMap holds configuration data for pods to consume.

func NewConfigMap ¶

func NewConfigMap(scope constructs.Construct, id *string, props *ConfigMapProps) ConfigMap

type ConfigMapProps ¶

type ConfigMapProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// BinaryData contains the binary data.
	//
	// Each key must consist of alphanumeric characters, '-', '_' or '.'.
	// BinaryData can contain byte sequences that are not in the UTF-8 range. The
	// keys stored in BinaryData must not overlap with the ones in the Data field,
	// this is enforced during validation process.
	//
	// You can also add binary data using `configMap.addBinaryData()`.
	BinaryData *map[string]*string `field:"optional" json:"binaryData" yaml:"binaryData"`
	// Data contains the configuration data.
	//
	// Each key must consist of alphanumeric characters, '-', '_' or '.'. Values
	// with non-UTF-8 byte sequences must use the BinaryData field. The keys
	// stored in Data must not overlap with the keys in the BinaryData field, this
	// is enforced during validation process.
	//
	// You can also add data using `configMap.addData()`.
	Data *map[string]*string `field:"optional" json:"data" yaml:"data"`
	// If set to true, ensures that data stored in the ConfigMap cannot be updated (only object metadata can be modified).
	//
	// If not set to true, the field can be modified at any time.
	// Default: false.
	//
	Immutable *bool `field:"optional" json:"immutable" yaml:"immutable"`
}

Properties for initialization of `ConfigMap`.

type ConfigMapVolumeOptions ¶

type ConfigMapVolumeOptions struct {
	// Mode bits to use on created files by default.
	//
	// Must be a value between 0 and
	// 0777. Defaults to 0644. Directories within the path are not affected by
	// this setting. This might be in conflict with other options that affect the
	// file mode, like fsGroup, and the result can be other mode bits set.
	// Default: 0644. Directories within the path are not affected by this
	// setting. This might be in conflict with other options that affect the file
	// mode, like fsGroup, and the result can be other mode bits set.
	//
	DefaultMode *float64 `field:"optional" json:"defaultMode" yaml:"defaultMode"`
	// If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value.
	//
	// If specified, the listed keys will be projected
	// into the specified paths, and unlisted keys will not be present. If a key
	// is specified which is not present in the ConfigMap, the volume setup will
	// error unless it is marked optional. Paths must be relative and may not
	// contain the '..' path or start with '..'.
	// Default: - no mapping.
	//
	Items *map[string]*PathMapping `field:"optional" json:"items" yaml:"items"`
	// The volume name.
	// Default: - auto-generated.
	//
	Name *string `field:"optional" json:"name" yaml:"name"`
	// Specify whether the ConfigMap or its keys must be defined.
	// Default: - undocumented.
	//
	Optional *bool `field:"optional" json:"optional" yaml:"optional"`
}

Options for the ConfigMap-based volume.

type ConnectionScheme ¶

type ConnectionScheme string
const (
	// Use HTTP request for connecting to host.
	ConnectionScheme_HTTP ConnectionScheme = "HTTP"
	// Use HTTPS request for connecting to host.
	ConnectionScheme_HTTPS ConnectionScheme = "HTTPS"
)

type Container ¶

type Container interface {
	// Arguments to the entrypoint.
	//
	// Returns: a copy of the arguments array, cannot be modified.
	Args() *[]*string
	// Entrypoint array (the command to execute when the container starts).
	//
	// Returns: a copy of the entrypoint array, cannot be modified.
	Command() *[]*string
	// The environment of the container.
	Env() Env
	// The container image.
	Image() *string
	// Image pull policy for this container.
	ImagePullPolicy() ImagePullPolicy
	// Volume mounts configured for this container.
	Mounts() *[]*VolumeMount
	// The name of the container.
	Name() *string
	// Deprecated: - use `portNumber`.
	Port() *float64
	// The port number that was configured for this container.
	//
	// If undefined, either the container doesn't expose a port, or its
	// port configuration is stored in the `ports` field.
	PortNumber() *float64
	// Ports exposed by this containers.
	//
	// Returns a copy, use `addPort` to modify.
	Ports() *[]*ContainerPort
	// Compute resources (CPU and memory requests and limits) required by the container.
	// See: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
	//
	Resources() *ContainerResources
	// The restart policy of the container.
	RestartPolicy() ContainerRestartPolicy
	// The security context of the container.
	SecurityContext() ContainerSecurityContext
	// The working directory inside the container.
	WorkingDir() *string
	// Add a port to expose from this container.
	AddPort(port *ContainerPort)
	// Mount a volume to a specific path so that it is accessible by the container.
	//
	// Every pod that is configured to use this container will autmoatically have access to the volume.
	Mount(path *string, storage IStorage, options *MountOptions)
}

A single application container that you want to run within a pod.

func NewContainer ¶

func NewContainer(props *ContainerProps) Container

type ContainerLifecycle ¶

type ContainerLifecycle struct {
	// This hook is executed immediately after a container is created.
	//
	// However,
	// there is no guarantee that the hook will execute before the container ENTRYPOINT.
	// Default: - No post start handler.
	//
	PostStart Handler `field:"optional" json:"postStart" yaml:"postStart"`
	// This hook is called immediately before a container is terminated due to an API request or management event such as a liveness/startup probe failure, preemption, resource contention and others.
	//
	// A call to the PreStop hook fails if the container is already in a terminated or completed state
	// and the hook must complete before the TERM signal to stop the container can be sent.
	// The Pod's termination grace period countdown begins before the PreStop hook is executed,
	// so regardless of the outcome of the handler, the container will eventually terminate
	// within the Pod's termination grace period. No parameters are passed to the handler.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination
	//
	// Default: - No pre stop handler.
	//
	PreStop Handler `field:"optional" json:"preStop" yaml:"preStop"`
}

Container lifecycle properties.

type ContainerOpts ¶

type ContainerOpts struct {
	// Arguments to the entrypoint. The docker image's CMD is used if `command` is not provided.
	//
	// Variable references $(VAR_NAME) are expanded using the container's
	// environment. If a variable cannot be resolved, the reference in the input
	// string will be unchanged. The $(VAR_NAME) syntax can be escaped with a
	// double $$, ie: $$(VAR_NAME). Escaped references will never be expanded,
	// regardless of whether the variable exists or not.
	//
	// Cannot be updated.
	// See: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
	//
	// Default: [].
	//
	Args *[]*string `field:"optional" json:"args" yaml:"args"`
	// Entrypoint array.
	//
	// Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment.
	// If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME).
	// Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated.
	// More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
	// Default: - The docker image's ENTRYPOINT.
	//
	Command *[]*string `field:"optional" json:"command" yaml:"command"`
	// List of sources to populate environment variables in the container.
	//
	// When a key exists in multiple sources, the value associated with
	// the last source will take precedence. Values defined by the `envVariables` property
	// with a duplicate key will take precedence.
	// Default: - No sources.
	//
	EnvFrom *[]EnvFrom `field:"optional" json:"envFrom" yaml:"envFrom"`
	// Environment variables to set in the container.
	// Default: - No environment variables.
	//
	EnvVariables *map[string]EnvValue `field:"optional" json:"envVariables" yaml:"envVariables"`
	// Image pull policy for this container.
	// Default: ImagePullPolicy.ALWAYS
	//
	ImagePullPolicy ImagePullPolicy `field:"optional" json:"imagePullPolicy" yaml:"imagePullPolicy"`
	// Describes actions that the management system should take in response to container lifecycle events.
	Lifecycle *ContainerLifecycle `field:"optional" json:"lifecycle" yaml:"lifecycle"`
	// Periodic probe of container liveness.
	//
	// Container will be restarted if the probe fails.
	// Default: - no liveness probe is defined.
	//
	Liveness Probe `field:"optional" json:"liveness" yaml:"liveness"`
	// Name of the container specified as a DNS_LABEL.
	//
	// Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
	// Default: 'main'.
	//
	Name *string `field:"optional" json:"name" yaml:"name"`
	// Deprecated: - use `portNumber`.
	Port *float64 `field:"optional" json:"port" yaml:"port"`
	// Number of port to expose on the pod's IP address.
	//
	// This must be a valid port number, 0 < x < 65536.
	//
	// This is a convinience property if all you need a single TCP numbered port.
	// In case more advanced configuartion is required, use the `ports` property.
	//
	// This port is added to the list of ports mentioned in the `ports` property.
	// Default: - Only the ports mentiond in the `ports` property are exposed.
	//
	PortNumber *float64 `field:"optional" json:"portNumber" yaml:"portNumber"`
	// List of ports to expose from this container.
	// Default: - Only the port mentioned in the `portNumber` property is exposed.
	//
	Ports *[]*ContainerPort `field:"optional" json:"ports" yaml:"ports"`
	// Determines when the container is ready to serve traffic.
	// Default: - no readiness probe is defined.
	//
	Readiness Probe `field:"optional" json:"readiness" yaml:"readiness"`
	// Compute resources (CPU and memory requests and limits) required by the container.
	// See: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
	//
	// Default:    cpu:
	//      request: 1000 millis
	//      limit: 1500 millis
	//    memory:
	//      request: 512 mebibytes
	// limit: 2048 mebibytes.
	//
	Resources *ContainerResources `field:"optional" json:"resources" yaml:"resources"`
	// Kubelet will start init containers with restartPolicy=Always in the order with other init containers, but instead of waiting for its completion, it will wait for the container startup completion Currently, only accepted value is Always.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/
	//
	// Default: - no restart policy is defined and the pod restart policy is applied.
	//
	RestartPolicy ContainerRestartPolicy `field:"optional" json:"restartPolicy" yaml:"restartPolicy"`
	// SecurityContext defines the security options the container should be run with.
	//
	// If set, the fields override equivalent fields of the pod's security context.
	// See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
	//
	// Default:   ensureNonRoot: true
	//   privileged: false
	//   readOnlyRootFilesystem: true
	//   allowPrivilegeEscalation: false
	//   user: 25000
	// group: 26000.
	//
	SecurityContext *ContainerSecurityContextProps `field:"optional" json:"securityContext" yaml:"securityContext"`
	// StartupProbe indicates that the Pod has successfully initialized.
	//
	// If specified, no other probes are executed until this completes successfully.
	// Default: - If a port is provided, then knocks on that port
	// to determine when the container is ready for readiness and
	// liveness probe checks.
	// Otherwise, no startup probe is defined.
	//
	Startup Probe `field:"optional" json:"startup" yaml:"startup"`
	// Pod volumes to mount into the container's filesystem.
	//
	// Cannot be updated.
	VolumeMounts *[]*VolumeMount `field:"optional" json:"volumeMounts" yaml:"volumeMounts"`
	// Container's working directory.
	//
	// If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
	// Default: - The container runtime's default.
	//
	WorkingDir *string `field:"optional" json:"workingDir" yaml:"workingDir"`
}

Optional properties of a container.

type ContainerPort ¶

type ContainerPort struct {
	// Number of port to expose on the pod's IP address.
	//
	// This must be a valid port number, 0 < x < 65536.
	Number *float64 `field:"required" json:"number" yaml:"number"`
	// What host IP to bind the external port to.
	// Default: - 127.0.0.1.
	//
	HostIp *string `field:"optional" json:"hostIp" yaml:"hostIp"`
	// Number of port to expose on the host.
	//
	// If specified, this must be a valid port number, 0 < x < 65536.
	// Most containers do not need this.
	// Default: - auto generated by kubernetes and might change on restarts.
	//
	HostPort *float64 `field:"optional" json:"hostPort" yaml:"hostPort"`
	// If specified, this must be an IANA_SVC_NAME and unique within the pod.
	//
	// Each named port in a pod must have a unique name.
	// Name for the port that can be referred to by services.
	// Default: - port is not named.
	//
	Name *string `field:"optional" json:"name" yaml:"name"`
	// Protocol for port.
	//
	// Must be UDP, TCP, or SCTP. Defaults to "TCP".
	// Default: Protocol.TCP
	//
	Protocol Protocol `field:"optional" json:"protocol" yaml:"protocol"`
}

Represents a network port in a single container.

type ContainerProps ¶

type ContainerProps struct {
	// Arguments to the entrypoint. The docker image's CMD is used if `command` is not provided.
	//
	// Variable references $(VAR_NAME) are expanded using the container's
	// environment. If a variable cannot be resolved, the reference in the input
	// string will be unchanged. The $(VAR_NAME) syntax can be escaped with a
	// double $$, ie: $$(VAR_NAME). Escaped references will never be expanded,
	// regardless of whether the variable exists or not.
	//
	// Cannot be updated.
	// See: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
	//
	// Default: [].
	//
	Args *[]*string `field:"optional" json:"args" yaml:"args"`
	// Entrypoint array.
	//
	// Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment.
	// If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME).
	// Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated.
	// More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
	// Default: - The docker image's ENTRYPOINT.
	//
	Command *[]*string `field:"optional" json:"command" yaml:"command"`
	// List of sources to populate environment variables in the container.
	//
	// When a key exists in multiple sources, the value associated with
	// the last source will take precedence. Values defined by the `envVariables` property
	// with a duplicate key will take precedence.
	// Default: - No sources.
	//
	EnvFrom *[]EnvFrom `field:"optional" json:"envFrom" yaml:"envFrom"`
	// Environment variables to set in the container.
	// Default: - No environment variables.
	//
	EnvVariables *map[string]EnvValue `field:"optional" json:"envVariables" yaml:"envVariables"`
	// Image pull policy for this container.
	// Default: ImagePullPolicy.ALWAYS
	//
	ImagePullPolicy ImagePullPolicy `field:"optional" json:"imagePullPolicy" yaml:"imagePullPolicy"`
	// Describes actions that the management system should take in response to container lifecycle events.
	Lifecycle *ContainerLifecycle `field:"optional" json:"lifecycle" yaml:"lifecycle"`
	// Periodic probe of container liveness.
	//
	// Container will be restarted if the probe fails.
	// Default: - no liveness probe is defined.
	//
	Liveness Probe `field:"optional" json:"liveness" yaml:"liveness"`
	// Name of the container specified as a DNS_LABEL.
	//
	// Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
	// Default: 'main'.
	//
	Name *string `field:"optional" json:"name" yaml:"name"`
	// Deprecated: - use `portNumber`.
	Port *float64 `field:"optional" json:"port" yaml:"port"`
	// Number of port to expose on the pod's IP address.
	//
	// This must be a valid port number, 0 < x < 65536.
	//
	// This is a convinience property if all you need a single TCP numbered port.
	// In case more advanced configuartion is required, use the `ports` property.
	//
	// This port is added to the list of ports mentioned in the `ports` property.
	// Default: - Only the ports mentiond in the `ports` property are exposed.
	//
	PortNumber *float64 `field:"optional" json:"portNumber" yaml:"portNumber"`
	// List of ports to expose from this container.
	// Default: - Only the port mentioned in the `portNumber` property is exposed.
	//
	Ports *[]*ContainerPort `field:"optional" json:"ports" yaml:"ports"`
	// Determines when the container is ready to serve traffic.
	// Default: - no readiness probe is defined.
	//
	Readiness Probe `field:"optional" json:"readiness" yaml:"readiness"`
	// Compute resources (CPU and memory requests and limits) required by the container.
	// See: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
	//
	// Default:    cpu:
	//      request: 1000 millis
	//      limit: 1500 millis
	//    memory:
	//      request: 512 mebibytes
	// limit: 2048 mebibytes.
	//
	Resources *ContainerResources `field:"optional" json:"resources" yaml:"resources"`
	// Kubelet will start init containers with restartPolicy=Always in the order with other init containers, but instead of waiting for its completion, it will wait for the container startup completion Currently, only accepted value is Always.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/
	//
	// Default: - no restart policy is defined and the pod restart policy is applied.
	//
	RestartPolicy ContainerRestartPolicy `field:"optional" json:"restartPolicy" yaml:"restartPolicy"`
	// SecurityContext defines the security options the container should be run with.
	//
	// If set, the fields override equivalent fields of the pod's security context.
	// See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
	//
	// Default:   ensureNonRoot: true
	//   privileged: false
	//   readOnlyRootFilesystem: true
	//   allowPrivilegeEscalation: false
	//   user: 25000
	// group: 26000.
	//
	SecurityContext *ContainerSecurityContextProps `field:"optional" json:"securityContext" yaml:"securityContext"`
	// StartupProbe indicates that the Pod has successfully initialized.
	//
	// If specified, no other probes are executed until this completes successfully.
	// Default: - If a port is provided, then knocks on that port
	// to determine when the container is ready for readiness and
	// liveness probe checks.
	// Otherwise, no startup probe is defined.
	//
	Startup Probe `field:"optional" json:"startup" yaml:"startup"`
	// Pod volumes to mount into the container's filesystem.
	//
	// Cannot be updated.
	VolumeMounts *[]*VolumeMount `field:"optional" json:"volumeMounts" yaml:"volumeMounts"`
	// Container's working directory.
	//
	// If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
	// Default: - The container runtime's default.
	//
	WorkingDir *string `field:"optional" json:"workingDir" yaml:"workingDir"`
	// Docker image name.
	Image *string `field:"required" json:"image" yaml:"image"`
}

Properties for creating a container.

type ContainerResources ¶

type ContainerResources struct {
	Cpu              *CpuResources              `field:"optional" json:"cpu" yaml:"cpu"`
	EphemeralStorage *EphemeralStorageResources `field:"optional" json:"ephemeralStorage" yaml:"ephemeralStorage"`
	Memory           *MemoryResources           `field:"optional" json:"memory" yaml:"memory"`
}

CPU and memory compute resources.

type ContainerRestartPolicy ¶ added in v2.2.0

type ContainerRestartPolicy string

RestartPolicy defines the restart behavior of individual containers in a pod.

This field may only be set for init containers, and the only allowed value is "Always". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. See: https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/

const (
	// If an init container is created with its restartPolicy set to Always, it will start and remain running during the entire life of the Pod.
	//
	// For regular containers, this is ignored by Kubernetes.
	ContainerRestartPolicy_ALWAYS ContainerRestartPolicy = "ALWAYS"
)

type ContainerSecurityContext ¶

type ContainerSecurityContext interface {
	AllowPrivilegeEscalation() *bool
	Capabilities() *ContainerSecutiryContextCapabilities
	EnsureNonRoot() *bool
	Group() *float64
	Privileged() *bool
	ReadOnlyRootFilesystem() *bool
	SeccompProfile() *SeccompProfile
	User() *float64
}

Container security attributes and settings.

type ContainerSecurityContextProps ¶

type ContainerSecurityContextProps struct {
	// Whether a process can gain more privileges than its parent process.
	// Default: false.
	//
	AllowPrivilegeEscalation *bool `field:"optional" json:"allowPrivilegeEscalation" yaml:"allowPrivilegeEscalation"`
	// POSIX capabilities for running containers.
	// Default: none.
	//
	Capabilities *ContainerSecutiryContextCapabilities `field:"optional" json:"capabilities" yaml:"capabilities"`
	// Indicates that the container must run as a non-root user.
	//
	// If true, the Kubelet will validate the image at runtime to ensure that it does
	// not run as UID 0 (root) and fail to start the container if it does.
	// Default: true.
	//
	EnsureNonRoot *bool `field:"optional" json:"ensureNonRoot" yaml:"ensureNonRoot"`
	// The GID to run the entrypoint of the container process.
	// Default: - 26000. An arbitrary number bigger than 9999 is selected here.
	// This is so that the container is blocked to access host files even if
	// somehow it manages to get access to host file system.
	//
	Group *float64 `field:"optional" json:"group" yaml:"group"`
	// Run container in privileged mode.
	//
	// Processes in privileged containers are essentially equivalent to root on the host.
	// Default: false.
	//
	Privileged *bool `field:"optional" json:"privileged" yaml:"privileged"`
	// Whether this container has a read-only root filesystem.
	// Default: true.
	//
	ReadOnlyRootFilesystem *bool `field:"optional" json:"readOnlyRootFilesystem" yaml:"readOnlyRootFilesystem"`
	// Container's seccomp profile settings.
	//
	// Only one profile source may be set.
	// Default: none.
	//
	SeccompProfile *SeccompProfile `field:"optional" json:"seccompProfile" yaml:"seccompProfile"`
	// The UID to run the entrypoint of the container process.
	// Default: - 25000. An arbitrary number bigger than 9999 is selected here.
	// This is so that the container is blocked to access host files even if
	// somehow it manages to get access to host file system.
	//
	User *float64 `field:"optional" json:"user" yaml:"user"`
}

Properties for `ContainerSecurityContext`.

type ContainerSecutiryContextCapabilities ¶ added in v2.3.0

type ContainerSecutiryContextCapabilities struct {
	// Added capabilities.
	Add *[]Capability `field:"optional" json:"add" yaml:"add"`
	// Removed capabilities.
	Drop *[]Capability `field:"optional" json:"drop" yaml:"drop"`
}

type Cpu ¶

type Cpu interface {
	Amount() *string
	SetAmount(val *string)
}

Represents the amount of CPU.

The amount can be passed as millis or units.

func Cpu_Millis ¶

func Cpu_Millis(amount *float64) Cpu

func Cpu_Units ¶

func Cpu_Units(amount *float64) Cpu

type CpuResources ¶

type CpuResources struct {
	Limit   Cpu `field:"optional" json:"limit" yaml:"limit"`
	Request Cpu `field:"optional" json:"request" yaml:"request"`
}

CPU request and limit.

type CronJob ¶

type CronJob interface {
	Workload
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	AutomountServiceAccountToken() *bool
	// The policy used by this cron job to determine the concurrency mode in which to schedule jobs.
	ConcurrencyPolicy() *string
	Connections() PodConnections
	Containers() *[]Container
	Dns() PodDns
	DockerRegistryAuth() ISecret
	// The number of failed jobs retained by this cron job.
	FailedJobsRetained() *float64
	HostAliases() *[]*HostAlias
	HostNetwork() *bool
	InitContainers() *[]Container
	Isolate() *bool
	// The object kind (e.g. "Deployment").
	Kind() *string
	// The expression matchers this workload will use in order to select pods.
	//
	// Returns a a copy. Use `select()` to add expression matchers.
	MatchExpressions() *[]*LabelSelectorRequirement
	// The label matchers this workload will use in order to select pods.
	//
	// Returns a a copy. Use `select()` to add label matchers.
	MatchLabels() *map[string]*string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// The metadata of pods in this workload.
	PodMetadata() cdk8s.ApiObjectMetadataDefinition
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// Represents the resource type.
	ResourceType() *string
	RestartPolicy() RestartPolicy
	// The schedule this cron job is scheduled to run in.
	Schedule() cdk8s.Cron
	Scheduling() WorkloadScheduling
	SecurityContext() PodSecurityContext
	ServiceAccount() IServiceAccount
	// The time by which the running cron job needs to schedule the next job execution.
	//
	// The job is considered as failed if it misses this deadline.
	StartingDeadline() cdk8s.Duration
	// The number of successful jobs retained by this cron job.
	SuccessfulJobsRetained() *float64
	// Whether or not the cron job is currently suspended or not.
	Suspend() *bool
	TerminationGracePeriod() cdk8s.Duration
	// The timezone which this cron job would follow to schedule jobs.
	TimeZone() *string
	Volumes() *[]Volume
	AddContainer(cont *ContainerProps) Container
	AddHostAlias(hostAlias *HostAlias)
	AddInitContainer(cont *ContainerProps) Container
	AddVolume(vol Volume)
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	AttachContainer(cont Container)
	// Configure selectors for this workload.
	Select(selectors ...LabelSelector)
	// Return the configuration of this peer.
	// See: INetworkPolicyPeer.toNetworkPolicyPeerConfig()
	//
	ToNetworkPolicyPeerConfig() *NetworkPolicyPeerConfig
	// Convert the peer into a pod selector, if possible.
	// See: INetworkPolicyPeer.toPodSelector()
	//
	ToPodSelector() IPodSelector
	// Return the configuration of this selector.
	// See: IPodSelector.toPodSelectorConfig()
	//
	ToPodSelectorConfig() *PodSelectorConfig
	// Returns a string representation of this construct.
	ToString() *string
	// Return the subject configuration.
	// See: ISubect.toSubjectConfiguration()
	//
	ToSubjectConfiguration() *SubjectConfiguration
}

A CronJob is responsible for creating a Job and scheduling it based on provided cron schedule.

This helps running Jobs in a recurring manner.

func NewCronJob ¶

func NewCronJob(scope constructs.Construct, id *string, props *CronJobProps) CronJob

type CronJobProps ¶

type CronJobProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// Indicates whether a service account token should be automatically mounted.
	// See: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
	//
	// Default: false.
	//
	AutomountServiceAccountToken *bool `field:"optional" json:"automountServiceAccountToken" yaml:"automountServiceAccountToken"`
	// List of containers belonging to the pod.
	//
	// Containers cannot currently be
	// added or removed. There must be at least one container in a Pod.
	//
	// You can add additionnal containers using `podSpec.addContainer()`
	// Default: - No containers. Note that a pod spec must include at least one container.
	//
	Containers *[]*ContainerProps `field:"optional" json:"containers" yaml:"containers"`
	// DNS settings for the pod.
	// See: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
	//
	// Default:  policy: DnsPolicy.CLUSTER_FIRST
	// hostnameAsFQDN: false.
	//
	Dns *PodDnsProps `field:"optional" json:"dns" yaml:"dns"`
	// A secret containing docker credentials for authenticating to a registry.
	// Default: - No auth. Images are assumed to be publicly available.
	//
	DockerRegistryAuth ISecret `field:"optional" json:"dockerRegistryAuth" yaml:"dockerRegistryAuth"`
	// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.
	HostAliases *[]*HostAlias `field:"optional" json:"hostAliases" yaml:"hostAliases"`
	// Host network for the pod.
	// Default: false.
	//
	HostNetwork *bool `field:"optional" json:"hostNetwork" yaml:"hostNetwork"`
	// List of initialization containers belonging to the pod.
	//
	// Init containers are executed in order prior to containers being started.
	// If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy.
	// The name for an init container or normal container must be unique among all containers.
	// Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
	// The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit
	// for each resource type, and then using the max of of that value or the sum of the normal containers.
	// Limits are applied to init containers in a similar fashion.
	//
	// Init containers cannot currently be added ,removed or updated.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
	//
	// Default: - No init containers.
	//
	InitContainers *[]*ContainerProps `field:"optional" json:"initContainers" yaml:"initContainers"`
	// Isolates the pod.
	//
	// This will prevent any ingress or egress connections to / from this pod.
	// You can however allow explicit connections post instantiation by using the `.connections` property.
	// Default: false.
	//
	Isolate *bool `field:"optional" json:"isolate" yaml:"isolate"`
	// Restart policy for all containers within the pod.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
	//
	// Default: RestartPolicy.ALWAYS
	//
	RestartPolicy RestartPolicy `field:"optional" json:"restartPolicy" yaml:"restartPolicy"`
	// SecurityContext holds pod-level security attributes and common container settings.
	// Default:   fsGroupChangePolicy: FsGroupChangePolicy.FsGroupChangePolicy.ALWAYS
	// ensureNonRoot: true.
	//
	SecurityContext *PodSecurityContextProps `field:"optional" json:"securityContext" yaml:"securityContext"`
	// A service account provides an identity for processes that run in a Pod.
	//
	// When you (a human) access the cluster (for example, using kubectl), you are
	// authenticated by the apiserver as a particular User Account (currently this
	// is usually admin, unless your cluster administrator has customized your
	// cluster). Processes in containers inside pods can also contact the
	// apiserver. When they do, they are authenticated as a particular Service
	// Account (for example, default).
	// See: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
	//
	// Default: - No service account.
	//
	ServiceAccount IServiceAccount `field:"optional" json:"serviceAccount" yaml:"serviceAccount"`
	// Grace period until the pod is terminated.
	// Default: Duration.seconds(30)
	//
	TerminationGracePeriod cdk8s.Duration `field:"optional" json:"terminationGracePeriod" yaml:"terminationGracePeriod"`
	// List of volumes that can be mounted by containers belonging to the pod.
	//
	// You can also add volumes later using `podSpec.addVolume()`
	// See: https://kubernetes.io/docs/concepts/storage/volumes
	//
	// Default: - No volumes.
	//
	Volumes *[]Volume `field:"optional" json:"volumes" yaml:"volumes"`
	// The pod metadata of this workload.
	PodMetadata *cdk8s.ApiObjectMetadata `field:"optional" json:"podMetadata" yaml:"podMetadata"`
	// Automatically allocates a pod label selector for this workload and add it to the pod metadata.
	//
	// This ensures this workload manages pods created by
	// its pod template.
	// Default: true.
	//
	Select *bool `field:"optional" json:"select" yaml:"select"`
	// Automatically spread pods across hostname and zones.
	// See: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#internal-default-constraints
	//
	// Default: false.
	//
	Spread *bool `field:"optional" json:"spread" yaml:"spread"`
	// Specifies the duration the job may be active before the system tries to terminate it.
	// Default: - If unset, then there is no deadline.
	//
	ActiveDeadline cdk8s.Duration `field:"optional" json:"activeDeadline" yaml:"activeDeadline"`
	// Specifies the number of retries before marking this job failed.
	// Default: - If not set, system defaults to 6.
	//
	BackoffLimit *float64 `field:"optional" json:"backoffLimit" yaml:"backoffLimit"`
	// Limits the lifetime of a Job that has finished execution (either Complete or Failed).
	//
	// If this field is set, after the Job finishes, it is eligible to
	// be automatically deleted. When the Job is being deleted, its lifecycle
	// guarantees (e.g. finalizers) will be honored. If this field is set to zero,
	// the Job becomes eligible to be deleted immediately after it finishes. This
	// field is alpha-level and is only honored by servers that enable the
	// `TTLAfterFinished` feature.
	// Default: - If this field is unset, the Job won't be automatically deleted.
	//
	TtlAfterFinished cdk8s.Duration `field:"optional" json:"ttlAfterFinished" yaml:"ttlAfterFinished"`
	// Specifies the time in which the job would run again.
	//
	// This is defined as a cron expression in the CronJob resource.
	Schedule cdk8s.Cron `field:"required" json:"schedule" yaml:"schedule"`
	// Specifies the concurrency policy for the job.
	// Default: ConcurrencyPolicy.Forbid
	//
	ConcurrencyPolicy ConcurrencyPolicy `field:"optional" json:"concurrencyPolicy" yaml:"concurrencyPolicy"`
	// Specifies the number of failed jobs history retained.
	//
	// This would retain the Job and the associated Pod resource and can be useful for debugging.
	// Default: 1.
	//
	FailedJobsRetained *float64 `field:"optional" json:"failedJobsRetained" yaml:"failedJobsRetained"`
	// Kubernetes attempts to start cron jobs at its schedule time, but this is not guaranteed.
	//
	// This deadline specifies
	// how much time can pass after a schedule point, for which kubernetes can still start the job.
	// For example, if this is set to 100 seconds, kubernetes is allowed to start the job at a maximum 100 seconds after
	// the scheduled time.
	//
	// Note that the Kubernetes CronJobController checks for things every 10 seconds, for this reason, a deadline below 10
	// seconds is not allowed, as it may cause your job to never be scheduled.
	//
	// In addition, kubernetes will stop scheduling jobs if more than 100 schedules were missed (for any reason).
	// This property also controls what time interval should kubernetes consider when counting for missed schedules.
	//
	// For example, suppose a CronJob is set to schedule a new Job every one minute beginning at 08:30:00,
	// and its `startingDeadline` field is not set. If the CronJob controller happens to be down from 08:29:00 to 10:21:00,
	// the job will not start as the number of missed jobs which missed their schedule is greater than 100.
	// However, if `startingDeadline` is set to 200 seconds, kubernetes will only count 3 missed schedules, and thus
	// start a new execution at 10:22:00.
	// Default: Duration.seconds(10)
	//
	StartingDeadline cdk8s.Duration `field:"optional" json:"startingDeadline" yaml:"startingDeadline"`
	// Specifies the number of successful jobs history retained.
	//
	// This would retain the Job and the associated Pod resource and can be useful for debugging.
	// Default: 3.
	//
	SuccessfulJobsRetained *float64 `field:"optional" json:"successfulJobsRetained" yaml:"successfulJobsRetained"`
	// Specifies if the cron job should be suspended.
	//
	// Only applies to future executions, current ones are remained untouched.
	// Default: false.
	//
	Suspend *bool `field:"optional" json:"suspend" yaml:"suspend"`
	// Specifies the timezone for the job.
	//
	// This helps aligining the schedule to follow the specified timezone.
	// See: {@link https://en.wikipedia.org/wiki/List_of_tz_database_time_zones} for list of valid timezone values.
	//
	// Default: - Timezone of kube-controller-manager process.
	//
	TimeZone *string `field:"optional" json:"timeZone" yaml:"timeZone"`
}

Properties for `CronJob`.

type CsiVolumeOptions ¶

type CsiVolumeOptions struct {
	// Any driver-specific attributes to pass to the CSI volume builder.
	// Default: - undefined.
	//
	Attributes *map[string]*string `field:"optional" json:"attributes" yaml:"attributes"`
	// The filesystem type to mount.
	//
	// Ex. "ext4", "xfs", "ntfs". If not provided,
	// the empty value is passed to the associated CSI driver, which will
	// determine the default filesystem to apply.
	// Default: - driver-dependent.
	//
	FsType *string `field:"optional" json:"fsType" yaml:"fsType"`
	// The volume name.
	// Default: - auto-generated.
	//
	Name *string `field:"optional" json:"name" yaml:"name"`
	// Whether the mounted volume should be read-only or not.
	// Default: - false.
	//
	ReadOnly *bool `field:"optional" json:"readOnly" yaml:"readOnly"`
}

Options for the CSI driver based volume.

type DaemonSet ¶

type DaemonSet interface {
	Workload
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	AutomountServiceAccountToken() *bool
	Connections() PodConnections
	Containers() *[]Container
	Dns() PodDns
	DockerRegistryAuth() ISecret
	HostAliases() *[]*HostAlias
	HostNetwork() *bool
	InitContainers() *[]Container
	Isolate() *bool
	// The object kind (e.g. "Deployment").
	Kind() *string
	// The expression matchers this workload will use in order to select pods.
	//
	// Returns a a copy. Use `select()` to add expression matchers.
	MatchExpressions() *[]*LabelSelectorRequirement
	// The label matchers this workload will use in order to select pods.
	//
	// Returns a a copy. Use `select()` to add label matchers.
	MatchLabels() *map[string]*string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	MinReadySeconds() *float64
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// The metadata of pods in this workload.
	PodMetadata() cdk8s.ApiObjectMetadataDefinition
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	RestartPolicy() RestartPolicy
	Scheduling() WorkloadScheduling
	SecurityContext() PodSecurityContext
	ServiceAccount() IServiceAccount
	TerminationGracePeriod() cdk8s.Duration
	Volumes() *[]Volume
	AddContainer(cont *ContainerProps) Container
	AddHostAlias(hostAlias *HostAlias)
	AddInitContainer(cont *ContainerProps) Container
	AddVolume(vol Volume)
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	AttachContainer(cont Container)
	// Configure selectors for this workload.
	Select(selectors ...LabelSelector)
	// Return the configuration of this peer.
	// See: INetworkPolicyPeer.toNetworkPolicyPeerConfig()
	//
	ToNetworkPolicyPeerConfig() *NetworkPolicyPeerConfig
	// Convert the peer into a pod selector, if possible.
	// See: INetworkPolicyPeer.toPodSelector()
	//
	ToPodSelector() IPodSelector
	// Return the configuration of this selector.
	// See: IPodSelector.toPodSelectorConfig()
	//
	ToPodSelectorConfig() *PodSelectorConfig
	// Returns a string representation of this construct.
	ToString() *string
	// Return the subject configuration.
	// See: ISubect.toSubjectConfiguration()
	//
	ToSubjectConfiguration() *SubjectConfiguration
}

A DaemonSet ensures that all (or some) Nodes run a copy of a Pod.

As nodes are added to the cluster, Pods are added to them. As nodes are removed from the cluster, those Pods are garbage collected. Deleting a DaemonSet will clean up the Pods it created.

Some typical uses of a DaemonSet are:

- running a cluster storage daemon on every node - running a logs collection daemon on every node - running a node monitoring daemon on every node

In a simple case, one DaemonSet, covering all nodes, would be used for each type of daemon. A more complex setup might use multiple DaemonSets for a single type of daemon, but with different flags and/or different memory and cpu requests for different hardware types.

func NewDaemonSet ¶

func NewDaemonSet(scope constructs.Construct, id *string, props *DaemonSetProps) DaemonSet

type DaemonSetProps ¶

type DaemonSetProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// Indicates whether a service account token should be automatically mounted.
	// See: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
	//
	// Default: false.
	//
	AutomountServiceAccountToken *bool `field:"optional" json:"automountServiceAccountToken" yaml:"automountServiceAccountToken"`
	// List of containers belonging to the pod.
	//
	// Containers cannot currently be
	// added or removed. There must be at least one container in a Pod.
	//
	// You can add additionnal containers using `podSpec.addContainer()`
	// Default: - No containers. Note that a pod spec must include at least one container.
	//
	Containers *[]*ContainerProps `field:"optional" json:"containers" yaml:"containers"`
	// DNS settings for the pod.
	// See: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
	//
	// Default:  policy: DnsPolicy.CLUSTER_FIRST
	// hostnameAsFQDN: false.
	//
	Dns *PodDnsProps `field:"optional" json:"dns" yaml:"dns"`
	// A secret containing docker credentials for authenticating to a registry.
	// Default: - No auth. Images are assumed to be publicly available.
	//
	DockerRegistryAuth ISecret `field:"optional" json:"dockerRegistryAuth" yaml:"dockerRegistryAuth"`
	// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.
	HostAliases *[]*HostAlias `field:"optional" json:"hostAliases" yaml:"hostAliases"`
	// Host network for the pod.
	// Default: false.
	//
	HostNetwork *bool `field:"optional" json:"hostNetwork" yaml:"hostNetwork"`
	// List of initialization containers belonging to the pod.
	//
	// Init containers are executed in order prior to containers being started.
	// If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy.
	// The name for an init container or normal container must be unique among all containers.
	// Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
	// The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit
	// for each resource type, and then using the max of of that value or the sum of the normal containers.
	// Limits are applied to init containers in a similar fashion.
	//
	// Init containers cannot currently be added ,removed or updated.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
	//
	// Default: - No init containers.
	//
	InitContainers *[]*ContainerProps `field:"optional" json:"initContainers" yaml:"initContainers"`
	// Isolates the pod.
	//
	// This will prevent any ingress or egress connections to / from this pod.
	// You can however allow explicit connections post instantiation by using the `.connections` property.
	// Default: false.
	//
	Isolate *bool `field:"optional" json:"isolate" yaml:"isolate"`
	// Restart policy for all containers within the pod.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
	//
	// Default: RestartPolicy.ALWAYS
	//
	RestartPolicy RestartPolicy `field:"optional" json:"restartPolicy" yaml:"restartPolicy"`
	// SecurityContext holds pod-level security attributes and common container settings.
	// Default:   fsGroupChangePolicy: FsGroupChangePolicy.FsGroupChangePolicy.ALWAYS
	// ensureNonRoot: true.
	//
	SecurityContext *PodSecurityContextProps `field:"optional" json:"securityContext" yaml:"securityContext"`
	// A service account provides an identity for processes that run in a Pod.
	//
	// When you (a human) access the cluster (for example, using kubectl), you are
	// authenticated by the apiserver as a particular User Account (currently this
	// is usually admin, unless your cluster administrator has customized your
	// cluster). Processes in containers inside pods can also contact the
	// apiserver. When they do, they are authenticated as a particular Service
	// Account (for example, default).
	// See: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
	//
	// Default: - No service account.
	//
	ServiceAccount IServiceAccount `field:"optional" json:"serviceAccount" yaml:"serviceAccount"`
	// Grace period until the pod is terminated.
	// Default: Duration.seconds(30)
	//
	TerminationGracePeriod cdk8s.Duration `field:"optional" json:"terminationGracePeriod" yaml:"terminationGracePeriod"`
	// List of volumes that can be mounted by containers belonging to the pod.
	//
	// You can also add volumes later using `podSpec.addVolume()`
	// See: https://kubernetes.io/docs/concepts/storage/volumes
	//
	// Default: - No volumes.
	//
	Volumes *[]Volume `field:"optional" json:"volumes" yaml:"volumes"`
	// The pod metadata of this workload.
	PodMetadata *cdk8s.ApiObjectMetadata `field:"optional" json:"podMetadata" yaml:"podMetadata"`
	// Automatically allocates a pod label selector for this workload and add it to the pod metadata.
	//
	// This ensures this workload manages pods created by
	// its pod template.
	// Default: true.
	//
	Select *bool `field:"optional" json:"select" yaml:"select"`
	// Automatically spread pods across hostname and zones.
	// See: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#internal-default-constraints
	//
	// Default: false.
	//
	Spread *bool `field:"optional" json:"spread" yaml:"spread"`
	// Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available.
	// Default: 0.
	//
	MinReadySeconds *float64 `field:"optional" json:"minReadySeconds" yaml:"minReadySeconds"`
}

Properties for `DaemonSet`.

type Deployment ¶

type Deployment interface {
	Workload
	IScalable
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	AutomountServiceAccountToken() *bool
	Connections() PodConnections
	Containers() *[]Container
	Dns() PodDns
	DockerRegistryAuth() ISecret
	// If this is a target of an autoscaler.
	HasAutoscaler() *bool
	SetHasAutoscaler(val *bool)
	HostAliases() *[]*HostAlias
	HostNetwork() *bool
	InitContainers() *[]Container
	Isolate() *bool
	// The object kind (e.g. "Deployment").
	Kind() *string
	// The expression matchers this workload will use in order to select pods.
	//
	// Returns a a copy. Use `select()` to add expression matchers.
	MatchExpressions() *[]*LabelSelectorRequirement
	// The label matchers this workload will use in order to select pods.
	//
	// Returns a a copy. Use `select()` to add label matchers.
	MatchLabels() *map[string]*string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// Minimum duration for which a newly created pod should be ready without any of its container crashing, for it to be considered available.
	MinReady() cdk8s.Duration
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// The metadata of pods in this workload.
	PodMetadata() cdk8s.ApiObjectMetadataDefinition
	// The maximum duration for a deployment to make progress before it is considered to be failed.
	ProgressDeadline() cdk8s.Duration
	// Number of desired pods.
	Replicas() *float64
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	RestartPolicy() RestartPolicy
	Scheduling() WorkloadScheduling
	SecurityContext() PodSecurityContext
	ServiceAccount() IServiceAccount
	Strategy() DeploymentStrategy
	TerminationGracePeriod() cdk8s.Duration
	Volumes() *[]Volume
	AddContainer(cont *ContainerProps) Container
	AddHostAlias(hostAlias *HostAlias)
	AddInitContainer(cont *ContainerProps) Container
	AddVolume(vol Volume)
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	AttachContainer(cont Container)
	// Expose a deployment via an ingress.
	//
	// This will first expose the deployment with a service, and then expose the service via an ingress.
	ExposeViaIngress(path *string, options *ExposeDeploymentViaIngressOptions) Ingress
	// Expose a deployment via a service.
	//
	// This is equivalent to running `kubectl expose deployment <deployment-name>`.
	ExposeViaService(options *DeploymentExposeViaServiceOptions) Service
	// Called on all IScalable targets when they are associated with an autoscaler.
	// See: IScalable.markHasAutoscaler()
	//
	MarkHasAutoscaler()
	// Configure selectors for this workload.
	Select(selectors ...LabelSelector)
	// Return the configuration of this peer.
	// See: INetworkPolicyPeer.toNetworkPolicyPeerConfig()
	//
	ToNetworkPolicyPeerConfig() *NetworkPolicyPeerConfig
	// Convert the peer into a pod selector, if possible.
	// See: INetworkPolicyPeer.toPodSelector()
	//
	ToPodSelector() IPodSelector
	// Return the configuration of this selector.
	// See: IPodSelector.toPodSelectorConfig()
	//
	ToPodSelectorConfig() *PodSelectorConfig
	// Return the target spec properties of this Scalable.
	// See: IScalable.toScalingTarget()
	//
	ToScalingTarget() *ScalingTarget
	// Returns a string representation of this construct.
	ToString() *string
	// Return the subject configuration.
	// See: ISubect.toSubjectConfiguration()
	//
	ToSubjectConfiguration() *SubjectConfiguration
}

A Deployment provides declarative updates for Pods and ReplicaSets.

You describe a desired state in a Deployment, and the Deployment Controller changes the actual state to the desired state at a controlled rate. You can define Deployments to create new ReplicaSets, or to remove existing Deployments and adopt all their resources with new Deployments.

> Note: Do not manage ReplicaSets owned by a Deployment. Consider opening an issue in the main Kubernetes repository if your use case is not covered below.

Use Case ¶

The following are typical use cases for Deployments:

  • Create a Deployment to rollout a ReplicaSet. The ReplicaSet creates Pods in the background. Check the status of the rollout to see if it succeeds or not.
  • Declare the new state of the Pods by updating the PodTemplateSpec of the Deployment. A new ReplicaSet is created and the Deployment manages moving the Pods from the old ReplicaSet to the new one at a controlled rate. Each new ReplicaSet updates the revision of the Deployment.
  • Rollback to an earlier Deployment revision if the current state of the Deployment is not stable. Each rollback updates the revision of the Deployment.
  • Scale up the Deployment to facilitate more load.
  • Pause the Deployment to apply multiple fixes to its PodTemplateSpec and then resume it to start a new rollout.
  • Use the status of the Deployment as an indicator that a rollout has stuck.
  • Clean up older ReplicaSets that you don't need anymore.

func NewDeployment ¶

func NewDeployment(scope constructs.Construct, id *string, props *DeploymentProps) Deployment

type DeploymentExposeViaServiceOptions ¶

type DeploymentExposeViaServiceOptions struct {
	// The name of the service to expose.
	//
	// If you'd like to expose the deployment multiple times,
	// you must explicitly set a name starting from the second expose call.
	// Default: - auto generated.
	//
	Name *string `field:"optional" json:"name" yaml:"name"`
	// The ports that the service should bind to.
	// Default: - extracted from the deployment.
	//
	Ports *[]*ServicePort `field:"optional" json:"ports" yaml:"ports"`
	// The type of the exposed service.
	// Default: - ClusterIP.
	//
	ServiceType ServiceType `field:"optional" json:"serviceType" yaml:"serviceType"`
}

Options for `Deployment.exposeViaService`.

type DeploymentProps ¶

type DeploymentProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// Indicates whether a service account token should be automatically mounted.
	// See: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
	//
	// Default: false.
	//
	AutomountServiceAccountToken *bool `field:"optional" json:"automountServiceAccountToken" yaml:"automountServiceAccountToken"`
	// List of containers belonging to the pod.
	//
	// Containers cannot currently be
	// added or removed. There must be at least one container in a Pod.
	//
	// You can add additionnal containers using `podSpec.addContainer()`
	// Default: - No containers. Note that a pod spec must include at least one container.
	//
	Containers *[]*ContainerProps `field:"optional" json:"containers" yaml:"containers"`
	// DNS settings for the pod.
	// See: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
	//
	// Default:  policy: DnsPolicy.CLUSTER_FIRST
	// hostnameAsFQDN: false.
	//
	Dns *PodDnsProps `field:"optional" json:"dns" yaml:"dns"`
	// A secret containing docker credentials for authenticating to a registry.
	// Default: - No auth. Images are assumed to be publicly available.
	//
	DockerRegistryAuth ISecret `field:"optional" json:"dockerRegistryAuth" yaml:"dockerRegistryAuth"`
	// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.
	HostAliases *[]*HostAlias `field:"optional" json:"hostAliases" yaml:"hostAliases"`
	// Host network for the pod.
	// Default: false.
	//
	HostNetwork *bool `field:"optional" json:"hostNetwork" yaml:"hostNetwork"`
	// List of initialization containers belonging to the pod.
	//
	// Init containers are executed in order prior to containers being started.
	// If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy.
	// The name for an init container or normal container must be unique among all containers.
	// Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
	// The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit
	// for each resource type, and then using the max of of that value or the sum of the normal containers.
	// Limits are applied to init containers in a similar fashion.
	//
	// Init containers cannot currently be added ,removed or updated.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
	//
	// Default: - No init containers.
	//
	InitContainers *[]*ContainerProps `field:"optional" json:"initContainers" yaml:"initContainers"`
	// Isolates the pod.
	//
	// This will prevent any ingress or egress connections to / from this pod.
	// You can however allow explicit connections post instantiation by using the `.connections` property.
	// Default: false.
	//
	Isolate *bool `field:"optional" json:"isolate" yaml:"isolate"`
	// Restart policy for all containers within the pod.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
	//
	// Default: RestartPolicy.ALWAYS
	//
	RestartPolicy RestartPolicy `field:"optional" json:"restartPolicy" yaml:"restartPolicy"`
	// SecurityContext holds pod-level security attributes and common container settings.
	// Default:   fsGroupChangePolicy: FsGroupChangePolicy.FsGroupChangePolicy.ALWAYS
	// ensureNonRoot: true.
	//
	SecurityContext *PodSecurityContextProps `field:"optional" json:"securityContext" yaml:"securityContext"`
	// A service account provides an identity for processes that run in a Pod.
	//
	// When you (a human) access the cluster (for example, using kubectl), you are
	// authenticated by the apiserver as a particular User Account (currently this
	// is usually admin, unless your cluster administrator has customized your
	// cluster). Processes in containers inside pods can also contact the
	// apiserver. When they do, they are authenticated as a particular Service
	// Account (for example, default).
	// See: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
	//
	// Default: - No service account.
	//
	ServiceAccount IServiceAccount `field:"optional" json:"serviceAccount" yaml:"serviceAccount"`
	// Grace period until the pod is terminated.
	// Default: Duration.seconds(30)
	//
	TerminationGracePeriod cdk8s.Duration `field:"optional" json:"terminationGracePeriod" yaml:"terminationGracePeriod"`
	// List of volumes that can be mounted by containers belonging to the pod.
	//
	// You can also add volumes later using `podSpec.addVolume()`
	// See: https://kubernetes.io/docs/concepts/storage/volumes
	//
	// Default: - No volumes.
	//
	Volumes *[]Volume `field:"optional" json:"volumes" yaml:"volumes"`
	// The pod metadata of this workload.
	PodMetadata *cdk8s.ApiObjectMetadata `field:"optional" json:"podMetadata" yaml:"podMetadata"`
	// Automatically allocates a pod label selector for this workload and add it to the pod metadata.
	//
	// This ensures this workload manages pods created by
	// its pod template.
	// Default: true.
	//
	Select *bool `field:"optional" json:"select" yaml:"select"`
	// Automatically spread pods across hostname and zones.
	// See: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#internal-default-constraints
	//
	// Default: false.
	//
	Spread *bool `field:"optional" json:"spread" yaml:"spread"`
	// Minimum duration for which a newly created pod should be ready without any of its container crashing, for it to be considered available.
	//
	// Zero means the pod will be considered available as soon as it is ready.
	// See: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#min-ready-seconds
	//
	// Default: Duration.seconds(0)
	//
	MinReady cdk8s.Duration `field:"optional" json:"minReady" yaml:"minReady"`
	// The maximum duration for a deployment to make progress before it is considered to be failed.
	//
	// The deployment controller will continue
	// to process failed deployments and a condition with a ProgressDeadlineExceeded
	// reason will be surfaced in the deployment status.
	//
	// Note that progress will not be estimated during the time a deployment is paused.
	// See: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#progress-deadline-seconds
	//
	// Default: Duration.seconds(600)
	//
	ProgressDeadline cdk8s.Duration `field:"optional" json:"progressDeadline" yaml:"progressDeadline"`
	// Number of desired pods.
	// Default: 2.
	//
	Replicas *float64 `field:"optional" json:"replicas" yaml:"replicas"`
	// Specifies the strategy used to replace old Pods by new ones.
	// Default: - RollingUpdate with maxSurge and maxUnavailable set to 25%.
	//
	Strategy DeploymentStrategy `field:"optional" json:"strategy" yaml:"strategy"`
}

Properties for `Deployment`.

type DeploymentStrategy ¶

type DeploymentStrategy interface {
}

Deployment strategies.

func DeploymentStrategy_Recreate ¶

func DeploymentStrategy_Recreate() DeploymentStrategy

All existing Pods are killed before new ones are created. See: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#recreate-deployment

type DeploymentStrategyRollingUpdateOptions ¶

type DeploymentStrategyRollingUpdateOptions struct {
	// The maximum number of pods that can be scheduled above the desired number of pods.
	//
	// Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
	// Absolute number is calculated from percentage by rounding up.
	// This can not be 0 if `maxUnavailable` is 0.
	//
	// Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update
	// starts, such that the total number of old and new pods do not exceed 130% of desired pods.
	// Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that
	// total number of pods running at any time during the update is at most 130% of desired pods.
	// Default: '25%'.
	//
	MaxSurge PercentOrAbsolute `field:"optional" json:"maxSurge" yaml:"maxSurge"`
	// The maximum number of pods that can be unavailable during the update.
	//
	// Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
	// Absolute number is calculated from percentage by rounding down.
	// This can not be 0 if `maxSurge` is 0.
	//
	// Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired
	// pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can
	// be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total
	// number of pods available at all times during the update is at least 70% of desired pods.
	// Default: '25%'.
	//
	MaxUnavailable PercentOrAbsolute `field:"optional" json:"maxUnavailable" yaml:"maxUnavailable"`
}

Options for `DeploymentStrategy.rollingUpdate`.

type DnsOption ¶

type DnsOption struct {
	// Option name.
	Name *string `field:"required" json:"name" yaml:"name"`
	// Option value.
	// Default: - No value.
	//
	Value *string `field:"optional" json:"value" yaml:"value"`
}

Custom DNS option.

type DnsPolicy ¶

type DnsPolicy string

Pod DNS policies.

const (
	// Any DNS query that does not match the configured cluster domain suffix, such as "www.kubernetes.io", is forwarded to the upstream nameserver inherited from the node. Cluster administrators may have extra stub-domain and upstream DNS servers configured.
	DnsPolicy_CLUSTER_FIRST DnsPolicy = "CLUSTER_FIRST"
	// For Pods running with hostNetwork, you should explicitly set its DNS policy "ClusterFirstWithHostNet".
	DnsPolicy_CLUSTER_FIRST_WITH_HOST_NET DnsPolicy = "CLUSTER_FIRST_WITH_HOST_NET"
	// The Pod inherits the name resolution configuration from the node that the pods run on.
	DnsPolicy_DEFAULT DnsPolicy = "DEFAULT"
	// It allows a Pod to ignore DNS settings from the Kubernetes environment.
	//
	// All DNS settings are supposed to be provided using the dnsConfig
	// field in the Pod Spec.
	DnsPolicy_NONE DnsPolicy = "NONE"
)

type DockerConfigSecret ¶

type DockerConfigSecret interface {
	Secret
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	// Whether or not the secret is immutable.
	Immutable() *bool
	// The object kind (e.g. "Deployment").
	Kind() *string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	// Adds a string data field to the secret.
	AddStringData(key *string, value *string)
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	// Returns EnvValue object from a secret's key.
	EnvValue(key *string, options *EnvValueFromSecretOptions) EnvValue
	// Gets a string data by key or undefined.
	GetStringData(key *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

Create a secret for storing credentials for accessing a container image registry. See: https://kubernetes.io/docs/concepts/configuration/secret/#docker-config-secrets

func NewDockerConfigSecret ¶

func NewDockerConfigSecret(scope constructs.Construct, id *string, props *DockerConfigSecretProps) DockerConfigSecret

type DockerConfigSecretProps ¶

type DockerConfigSecretProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).
	//
	// If not set to true, the field can be modified at any time.
	// Default: false.
	//
	Immutable *bool `field:"optional" json:"immutable" yaml:"immutable"`
	// JSON content to provide for the `~/.docker/config.json` file. This will be stringified and inserted as stringData.
	// See: https://docs.docker.com/engine/reference/commandline/cli/#sample-configuration-file
	//
	Data *map[string]interface{} `field:"required" json:"data" yaml:"data"`
}

Options for `DockerConfigSecret`.

type EmptyDirMedium ¶

type EmptyDirMedium string

The medium on which to store the volume.

const (
	// The default volume of the backing node.
	EmptyDirMedium_DEFAULT EmptyDirMedium = "DEFAULT"
	// Mount a tmpfs (RAM-backed filesystem) for you instead.
	//
	// While tmpfs is very
	// fast, be aware that unlike disks, tmpfs is cleared on node reboot and any
	// files you write will count against your Container's memory limit.
	EmptyDirMedium_MEMORY EmptyDirMedium = "MEMORY"
)

type EmptyDirVolumeOptions ¶

type EmptyDirVolumeOptions struct {
	// By default, emptyDir volumes are stored on whatever medium is backing the node - that might be disk or SSD or network storage, depending on your environment.
	//
	// However, you can set the emptyDir.medium field to
	// `EmptyDirMedium.MEMORY` to tell Kubernetes to mount a tmpfs (RAM-backed
	// filesystem) for you instead. While tmpfs is very fast, be aware that unlike
	// disks, tmpfs is cleared on node reboot and any files you write will count
	// against your Container's memory limit.
	// Default: EmptyDirMedium.DEFAULT
	//
	Medium EmptyDirMedium `field:"optional" json:"medium" yaml:"medium"`
	// Total amount of local storage required for this EmptyDir volume.
	//
	// The size
	// limit is also applicable for memory medium. The maximum usage on memory
	// medium EmptyDir would be the minimum value between the SizeLimit specified
	// here and the sum of memory limits of all containers in a pod.
	// Default: - limit is undefined.
	//
	SizeLimit cdk8s.Size `field:"optional" json:"sizeLimit" yaml:"sizeLimit"`
}

Options for volumes populated with an empty directory.

type Env ¶

type Env interface {
	// The list of sources used to populate the container environment, in addition to the `variables`.
	//
	// Returns a copy. To add a source use `container.env.copyFrom()`.
	Sources() *[]EnvFrom
	// The environment variables for this container.
	//
	// Returns a copy. To add environment variables use `container.env.addVariable()`.
	Variables() *map[string]EnvValue
	// Add a single variable by name and value.
	//
	// The variable value can come from various dynamic sources such a secrets of config maps.
	// Use `EnvValue.fromXXX` to select sources.
	AddVariable(name *string, value EnvValue)
	// Add a collection of variables by copying from another source.
	//
	// Use `Env.fromXXX` functions to select sources.
	CopyFrom(from EnvFrom)
}

Container environment variables.

func NewEnv ¶

func NewEnv(sources *[]EnvFrom, variables *map[string]EnvValue) Env

type EnvFieldPaths ¶

type EnvFieldPaths string
const (
	// The name of the pod.
	EnvFieldPaths_POD_NAME EnvFieldPaths = "POD_NAME"
	// The namespace of the pod.
	EnvFieldPaths_POD_NAMESPACE EnvFieldPaths = "POD_NAMESPACE"
	// The uid of the pod.
	EnvFieldPaths_POD_UID EnvFieldPaths = "POD_UID"
	// The labels of the pod.
	EnvFieldPaths_POD_LABEL EnvFieldPaths = "POD_LABEL"
	// The annotations of the pod.
	EnvFieldPaths_POD_ANNOTATION EnvFieldPaths = "POD_ANNOTATION"
	// The ipAddress of the pod.
	EnvFieldPaths_POD_IP EnvFieldPaths = "POD_IP"
	// The service account name of the pod.
	EnvFieldPaths_SERVICE_ACCOUNT_NAME EnvFieldPaths = "SERVICE_ACCOUNT_NAME"
	// The name of the node.
	EnvFieldPaths_NODE_NAME EnvFieldPaths = "NODE_NAME"
	// The ipAddress of the node.
	EnvFieldPaths_NODE_IP EnvFieldPaths = "NODE_IP"
	// The ipAddresess of the pod.
	EnvFieldPaths_POD_IPS EnvFieldPaths = "POD_IPS"
)

type EnvFrom ¶

type EnvFrom interface {
}

A collection of env variables defined in other resources.

func Env_FromConfigMap ¶

func Env_FromConfigMap(configMap IConfigMap, prefix *string) EnvFrom

Selects a ConfigMap to populate the environment variables with.

The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.

func Env_FromSecret ¶

func Env_FromSecret(secr ISecret) EnvFrom

Selects a Secret to populate the environment variables with.

The contents of the target Secret's Data field will represent the key-value pairs as environment variables.

func NewEnvFrom ¶

func NewEnvFrom(configMap IConfigMap, prefix *string, sec ISecret) EnvFrom

type EnvValue ¶

type EnvValue interface {
	Value() interface{}
	ValueFrom() interface{}
}

Utility class for creating reading env values from various sources.

func EnvValue_FromConfigMap ¶

func EnvValue_FromConfigMap(configMap IConfigMap, key *string, options *EnvValueFromConfigMapOptions) EnvValue

Create a value by reading a specific key inside a config map.

func EnvValue_FromFieldRef ¶

func EnvValue_FromFieldRef(fieldPath EnvFieldPaths, options *EnvValueFromFieldRefOptions) EnvValue

Create a value from a field reference.

func EnvValue_FromProcess ¶

func EnvValue_FromProcess(key *string, options *EnvValueFromProcessOptions) EnvValue

Create a value from a key in the current process environment.

func EnvValue_FromResource ¶

func EnvValue_FromResource(resource ResourceFieldPaths, options *EnvValueFromResourceOptions) EnvValue

Create a value from a resource.

func EnvValue_FromSecretValue ¶

func EnvValue_FromSecretValue(secretValue *SecretValue, options *EnvValueFromSecretOptions) EnvValue

Defines an environment value from a secret JSON value.

func EnvValue_FromValue ¶

func EnvValue_FromValue(value *string) EnvValue

Create a value from the given argument.

type EnvValueFromConfigMapOptions ¶

type EnvValueFromConfigMapOptions struct {
	// Specify whether the ConfigMap or its key must be defined.
	// Default: false.
	//
	Optional *bool `field:"optional" json:"optional" yaml:"optional"`
}

Options to specify an envionment variable value from a ConfigMap key.

type EnvValueFromFieldRefOptions ¶

type EnvValueFromFieldRefOptions struct {
	// Version of the schema the FieldPath is written in terms of.
	ApiVersion *string `field:"optional" json:"apiVersion" yaml:"apiVersion"`
	// The key to select the pod label or annotation.
	Key *string `field:"optional" json:"key" yaml:"key"`
}

Options to specify an environment variable value from a field reference.

type EnvValueFromProcessOptions ¶

type EnvValueFromProcessOptions struct {
	// Specify whether the key must exist in the environment.
	//
	// If this is set to true, and the key does not exist, an error will thrown.
	// Default: false.
	//
	Required *bool `field:"optional" json:"required" yaml:"required"`
}

Options to specify an environment variable value from the process environment.

type EnvValueFromResourceOptions ¶

type EnvValueFromResourceOptions struct {
	// The container to select the value from.
	Container Container `field:"optional" json:"container" yaml:"container"`
	// The output format of the exposed resource.
	Divisor *string `field:"optional" json:"divisor" yaml:"divisor"`
}

Options to specify an environment variable value from a resource.

type EnvValueFromSecretOptions ¶

type EnvValueFromSecretOptions struct {
	// Specify whether the Secret or its key must be defined.
	// Default: false.
	//
	Optional *bool `field:"optional" json:"optional" yaml:"optional"`
}

Options to specify an environment variable value from a Secret.

type EphemeralStorageResources ¶

type EphemeralStorageResources struct {
	Limit   cdk8s.Size `field:"optional" json:"limit" yaml:"limit"`
	Request cdk8s.Size `field:"optional" json:"request" yaml:"request"`
}

Emphemeral storage request and limit.

type ExposeDeploymentViaIngressOptions ¶

type ExposeDeploymentViaIngressOptions struct {
	// The name of the service to expose.
	//
	// If you'd like to expose the deployment multiple times,
	// you must explicitly set a name starting from the second expose call.
	// Default: - auto generated.
	//
	Name *string `field:"optional" json:"name" yaml:"name"`
	// The ports that the service should bind to.
	// Default: - extracted from the deployment.
	//
	Ports *[]*ServicePort `field:"optional" json:"ports" yaml:"ports"`
	// The type of the exposed service.
	// Default: - ClusterIP.
	//
	ServiceType ServiceType `field:"optional" json:"serviceType" yaml:"serviceType"`
	// The ingress to add rules to.
	// Default: - An ingress will be automatically created.
	//
	Ingress Ingress `field:"optional" json:"ingress" yaml:"ingress"`
	// The type of the path.
	// Default: HttpIngressPathType.PREFIX
	//
	PathType HttpIngressPathType `field:"optional" json:"pathType" yaml:"pathType"`
}

Options for exposing a deployment via an ingress.

type ExposeServiceViaIngressOptions ¶

type ExposeServiceViaIngressOptions struct {
	// The ingress to add rules to.
	// Default: - An ingress will be automatically created.
	//
	Ingress Ingress `field:"optional" json:"ingress" yaml:"ingress"`
	// The type of the path.
	// Default: HttpIngressPathType.PREFIX
	//
	PathType HttpIngressPathType `field:"optional" json:"pathType" yaml:"pathType"`
}

Options for exposing a service using an ingress.

type FromServiceAccountNameOptions ¶

type FromServiceAccountNameOptions struct {
	// The name of the namespace the service account belongs to.
	// Default: "default".
	//
	NamespaceName *string `field:"optional" json:"namespaceName" yaml:"namespaceName"`
}

type FsGroupChangePolicy ¶

type FsGroupChangePolicy string
const (
	// Only change permissions and ownership if permission and ownership of root directory does not match with expected permissions of the volume.
	//
	// This could help shorten the time it takes to change ownership and permission of a volume.
	FsGroupChangePolicy_ON_ROOT_MISMATCH FsGroupChangePolicy = "ON_ROOT_MISMATCH"
	// Always change permission and ownership of the volume when volume is mounted.
	FsGroupChangePolicy_ALWAYS FsGroupChangePolicy = "ALWAYS"
)

type GCEPersistentDiskPersistentVolume ¶

type GCEPersistentDiskPersistentVolume interface {
	PersistentVolume
	// Access modes requirement of this claim.
	AccessModes() *[]PersistentVolumeAccessMode
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	// PVC this volume is bound to.
	//
	// Undefined means this volume is not yet
	// claimed by any PVC.
	Claim() IPersistentVolumeClaim
	// File system type of this volume.
	FsType() *string
	// The object kind (e.g. "Deployment").
	Kind() *string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// Volume mode of this volume.
	Mode() PersistentVolumeMode
	// Mount options of this volume.
	MountOptions() *[]*string
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	// Partition of this volume.
	Partition() *float64
	// PD resource in GCE of this volume.
	PdName() *string
	Permissions() ResourcePermissions
	// Whether or not it is mounted as a read-only volume.
	ReadOnly() *bool
	// Reclaim policy of this volume.
	ReclaimPolicy() PersistentVolumeReclaimPolicy
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	// Storage size of this volume.
	Storage() cdk8s.Size
	// Storage class this volume belongs to.
	StorageClassName() *string
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	// Convert the piece of storage into a concrete volume.
	AsVolume() Volume
	// Bind a volume to a specific claim.
	//
	// Note that you must also bind the claim to the volume.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#binding
	//
	Bind(claim IPersistentVolumeClaim)
	// Reserve a `PersistentVolume` by creating a `PersistentVolumeClaim` that is wired to claim this volume.
	//
	// Note that this method will throw in case the volume is already claimed.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#reserving-a-persistentvolume
	//
	Reserve() PersistentVolumeClaim
	// Returns a string representation of this construct.
	ToString() *string
}

GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod.

Provisioned by an admin. See: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

func NewGCEPersistentDiskPersistentVolume ¶

func NewGCEPersistentDiskPersistentVolume(scope constructs.Construct, id *string, props *GCEPersistentDiskPersistentVolumeProps) GCEPersistentDiskPersistentVolume

type GCEPersistentDiskPersistentVolumeProps ¶

type GCEPersistentDiskPersistentVolumeProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// Contains all ways the volume can be mounted.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes
	//
	// Default: - No access modes.
	//
	AccessModes *[]PersistentVolumeAccessMode `field:"optional" json:"accessModes" yaml:"accessModes"`
	// Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.
	//
	// Expected to be non-nil when bound.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding
	//
	// Default: - Not bound to a specific claim.
	//
	Claim IPersistentVolumeClaim `field:"optional" json:"claim" yaml:"claim"`
	// A list of mount options, e.g. ["ro", "soft"]. Not validated - mount will simply fail if one is invalid.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options
	//
	// Default: - No options.
	//
	MountOptions *[]*string `field:"optional" json:"mountOptions" yaml:"mountOptions"`
	// When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource.
	//
	// The reclaim policy tells the cluster what to do with
	// the volume after it has been released of its claim.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming
	//
	// Default: PersistentVolumeReclaimPolicy.RETAIN
	//
	ReclaimPolicy PersistentVolumeReclaimPolicy `field:"optional" json:"reclaimPolicy" yaml:"reclaimPolicy"`
	// What is the storage capacity of this volume.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
	//
	// Default: - No specified.
	//
	Storage cdk8s.Size `field:"optional" json:"storage" yaml:"storage"`
	// Name of StorageClass to which this persistent volume belongs.
	// Default: - Volume does not belong to any storage class.
	//
	StorageClassName *string `field:"optional" json:"storageClassName" yaml:"storageClassName"`
	// Defines what type of volume is required by the claim.
	// Default: VolumeMode.FILE_SYSTEM
	//
	VolumeMode PersistentVolumeMode `field:"optional" json:"volumeMode" yaml:"volumeMode"`
	// Unique name of the PD resource in GCE.
	//
	// Used to identify the disk in GCE.
	// See: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
	//
	PdName *string `field:"required" json:"pdName" yaml:"pdName"`
	// Filesystem type of the volume that you want to mount.
	//
	// Tip: Ensure that the filesystem type is supported by the host operating system.
	// See: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
	//
	// Default: 'ext4'.
	//
	FsType *string `field:"optional" json:"fsType" yaml:"fsType"`
	// The partition in the volume that you want to mount.
	//
	// If omitted, the default is to mount by volume name.
	// Examples: For volume /dev/sda1, you specify the partition as "1".
	// Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
	// Default: - No partition.
	//
	Partition *float64 `field:"optional" json:"partition" yaml:"partition"`
	// Specify "true" to force and set the ReadOnly property in VolumeMounts to "true".
	// See: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
	//
	// Default: false.
	//
	ReadOnly *bool `field:"optional" json:"readOnly" yaml:"readOnly"`
}

Properties for `GCEPersistentDiskPersistentVolume`.

type GCEPersistentDiskVolumeOptions ¶

type GCEPersistentDiskVolumeOptions struct {
	// Filesystem type of the volume that you want to mount.
	//
	// Tip: Ensure that the filesystem type is supported by the host operating system.
	// See: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
	//
	// Default: 'ext4'.
	//
	FsType *string `field:"optional" json:"fsType" yaml:"fsType"`
	// The volume name.
	// Default: - auto-generated.
	//
	Name *string `field:"optional" json:"name" yaml:"name"`
	// The partition in the volume that you want to mount.
	//
	// If omitted, the default is to mount by volume name.
	// Examples: For volume /dev/sda1, you specify the partition as "1".
	// Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
	// Default: - No partition.
	//
	Partition *float64 `field:"optional" json:"partition" yaml:"partition"`
	// Specify "true" to force and set the ReadOnly property in VolumeMounts to "true".
	// See: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
	//
	// Default: false.
	//
	ReadOnly *bool `field:"optional" json:"readOnly" yaml:"readOnly"`
}

Options of `Volume.fromGcePersistentDisk`.

type Group ¶

type Group interface {
	constructs.Construct
	ISubject
	ApiGroup() *string
	Kind() *string
	Name() *string
	// The tree node.
	Node() constructs.Node
	// Returns a string representation of this construct.
	ToString() *string
	// Return the subject configuration.
	// See: ISubect.toSubjectConfiguration()
	//
	ToSubjectConfiguration() *SubjectConfiguration
}

Represents a group.

func Group_FromName ¶

func Group_FromName(scope constructs.Construct, id *string, name *string) Group

Reference a group by name.

type Handler ¶

type Handler interface {
}

Defines a specific action that should be taken.

func Handler_FromCommand ¶

func Handler_FromCommand(command *[]*string) Handler

Defines a handler based on a command which is executed within the container.

func Handler_FromHttpGet ¶

func Handler_FromHttpGet(path *string, options *HandlerFromHttpGetOptions) Handler

Defines a handler based on an HTTP GET request to the IP address of the container.

func Handler_FromTcpSocket ¶

func Handler_FromTcpSocket(options *HandlerFromTcpSocketOptions) Handler

Defines a handler based opening a connection to a TCP socket on the container.

type HandlerFromHttpGetOptions ¶

type HandlerFromHttpGetOptions struct {
	// The TCP port to use when sending the GET request.
	// Default: - defaults to `container.port`.
	//
	Port *float64 `field:"optional" json:"port" yaml:"port"`
}

Options for `Handler.fromHttpGet`.

type HandlerFromTcpSocketOptions ¶

type HandlerFromTcpSocketOptions struct {
	// The host name to connect to on the container.
	// Default: - defaults to the pod IP.
	//
	Host *string `field:"optional" json:"host" yaml:"host"`
	// The TCP port to connect to on the container.
	// Default: - defaults to `container.port`.
	//
	Port *float64 `field:"optional" json:"port" yaml:"port"`
}

Options for `Handler.fromTcpSocket`.

type HorizontalPodAutoscaler ¶

type HorizontalPodAutoscaler interface {
	Resource
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	// The object kind (e.g. "Deployment").
	Kind() *string
	// The maximum number of replicas that can be scaled up to.
	MaxReplicas() *float64
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// The metric conditions that trigger a scale up or scale down.
	Metrics() *[]Metric
	// The minimum number of replicas that can be scaled down to.
	MinReplicas() *float64
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	// The scaling behavior when scaling down.
	ScaleDown() *ScalingRules
	// The scaling behavior when scaling up.
	ScaleUp() *ScalingRules
	// The workload to scale up or down.
	Target() IScalable
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	// Returns a string representation of this construct.
	ToString() *string
}

A HorizontalPodAutoscaler scales a workload up or down in response to a metric change.

This allows your services to scale up when demand is high and scale down when they are no longer needed.

Typical use cases for HorizontalPodAutoscaler:

  • When Memory usage is above 70%, scale up the number of replicas to meet the demand.
  • When CPU usage is below 30%, scale down the number of replicas to save resources.
  • When a service is experiencing a spike in traffic, scale up the number of replicas to meet the demand. Then, when the traffic subsides, scale down the number of replicas to save resources.

The autoscaler uses the following algorithm to determine the number of replicas to scale:

`desiredReplicas = ceil[currentReplicas * ( currentMetricValue / desiredMetricValue )]`

HorizontalPodAutoscaler's can be used to with any `Scalable` workload: * Deployment * StatefulSet

**Targets that already have a replica count defined:**

Remove any replica counts from the target resource before associating with a HorizontalPodAutoscaler. If this isn't done, then any time a change to that object is applied, Kubernetes will scale the current number of Pods to the value of the target.replicas key. This may not be desired and could lead to unexpected behavior.

Example:

const backend = new kplus.Deployment(this, 'Backend', ...);

const hpa = new kplus.HorizontalPodAutoscaler(chart, 'Hpa', {
 target: backend,
 maxReplicas: 10,
 scaleUp: {
   policies: [
     {
       replicas: kplus.Replicas.absolute(3),
       duration: Duration.minutes(5),
     },
   ],
 },
});

See: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#implicit-maintenance-mode-deactivation

func NewHorizontalPodAutoscaler ¶

func NewHorizontalPodAutoscaler(scope constructs.Construct, id *string, props *HorizontalPodAutoscalerProps) HorizontalPodAutoscaler

type HorizontalPodAutoscalerProps ¶

type HorizontalPodAutoscalerProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// The maximum number of replicas that can be scaled up to.
	MaxReplicas *float64 `field:"required" json:"maxReplicas" yaml:"maxReplicas"`
	// The workload to scale up or down.
	//
	// Scalable workload types:
	// * Deployment
	// * StatefulSet.
	Target IScalable `field:"required" json:"target" yaml:"target"`
	// The metric conditions that trigger a scale up or scale down.
	// Default: - If metrics are not provided, then the target resource
	// constraints (e.g. cpu limit) will be used as scaling metrics.
	//
	Metrics *[]Metric `field:"optional" json:"metrics" yaml:"metrics"`
	// The minimum number of replicas that can be scaled down to.
	//
	// Can be set to 0 if the alpha feature gate `HPAScaleToZero` is enabled and
	// at least one Object or External metric is configured.
	// Default: 1.
	//
	MinReplicas *float64 `field:"optional" json:"minReplicas" yaml:"minReplicas"`
	// The scaling behavior when scaling down.
	// Default: - Scale down to minReplica count with a 5 minute stabilization window.
	//
	ScaleDown *ScalingRules `field:"optional" json:"scaleDown" yaml:"scaleDown"`
	// The scaling behavior when scaling up.
	// Default: - Is the higher of:
	// * Increase no more than 4 pods per 60 seconds
	// * Double the number of pods per 60 seconds.
	//
	ScaleUp *ScalingRules `field:"optional" json:"scaleUp" yaml:"scaleUp"`
}

Properties for HorizontalPodAutoscaler.

type HostAlias ¶

type HostAlias struct {
	// Hostnames for the chosen IP address.
	Hostnames *[]*string `field:"required" json:"hostnames" yaml:"hostnames"`
	// IP address of the host file entry.
	Ip *string `field:"required" json:"ip" yaml:"ip"`
}

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's /etc/hosts file.

type HostPathVolumeOptions ¶

type HostPathVolumeOptions struct {
	// The path of the directory on the host.
	Path *string `field:"required" json:"path" yaml:"path"`
	// The expected type of the path found on the host.
	// Default: HostPathVolumeType.DEFAULT
	//
	Type HostPathVolumeType `field:"optional" json:"type" yaml:"type"`
}

Options for a HostPathVolume-based volume.

type HostPathVolumeType ¶

type HostPathVolumeType string

Host path types.

const (
	// Empty string (default) is for backward compatibility, which means that no checks will be performed before mounting the hostPath volume.
	HostPathVolumeType_DEFAULT HostPathVolumeType = "DEFAULT"
	// If nothing exists at the given path, an empty directory will be created there as needed with permission set to 0755, having the same group and ownership with Kubelet.
	HostPathVolumeType_DIRECTORY_OR_CREATE HostPathVolumeType = "DIRECTORY_OR_CREATE"
	// A directory must exist at the given path.
	HostPathVolumeType_DIRECTORY HostPathVolumeType = "DIRECTORY"
	// If nothing exists at the given path, an empty file will be created there as needed with permission set to 0644, having the same group and ownership with Kubelet.
	HostPathVolumeType_FILE_OR_CREATE HostPathVolumeType = "FILE_OR_CREATE"
	// A file must exist at the given path.
	HostPathVolumeType_FILE HostPathVolumeType = "FILE"
	// A UNIX socket must exist at the given path.
	HostPathVolumeType_SOCKET HostPathVolumeType = "SOCKET"
	// A character device must exist at the given path.
	HostPathVolumeType_CHAR_DEVICE HostPathVolumeType = "CHAR_DEVICE"
	// A block device must exist at the given path.
	HostPathVolumeType_BLOCK_DEVICE HostPathVolumeType = "BLOCK_DEVICE"
)

type HttpGetProbeOptions ¶

type HttpGetProbeOptions struct {
	// Minimum consecutive failures for the probe to be considered failed after having succeeded.
	//
	// Defaults to 3. Minimum value is 1.
	// Default: 3.
	//
	FailureThreshold *float64 `field:"optional" json:"failureThreshold" yaml:"failureThreshold"`
	// Number of seconds after the container has started before liveness probes are initiated.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
	//
	// Default: - immediate.
	//
	InitialDelaySeconds cdk8s.Duration `field:"optional" json:"initialDelaySeconds" yaml:"initialDelaySeconds"`
	// How often (in seconds) to perform the probe.
	//
	// Default to 10 seconds. Minimum value is 1.
	// Default: Duration.seconds(10) Minimum value is 1.
	//
	PeriodSeconds cdk8s.Duration `field:"optional" json:"periodSeconds" yaml:"periodSeconds"`
	// Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1.
	//
	// Must be 1 for liveness and startup. Minimum value is 1.
	// Default: 1 Must be 1 for liveness and startup. Minimum value is 1.
	//
	SuccessThreshold *float64 `field:"optional" json:"successThreshold" yaml:"successThreshold"`
	// Number of seconds after which the probe times out.
	//
	// Defaults to 1 second. Minimum value is 1.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
	//
	// Default: Duration.seconds(1)
	//
	TimeoutSeconds cdk8s.Duration `field:"optional" json:"timeoutSeconds" yaml:"timeoutSeconds"`
	// The host name to connect to on the container.
	// Default: - defaults to the pod IP.
	//
	Host *string `field:"optional" json:"host" yaml:"host"`
	// The TCP port to use when sending the GET request.
	// Default: - defaults to `container.port`.
	//
	Port *float64 `field:"optional" json:"port" yaml:"port"`
	// Scheme to use for connecting to the host (HTTP or HTTPS).
	// Default: ConnectionScheme.HTTP
	//
	Scheme ConnectionScheme `field:"optional" json:"scheme" yaml:"scheme"`
}

Options for `Probe.fromHttpGet()`.

type HttpIngressPathType ¶

type HttpIngressPathType string

Specify how the path is matched against request paths. See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types

const (
	// Matches the URL path exactly.
	HttpIngressPathType_PREFIX HttpIngressPathType = "PREFIX"
	// Matches based on a URL path prefix split by '/'.
	HttpIngressPathType_EXACT HttpIngressPathType = "EXACT"
	// Matching is specified by the underlying IngressClass.
	HttpIngressPathType_IMPLEMENTATION_SPECIFIC HttpIngressPathType = "IMPLEMENTATION_SPECIFIC"
)

type IApiEndpoint ¶

type IApiEndpoint interface {
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
}

An API Endpoint can either be a resource descriptor (e.g /pods) or a non resource url (e.g /healthz). It must be one or the other, and not both.

type IApiResource ¶

type IApiResource interface {
	// The group portion of the API version (e.g. `authorization.k8s.io`).
	ApiGroup() *string
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	//
	// Example:
	//   - "pods" or "pods/log"
	//
	// See: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources
	//
	ResourceType() *string
}

Represents a resource or collection of resources.

type IClusterRole ¶

type IClusterRole interface {
	IResource
}

Represents a cluster-level role.

func ClusterRole_FromClusterRoleName ¶

func ClusterRole_FromClusterRoleName(scope constructs.Construct, id *string, name *string) IClusterRole

Imports a role from the cluster as a reference.

type IConfigMap ¶

type IConfigMap interface {
	IResource
}

Represents a config map.

func ConfigMap_FromConfigMapName ¶

func ConfigMap_FromConfigMapName(scope constructs.Construct, id *string, name *string) IConfigMap

Represents a ConfigMap created elsewhere.

type INamespaceSelector ¶

type INamespaceSelector interface {
	constructs.IConstruct
	// Return the configuration of this selector.
	ToNamespaceSelectorConfig() *NamespaceSelectorConfig
}

Represents an object that can select namespaces.

type INetworkPolicyPeer ¶

type INetworkPolicyPeer interface {
	constructs.IConstruct
	// Return the configuration of this peer.
	ToNetworkPolicyPeerConfig() *NetworkPolicyPeerConfig
	// Convert the peer into a pod selector, if possible.
	ToPodSelector() IPodSelector
}

Describes a peer to allow traffic to/from.

type IPersistentVolume ¶

type IPersistentVolume interface {
	IResource
}

Contract of a `PersistentVolumeClaim`.

func AwsElasticBlockStorePersistentVolume_FromPersistentVolumeName ¶

func AwsElasticBlockStorePersistentVolume_FromPersistentVolumeName(scope constructs.Construct, id *string, volumeName *string) IPersistentVolume

Imports a pv from the cluster as a reference.

func AzureDiskPersistentVolume_FromPersistentVolumeName ¶

func AzureDiskPersistentVolume_FromPersistentVolumeName(scope constructs.Construct, id *string, volumeName *string) IPersistentVolume

Imports a pv from the cluster as a reference.

func GCEPersistentDiskPersistentVolume_FromPersistentVolumeName ¶

func GCEPersistentDiskPersistentVolume_FromPersistentVolumeName(scope constructs.Construct, id *string, volumeName *string) IPersistentVolume

Imports a pv from the cluster as a reference.

func PersistentVolume_FromPersistentVolumeName ¶

func PersistentVolume_FromPersistentVolumeName(scope constructs.Construct, id *string, volumeName *string) IPersistentVolume

Imports a pv from the cluster as a reference.

type IPersistentVolumeClaim ¶

type IPersistentVolumeClaim interface {
	IResource
}

Contract of a `PersistentVolumeClaim`.

func PersistentVolumeClaim_FromClaimName ¶

func PersistentVolumeClaim_FromClaimName(scope constructs.Construct, id *string, claimName *string) IPersistentVolumeClaim

Imports a pvc from the cluster as a reference.

type IPodSelector ¶

type IPodSelector interface {
	constructs.IConstruct
	// Return the configuration of this selector.
	ToPodSelectorConfig() *PodSelectorConfig
}

Represents an object that can select pods.

type IResource ¶

type IResource interface {
	IApiResource
	constructs.IConstruct
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	// The object kind (e.g. "Deployment").
	Kind() *string
	// The Kubernetes name of this resource.
	Name() *string
}

Represents a resource.

type IRole ¶

type IRole interface {
	IResource
}

A reference to any Role or ClusterRole.

func Role_FromRoleName ¶

func Role_FromRoleName(scope constructs.Construct, id *string, name *string) IRole

Imports a role from the cluster as a reference.

type IScalable ¶

type IScalable interface {
	// Called on all IScalable targets when they are associated with an autoscaler.
	MarkHasAutoscaler()
	// Return the target spec properties of this Scalable.
	ToScalingTarget() *ScalingTarget
	// If this is a target of an autoscaler.
	HasAutoscaler() *bool
	SetHasAutoscaler(h *bool)
}

Represents a scalable workload.

type ISecret ¶

type ISecret interface {
	IResource
	// Returns EnvValue object from a secret's key.
	EnvValue(key *string, options *EnvValueFromSecretOptions) EnvValue
}

func BasicAuthSecret_FromSecretName ¶

func BasicAuthSecret_FromSecretName(scope constructs.Construct, id *string, name *string) ISecret

Imports a secret from the cluster as a reference.

func DockerConfigSecret_FromSecretName ¶

func DockerConfigSecret_FromSecretName(scope constructs.Construct, id *string, name *string) ISecret

Imports a secret from the cluster as a reference.

func Secret_FromSecretName ¶

func Secret_FromSecretName(scope constructs.Construct, id *string, name *string) ISecret

Imports a secret from the cluster as a reference.

func ServiceAccountTokenSecret_FromSecretName ¶

func ServiceAccountTokenSecret_FromSecretName(scope constructs.Construct, id *string, name *string) ISecret

Imports a secret from the cluster as a reference.

func SshAuthSecret_FromSecretName ¶

func SshAuthSecret_FromSecretName(scope constructs.Construct, id *string, name *string) ISecret

Imports a secret from the cluster as a reference.

func TlsSecret_FromSecretName ¶

func TlsSecret_FromSecretName(scope constructs.Construct, id *string, name *string) ISecret

Imports a secret from the cluster as a reference.

type IServiceAccount ¶

type IServiceAccount interface {
	IResource
	ISubject
}

func ServiceAccount_FromServiceAccountName ¶

func ServiceAccount_FromServiceAccountName(scope constructs.Construct, id *string, name *string, options *FromServiceAccountNameOptions) IServiceAccount

Imports a service account from the cluster as a reference.

type IStorage ¶

type IStorage interface {
	constructs.IConstruct
	// Convert the piece of storage into a concrete volume.
	AsVolume() Volume
}

Represents a piece of storage in the cluster.

type ISubject ¶

type ISubject interface {
	constructs.IConstruct
	// Return the subject configuration.
	ToSubjectConfiguration() *SubjectConfiguration
}

Represents an object that can be used as a role binding subject.

type ImagePullPolicy ¶

type ImagePullPolicy string
const (
	// Every time the kubelet launches a container, the kubelet queries the container image registry to resolve the name to an image digest.
	//
	// If the kubelet has a container image with that exact
	// digest cached locally, the kubelet uses its cached image; otherwise, the kubelet downloads
	// (pulls) the image with the resolved digest, and uses that image to launch the container.
	//
	// Default is Always if ImagePullPolicy is omitted and either the image tag is :latest or
	// the image tag is omitted.
	ImagePullPolicy_ALWAYS ImagePullPolicy = "ALWAYS"
	// The image is pulled only if it is not already present locally.
	//
	// Default is IfNotPresent if ImagePullPolicy is omitted and the image tag is present but
	// not :latest.
	ImagePullPolicy_IF_NOT_PRESENT ImagePullPolicy = "IF_NOT_PRESENT"
	// The image is assumed to exist locally.
	//
	// No attempt is made to pull the image.
	ImagePullPolicy_NEVER ImagePullPolicy = "NEVER"
)

type Ingress ¶

type Ingress interface {
	Resource
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	// The object kind (e.g. "Deployment").
	Kind() *string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	// Defines the default backend for this ingress.
	//
	// A default backend capable of
	// servicing requests that don't match any rule.
	AddDefaultBackend(backend IngressBackend)
	// Specify a default backend for a specific host name.
	//
	// This backend will be used as a catch-all for requests
	// targeted to this host name (the `Host` header matches this value).
	AddHostDefaultBackend(host *string, backend IngressBackend)
	// Adds an ingress rule applied to requests to a specific host and a specific HTTP path (the `Host` header matches this value).
	AddHostRule(host *string, path *string, backend IngressBackend, pathType HttpIngressPathType)
	// Adds an ingress rule applied to requests sent to a specific HTTP path.
	AddRule(path *string, backend IngressBackend, pathType HttpIngressPathType)
	// Adds rules to this ingress.
	AddRules(rules ...*IngressRule)
	AddTls(tls *[]*IngressTls)
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	// Returns a string representation of this construct.
	ToString() *string
}

Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend.

An Ingress can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc.

func NewIngress ¶

func NewIngress(scope constructs.Construct, id *string, props *IngressProps) Ingress

type IngressBackend ¶

type IngressBackend interface {
}

The backend for an ingress path.

func IngressBackend_FromResource ¶

func IngressBackend_FromResource(resource IResource) IngressBackend

A Resource backend is an ObjectRef to another Kubernetes resource within the same namespace as the Ingress object.

A common usage for a Resource backend is to ingress data to an object storage backend with static assets.

func IngressBackend_FromService ¶

func IngressBackend_FromService(serv Service, options *ServiceIngressBackendOptions) IngressBackend

A Kubernetes `Service` to use as the backend for this path.

type IngressProps ¶

type IngressProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// Class Name for this ingress.
	//
	// This field is a reference to an IngressClass resource that contains
	// additional Ingress configuration, including the name of the Ingress controller.
	ClassName *string `field:"optional" json:"className" yaml:"className"`
	// The default backend services requests that do not match any rule.
	//
	// Using this option or the `addDefaultBackend()` method is equivalent to
	// adding a rule with both `path` and `host` undefined.
	DefaultBackend IngressBackend `field:"optional" json:"defaultBackend" yaml:"defaultBackend"`
	// Routing rules for this ingress.
	//
	// Each rule must define an `IngressBackend` that will receive the requests
	// that match this rule. If both `host` and `path` are not specifiec, this
	// backend will be used as the default backend of the ingress.
	//
	// You can also add rules later using `addRule()`, `addHostRule()`,
	// `addDefaultBackend()` and `addHostDefaultBackend()`.
	Rules *[]*IngressRule `field:"optional" json:"rules" yaml:"rules"`
	// TLS settings for this ingress.
	//
	// Using this option tells the ingress controller to expose a TLS endpoint.
	// Currently the Ingress only supports a single TLS port, 443. If multiple
	// members of this list specify different hosts, they will be multiplexed on
	// the same port according to the hostname specified through the SNI TLS
	// extension, if the ingress controller fulfilling the ingress supports SNI.
	Tls *[]*IngressTls `field:"optional" json:"tls" yaml:"tls"`
}

Properties for `Ingress`.

type IngressRule ¶

type IngressRule struct {
	// Backend defines the referenced service endpoint to which the traffic will be forwarded to.
	Backend IngressBackend `field:"required" json:"backend" yaml:"backend"`
	// Host is the fully qualified domain name of a network host, as defined by RFC 3986.
	//
	// Note the following deviations from the "host" part of the URI as
	// defined in the RFC: 1. IPs are not allowed. Currently an IngressRuleValue
	// can only apply to the IP in the Spec of the parent Ingress. 2. The `:`
	// delimiter is not respected because ports are not allowed. Currently the
	// port of an Ingress is implicitly :80 for http and :443 for https. Both
	// these may change in the future. Incoming requests are matched against the
	// host before the IngressRuleValue.
	// Default: - If the host is unspecified, the Ingress routes all traffic based
	// on the specified IngressRuleValue.
	//
	Host *string `field:"optional" json:"host" yaml:"host"`
	// Path is an extended POSIX regex as defined by IEEE Std 1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax) matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/'.
	// Default: - If unspecified, the path defaults to a catch all sending traffic
	// to the backend.
	//
	Path *string `field:"optional" json:"path" yaml:"path"`
	// Specify how the path is matched against request paths.
	//
	// By default, path
	// types will be matched by prefix.
	// See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types
	//
	PathType HttpIngressPathType `field:"optional" json:"pathType" yaml:"pathType"`
}

Represents the rules mapping the paths under a specified host to the related backend services.

Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching path.

type IngressTls ¶

type IngressTls struct {
	// Hosts are a list of hosts included in the TLS certificate.
	//
	// The values in
	// this list must match the name/s used in the TLS Secret.
	// Default: - If unspecified, it defaults to the wildcard host setting for
	// the loadbalancer controller fulfilling this Ingress.
	//
	Hosts *[]*string `field:"optional" json:"hosts" yaml:"hosts"`
	// Secret is the secret that contains the certificate and key used to terminate SSL traffic on 443.
	//
	// If the SNI host in a listener conflicts with
	// the "Host" header field used by an IngressRule, the SNI host is used for
	// termination and value of the Host header is used for routing.
	// Default: - If unspecified, it allows SSL routing based on SNI hostname.
	//
	Secret ISecret `field:"optional" json:"secret" yaml:"secret"`
}

Represents the TLS configuration mapping that is passed to the ingress controller for SSL termination.

type Job ¶

type Job interface {
	Workload
	// Duration before job is terminated.
	//
	// If undefined, there is no deadline.
	ActiveDeadline() cdk8s.Duration
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	AutomountServiceAccountToken() *bool
	// Number of retries before marking failed.
	BackoffLimit() *float64
	Connections() PodConnections
	Containers() *[]Container
	Dns() PodDns
	DockerRegistryAuth() ISecret
	HostAliases() *[]*HostAlias
	HostNetwork() *bool
	InitContainers() *[]Container
	Isolate() *bool
	// The object kind (e.g. "Deployment").
	Kind() *string
	// The expression matchers this workload will use in order to select pods.
	//
	// Returns a a copy. Use `select()` to add expression matchers.
	MatchExpressions() *[]*LabelSelectorRequirement
	// The label matchers this workload will use in order to select pods.
	//
	// Returns a a copy. Use `select()` to add label matchers.
	MatchLabels() *map[string]*string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// The metadata of pods in this workload.
	PodMetadata() cdk8s.ApiObjectMetadataDefinition
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	RestartPolicy() RestartPolicy
	Scheduling() WorkloadScheduling
	SecurityContext() PodSecurityContext
	ServiceAccount() IServiceAccount
	TerminationGracePeriod() cdk8s.Duration
	// TTL before the job is deleted after it is finished.
	TtlAfterFinished() cdk8s.Duration
	Volumes() *[]Volume
	AddContainer(cont *ContainerProps) Container
	AddHostAlias(hostAlias *HostAlias)
	AddInitContainer(cont *ContainerProps) Container
	AddVolume(vol Volume)
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	AttachContainer(cont Container)
	// Configure selectors for this workload.
	Select(selectors ...LabelSelector)
	// Return the configuration of this peer.
	// See: INetworkPolicyPeer.toNetworkPolicyPeerConfig()
	//
	ToNetworkPolicyPeerConfig() *NetworkPolicyPeerConfig
	// Convert the peer into a pod selector, if possible.
	// See: INetworkPolicyPeer.toPodSelector()
	//
	ToPodSelector() IPodSelector
	// Return the configuration of this selector.
	// See: IPodSelector.toPodSelectorConfig()
	//
	ToPodSelectorConfig() *PodSelectorConfig
	// Returns a string representation of this construct.
	ToString() *string
	// Return the subject configuration.
	// See: ISubect.toSubjectConfiguration()
	//
	ToSubjectConfiguration() *SubjectConfiguration
}

A Job creates one or more Pods and ensures that a specified number of them successfully terminate.

As pods successfully complete, the Job tracks the successful completions. When a specified number of successful completions is reached, the task (ie, Job) is complete. Deleting a Job will clean up the Pods it created. A simple case is to create one Job object in order to reliably run one Pod to completion. The Job object will start a new Pod if the first Pod fails or is deleted (for example due to a node hardware failure or a node reboot). You can also use a Job to run multiple Pods in parallel.

func NewJob ¶

func NewJob(scope constructs.Construct, id *string, props *JobProps) Job

type JobProps ¶

type JobProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// Indicates whether a service account token should be automatically mounted.
	// See: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
	//
	// Default: false.
	//
	AutomountServiceAccountToken *bool `field:"optional" json:"automountServiceAccountToken" yaml:"automountServiceAccountToken"`
	// List of containers belonging to the pod.
	//
	// Containers cannot currently be
	// added or removed. There must be at least one container in a Pod.
	//
	// You can add additionnal containers using `podSpec.addContainer()`
	// Default: - No containers. Note that a pod spec must include at least one container.
	//
	Containers *[]*ContainerProps `field:"optional" json:"containers" yaml:"containers"`
	// DNS settings for the pod.
	// See: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
	//
	// Default:  policy: DnsPolicy.CLUSTER_FIRST
	// hostnameAsFQDN: false.
	//
	Dns *PodDnsProps `field:"optional" json:"dns" yaml:"dns"`
	// A secret containing docker credentials for authenticating to a registry.
	// Default: - No auth. Images are assumed to be publicly available.
	//
	DockerRegistryAuth ISecret `field:"optional" json:"dockerRegistryAuth" yaml:"dockerRegistryAuth"`
	// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.
	HostAliases *[]*HostAlias `field:"optional" json:"hostAliases" yaml:"hostAliases"`
	// Host network for the pod.
	// Default: false.
	//
	HostNetwork *bool `field:"optional" json:"hostNetwork" yaml:"hostNetwork"`
	// List of initialization containers belonging to the pod.
	//
	// Init containers are executed in order prior to containers being started.
	// If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy.
	// The name for an init container or normal container must be unique among all containers.
	// Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
	// The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit
	// for each resource type, and then using the max of of that value or the sum of the normal containers.
	// Limits are applied to init containers in a similar fashion.
	//
	// Init containers cannot currently be added ,removed or updated.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
	//
	// Default: - No init containers.
	//
	InitContainers *[]*ContainerProps `field:"optional" json:"initContainers" yaml:"initContainers"`
	// Isolates the pod.
	//
	// This will prevent any ingress or egress connections to / from this pod.
	// You can however allow explicit connections post instantiation by using the `.connections` property.
	// Default: false.
	//
	Isolate *bool `field:"optional" json:"isolate" yaml:"isolate"`
	// Restart policy for all containers within the pod.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
	//
	// Default: RestartPolicy.ALWAYS
	//
	RestartPolicy RestartPolicy `field:"optional" json:"restartPolicy" yaml:"restartPolicy"`
	// SecurityContext holds pod-level security attributes and common container settings.
	// Default:   fsGroupChangePolicy: FsGroupChangePolicy.FsGroupChangePolicy.ALWAYS
	// ensureNonRoot: true.
	//
	SecurityContext *PodSecurityContextProps `field:"optional" json:"securityContext" yaml:"securityContext"`
	// A service account provides an identity for processes that run in a Pod.
	//
	// When you (a human) access the cluster (for example, using kubectl), you are
	// authenticated by the apiserver as a particular User Account (currently this
	// is usually admin, unless your cluster administrator has customized your
	// cluster). Processes in containers inside pods can also contact the
	// apiserver. When they do, they are authenticated as a particular Service
	// Account (for example, default).
	// See: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
	//
	// Default: - No service account.
	//
	ServiceAccount IServiceAccount `field:"optional" json:"serviceAccount" yaml:"serviceAccount"`
	// Grace period until the pod is terminated.
	// Default: Duration.seconds(30)
	//
	TerminationGracePeriod cdk8s.Duration `field:"optional" json:"terminationGracePeriod" yaml:"terminationGracePeriod"`
	// List of volumes that can be mounted by containers belonging to the pod.
	//
	// You can also add volumes later using `podSpec.addVolume()`
	// See: https://kubernetes.io/docs/concepts/storage/volumes
	//
	// Default: - No volumes.
	//
	Volumes *[]Volume `field:"optional" json:"volumes" yaml:"volumes"`
	// The pod metadata of this workload.
	PodMetadata *cdk8s.ApiObjectMetadata `field:"optional" json:"podMetadata" yaml:"podMetadata"`
	// Automatically allocates a pod label selector for this workload and add it to the pod metadata.
	//
	// This ensures this workload manages pods created by
	// its pod template.
	// Default: true.
	//
	Select *bool `field:"optional" json:"select" yaml:"select"`
	// Automatically spread pods across hostname and zones.
	// See: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#internal-default-constraints
	//
	// Default: false.
	//
	Spread *bool `field:"optional" json:"spread" yaml:"spread"`
	// Specifies the duration the job may be active before the system tries to terminate it.
	// Default: - If unset, then there is no deadline.
	//
	ActiveDeadline cdk8s.Duration `field:"optional" json:"activeDeadline" yaml:"activeDeadline"`
	// Specifies the number of retries before marking this job failed.
	// Default: - If not set, system defaults to 6.
	//
	BackoffLimit *float64 `field:"optional" json:"backoffLimit" yaml:"backoffLimit"`
	// Limits the lifetime of a Job that has finished execution (either Complete or Failed).
	//
	// If this field is set, after the Job finishes, it is eligible to
	// be automatically deleted. When the Job is being deleted, its lifecycle
	// guarantees (e.g. finalizers) will be honored. If this field is set to zero,
	// the Job becomes eligible to be deleted immediately after it finishes. This
	// field is alpha-level and is only honored by servers that enable the
	// `TTLAfterFinished` feature.
	// Default: - If this field is unset, the Job won't be automatically deleted.
	//
	TtlAfterFinished cdk8s.Duration `field:"optional" json:"ttlAfterFinished" yaml:"ttlAfterFinished"`
}

Properties for `Job`.

type LabelExpression ¶

type LabelExpression interface {
	Key() *string
	Operator() *string
	Values() *[]*string
}

Represents a query that can be performed against resources with labels.

func LabelExpression_DoesNotExist ¶

func LabelExpression_DoesNotExist(key *string) LabelExpression

Requires label `key` to not exist.

func LabelExpression_Exists ¶

func LabelExpression_Exists(key *string) LabelExpression

Requires label `key` to exist.

func LabelExpression_In ¶

func LabelExpression_In(key *string, values *[]*string) LabelExpression

Requires value of label `key` to be one of `values`.

func LabelExpression_NotIn ¶

func LabelExpression_NotIn(key *string, values *[]*string) LabelExpression

Requires value of label `key` to be none of `values`.

type LabelSelector ¶

type LabelSelector interface {
	IsEmpty() *bool
}

Match a resource by labels.

func LabelSelector_Of ¶

func LabelSelector_Of(options *LabelSelectorOptions) LabelSelector

type LabelSelectorOptions ¶

type LabelSelectorOptions struct {
	// Expression based label matchers.
	Expressions *[]LabelExpression `field:"optional" json:"expressions" yaml:"expressions"`
	// Strict label matchers.
	Labels *map[string]*string `field:"optional" json:"labels" yaml:"labels"`
}

Options for `LabelSelector.of`.

type LabelSelectorRequirement ¶

type LabelSelectorRequirement struct {
	// The label key that the selector applies to.
	Key *string `field:"required" json:"key" yaml:"key"`
	// Represents a key's relationship to a set of values.
	Operator *string `field:"required" json:"operator" yaml:"operator"`
	// An array of string values.
	//
	// If the operator is In or NotIn, the values array
	// must be non-empty. If the operator is Exists or DoesNotExist,
	// the values array must be empty. This array is replaced during a strategic merge patch.
	Values *[]*string `field:"optional" json:"values" yaml:"values"`
}

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

type LabeledNode ¶

type LabeledNode interface {
	LabelSelector() *[]NodeLabelQuery
}

A node that is matched by label selectors.

func NewLabeledNode ¶

func NewLabeledNode(labelSelector *[]NodeLabelQuery) LabeledNode

func Node_Labeled ¶

func Node_Labeled(labelSelector ...NodeLabelQuery) LabeledNode

Match a node by its labels.

type MemoryResources ¶

type MemoryResources struct {
	Limit   cdk8s.Size `field:"optional" json:"limit" yaml:"limit"`
	Request cdk8s.Size `field:"optional" json:"request" yaml:"request"`
}

Memory request and limit.

type Metric ¶

type Metric interface {
	Type() *string
}

A metric condition that HorizontalPodAutoscaler's scale on.

func Metric_ContainerCpu ¶

func Metric_ContainerCpu(options *MetricContainerResourceOptions) Metric

Metric that tracks the CPU of a container.

This metric will be tracked across all pods of the current scale target.

func Metric_ContainerEphemeralStorage ¶

func Metric_ContainerEphemeralStorage(options *MetricContainerResourceOptions) Metric

Metric that tracks the local ephemeral storage of a container.

This metric will be tracked across all pods of the current scale target.

func Metric_ContainerMemory ¶

func Metric_ContainerMemory(options *MetricContainerResourceOptions) Metric

Metric that tracks the Memory of a container.

This metric will be tracked across all pods of the current scale target.

func Metric_ContainerStorage ¶

func Metric_ContainerStorage(options *MetricContainerResourceOptions) Metric

Metric that tracks the volume size of a container.

This metric will be tracked across all pods of the current scale target.

func Metric_External ¶

func Metric_External(options *MetricOptions) Metric

A global metric that is not associated with any Kubernetes object.

Allows for autoscaling based on information coming from components running outside of the cluster.

Use case: * Scale up when the length of an SQS queue is greater than 10 messages. * Scale down when an outside load balancer's queries are less than 10000 per second.

func Metric_Object ¶

func Metric_Object(options *MetricObjectOptions) Metric

Metric that describes a metric of a kubernetes object.

Use case: * Scale on a Kubernetes Ingress's hits-per-second metric.

func Metric_Pods ¶

func Metric_Pods(options *MetricOptions) Metric

A pod metric that will be averaged across all pods of the current scale target.

Use case: * Average CPU utilization across all pods * Transactions processed per second across all pods.

func Metric_ResourceCpu ¶

func Metric_ResourceCpu(target MetricTarget) Metric

Tracks the available CPU of the pods in a target.

Note: Since the resource usages of all the containers are summed up the total pod utilization may not accurately represent the individual container resource usage. This could lead to situations where a single container might be running with high usage and the HPA will not scale out because the overall pod usage is still within acceptable limits.

Use case: * Scale up when CPU is above 40%.

func Metric_ResourceEphemeralStorage ¶

func Metric_ResourceEphemeralStorage(target MetricTarget) Metric

Tracks the available Ephemeral Storage of the pods in a target.

Note: Since the resource usages of all the containers are summed up the total pod utilization may not accurately represent the individual container resource usage. This could lead to situations where a single container might be running with high usage and the HPA will not scale out because the overall pod usage is still within acceptable limits.

func Metric_ResourceMemory ¶

func Metric_ResourceMemory(target MetricTarget) Metric

Tracks the available Memory of the pods in a target.

Note: Since the resource usages of all the containers are summed up the total pod utilization may not accurately represent the individual container resource usage. This could lead to situations where a single container might be running with high usage and the HPA will not scale out because the overall pod usage is still within acceptable limits.

Use case: * Scale up when Memory is above 512MB.

func Metric_ResourceStorage ¶

func Metric_ResourceStorage(target MetricTarget) Metric

Tracks the available Storage of the pods in a target.

Note: Since the resource usages of all the containers are summed up the total pod utilization may not accurately represent the individual container resource usage. This could lead to situations where a single container might be running with high usage and the HPA will not scale out because the overall pod usage is still within acceptable limits.

type MetricContainerResourceOptions ¶

type MetricContainerResourceOptions struct {
	// Container where the metric can be found.
	Container Container `field:"required" json:"container" yaml:"container"`
	// Target metric value that will trigger scaling.
	Target MetricTarget `field:"required" json:"target" yaml:"target"`
}

Options for `Metric.containerResource()`.

type MetricObjectOptions ¶

type MetricObjectOptions struct {
	// The name of the metric to scale on.
	Name *string `field:"required" json:"name" yaml:"name"`
	// The target metric value that will trigger scaling.
	Target MetricTarget `field:"required" json:"target" yaml:"target"`
	// A selector to find a metric by label.
	//
	// When set, it is passed as an additional parameter to the metrics server
	// for more specific metrics scoping.
	// Default: - Just the metric 'name' will be used to gather metrics.
	//
	LabelSelector LabelSelector `field:"optional" json:"labelSelector" yaml:"labelSelector"`
	// Resource where the metric can be found.
	Object IResource `field:"required" json:"object" yaml:"object"`
}

Options for `Metric.object()`.

type MetricOptions ¶

type MetricOptions struct {
	// The name of the metric to scale on.
	Name *string `field:"required" json:"name" yaml:"name"`
	// The target metric value that will trigger scaling.
	Target MetricTarget `field:"required" json:"target" yaml:"target"`
	// A selector to find a metric by label.
	//
	// When set, it is passed as an additional parameter to the metrics server
	// for more specific metrics scoping.
	// Default: - Just the metric 'name' will be used to gather metrics.
	//
	LabelSelector LabelSelector `field:"optional" json:"labelSelector" yaml:"labelSelector"`
}

Base options for a Metric.

type MetricTarget ¶

type MetricTarget interface {
}

A metric condition that will trigger scaling behavior when satisfied.

Example:

MetricTarget.averageUtilization(70); // 70% average utilization

func MetricTarget_AverageUtilization ¶

func MetricTarget_AverageUtilization(averageUtilization *float64) MetricTarget

Target a percentage value across all relevant pods.

func MetricTarget_AverageValue ¶

func MetricTarget_AverageValue(averageValue *float64) MetricTarget

Target the average value across all relevant pods.

func MetricTarget_Value ¶

func MetricTarget_Value(value *float64) MetricTarget

Target a specific target value.

type MountOptions ¶

type MountOptions struct {
	// Determines how mounts are propagated from the host to container and the other way around.
	//
	// When not set, MountPropagationNone is used.
	//
	// Mount propagation allows for sharing volumes mounted by a Container to
	// other Containers in the same Pod, or even to other Pods on the same node.
	// Default: MountPropagation.NONE
	//
	Propagation MountPropagation `field:"optional" json:"propagation" yaml:"propagation"`
	// Mounted read-only if true, read-write otherwise (false or unspecified).
	//
	// Defaults to false.
	// Default: false.
	//
	ReadOnly *bool `field:"optional" json:"readOnly" yaml:"readOnly"`
	// Path within the volume from which the container's volume should be mounted.).
	// Default: "" the volume's root.
	//
	SubPath *string `field:"optional" json:"subPath" yaml:"subPath"`
	// Expanded path within the volume from which the container's volume should be mounted.
	//
	// Behaves similarly to SubPath but environment variable references
	// $(VAR_NAME) are expanded using the container's environment. Defaults to ""
	// (volume's root).
	//
	// `subPathExpr` and `subPath` are mutually exclusive.
	// Default: "" volume's root.
	//
	SubPathExpr *string `field:"optional" json:"subPathExpr" yaml:"subPathExpr"`
}

Options for mounts.

type MountPropagation ¶

type MountPropagation string
const (
	// This volume mount will not receive any subsequent mounts that are mounted to this volume or any of its subdirectories by the host.
	//
	// In similar
	// fashion, no mounts created by the Container will be visible on the host.
	//
	// This is the default mode.
	//
	// This mode is equal to `private` mount propagation as described in the Linux
	// kernel documentation.
	MountPropagation_NONE MountPropagation = "NONE"
	// This volume mount will receive all subsequent mounts that are mounted to this volume or any of its subdirectories.
	//
	// In other words, if the host mounts anything inside the volume mount, the
	// Container will see it mounted there.
	//
	// Similarly, if any Pod with Bidirectional mount propagation to the same
	// volume mounts anything there, the Container with HostToContainer mount
	// propagation will see it.
	//
	// This mode is equal to `rslave` mount propagation as described in the Linux
	// kernel documentation.
	MountPropagation_HOST_TO_CONTAINER MountPropagation = "HOST_TO_CONTAINER"
	// This volume mount behaves the same the HostToContainer mount.
	//
	// In addition,
	// all volume mounts created by the Container will be propagated back to the
	// host and to all Containers of all Pods that use the same volume
	//
	// A typical use case for this mode is a Pod with a FlexVolume or CSI driver
	// or a Pod that needs to mount something on the host using a hostPath volume.
	//
	// This mode is equal to `rshared` mount propagation as described in the Linux
	// kernel documentation
	//
	// Caution: Bidirectional mount propagation can be dangerous. It can damage
	// the host operating system and therefore it is allowed only in privileged
	// Containers. Familiarity with Linux kernel behavior is strongly recommended.
	// In addition, any volume mounts created by Containers in Pods must be
	// destroyed (unmounted) by the Containers on termination.
	MountPropagation_BIDIRECTIONAL MountPropagation = "BIDIRECTIONAL"
)

type NamedNode ¶

type NamedNode interface {
	Name() *string
}

A node that is matched by its name.

func NewNamedNode ¶

func NewNamedNode(name *string) NamedNode

func Node_Named ¶

func Node_Named(nodeName *string) NamedNode

Match a node by its name.

type Namespace ¶

type Namespace interface {
	Resource
	INamespaceSelector
	INetworkPolicyPeer
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	// The object kind (e.g. "Deployment").
	Kind() *string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	// Return the configuration of this selector.
	// See: INamespaceSelector.toNamespaceSelectorConfig()
	//
	ToNamespaceSelectorConfig() *NamespaceSelectorConfig
	// Return the configuration of this peer.
	// See: INetworkPolicyPeer.toNetworkPolicyPeerConfig()
	//
	ToNetworkPolicyPeerConfig() *NetworkPolicyPeerConfig
	// Convert the peer into a pod selector, if possible.
	// See: INetworkPolicyPeer.toPodSelector()
	//
	ToPodSelector() IPodSelector
	// Returns a string representation of this construct.
	ToString() *string
}

In Kubernetes, namespaces provides a mechanism for isolating groups of resources within a single cluster.

Names of resources need to be unique within a namespace, but not across namespaces. Namespace-based scoping is applicable only for namespaced objects (e.g. Deployments, Services, etc) and not for cluster-wide objects (e.g. StorageClass, Nodes, PersistentVolumes, etc).

func NewNamespace ¶

func NewNamespace(scope constructs.Construct, id *string, props *NamespaceProps) Namespace

type NamespaceProps ¶

type NamespaceProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
}

Properties for `Namespace`.

type NamespaceSelectorConfig ¶

type NamespaceSelectorConfig struct {
	// A selector to select namespaces by labels.
	LabelSelector LabelSelector `field:"optional" json:"labelSelector" yaml:"labelSelector"`
	// A list of names to select namespaces by names.
	Names *[]*string `field:"optional" json:"names" yaml:"names"`
}

Configuration for selecting namespaces.

type Namespaces ¶

type Namespaces interface {
	constructs.Construct
	INamespaceSelector
	INetworkPolicyPeer
	// The tree node.
	Node() constructs.Node
	// Return the configuration of this selector.
	// See: INamespaceSelector.toNamespaceSelectorConfig()
	//
	ToNamespaceSelectorConfig() *NamespaceSelectorConfig
	// Return the configuration of this peer.
	// See: INetworkPolicyPeer.toNetworkPolicyPeerConfig()
	//
	ToNetworkPolicyPeerConfig() *NetworkPolicyPeerConfig
	// Convert the peer into a pod selector, if possible.
	// See: INetworkPolicyPeer.toPodSelector()
	//
	ToPodSelector() IPodSelector
	// Returns a string representation of this construct.
	ToString() *string
}

Represents a group of namespaces.

func Namespaces_All ¶

func Namespaces_All(scope constructs.Construct, id *string) Namespaces

Select all namespaces.

func Namespaces_Select ¶

func Namespaces_Select(scope constructs.Construct, id *string, options *NamespacesSelectOptions) Namespaces

Select specific namespaces.

func NewNamespaces ¶

func NewNamespaces(scope constructs.Construct, id *string, expressions *[]LabelExpression, names *[]*string, labels *map[string]*string) Namespaces

type NamespacesSelectOptions ¶

type NamespacesSelectOptions struct {
	// Namespaces must satisfy these selectors.
	//
	// The selectors query labels, just like the `labels` property, but they
	// provide a more advanced matching mechanism.
	// Default: - no selector requirements.
	//
	Expressions *[]LabelExpression `field:"optional" json:"expressions" yaml:"expressions"`
	// Labels the namespaces must have.
	//
	// This is equivalent to using an 'Is' selector.
	// Default: - no strict labels requirements.
	//
	Labels *map[string]*string `field:"optional" json:"labels" yaml:"labels"`
	// Namespaces names must be one of these.
	// Default: - no name requirements.
	//
	Names *[]*string `field:"optional" json:"names" yaml:"names"`
}

Options for `Namespaces.select`.

type NetworkPolicy ¶

type NetworkPolicy interface {
	Resource
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	// The object kind (e.g. "Deployment").
	Kind() *string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	// Allow outgoing traffic to the peer.
	//
	// If ports are not passed, traffic will be allowed on all ports.
	AddEgressRule(peer INetworkPolicyPeer, ports *[]NetworkPolicyPort)
	// Allow incoming traffic from the peer.
	//
	// If ports are not passed, traffic will be allowed on all ports.
	AddIngressRule(peer INetworkPolicyPeer, ports *[]NetworkPolicyPort)
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	// Returns a string representation of this construct.
	ToString() *string
}

Control traffic flow at the IP address or port level (OSI layer 3 or 4), network policies are an application-centric construct which allow you to specify how a pod is allowed to communicate with various network peers.

  • Outgoing traffic is allowed if there are no network policies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the network policies that select the pod.
  • Incoming traffic is allowed to a pod if there are no network policies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the network policies that select the pod.

Network policies do not conflict; they are additive. If any policy or policies apply to a given pod for a given direction, the connections allowed in that direction from that pod is the union of what the applicable policies allow. Thus, order of evaluation does not affect the policy result.

For a connection from a source pod to a destination pod to be allowed, both the egress policy on the source pod and the ingress policy on the destination pod need to allow the connection. If either side does not allow the connection, it will not happen. See: https://kubernetes.io/docs/concepts/services-networking/network-policies/#networkpolicy-resource

func NewNetworkPolicy ¶

func NewNetworkPolicy(scope constructs.Construct, id *string, props *NetworkPolicyProps) NetworkPolicy

type NetworkPolicyAddEgressRuleOptions ¶

type NetworkPolicyAddEgressRuleOptions struct {
	// Ports the rule should allow outgoing traffic to.
	// Default: - If the peer is a managed pod, take its ports. Otherwise, all ports are allowed.
	//
	Ports *[]NetworkPolicyPort `field:"optional" json:"ports" yaml:"ports"`
}

Options for `NetworkPolicy.addEgressRule`.

type NetworkPolicyIpBlock ¶

type NetworkPolicyIpBlock interface {
	constructs.Construct
	INetworkPolicyPeer
	// A string representing the IP Block Valid examples are "192.168.1.1/24" or "2001:db9::/64".
	Cidr() *string
	// A slice of CIDRs that should not be included within an IP Block Valid examples are "192.168.1.1/24" or "2001:db9::/64". Except values will be rejected if they are outside the CIDR range.
	Except() *[]*string
	// The tree node.
	Node() constructs.Node
	// Return the configuration of this peer.
	// See: INetworkPolicyPeer.toNetworkPolicyPeerConfig()
	//
	ToNetworkPolicyPeerConfig() *NetworkPolicyPeerConfig
	// Convert the peer into a pod selector, if possible.
	// See: INetworkPolicyPeer.toPodSelector()
	//
	ToPodSelector() IPodSelector
	// Returns a string representation of this construct.
	ToString() *string
}

Describes a particular CIDR (Ex.

"192.168.1.1/24","2001:db9::/64") that is allowed to the pods matched by a network policy selector. The except entry describes CIDRs that should not be included within this rule.

func NetworkPolicyIpBlock_AnyIpv4 ¶

func NetworkPolicyIpBlock_AnyIpv4(scope constructs.Construct, id *string) NetworkPolicyIpBlock

Any IPv4 address.

func NetworkPolicyIpBlock_AnyIpv6 ¶

func NetworkPolicyIpBlock_AnyIpv6(scope constructs.Construct, id *string) NetworkPolicyIpBlock

Any IPv6 address.

func NetworkPolicyIpBlock_Ipv4 ¶

func NetworkPolicyIpBlock_Ipv4(scope constructs.Construct, id *string, cidrIp *string, except *[]*string) NetworkPolicyIpBlock

Create an IPv4 peer from a CIDR.

func NetworkPolicyIpBlock_Ipv6 ¶

func NetworkPolicyIpBlock_Ipv6(scope constructs.Construct, id *string, cidrIp *string, except *[]*string) NetworkPolicyIpBlock

Create an IPv6 peer from a CIDR.

type NetworkPolicyPeerConfig ¶

type NetworkPolicyPeerConfig struct {
	// The ip block this peer represents.
	IpBlock NetworkPolicyIpBlock `field:"optional" json:"ipBlock" yaml:"ipBlock"`
	// The pod selector this peer represents.
	PodSelector *PodSelectorConfig `field:"optional" json:"podSelector" yaml:"podSelector"`
}

Configuration for network peers.

A peer can either by an ip block, or a selection of pods, not both.

type NetworkPolicyPort ¶

type NetworkPolicyPort interface {
}

Describes a port to allow traffic on.

func NetworkPolicyPort_AllTcp ¶

func NetworkPolicyPort_AllTcp() NetworkPolicyPort

Any TCP traffic.

func NetworkPolicyPort_AllUdp ¶

func NetworkPolicyPort_AllUdp() NetworkPolicyPort

Any UDP traffic.

func NetworkPolicyPort_Of ¶

func NetworkPolicyPort_Of(props *NetworkPolicyPortProps) NetworkPolicyPort

Custom port configuration.

func NetworkPolicyPort_Tcp ¶

func NetworkPolicyPort_Tcp(port *float64) NetworkPolicyPort

Distinct TCP ports.

func NetworkPolicyPort_TcpRange ¶

func NetworkPolicyPort_TcpRange(startPort *float64, endPort *float64) NetworkPolicyPort

A TCP port range.

func NetworkPolicyPort_Udp ¶

func NetworkPolicyPort_Udp(port *float64) NetworkPolicyPort

Distinct UDP ports.

func NetworkPolicyPort_UdpRange ¶

func NetworkPolicyPort_UdpRange(startPort *float64, endPort *float64) NetworkPolicyPort

A UDP port range.

type NetworkPolicyPortProps ¶

type NetworkPolicyPortProps struct {
	// End port (relative to `port`).
	//
	// Only applies if `port` is defined.
	// Use this to specify a port range, rather that a specific one.
	// Default: - not a port range.
	//
	EndPort *float64 `field:"optional" json:"endPort" yaml:"endPort"`
	// Specific port number.
	// Default: - all ports are allowed.
	//
	Port *float64 `field:"optional" json:"port" yaml:"port"`
	// Protocol.
	// Default: NetworkProtocol.TCP
	//
	Protocol NetworkProtocol `field:"optional" json:"protocol" yaml:"protocol"`
}

Properties for `NetworkPolicyPort`.

type NetworkPolicyProps ¶

type NetworkPolicyProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// Egress traffic configuration.
	// Default: - the policy doesn't change egress behavior of the pods it selects.
	//
	Egress *NetworkPolicyTraffic `field:"optional" json:"egress" yaml:"egress"`
	// Ingress traffic configuration.
	// Default: - the policy doesn't change ingress behavior of the pods it selects.
	//
	Ingress *NetworkPolicyTraffic `field:"optional" json:"ingress" yaml:"ingress"`
	// Which pods does this policy object applies to.
	//
	// This can either be a single pod / workload, or a grouping of pods selected
	// via the `Pods.select` function. Rules is applied to any pods selected by this property.
	// Multiple network policies can select the same set of pods.
	// In this case, the rules for each are combined additively.
	//
	// Note that.
	// Default: - will select all pods in the namespace of the policy.
	//
	Selector IPodSelector `field:"optional" json:"selector" yaml:"selector"`
}

Properties for `NetworkPolicy`.

type NetworkPolicyRule ¶

type NetworkPolicyRule struct {
	// Peer this rule interacts with.
	Peer INetworkPolicyPeer `field:"required" json:"peer" yaml:"peer"`
	// The ports of the rule.
	// Default: - traffic is allowed on all ports.
	//
	Ports *[]NetworkPolicyPort `field:"optional" json:"ports" yaml:"ports"`
}

Describes a rule allowing traffic from / to pods matched by a network policy selector.

type NetworkPolicyTraffic ¶

type NetworkPolicyTraffic struct {
	// Specifies the default behavior of the policy when no rules are defined.
	// Default: - unset, the policy does not change the behavior.
	//
	Default NetworkPolicyTrafficDefault `field:"optional" json:"default" yaml:"default"`
	// List of rules to be applied to the selected pods.
	//
	// If empty, the behavior of the policy is dictated by the `default` property.
	// Default: - no rules.
	//
	Rules *[]*NetworkPolicyRule `field:"optional" json:"rules" yaml:"rules"`
}

Describes how the network policy should configure egress / ingress traffic.

type NetworkPolicyTrafficDefault ¶

type NetworkPolicyTrafficDefault string

Default behaviors of network traffic in policies.

const (
	// The policy denies all traffic.
	//
	// Since rules are additive, additional rules or policies can allow
	// specific traffic.
	NetworkPolicyTrafficDefault_DENY NetworkPolicyTrafficDefault = "DENY"
	// The policy allows all traffic (either ingress or egress).
	//
	// Since rules are additive, no additional rule or policies can
	// subsequently deny the traffic.
	NetworkPolicyTrafficDefault_ALLOW NetworkPolicyTrafficDefault = "ALLOW"
)

type NetworkProtocol ¶

type NetworkProtocol string

Network protocols.

const (
	// TCP.
	NetworkProtocol_TCP NetworkProtocol = "TCP"
	// UDP.
	NetworkProtocol_UDP NetworkProtocol = "UDP"
	// SCTP.
	NetworkProtocol_SCTP NetworkProtocol = "SCTP"
)

type NfsVolumeOptions ¶

type NfsVolumeOptions struct {
	// Path that is exported by the NFS server.
	Path *string `field:"required" json:"path" yaml:"path"`
	// Server is the hostname or IP address of the NFS server.
	Server *string `field:"required" json:"server" yaml:"server"`
	// If set to true, will force the NFS export to be mounted with read-only permissions.
	// Default: - false.
	//
	ReadOnly *bool `field:"optional" json:"readOnly" yaml:"readOnly"`
}

Options for the NFS based volume.

type Node ¶

type Node interface {
}

Represents a node in the cluster.

func NewNode ¶

func NewNode() Node

type NodeLabelQuery ¶

type NodeLabelQuery interface {
}

Represents a query that can be performed against nodes with labels.

func NodeLabelQuery_DoesNotExist ¶

func NodeLabelQuery_DoesNotExist(key *string) NodeLabelQuery

Requires label `key` to not exist.

func NodeLabelQuery_Exists ¶

func NodeLabelQuery_Exists(key *string) NodeLabelQuery

Requires label `key` to exist.

func NodeLabelQuery_Gt ¶

func NodeLabelQuery_Gt(key *string, values *[]*string) NodeLabelQuery

Requires value of label `key` to greater than all elements in `values`.

func NodeLabelQuery_In ¶

func NodeLabelQuery_In(key *string, values *[]*string) NodeLabelQuery

Requires value of label `key` to be one of `values`.

func NodeLabelQuery_Is ¶

func NodeLabelQuery_Is(key *string, value *string) NodeLabelQuery

Requires value of label `key` to equal `value`.

func NodeLabelQuery_Lt ¶

func NodeLabelQuery_Lt(key *string, values *[]*string) NodeLabelQuery

Requires value of label `key` to less than all elements in `values`.

func NodeLabelQuery_NotIn ¶

func NodeLabelQuery_NotIn(key *string, values *[]*string) NodeLabelQuery

Requires value of label `key` to be none of `values`.

type NodeTaintQuery ¶

type NodeTaintQuery interface {
}

Taint queries that can be perfomed against nodes.

func NodeTaintQuery_Any ¶

func NodeTaintQuery_Any() NodeTaintQuery

Matches any taint.

func NodeTaintQuery_Exists ¶

func NodeTaintQuery_Exists(key *string, options *NodeTaintQueryOptions) NodeTaintQuery

Matches a tain with any value of a specific key.

func NodeTaintQuery_Is ¶

func NodeTaintQuery_Is(key *string, value *string, options *NodeTaintQueryOptions) NodeTaintQuery

Matches a taint with a specific key and value.

type NodeTaintQueryOptions ¶

type NodeTaintQueryOptions struct {
	// The taint effect to match.
	// Default: - all effects are matched.
	//
	Effect TaintEffect `field:"optional" json:"effect" yaml:"effect"`
	// How much time should a pod that tolerates the `NO_EXECUTE` effect be bound to the node.
	//
	// Only applies for the `NO_EXECUTE` effect.
	// Default: - bound forever.
	//
	EvictAfter cdk8s.Duration `field:"optional" json:"evictAfter" yaml:"evictAfter"`
}

Options for `NodeTaintQuery`.

type NonApiResource ¶

type NonApiResource interface {
	IApiEndpoint
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
}

Factory for creating non api resources.

func NonApiResource_Of ¶

func NonApiResource_Of(url *string) NonApiResource

type PathMapping ¶

type PathMapping struct {
	// The relative path of the file to map the key to.
	//
	// May not be an absolute
	// path. May not contain the path element '..'. May not start with the string
	// '..'.
	Path *string `field:"required" json:"path" yaml:"path"`
	// Optional: mode bits to use on this file, must be a value between 0 and 0777.
	//
	// If not specified, the volume defaultMode will be used. This might be
	// in conflict with other options that affect the file mode, like fsGroup, and
	// the result can be other mode bits set.
	Mode *float64 `field:"optional" json:"mode" yaml:"mode"`
}

Maps a string key to a path within a volume.

type PercentOrAbsolute ¶

type PercentOrAbsolute interface {
	Value() interface{}
	IsZero() *bool
}

Union like class repsenting either a ration in percents or an absolute number.

func PercentOrAbsolute_Absolute ¶

func PercentOrAbsolute_Absolute(num *float64) PercentOrAbsolute

Absolute number.

func PercentOrAbsolute_Percent ¶

func PercentOrAbsolute_Percent(percent *float64) PercentOrAbsolute

Percent ratio.

type PersistentVolume ¶

type PersistentVolume interface {
	Resource
	IPersistentVolume
	IStorage
	// Access modes requirement of this claim.
	AccessModes() *[]PersistentVolumeAccessMode
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	// PVC this volume is bound to.
	//
	// Undefined means this volume is not yet
	// claimed by any PVC.
	Claim() IPersistentVolumeClaim
	// The object kind (e.g. "Deployment").
	Kind() *string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// Volume mode of this volume.
	Mode() PersistentVolumeMode
	// Mount options of this volume.
	MountOptions() *[]*string
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// Reclaim policy of this volume.
	ReclaimPolicy() PersistentVolumeReclaimPolicy
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	// Storage size of this volume.
	Storage() cdk8s.Size
	// Storage class this volume belongs to.
	StorageClassName() *string
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	// Convert the piece of storage into a concrete volume.
	AsVolume() Volume
	// Bind a volume to a specific claim.
	//
	// Note that you must also bind the claim to the volume.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#binding
	//
	Bind(claim IPersistentVolumeClaim)
	// Reserve a `PersistentVolume` by creating a `PersistentVolumeClaim` that is wired to claim this volume.
	//
	// Note that this method will throw in case the volume is already claimed.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#reserving-a-persistentvolume
	//
	Reserve() PersistentVolumeClaim
	// Returns a string representation of this construct.
	ToString() *string
}

A PersistentVolume (PV) is a piece of storage in the cluster that has been provisioned by an administrator or dynamically provisioned using Storage Classes.

It is a resource in the cluster just like a node is a cluster resource. PVs are volume plugins like Volumes, but have a lifecycle independent of any individual Pod that uses the PV. This API object captures the details of the implementation of the storage, be that NFS, iSCSI, or a cloud-provider-specific storage system.

func NewPersistentVolume ¶

func NewPersistentVolume(scope constructs.Construct, id *string, props *PersistentVolumeProps) PersistentVolume

type PersistentVolumeAccessMode ¶

type PersistentVolumeAccessMode string

Access Modes.

const (
	// The volume can be mounted as read-write by a single node.
	//
	// ReadWriteOnce access mode still can allow multiple pods to access
	// the volume when the pods are running on the same node.
	PersistentVolumeAccessMode_READ_WRITE_ONCE PersistentVolumeAccessMode = "READ_WRITE_ONCE"
	// The volume can be mounted as read-only by many nodes.
	PersistentVolumeAccessMode_READ_ONLY_MANY PersistentVolumeAccessMode = "READ_ONLY_MANY"
	// The volume can be mounted as read-write by many nodes.
	PersistentVolumeAccessMode_READ_WRITE_MANY PersistentVolumeAccessMode = "READ_WRITE_MANY"
	// The volume can be mounted as read-write by a single Pod.
	//
	// Use ReadWriteOncePod access mode if you want to ensure that
	// only one pod across whole cluster can read that PVC or write to it.
	// This is only supported for CSI volumes and Kubernetes version 1.22+.
	PersistentVolumeAccessMode_READ_WRITE_ONCE_POD PersistentVolumeAccessMode = "READ_WRITE_ONCE_POD"
)

type PersistentVolumeClaim ¶

type PersistentVolumeClaim interface {
	Resource
	IPersistentVolumeClaim
	// Access modes requirement of this claim.
	AccessModes() *[]PersistentVolumeAccessMode
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	// The object kind (e.g. "Deployment").
	Kind() *string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	// Storage requirement of this claim.
	Storage() cdk8s.Size
	// Storage class requirment of this claim.
	StorageClassName() *string
	// PV this claim is bound to.
	//
	// Undefined means the claim is not bound
	// to any specific volume.
	Volume() IPersistentVolume
	// Volume mode requirement of this claim.
	VolumeMode() PersistentVolumeMode
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	// Bind a claim to a specific volume.
	//
	// Note that you must also bind the volume to the claim.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#binding
	//
	Bind(vol IPersistentVolume)
	// Returns a string representation of this construct.
	ToString() *string
}

A PersistentVolumeClaim (PVC) is a request for storage by a user.

It is similar to a Pod. Pods consume node resources and PVCs consume PV resources. Pods can request specific levels of resources (CPU and Memory). Claims can request specific size and access modes.

func NewPersistentVolumeClaim ¶

func NewPersistentVolumeClaim(scope constructs.Construct, id *string, props *PersistentVolumeClaimProps) PersistentVolumeClaim

type PersistentVolumeClaimProps ¶

type PersistentVolumeClaimProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// Contains the access modes the volume should support.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
	//
	// Default: - No access modes requirement.
	//
	AccessModes *[]PersistentVolumeAccessMode `field:"optional" json:"accessModes" yaml:"accessModes"`
	// Minimum storage size the volume should have.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
	//
	// Default: - No storage requirement.
	//
	Storage cdk8s.Size `field:"optional" json:"storage" yaml:"storage"`
	// Name of the StorageClass required by the claim. When this property is not set, the behavior is as follows:.
	//
	// - If the admission plugin is turned on, the storage class marked as default will be used.
	// - If the admission plugin is turned off, the pvc can only be bound to volumes without a storage class.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
	//
	// Default: - Not set.
	//
	StorageClassName *string `field:"optional" json:"storageClassName" yaml:"storageClassName"`
	// The PersistentVolume backing this claim.
	//
	// The control plane still checks that storage class, access modes,
	// and requested storage size on the volume are valid.
	//
	// Note that in order to guarantee a proper binding, the volume should
	// also define a `claimRef` referring to this claim. Otherwise, the volume may be
	// claimed be other pvc's before it gets a chance to bind to this one.
	//
	// If the volume is managed (i.e not imported), you can use `pv.claim()` to easily
	// create a bi-directional bounded claim.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#binding.
	//
	// Default: - No specific volume binding.
	//
	Volume IPersistentVolume `field:"optional" json:"volume" yaml:"volume"`
	// Defines what type of volume is required by the claim.
	// Default: VolumeMode.FILE_SYSTEM
	//
	VolumeMode PersistentVolumeMode `field:"optional" json:"volumeMode" yaml:"volumeMode"`
}

Properties for `PersistentVolumeClaim`.

type PersistentVolumeClaimVolumeOptions ¶

type PersistentVolumeClaimVolumeOptions struct {
	// The volume name.
	// Default: - Derived from the PVC name.
	//
	Name *string `field:"optional" json:"name" yaml:"name"`
	// Will force the ReadOnly setting in VolumeMounts.
	// Default: false.
	//
	ReadOnly *bool `field:"optional" json:"readOnly" yaml:"readOnly"`
}

Options for a PersistentVolumeClaim-based volume.

type PersistentVolumeMode ¶

type PersistentVolumeMode string

Volume Modes.

const (
	// Volume is ounted into Pods into a directory.
	//
	// If the volume is backed by a block device and the device is empty,
	// Kubernetes creates a filesystem on the device before mounting it
	// for the first time.
	PersistentVolumeMode_FILE_SYSTEM PersistentVolumeMode = "FILE_SYSTEM"
	// Use a volume as a raw block device.
	//
	// Such volume is presented into a Pod as a block device,
	// without any filesystem on it. This mode is useful to provide a Pod the fastest possible way
	// to access a volume, without any filesystem layer between the Pod
	// and the volume. On the other hand, the application running in
	// the Pod must know how to handle a raw block device.
	PersistentVolumeMode_BLOCK PersistentVolumeMode = "BLOCK"
)

type PersistentVolumeProps ¶

type PersistentVolumeProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// Contains all ways the volume can be mounted.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes
	//
	// Default: - No access modes.
	//
	AccessModes *[]PersistentVolumeAccessMode `field:"optional" json:"accessModes" yaml:"accessModes"`
	// Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.
	//
	// Expected to be non-nil when bound.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding
	//
	// Default: - Not bound to a specific claim.
	//
	Claim IPersistentVolumeClaim `field:"optional" json:"claim" yaml:"claim"`
	// A list of mount options, e.g. ["ro", "soft"]. Not validated - mount will simply fail if one is invalid.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options
	//
	// Default: - No options.
	//
	MountOptions *[]*string `field:"optional" json:"mountOptions" yaml:"mountOptions"`
	// When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource.
	//
	// The reclaim policy tells the cluster what to do with
	// the volume after it has been released of its claim.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming
	//
	// Default: PersistentVolumeReclaimPolicy.RETAIN
	//
	ReclaimPolicy PersistentVolumeReclaimPolicy `field:"optional" json:"reclaimPolicy" yaml:"reclaimPolicy"`
	// What is the storage capacity of this volume.
	// See: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
	//
	// Default: - No specified.
	//
	Storage cdk8s.Size `field:"optional" json:"storage" yaml:"storage"`
	// Name of StorageClass to which this persistent volume belongs.
	// Default: - Volume does not belong to any storage class.
	//
	StorageClassName *string `field:"optional" json:"storageClassName" yaml:"storageClassName"`
	// Defines what type of volume is required by the claim.
	// Default: VolumeMode.FILE_SYSTEM
	//
	VolumeMode PersistentVolumeMode `field:"optional" json:"volumeMode" yaml:"volumeMode"`
}

Properties for `PersistentVolume`.

type PersistentVolumeReclaimPolicy ¶

type PersistentVolumeReclaimPolicy string

Reclaim Policies.

const (
	// The Retain reclaim policy allows for manual reclamation of the resource.
	//
	// When the PersistentVolumeClaim is deleted, the PersistentVolume still exists and the
	// volume is considered "released". But it is not yet available for another claim
	// because the previous claimant's data remains on the volume.
	// An administrator can manually reclaim the volume with the following steps:
	//
	// 1. Delete the PersistentVolume. The associated storage asset in external
	//     infrastructure (such as an AWS EBS, GCE PD, Azure Disk, or Cinder volume) still exists after the PV is deleted.
	// 2. Manually clean up the data on the associated storage asset accordingly.
	// 3. Manually delete the associated storage asset.
	//
	// If you want to reuse the same storage asset, create a new PersistentVolume
	// with the same storage asset definition.
	PersistentVolumeReclaimPolicy_RETAIN PersistentVolumeReclaimPolicy = "RETAIN"
	// For volume plugins that support the Delete reclaim policy, deletion removes both the PersistentVolume object from Kubernetes, as well as the associated storage asset in the external infrastructure, such as an AWS EBS, GCE PD, Azure Disk, or Cinder volume.
	//
	// Volumes that were dynamically provisioned inherit the reclaim policy of their StorageClass, which defaults to Delete.
	// The administrator should configure the StorageClass according to users' expectations; otherwise,
	// the PV must be edited or patched after it is created.
	PersistentVolumeReclaimPolicy_DELETE PersistentVolumeReclaimPolicy = "DELETE"
)

type Pod ¶

type Pod interface {
	AbstractPod
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	AutomountServiceAccountToken() *bool
	Connections() PodConnections
	Containers() *[]Container
	Dns() PodDns
	DockerRegistryAuth() ISecret
	HostAliases() *[]*HostAlias
	HostNetwork() *bool
	InitContainers() *[]Container
	Isolate() *bool
	// The object kind (e.g. "Deployment").
	Kind() *string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	PodMetadata() cdk8s.ApiObjectMetadataDefinition
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	RestartPolicy() RestartPolicy
	Scheduling() PodScheduling
	SecurityContext() PodSecurityContext
	ServiceAccount() IServiceAccount
	TerminationGracePeriod() cdk8s.Duration
	Volumes() *[]Volume
	AddContainer(cont *ContainerProps) Container
	AddHostAlias(hostAlias *HostAlias)
	AddInitContainer(cont *ContainerProps) Container
	AddVolume(vol Volume)
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	AttachContainer(cont Container)
	// Return the configuration of this peer.
	// See: INetworkPolicyPeer.toNetworkPolicyPeerConfig()
	//
	ToNetworkPolicyPeerConfig() *NetworkPolicyPeerConfig
	// Convert the peer into a pod selector, if possible.
	// See: INetworkPolicyPeer.toPodSelector()
	//
	ToPodSelector() IPodSelector
	// Return the configuration of this selector.
	// See: IPodSelector.toPodSelectorConfig()
	//
	ToPodSelectorConfig() *PodSelectorConfig
	// Returns a string representation of this construct.
	ToString() *string
	// Return the subject configuration.
	// See: ISubect.toSubjectConfiguration()
	//
	ToSubjectConfiguration() *SubjectConfiguration
}

Pod is a collection of containers that can run on a host.

This resource is created by clients and scheduled onto hosts.

func NewPod ¶

func NewPod(scope constructs.Construct, id *string, props *PodProps) Pod

type PodConnections ¶

type PodConnections interface {
	Instance() AbstractPod
	// Allow network traffic from the peer to this pod.
	//
	// By default, this will create an ingress network policy for this pod, and an egress
	// network policy for the peer. This is required if both sides are already isolated.
	// Use `options.isolation` to control this behavior.
	//
	// Example:
	//   // create only an egress policy that selects the 'web' pod to allow outgoing traffic
	//   // to the 'redis' pod. this requires the 'redis' pod to not be isolated for ingress.
	//   redis.connections.allowFrom(web, { isolation: Isolation.PEER })
	//
	//   // create only an ingress policy that selects the 'redis' peer to allow incoming traffic
	//   // from the 'web' pod. this requires the 'web' pod to not be isolated for egress.
	//   redis.connections.allowFrom(web, { isolation: Isolation.POD })
	//
	AllowFrom(peer INetworkPolicyPeer, options *PodConnectionsAllowFromOptions)
	// Allow network traffic from this pod to the peer.
	//
	// By default, this will create an egress network policy for this pod, and an ingress
	// network policy for the peer. This is required if both sides are already isolated.
	// Use `options.isolation` to control this behavior.
	//
	// Example:
	//   // create only an egress policy that selects the 'web' pod to allow outgoing traffic
	//   // to the 'redis' pod. this requires the 'redis' pod to not be isolated for ingress.
	//   web.connections.allowTo(redis, { isolation: Isolation.POD })
	//
	//   // create only an ingress policy that selects the 'redis' peer to allow incoming traffic
	//   // from the 'web' pod. this requires the 'web' pod to not be isolated for egress.
	//   web.connections.allowTo(redis, { isolation: Isolation.PEER })
	//
	AllowTo(peer INetworkPolicyPeer, options *PodConnectionsAllowToOptions)
	// Sets the default network policy for Pod/Workload to have all egress and ingress connections as disabled.
	Isolate()
}

Controls network isolation rules for inter-pod communication.

func NewPodConnections ¶

func NewPodConnections(instance AbstractPod) PodConnections

type PodConnectionsAllowFromOptions ¶

type PodConnectionsAllowFromOptions struct {
	// Which isolation should be applied to establish the connection.
	// Default: - unset, isolates both the pod and the peer.
	//
	Isolation PodConnectionsIsolation `field:"optional" json:"isolation" yaml:"isolation"`
	// Ports to allow incoming traffic to.
	// Default: - The pod ports.
	//
	Ports *[]NetworkPolicyPort `field:"optional" json:"ports" yaml:"ports"`
}

Options for `PodConnections.allowFrom`.

type PodConnectionsAllowToOptions ¶

type PodConnectionsAllowToOptions struct {
	// Which isolation should be applied to establish the connection.
	// Default: - unset, isolates both the pod and the peer.
	//
	Isolation PodConnectionsIsolation `field:"optional" json:"isolation" yaml:"isolation"`
	// Ports to allow outgoing traffic to.
	// Default: - If the peer is a managed pod, take its ports. Otherwise, all ports are allowed.
	//
	Ports *[]NetworkPolicyPort `field:"optional" json:"ports" yaml:"ports"`
}

Options for `PodConnections.allowTo`.

type PodConnectionsIsolation ¶

type PodConnectionsIsolation string

Isolation determines which policies are created when allowing connections from a a pod / workload to peers.

const (
	// Only creates network policies that select the pod.
	PodConnectionsIsolation_POD PodConnectionsIsolation = "POD"
	// Only creates network policies that select the peer.
	PodConnectionsIsolation_PEER PodConnectionsIsolation = "PEER"
)

type PodDns ¶

type PodDns interface {
	// The configured hostname of the pod.
	//
	// Undefined means its set to a system-defined value.
	Hostname() *string
	// Whether or not the pods hostname is set to its FQDN.
	HostnameAsFQDN() *bool
	// Nameservers defined for this pod.
	Nameservers() *[]*string
	// Custom dns options defined for this pod.
	Options() *[]*DnsOption
	// The DNS policy of this pod.
	Policy() DnsPolicy
	// Search domains defined for this pod.
	Searches() *[]*string
	// The configured subdomain of the pod.
	Subdomain() *string
	// Add a nameserver.
	AddNameserver(nameservers ...*string)
	// Add a custom option.
	AddOption(options ...*DnsOption)
	// Add a search domain.
	AddSearch(searches ...*string)
}

Holds dns settings of the pod.

func NewPodDns ¶

func NewPodDns(props *PodDnsProps) PodDns

type PodDnsProps ¶

type PodDnsProps struct {
	// Specifies the hostname of the Pod.
	// Default: - Set to a system-defined value.
	//
	Hostname *string `field:"optional" json:"hostname" yaml:"hostname"`
	// If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).
	//
	// In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).
	// In Windows containers, this means setting the registry value of hostname for the registry
	// key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to FQDN.
	// If a pod does not have FQDN, this has no effect.
	// Default: false.
	//
	HostnameAsFQDN *bool `field:"optional" json:"hostnameAsFQDN" yaml:"hostnameAsFQDN"`
	// A list of IP addresses that will be used as DNS servers for the Pod.
	//
	// There can be at most 3 IP addresses specified.
	// When the policy is set to "NONE", the list must contain at least one IP address,
	// otherwise this property is optional.
	// The servers listed will be combined to the base nameservers generated from
	// the specified DNS policy with duplicate addresses removed.
	Nameservers *[]*string `field:"optional" json:"nameservers" yaml:"nameservers"`
	// List of objects where each object may have a name property (required) and a value property (optional).
	//
	// The contents in this property
	// will be merged to the options generated from the specified DNS policy.
	// Duplicate entries are removed.
	Options *[]*DnsOption `field:"optional" json:"options" yaml:"options"`
	// Set DNS policy for the pod.
	//
	// If policy is set to `None`, other configuration must be supplied.
	// Default: DnsPolicy.CLUSTER_FIRST
	//
	Policy DnsPolicy `field:"optional" json:"policy" yaml:"policy"`
	// A list of DNS search domains for hostname lookup in the Pod.
	//
	// When specified, the provided list will be merged into the base
	// search domain names generated from the chosen DNS policy.
	// Duplicate domain names are removed.
	//
	// Kubernetes allows for at most 6 search domains.
	Searches *[]*string `field:"optional" json:"searches" yaml:"searches"`
	// If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>".
	// Default: - No subdomain.
	//
	Subdomain *string `field:"optional" json:"subdomain" yaml:"subdomain"`
}

Properties for `PodDns`.

type PodManagementPolicy ¶

type PodManagementPolicy string

Controls how pods are created during initial scale up, when replacing pods on nodes, or when scaling down.

The default policy is `OrderedReady`, where pods are created in increasing order (pod-0, then pod-1, etc) and the controller will wait until each pod is ready before continuing. When scaling down, the pods are removed in the opposite order.

The alternative policy is `Parallel` which will create pods in parallel to match the desired scale without waiting, and on scale down will delete all pods at once.

const (
	PodManagementPolicy_ORDERED_READY PodManagementPolicy = "ORDERED_READY"
	PodManagementPolicy_PARALLEL      PodManagementPolicy = "PARALLEL"
)

type PodProps ¶

type PodProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// Indicates whether a service account token should be automatically mounted.
	// See: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
	//
	// Default: false.
	//
	AutomountServiceAccountToken *bool `field:"optional" json:"automountServiceAccountToken" yaml:"automountServiceAccountToken"`
	// List of containers belonging to the pod.
	//
	// Containers cannot currently be
	// added or removed. There must be at least one container in a Pod.
	//
	// You can add additionnal containers using `podSpec.addContainer()`
	// Default: - No containers. Note that a pod spec must include at least one container.
	//
	Containers *[]*ContainerProps `field:"optional" json:"containers" yaml:"containers"`
	// DNS settings for the pod.
	// See: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
	//
	// Default:  policy: DnsPolicy.CLUSTER_FIRST
	// hostnameAsFQDN: false.
	//
	Dns *PodDnsProps `field:"optional" json:"dns" yaml:"dns"`
	// A secret containing docker credentials for authenticating to a registry.
	// Default: - No auth. Images are assumed to be publicly available.
	//
	DockerRegistryAuth ISecret `field:"optional" json:"dockerRegistryAuth" yaml:"dockerRegistryAuth"`
	// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.
	HostAliases *[]*HostAlias `field:"optional" json:"hostAliases" yaml:"hostAliases"`
	// Host network for the pod.
	// Default: false.
	//
	HostNetwork *bool `field:"optional" json:"hostNetwork" yaml:"hostNetwork"`
	// List of initialization containers belonging to the pod.
	//
	// Init containers are executed in order prior to containers being started.
	// If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy.
	// The name for an init container or normal container must be unique among all containers.
	// Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
	// The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit
	// for each resource type, and then using the max of of that value or the sum of the normal containers.
	// Limits are applied to init containers in a similar fashion.
	//
	// Init containers cannot currently be added ,removed or updated.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
	//
	// Default: - No init containers.
	//
	InitContainers *[]*ContainerProps `field:"optional" json:"initContainers" yaml:"initContainers"`
	// Isolates the pod.
	//
	// This will prevent any ingress or egress connections to / from this pod.
	// You can however allow explicit connections post instantiation by using the `.connections` property.
	// Default: false.
	//
	Isolate *bool `field:"optional" json:"isolate" yaml:"isolate"`
	// Restart policy for all containers within the pod.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
	//
	// Default: RestartPolicy.ALWAYS
	//
	RestartPolicy RestartPolicy `field:"optional" json:"restartPolicy" yaml:"restartPolicy"`
	// SecurityContext holds pod-level security attributes and common container settings.
	// Default:   fsGroupChangePolicy: FsGroupChangePolicy.FsGroupChangePolicy.ALWAYS
	// ensureNonRoot: true.
	//
	SecurityContext *PodSecurityContextProps `field:"optional" json:"securityContext" yaml:"securityContext"`
	// A service account provides an identity for processes that run in a Pod.
	//
	// When you (a human) access the cluster (for example, using kubectl), you are
	// authenticated by the apiserver as a particular User Account (currently this
	// is usually admin, unless your cluster administrator has customized your
	// cluster). Processes in containers inside pods can also contact the
	// apiserver. When they do, they are authenticated as a particular Service
	// Account (for example, default).
	// See: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
	//
	// Default: - No service account.
	//
	ServiceAccount IServiceAccount `field:"optional" json:"serviceAccount" yaml:"serviceAccount"`
	// Grace period until the pod is terminated.
	// Default: Duration.seconds(30)
	//
	TerminationGracePeriod cdk8s.Duration `field:"optional" json:"terminationGracePeriod" yaml:"terminationGracePeriod"`
	// List of volumes that can be mounted by containers belonging to the pod.
	//
	// You can also add volumes later using `podSpec.addVolume()`
	// See: https://kubernetes.io/docs/concepts/storage/volumes
	//
	// Default: - No volumes.
	//
	Volumes *[]Volume `field:"optional" json:"volumes" yaml:"volumes"`
}

Properties for `Pod`.

type PodScheduling ¶

type PodScheduling interface {
	Instance() AbstractPod
	// Assign this pod a specific node by name.
	//
	// The scheduler ignores the Pod, and the kubelet on the named node
	// tries to place the Pod on that node. Overrules any affinity rules of the pod.
	//
	// Some limitations of static assignment are:
	//
	// - If the named node does not exist, the Pod will not run, and in some
	//    cases may be automatically deleted.
	// - If the named node does not have the resources to accommodate the Pod,
	//    the Pod will fail and its reason will indicate why, for example OutOfmemory or OutOfcpu.
	// - Node names in cloud environments are not always predictable or stable.
	//
	// Will throw is the pod is already assigned to named node.
	//
	// Under the hood, this method utilizes the `nodeName` property.
	Assign(node NamedNode)
	// Attract this pod to a node matched by selectors. You can select a node by using `Node.labeled()`.
	//
	// Attracting to multiple nodes (i.e invoking this method multiple times) acts as
	// an OR condition, meaning the pod will be assigned to either one of the nodes.
	//
	// Under the hood, this method utilizes the `nodeAffinity` property.
	// See: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
	//
	Attract(node LabeledNode, options *PodSchedulingAttractOptions)
	// Co-locate this pod with a scheduling selection.
	//
	// A selection can be one of:
	//
	// - An instance of a `Pod`.
	// - An instance of a `Workload` (e.g `Deployment`, `StatefulSet`).
	// - An un-managed pod that can be selected via `Pods.select()`.
	//
	// Co-locating with multiple selections ((i.e invoking this method multiple times)) acts as
	// an AND condition. meaning the pod will be assigned to a node that satisfies all
	// selections (i.e runs at least one pod that satisifies each selection).
	//
	// Under the hood, this method utilizes the `podAffinity` property.
	// See: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
	//
	Colocate(selector IPodSelector, options *PodSchedulingColocateOptions)
	// Seperate this pod from a scheduling selection.
	//
	// A selection can be one of:
	//
	// - An instance of a `Pod`.
	// - An instance of a `Workload` (e.g `Deployment`, `StatefulSet`).
	// - An un-managed pod that can be selected via `Pods.select()`.
	//
	// Seperating from multiple selections acts as an AND condition. meaning the pod
	// will not be assigned to a node that satisfies all selections (i.e runs at least one pod that satisifies each selection).
	//
	// Under the hood, this method utilizes the `podAntiAffinity` property.
	// See: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
	//
	Separate(selector IPodSelector, options *PodSchedulingSeparateOptions)
	// Allow this pod to tolerate taints matching these tolerations.
	//
	// You can put multiple taints on the same node and multiple tolerations on the same pod.
	// The way Kubernetes processes multiple taints and tolerations is like a filter: start with
	// all of a node's taints, then ignore the ones for which the pod has a matching toleration;
	// the remaining un-ignored taints have the indicated effects on the pod. In particular:
	//
	// - if there is at least one un-ignored taint with effect NoSchedule then Kubernetes will
	//    not schedule the pod onto that node
	// - if there is no un-ignored taint with effect NoSchedule but there is at least one un-ignored
	//    taint with effect PreferNoSchedule then Kubernetes will try to not schedule the pod onto the node
	// - if there is at least one un-ignored taint with effect NoExecute then the pod will be evicted from
	//    the node (if it is already running on the node), and will not be scheduled onto the node (if it is
	//    not yet running on the node).
	//
	// Under the hood, this method utilizes the `tolerations` property.
	// See: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
	//
	Tolerate(node TaintedNode)
}

Controls the pod scheduling strategy.

func NewPodScheduling ¶

func NewPodScheduling(instance AbstractPod) PodScheduling

type PodSchedulingAttractOptions ¶

type PodSchedulingAttractOptions struct {
	// Indicates the attraction is optional (soft), with this weight score.
	// Default: - no weight. assignment is assumed to be required (hard).
	//
	Weight *float64 `field:"optional" json:"weight" yaml:"weight"`
}

Options for `PodScheduling.attract`.

type PodSchedulingColocateOptions ¶

type PodSchedulingColocateOptions struct {
	// Which topology to coloate on.
	// Default: - Topology.HOSTNAME
	//
	Topology Topology `field:"optional" json:"topology" yaml:"topology"`
	// Indicates the co-location is optional (soft), with this weight score.
	// Default: - no weight. co-location is assumed to be required (hard).
	//
	Weight *float64 `field:"optional" json:"weight" yaml:"weight"`
}

Options for `PodScheduling.colocate`.

type PodSchedulingSeparateOptions ¶

type PodSchedulingSeparateOptions struct {
	// Which topology to separate on.
	// Default: - Topology.HOSTNAME
	//
	Topology Topology `field:"optional" json:"topology" yaml:"topology"`
	// Indicates the separation is optional (soft), with this weight score.
	// Default: - no weight. separation is assumed to be required (hard).
	//
	Weight *float64 `field:"optional" json:"weight" yaml:"weight"`
}

Options for `PodScheduling.separate`.

type PodSecurityContext ¶

type PodSecurityContext interface {
	EnsureNonRoot() *bool
	FsGroup() *float64
	FsGroupChangePolicy() FsGroupChangePolicy
	Group() *float64
	Sysctls() *[]*Sysctl
	User() *float64
}

Holds pod-level security attributes and common container settings.

func NewPodSecurityContext ¶

func NewPodSecurityContext(props *PodSecurityContextProps) PodSecurityContext

type PodSecurityContextProps ¶

type PodSecurityContextProps struct {
	// Indicates that the container must run as a non-root user.
	//
	// If true, the Kubelet will validate the image at runtime to ensure that it does
	// not run as UID 0 (root) and fail to start the container if it does.
	// Default: true.
	//
	EnsureNonRoot *bool `field:"optional" json:"ensureNonRoot" yaml:"ensureNonRoot"`
	// Modify the ownership and permissions of pod volumes to this GID.
	// Default: - Volume ownership is not changed.
	//
	FsGroup *float64 `field:"optional" json:"fsGroup" yaml:"fsGroup"`
	// Defines behavior of changing ownership and permission of the volume before being exposed inside Pod.
	//
	// This field will only apply to volume types which support fsGroup based ownership(and permissions).
	// It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir.
	// Default: FsGroupChangePolicy.ALWAYS
	//
	FsGroupChangePolicy FsGroupChangePolicy `field:"optional" json:"fsGroupChangePolicy" yaml:"fsGroupChangePolicy"`
	// The GID to run the entrypoint of the container process.
	// Default: - Group configured by container runtime.
	//
	Group *float64 `field:"optional" json:"group" yaml:"group"`
	// Sysctls hold a list of namespaced sysctls used for the pod.
	//
	// Pods with unsupported sysctls (by the container runtime) might fail to launch.
	// Default: - No sysctls.
	//
	Sysctls *[]*Sysctl `field:"optional" json:"sysctls" yaml:"sysctls"`
	// The UID to run the entrypoint of the container process.
	// Default: - User specified in image metadata.
	//
	User *float64 `field:"optional" json:"user" yaml:"user"`
}

Properties for `PodSecurityContext`.

type PodSelectorConfig ¶

type PodSelectorConfig struct {
	// A selector to select pods by labels.
	LabelSelector LabelSelector `field:"required" json:"labelSelector" yaml:"labelSelector"`
	// Configuration for selecting which namepsaces are the pods allowed to be in.
	Namespaces *NamespaceSelectorConfig `field:"optional" json:"namespaces" yaml:"namespaces"`
}

Configuration for selecting pods, optionally in particular namespaces.

type Pods ¶

type Pods interface {
	constructs.Construct
	IPodSelector
	// The tree node.
	Node() constructs.Node
	// See: INetworkPolicyPeer.toNetworkPolicyPeerConfig()
	//
	ToNetworkPolicyPeerConfig() *NetworkPolicyPeerConfig
	// See: INetworkPolicyPeer.toPodSelector()
	//
	ToPodSelector() IPodSelector
	// Return the configuration of this selector.
	// See: IPodSelector.toPodSelectorConfig()
	//
	ToPodSelectorConfig() *PodSelectorConfig
	// Returns a string representation of this construct.
	ToString() *string
}

Represents a group of pods.

func NewPods ¶

func NewPods(scope constructs.Construct, id *string, expressions *[]LabelExpression, labels *map[string]*string, namespaces INamespaceSelector) Pods

func Pods_All ¶

func Pods_All(scope constructs.Construct, id *string, options *PodsAllOptions) Pods

Select all pods.

func Pods_Select ¶

func Pods_Select(scope constructs.Construct, id *string, options *PodsSelectOptions) Pods

Select pods in the cluster with various selectors.

type PodsAllOptions ¶

type PodsAllOptions struct {
	// Namespaces the pods are allowed to be in.
	//
	// Use `Namespaces.all()` to allow all namespaces.
	// Default: - unset, implies the namespace of the resource this selection is used in.
	//
	Namespaces Namespaces `field:"optional" json:"namespaces" yaml:"namespaces"`
}

Options for `Pods.all`.

type PodsSelectOptions ¶

type PodsSelectOptions struct {
	// Expressions the pods must satisify.
	// Default: - no expressions requirements.
	//
	Expressions *[]LabelExpression `field:"optional" json:"expressions" yaml:"expressions"`
	// Labels the pods must have.
	// Default: - no strict labels requirements.
	//
	Labels *map[string]*string `field:"optional" json:"labels" yaml:"labels"`
	// Namespaces the pods are allowed to be in.
	//
	// Use `Namespaces.all()` to allow all namespaces.
	// Default: - unset, implies the namespace of the resource this selection is used in.
	//
	Namespaces Namespaces `field:"optional" json:"namespaces" yaml:"namespaces"`
}

Options for `Pods.select`.

type Probe ¶

type Probe interface {
}

Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.

func Probe_FromCommand ¶

func Probe_FromCommand(command *[]*string, options *CommandProbeOptions) Probe

Defines a probe based on a command which is executed within the container.

func Probe_FromHttpGet ¶

func Probe_FromHttpGet(path *string, options *HttpGetProbeOptions) Probe

Defines a probe based on an HTTP GET request to the IP address of the container.

func Probe_FromTcpSocket ¶

func Probe_FromTcpSocket(options *TcpSocketProbeOptions) Probe

Defines a probe based opening a connection to a TCP socket on the container.

type ProbeOptions ¶

type ProbeOptions struct {
	// Minimum consecutive failures for the probe to be considered failed after having succeeded.
	//
	// Defaults to 3. Minimum value is 1.
	// Default: 3.
	//
	FailureThreshold *float64 `field:"optional" json:"failureThreshold" yaml:"failureThreshold"`
	// Number of seconds after the container has started before liveness probes are initiated.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
	//
	// Default: - immediate.
	//
	InitialDelaySeconds cdk8s.Duration `field:"optional" json:"initialDelaySeconds" yaml:"initialDelaySeconds"`
	// How often (in seconds) to perform the probe.
	//
	// Default to 10 seconds. Minimum value is 1.
	// Default: Duration.seconds(10) Minimum value is 1.
	//
	PeriodSeconds cdk8s.Duration `field:"optional" json:"periodSeconds" yaml:"periodSeconds"`
	// Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1.
	//
	// Must be 1 for liveness and startup. Minimum value is 1.
	// Default: 1 Must be 1 for liveness and startup. Minimum value is 1.
	//
	SuccessThreshold *float64 `field:"optional" json:"successThreshold" yaml:"successThreshold"`
	// Number of seconds after which the probe times out.
	//
	// Defaults to 1 second. Minimum value is 1.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
	//
	// Default: Duration.seconds(1)
	//
	TimeoutSeconds cdk8s.Duration `field:"optional" json:"timeoutSeconds" yaml:"timeoutSeconds"`
}

Probe options.

type Protocol ¶

type Protocol string

Network protocols.

const (
	// TCP.
	Protocol_TCP Protocol = "TCP"
	// UDP.
	Protocol_UDP Protocol = "UDP"
	// SCTP.
	Protocol_SCTP Protocol = "SCTP"
)

type Replicas ¶

type Replicas interface {
}

The amount of replicas that will change.

func Replicas_Absolute ¶

func Replicas_Absolute(value *float64) Replicas

Changes the pods by a percentage of the it's current value.

func Replicas_Percent ¶

func Replicas_Percent(value *float64) Replicas

Changes the pods by a percentage of the it's current value.

type Resource ¶

type Resource interface {
	constructs.Construct
	IApiEndpoint
	IApiResource
	IResource
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	// The object kind (e.g. "Deployment").
	Kind() *string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	// Returns a string representation of this construct.
	ToString() *string
}

Base class for all Kubernetes objects in stdk8s.

Represents a single resource.

type ResourceFieldPaths ¶

type ResourceFieldPaths string
const (
	// CPU limit of the container.
	ResourceFieldPaths_CPU_LIMIT ResourceFieldPaths = "CPU_LIMIT"
	// Memory limit of the container.
	ResourceFieldPaths_MEMORY_LIMIT ResourceFieldPaths = "MEMORY_LIMIT"
	// CPU request of the container.
	ResourceFieldPaths_CPU_REQUEST ResourceFieldPaths = "CPU_REQUEST"
	// Memory request of the container.
	ResourceFieldPaths_MEMORY_REQUEST ResourceFieldPaths = "MEMORY_REQUEST"
	// Ephemeral storage limit of the container.
	ResourceFieldPaths_STORAGE_LIMIT ResourceFieldPaths = "STORAGE_LIMIT"
	// Ephemeral storage request of the container.
	ResourceFieldPaths_STORAGE_REQUEST ResourceFieldPaths = "STORAGE_REQUEST"
)

type ResourcePermissions ¶

type ResourcePermissions interface {
	Instance() Resource
	// Grants the list of subjects permissions to read this resource.
	GrantRead(subjects ...ISubject) RoleBinding
	// Grants the list of subjects permissions to read and write this resource.
	GrantReadWrite(subjects ...ISubject) RoleBinding
}

Controls permissions for operations on resources.

func NewResourcePermissions ¶

func NewResourcePermissions(instance Resource) ResourcePermissions

type ResourceProps ¶

type ResourceProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
}

Initialization properties for resources.

type RestartPolicy ¶

type RestartPolicy string

Restart policy for all containers within the pod.

const (
	// Always restart the pod after it exits.
	RestartPolicy_ALWAYS RestartPolicy = "ALWAYS"
	// Only restart if the pod exits with a non-zero exit code.
	RestartPolicy_ON_FAILURE RestartPolicy = "ON_FAILURE"
	// Never restart the pod.
	RestartPolicy_NEVER RestartPolicy = "NEVER"
)

type Role ¶

type Role interface {
	Resource
	IRole
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	// The object kind (e.g. "Deployment").
	Kind() *string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	// Rules associaated with this Role.
	//
	// Returns a copy, use `allow` to add rules.
	Rules() *[]*RolePolicyRule
	// Add permission to perform a list of HTTP verbs on a collection of resources.
	// See: https://kubernetes.io/docs/reference/access-authn-authz/authorization/#determine-the-request-verb
	//
	Allow(verbs *[]*string, resources ...IApiResource)
	// Add "create" permission for the resources.
	AllowCreate(resources ...IApiResource)
	// Add "delete" permission for the resources.
	AllowDelete(resources ...IApiResource)
	// Add "deletecollection" permission for the resources.
	AllowDeleteCollection(resources ...IApiResource)
	// Add "get" permission for the resources.
	AllowGet(resources ...IApiResource)
	// Add "list" permission for the resources.
	AllowList(resources ...IApiResource)
	// Add "patch" permission for the resources.
	AllowPatch(resources ...IApiResource)
	// Add "get", "list", and "watch" permissions for the resources.
	AllowRead(resources ...IApiResource)
	// Add "get", "list", "watch", "create", "update", "patch", "delete", and "deletecollection" permissions for the resources.
	AllowReadWrite(resources ...IApiResource)
	// Add "update" permission for the resources.
	AllowUpdate(resources ...IApiResource)
	// Add "watch" permission for the resources.
	AllowWatch(resources ...IApiResource)
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	// Create a RoleBinding that binds the permissions in this Role to a list of subjects, that will only apply this role's namespace.
	Bind(subjects ...ISubject) RoleBinding
	// Returns a string representation of this construct.
	ToString() *string
}

Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.

func NewRole ¶

func NewRole(scope constructs.Construct, id *string, props *RoleProps) Role

type RoleBinding ¶

type RoleBinding interface {
	Resource
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	// The object kind (e.g. "Deployment").
	Kind() *string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	Role() IRole
	Subjects() *[]ISubject
	// Adds a subject to the role.
	AddSubjects(subjects ...ISubject)
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	// Returns a string representation of this construct.
	ToString() *string
}

A RoleBinding grants permissions within a specific namespace to a user or set of users.

func NewRoleBinding ¶

func NewRoleBinding(scope constructs.Construct, id *string, props *RoleBindingProps) RoleBinding

type RoleBindingProps ¶

type RoleBindingProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// The role to bind to.
	//
	// A RoleBinding can reference a Role or a ClusterRole.
	Role IRole `field:"required" json:"role" yaml:"role"`
}

Properties for `RoleBinding`.

type RolePolicyRule ¶

type RolePolicyRule struct {
	// Resources this rule applies to.
	Resources *[]IApiResource `field:"required" json:"resources" yaml:"resources"`
	// Verbs to allow.
	//
	// (e.g ['get', 'watch'])
	Verbs *[]*string `field:"required" json:"verbs" yaml:"verbs"`
}

Policy rule of a `Role.

type RoleProps ¶

type RoleProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// A list of rules the role should allow.
	// Default: [].
	//
	Rules *[]*RolePolicyRule `field:"optional" json:"rules" yaml:"rules"`
}

Properties for `Role`.

type ScalingPolicy ¶

type ScalingPolicy struct {
	// The type and quantity of replicas to change.
	Replicas Replicas `field:"required" json:"replicas" yaml:"replicas"`
	// The amount of time the scaling policy has to continue scaling before the target metric must be revalidated.
	//
	// Must be greater than 0 seconds and no longer than 30 minutes.
	// Default: - 15 seconds.
	//
	Duration cdk8s.Duration `field:"optional" json:"duration" yaml:"duration"`
}

type ScalingRules ¶

type ScalingRules struct {
	// The scaling policies.
	// Default: * Scale up
	//   * Increase no more than 4 pods per 60 seconds
	//   * Double the number of pods per 60 seconds
	// * Scale down
	// * Decrease to minReplica count.
	//
	Policies *[]*ScalingPolicy `field:"optional" json:"policies" yaml:"policies"`
	// Defines the window of past metrics that the autoscaler should consider when calculating wether or not autoscaling should occur.
	//
	// Minimum duration is 1 second, max is 1 hour.
	//
	// Example:
	//   stabilizationWindow: Duration.minutes(30)
	//   // Autoscaler considers the last 30 minutes of metrics when deciding whether to scale.
	//
	// Default: * On scale down no stabilization is performed.
	// * On scale up stabilization is performed for 5 minutes.
	//
	StabilizationWindow cdk8s.Duration `field:"optional" json:"stabilizationWindow" yaml:"stabilizationWindow"`
	// The strategy to use when scaling.
	// Default: MAX_CHANGE.
	//
	Strategy ScalingStrategy `field:"optional" json:"strategy" yaml:"strategy"`
}

Defines the scaling behavior for one direction.

type ScalingStrategy ¶

type ScalingStrategy string
const (
	// Use the policy that provisions the most changes.
	ScalingStrategy_MAX_CHANGE ScalingStrategy = "MAX_CHANGE"
	// Use the policy that provisions the least amount of changes.
	ScalingStrategy_MIN_CHANGE ScalingStrategy = "MIN_CHANGE"
	// Disables scaling in this direction.
	// Deprecated: - Omit the ScalingRule instead.
	ScalingStrategy_DISABLED ScalingStrategy = "DISABLED"
)

type ScalingTarget ¶

type ScalingTarget struct {
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion *string `field:"required" json:"apiVersion" yaml:"apiVersion"`
	// Container definitions associated with the target.
	Containers *[]Container `field:"required" json:"containers" yaml:"containers"`
	// The object kind (e.g. "Deployment").
	Kind *string `field:"required" json:"kind" yaml:"kind"`
	// The Kubernetes name of this resource.
	Name *string `field:"required" json:"name" yaml:"name"`
	// The fixed number of replicas defined on the target.
	//
	// This is used
	// for validation purposes as Scalable targets should not have a
	// fixed number of replicas.
	Replicas *float64 `field:"optional" json:"replicas" yaml:"replicas"`
}

Properties used to configure the target of an Autoscaler.

type SeccompProfile ¶ added in v2.5.0

type SeccompProfile struct {
	// Indicates which kind of seccomp profile will be applied.
	Type SeccompProfileType `field:"required" json:"type" yaml:"type"`
	// localhostProfile indicates a profile defined in a file on the node should be used.
	//
	// The profile must be preconfigured on the node to work. Must be a descending path,
	// relative to the kubelet's configured seccomp profile location.
	// Must only be set if type is "Localhost".
	// Default: - empty string.
	//
	LocalhostProfile *string `field:"optional" json:"localhostProfile" yaml:"localhostProfile"`
}

type SeccompProfileType ¶ added in v2.5.0

type SeccompProfileType string
const (
	// A profile defined in a file on the node should be used.
	SeccompProfileType_LOCALHOST SeccompProfileType = "LOCALHOST"
	// The container runtime default profile should be used.
	SeccompProfileType_RUNTIME_DEFAULT SeccompProfileType = "RUNTIME_DEFAULT"
	// No profile should be applied.
	SeccompProfileType_UNCONFINED SeccompProfileType = "UNCONFINED"
)

type Secret ¶

type Secret interface {
	Resource
	ISecret
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	// Whether or not the secret is immutable.
	Immutable() *bool
	// The object kind (e.g. "Deployment").
	Kind() *string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	// Adds a string data field to the secret.
	AddStringData(key *string, value *string)
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	// Returns EnvValue object from a secret's key.
	EnvValue(key *string, options *EnvValueFromSecretOptions) EnvValue
	// Gets a string data by key or undefined.
	GetStringData(key *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

Kubernetes Secrets let you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys.

Storing confidential information in a Secret is safer and more flexible than putting it verbatim in a Pod definition or in a container image. See: https://kubernetes.io/docs/concepts/configuration/secret

func NewSecret ¶

func NewSecret(scope constructs.Construct, id *string, props *SecretProps) Secret

type SecretProps ¶

type SecretProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).
	//
	// If not set to true, the field can be modified at any time.
	// Default: false.
	//
	Immutable *bool `field:"optional" json:"immutable" yaml:"immutable"`
	// stringData allows specifying non-binary secret data in string form.
	//
	// It is
	// provided as a write-only convenience method. All keys and values are merged
	// into the data field on write, overwriting any existing values. It is never
	// output when reading from the API.
	StringData *map[string]*string `field:"optional" json:"stringData" yaml:"stringData"`
	// Optional type associated with the secret.
	//
	// Used to facilitate programmatic
	// handling of secret data by various controllers.
	// Default: undefined - Don't set a type.
	//
	Type *string `field:"optional" json:"type" yaml:"type"`
}

Options for `Secret`.

type SecretValue ¶

type SecretValue struct {
	// The JSON key.
	Key *string `field:"required" json:"key" yaml:"key"`
	// The secret.
	Secret ISecret `field:"required" json:"secret" yaml:"secret"`
}

Represents a specific value in JSON secret.

type SecretVolumeOptions ¶

type SecretVolumeOptions struct {
	// Mode bits to use on created files by default.
	//
	// Must be a value between 0 and
	// 0777. Defaults to 0644. Directories within the path are not affected by
	// this setting. This might be in conflict with other options that affect the
	// file mode, like fsGroup, and the result can be other mode bits set.
	// Default: 0644. Directories within the path are not affected by this
	// setting. This might be in conflict with other options that affect the file
	// mode, like fsGroup, and the result can be other mode bits set.
	//
	DefaultMode *float64 `field:"optional" json:"defaultMode" yaml:"defaultMode"`
	// If unspecified, each key-value pair in the Data field of the referenced secret will be projected into the volume as a file whose name is the key and content is the value.
	//
	// If specified, the listed keys will be projected
	// into the specified paths, and unlisted keys will not be present. If a key
	// is specified which is not present in the secret, the volume setup will
	// error unless it is marked optional. Paths must be relative and may not
	// contain the '..' path or start with '..'.
	// Default: - no mapping.
	//
	Items *map[string]*PathMapping `field:"optional" json:"items" yaml:"items"`
	// The volume name.
	// Default: - auto-generated.
	//
	Name *string `field:"optional" json:"name" yaml:"name"`
	// Specify whether the secret or its keys must be defined.
	// Default: - undocumented.
	//
	Optional *bool `field:"optional" json:"optional" yaml:"optional"`
}

Options for the Secret-based volume.

type Service ¶

type Service interface {
	Resource
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	// The IP address of the service and is usually assigned randomly by the master.
	ClusterIP() *string
	// The externalName to be used for EXTERNAL_NAME types.
	ExternalName() *string
	// The object kind (e.g. "Deployment").
	Kind() *string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// Return the first port of the service.
	Port() *float64
	// Ports for this service.
	//
	// Use `bind()` to bind additional service ports.
	Ports() *[]*ServicePort
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	// Determines how the Service is exposed.
	Type() ServiceType
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	// Configure a port the service will bind to.
	//
	// This method can be called multiple times.
	Bind(port *float64, options *ServiceBindOptions)
	// Expose a service via an ingress using the specified path.
	//
	// Returns: The `Ingress` resource that was used.
	ExposeViaIngress(path *string, options *ExposeServiceViaIngressOptions) Ingress
	// Require this service to select pods matching the selector.
	//
	// Note that invoking this method multiple times acts as an AND operator
	// on the resulting labels.
	Select(selector IPodSelector)
	// Require this service to select pods with this label.
	//
	// Note that invoking this method multiple times acts as an AND operator
	// on the resulting labels.
	SelectLabel(key *string, value *string)
	// Returns a string representation of this construct.
	ToString() *string
}

An abstract way to expose an application running on a set of Pods as a network service.

With Kubernetes you don't need to modify your application to use an unfamiliar service discovery mechanism. Kubernetes gives Pods their own IP addresses and a single DNS name for a set of Pods, and can load-balance across them.

For example, consider a stateless image-processing backend which is running with 3 replicas. Those replicas are fungible—frontends do not care which backend they use. While the actual Pods that compose the backend set may change, the frontend clients should not need to be aware of that, nor should they need to keep track of the set of backends themselves. The Service abstraction enables this decoupling.

If you're able to use Kubernetes APIs for service discovery in your application, you can query the API server for Endpoints, that get updated whenever the set of Pods in a Service changes. For non-native applications, Kubernetes offers ways to place a network port or load balancer in between your application and the backend Pods.

func NewService ¶

func NewService(scope constructs.Construct, id *string, props *ServiceProps) Service

type ServiceAccount ¶

type ServiceAccount interface {
	Resource
	IServiceAccount
	ISubject
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	// Whether or not a token is automatically mounted for this service account.
	AutomountToken() *bool
	// The object kind (e.g. "Deployment").
	Kind() *string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	// List of secrets allowed to be used by pods running using this service account.
	//
	// Returns a copy. To add a secret, use `addSecret()`.
	Secrets() *[]ISecret
	// Allow a secret to be accessed by pods using this service account.
	AddSecret(secr ISecret)
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	// Returns a string representation of this construct.
	ToString() *string
	// Return the subject configuration.
	// See: ISubect.toSubjectConfiguration()
	//
	ToSubjectConfiguration() *SubjectConfiguration
}

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default). See: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account

func NewServiceAccount ¶

func NewServiceAccount(scope constructs.Construct, id *string, props *ServiceAccountProps) ServiceAccount

type ServiceAccountProps ¶

type ServiceAccountProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// Indicates whether pods running as this service account should have an API token automatically mounted.
	//
	// Can be overridden at the pod level.
	// See: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
	//
	// Default: false.
	//
	AutomountToken *bool `field:"optional" json:"automountToken" yaml:"automountToken"`
	// List of secrets allowed to be used by pods running using this ServiceAccount.
	// See: https://kubernetes.io/docs/concepts/configuration/secret
	//
	Secrets *[]ISecret `field:"optional" json:"secrets" yaml:"secrets"`
}

Properties for initialization of `ServiceAccount`.

type ServiceAccountTokenSecret ¶

type ServiceAccountTokenSecret interface {
	Secret
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	// Whether or not the secret is immutable.
	Immutable() *bool
	// The object kind (e.g. "Deployment").
	Kind() *string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	// Adds a string data field to the secret.
	AddStringData(key *string, value *string)
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	// Returns EnvValue object from a secret's key.
	EnvValue(key *string, options *EnvValueFromSecretOptions) EnvValue
	// Gets a string data by key or undefined.
	GetStringData(key *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

Create a secret for a service account token. See: https://kubernetes.io/docs/concepts/configuration/secret/#service-account-token-secrets

func NewServiceAccountTokenSecret ¶

func NewServiceAccountTokenSecret(scope constructs.Construct, id *string, props *ServiceAccountTokenSecretProps) ServiceAccountTokenSecret

type ServiceAccountTokenSecretProps ¶

type ServiceAccountTokenSecretProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).
	//
	// If not set to true, the field can be modified at any time.
	// Default: false.
	//
	Immutable *bool `field:"optional" json:"immutable" yaml:"immutable"`
	// The service account to store a secret for.
	ServiceAccount IServiceAccount `field:"required" json:"serviceAccount" yaml:"serviceAccount"`
}

Options for `ServiceAccountTokenSecret`.

type ServiceBindOptions ¶

type ServiceBindOptions struct {
	// The name of this port within the service.
	//
	// This must be a DNS_LABEL. All
	// ports within a ServiceSpec must have unique names. This maps to the 'Name'
	// field in EndpointPort objects. Optional if only one ServicePort is defined
	// on this service.
	Name *string `field:"optional" json:"name" yaml:"name"`
	// The port on each node on which this service is exposed when type=NodePort or LoadBalancer.
	//
	// Usually assigned by the system. If specified, it will be
	// allocated to the service if unused or else creation of the service will
	// fail. Default is to auto-allocate a port if the ServiceType of this Service
	// requires one.
	// See: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
	//
	// Default: - auto-allocate a port if the ServiceType of this Service requires one.
	//
	NodePort *float64 `field:"optional" json:"nodePort" yaml:"nodePort"`
	// The IP protocol for this port.
	//
	// Supports "TCP", "UDP", and "SCTP". Default is TCP.
	// Default: Protocol.TCP
	//
	Protocol Protocol `field:"optional" json:"protocol" yaml:"protocol"`
	// The port number the service will redirect to.
	// Default: - The value of `port` will be used.
	//
	TargetPort *float64 `field:"optional" json:"targetPort" yaml:"targetPort"`
}

Options for `Service.bind`.

type ServiceIngressBackendOptions ¶

type ServiceIngressBackendOptions struct {
	// The port to use to access the service.
	//
	// - This option will fail if the service does not expose any ports.
	// - If the service exposes multiple ports, this option must be specified.
	// - If the service exposes a single port, this option is optional and if
	//    specified, it must be the same port exposed by the service.
	// Default: - if the service exposes a single port, this port will be used.
	//
	Port *float64 `field:"optional" json:"port" yaml:"port"`
}

Options for setting up backends for ingress rules.

type ServicePort ¶

type ServicePort struct {
	// The name of this port within the service.
	//
	// This must be a DNS_LABEL. All
	// ports within a ServiceSpec must have unique names. This maps to the 'Name'
	// field in EndpointPort objects. Optional if only one ServicePort is defined
	// on this service.
	Name *string `field:"optional" json:"name" yaml:"name"`
	// The port on each node on which this service is exposed when type=NodePort or LoadBalancer.
	//
	// Usually assigned by the system. If specified, it will be
	// allocated to the service if unused or else creation of the service will
	// fail. Default is to auto-allocate a port if the ServiceType of this Service
	// requires one.
	// See: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
	//
	// Default: - auto-allocate a port if the ServiceType of this Service requires one.
	//
	NodePort *float64 `field:"optional" json:"nodePort" yaml:"nodePort"`
	// The IP protocol for this port.
	//
	// Supports "TCP", "UDP", and "SCTP". Default is TCP.
	// Default: Protocol.TCP
	//
	Protocol Protocol `field:"optional" json:"protocol" yaml:"protocol"`
	// The port number the service will redirect to.
	// Default: - The value of `port` will be used.
	//
	TargetPort *float64 `field:"optional" json:"targetPort" yaml:"targetPort"`
	// The port number the service will bind to.
	Port *float64 `field:"required" json:"port" yaml:"port"`
}

Definition of a service port.

type ServiceProps ¶

type ServiceProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// The IP address of the service and is usually assigned randomly by the master.
	//
	// If an address is specified manually and is not in use by others, it
	// will be allocated to the service; otherwise, creation of the service will
	// fail. This field can not be changed through updates. Valid values are
	// "None", empty string (""), or a valid IP address. "None" can be specified
	// for headless services when proxying is not required. Only applies to types
	// ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName.
	// See: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
	//
	// Default: - Automatically assigned.
	//
	ClusterIP *string `field:"optional" json:"clusterIP" yaml:"clusterIP"`
	// A list of IP addresses for which nodes in the cluster will also accept traffic for this service.
	//
	// These IPs are not managed by Kubernetes. The user
	// is responsible for ensuring that traffic arrives at a node with this IP. A
	// common example is external load-balancers that are not part of the
	// Kubernetes system.
	// Default: - No external IPs.
	//
	ExternalIPs *[]*string `field:"optional" json:"externalIPs" yaml:"externalIPs"`
	// The externalName to be used when ServiceType.EXTERNAL_NAME is set.
	// Default: - No external name.
	//
	ExternalName *string `field:"optional" json:"externalName" yaml:"externalName"`
	// A list of CIDR IP addresses, if specified and supported by the platform, will restrict traffic through the cloud-provider load-balancer to the specified client IPs.
	//
	// More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/
	LoadBalancerSourceRanges *[]*string `field:"optional" json:"loadBalancerSourceRanges" yaml:"loadBalancerSourceRanges"`
	// The ports this service binds to.
	//
	// If the selector of the service is a managed pod / workload,
	// its ports will are automatically extracted and used as the default value.
	// Otherwise, no ports are bound.
	// Default: - either the selector ports, or none.
	//
	Ports *[]*ServicePort `field:"optional" json:"ports" yaml:"ports"`
	// The publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready.
	//
	// More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#servicespec-v1-core
	// Default: - false.
	//
	PublishNotReadyAddresses *bool `field:"optional" json:"publishNotReadyAddresses" yaml:"publishNotReadyAddresses"`
	// Which pods should the service select and route to.
	//
	// You can pass one of the following:
	//
	// - An instance of `Pod` or any workload resource (e.g `Deployment`, `StatefulSet`, ...)
	// - Pods selected by the `Pods.select` function. Note that in this case only labels can be specified.
	//
	// Example:
	//   // select the pods of a specific deployment
	//   const backend = new kplus.Deployment(this, 'Backend', ...);
	//   new kplus.Service(this, 'Service', { selector: backend });
	//
	//   // select all pods labeled with the `tier=backend` label
	//   const backend = kplus.Pod.labeled({ tier: 'backend' });
	//   new kplus.Service(this, 'Service', { selector: backend });
	//
	// Default: - unset, the service is assumed to have an external process managing
	// its endpoints, which Kubernetes will not modify.
	//
	Selector IPodSelector `field:"optional" json:"selector" yaml:"selector"`
	// Determines how the Service is exposed.
	//
	// More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
	// Default: ServiceType.ClusterIP
	//
	Type ServiceType `field:"optional" json:"type" yaml:"type"`
}

Properties for `Service`.

type ServiceType ¶

type ServiceType string

For some parts of your application (for example, frontends) you may want to expose a Service onto an external IP address, that's outside of your cluster.

Kubernetes ServiceTypes allow you to specify what kind of Service you want. The default is ClusterIP.

const (
	// Exposes the Service on a cluster-internal IP.
	//
	// Choosing this value makes the Service only reachable from within the cluster.
	// This is the default ServiceType.
	ServiceType_CLUSTER_IP ServiceType = "CLUSTER_IP"
	// Exposes the Service on each Node's IP at a static port (the NodePort).
	//
	// A ClusterIP Service, to which the NodePort Service routes, is automatically created.
	// You'll be able to contact the NodePort Service, from outside the cluster,
	// by requesting <NodeIP>:<NodePort>.
	ServiceType_NODE_PORT ServiceType = "NODE_PORT"
	// Exposes the Service externally using a cloud provider's load balancer.
	//
	// NodePort and ClusterIP Services, to which the external load balancer routes,
	// are automatically created.
	ServiceType_LOAD_BALANCER ServiceType = "LOAD_BALANCER"
	// Maps the Service to the contents of the externalName field (e.g. foo.bar.example.com), by returning a CNAME record with its value. No proxying of any kind is set up.
	//
	// > Note: You need either kube-dns version 1.7 or CoreDNS version 0.0.8 or higher to use the ExternalName type.
	ServiceType_EXTERNAL_NAME ServiceType = "EXTERNAL_NAME"
)

type SshAuthSecret ¶

type SshAuthSecret interface {
	Secret
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	// Whether or not the secret is immutable.
	Immutable() *bool
	// The object kind (e.g. "Deployment").
	Kind() *string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	// Adds a string data field to the secret.
	AddStringData(key *string, value *string)
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	// Returns EnvValue object from a secret's key.
	EnvValue(key *string, options *EnvValueFromSecretOptions) EnvValue
	// Gets a string data by key or undefined.
	GetStringData(key *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

Create a secret for ssh authentication. See: https://kubernetes.io/docs/concepts/configuration/secret/#ssh-authentication-secrets

func NewSshAuthSecret ¶

func NewSshAuthSecret(scope constructs.Construct, id *string, props *SshAuthSecretProps) SshAuthSecret

type SshAuthSecretProps ¶

type SshAuthSecretProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).
	//
	// If not set to true, the field can be modified at any time.
	// Default: false.
	//
	Immutable *bool `field:"optional" json:"immutable" yaml:"immutable"`
	// The SSH private key to use.
	SshPrivateKey *string `field:"required" json:"sshPrivateKey" yaml:"sshPrivateKey"`
}

Options for `SshAuthSecret`.

type StatefulSet ¶

type StatefulSet interface {
	Workload
	IScalable
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	AutomountServiceAccountToken() *bool
	Connections() PodConnections
	Containers() *[]Container
	Dns() PodDns
	DockerRegistryAuth() ISecret
	// If this is a target of an autoscaler.
	HasAutoscaler() *bool
	SetHasAutoscaler(val *bool)
	HostAliases() *[]*HostAlias
	HostNetwork() *bool
	InitContainers() *[]Container
	Isolate() *bool
	// The object kind (e.g. "Deployment").
	Kind() *string
	// The expression matchers this workload will use in order to select pods.
	//
	// Returns a a copy. Use `select()` to add expression matchers.
	MatchExpressions() *[]*LabelSelectorRequirement
	// The label matchers this workload will use in order to select pods.
	//
	// Returns a a copy. Use `select()` to add label matchers.
	MatchLabels() *map[string]*string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// Minimum duration for which a newly created pod should be ready without any of its container crashing, for it to be considered available.
	MinReady() cdk8s.Duration
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// Management policy to use for the set.
	PodManagementPolicy() PodManagementPolicy
	// The metadata of pods in this workload.
	PodMetadata() cdk8s.ApiObjectMetadataDefinition
	// Number of desired pods.
	Replicas() *float64
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	RestartPolicy() RestartPolicy
	Scheduling() WorkloadScheduling
	SecurityContext() PodSecurityContext
	Service() Service
	ServiceAccount() IServiceAccount
	// The update startegy of this stateful set.
	Strategy() StatefulSetUpdateStrategy
	TerminationGracePeriod() cdk8s.Duration
	Volumes() *[]Volume
	AddContainer(cont *ContainerProps) Container
	AddHostAlias(hostAlias *HostAlias)
	AddInitContainer(cont *ContainerProps) Container
	AddVolume(vol Volume)
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	AttachContainer(cont Container)
	// Called on all IScalable targets when they are associated with an autoscaler.
	// See: IScalable.markHasAutoscaler()
	//
	MarkHasAutoscaler()
	// Configure selectors for this workload.
	Select(selectors ...LabelSelector)
	// Return the configuration of this peer.
	// See: INetworkPolicyPeer.toNetworkPolicyPeerConfig()
	//
	ToNetworkPolicyPeerConfig() *NetworkPolicyPeerConfig
	// Convert the peer into a pod selector, if possible.
	// See: INetworkPolicyPeer.toPodSelector()
	//
	ToPodSelector() IPodSelector
	// Return the configuration of this selector.
	// See: IPodSelector.toPodSelectorConfig()
	//
	ToPodSelectorConfig() *PodSelectorConfig
	// Return the target spec properties of this Scalable.
	// See: IScalable.toScalingTarget()
	//
	ToScalingTarget() *ScalingTarget
	// Returns a string representation of this construct.
	ToString() *string
	// Return the subject configuration.
	// See: ISubect.toSubjectConfiguration()
	//
	ToSubjectConfiguration() *SubjectConfiguration
}

StatefulSet is the workload API object used to manage stateful applications.

Manages the deployment and scaling of a set of Pods, and provides guarantees about the ordering and uniqueness of these Pods.

Like a Deployment, a StatefulSet manages Pods that are based on an identical container spec. Unlike a Deployment, a StatefulSet maintains a sticky identity for each of their Pods. These pods are created from the same spec, but are not interchangeable: each has a persistent identifier that it maintains across any rescheduling.

If you want to use storage volumes to provide persistence for your workload, you can use a StatefulSet as part of the solution. Although individual Pods in a StatefulSet are susceptible to failure, the persistent Pod identifiers make it easier to match existing volumes to the new Pods that replace any that have failed.

Using StatefulSets ------------------ StatefulSets are valuable for applications that require one or more of the following.

- Stable, unique network identifiers. - Stable, persistent storage. - Ordered, graceful deployment and scaling. - Ordered, automated rolling updates.

func NewStatefulSet ¶

func NewStatefulSet(scope constructs.Construct, id *string, props *StatefulSetProps) StatefulSet

type StatefulSetProps ¶

type StatefulSetProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// Indicates whether a service account token should be automatically mounted.
	// See: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
	//
	// Default: false.
	//
	AutomountServiceAccountToken *bool `field:"optional" json:"automountServiceAccountToken" yaml:"automountServiceAccountToken"`
	// List of containers belonging to the pod.
	//
	// Containers cannot currently be
	// added or removed. There must be at least one container in a Pod.
	//
	// You can add additionnal containers using `podSpec.addContainer()`
	// Default: - No containers. Note that a pod spec must include at least one container.
	//
	Containers *[]*ContainerProps `field:"optional" json:"containers" yaml:"containers"`
	// DNS settings for the pod.
	// See: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
	//
	// Default:  policy: DnsPolicy.CLUSTER_FIRST
	// hostnameAsFQDN: false.
	//
	Dns *PodDnsProps `field:"optional" json:"dns" yaml:"dns"`
	// A secret containing docker credentials for authenticating to a registry.
	// Default: - No auth. Images are assumed to be publicly available.
	//
	DockerRegistryAuth ISecret `field:"optional" json:"dockerRegistryAuth" yaml:"dockerRegistryAuth"`
	// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.
	HostAliases *[]*HostAlias `field:"optional" json:"hostAliases" yaml:"hostAliases"`
	// Host network for the pod.
	// Default: false.
	//
	HostNetwork *bool `field:"optional" json:"hostNetwork" yaml:"hostNetwork"`
	// List of initialization containers belonging to the pod.
	//
	// Init containers are executed in order prior to containers being started.
	// If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy.
	// The name for an init container or normal container must be unique among all containers.
	// Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
	// The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit
	// for each resource type, and then using the max of of that value or the sum of the normal containers.
	// Limits are applied to init containers in a similar fashion.
	//
	// Init containers cannot currently be added ,removed or updated.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
	//
	// Default: - No init containers.
	//
	InitContainers *[]*ContainerProps `field:"optional" json:"initContainers" yaml:"initContainers"`
	// Isolates the pod.
	//
	// This will prevent any ingress or egress connections to / from this pod.
	// You can however allow explicit connections post instantiation by using the `.connections` property.
	// Default: false.
	//
	Isolate *bool `field:"optional" json:"isolate" yaml:"isolate"`
	// Restart policy for all containers within the pod.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
	//
	// Default: RestartPolicy.ALWAYS
	//
	RestartPolicy RestartPolicy `field:"optional" json:"restartPolicy" yaml:"restartPolicy"`
	// SecurityContext holds pod-level security attributes and common container settings.
	// Default:   fsGroupChangePolicy: FsGroupChangePolicy.FsGroupChangePolicy.ALWAYS
	// ensureNonRoot: true.
	//
	SecurityContext *PodSecurityContextProps `field:"optional" json:"securityContext" yaml:"securityContext"`
	// A service account provides an identity for processes that run in a Pod.
	//
	// When you (a human) access the cluster (for example, using kubectl), you are
	// authenticated by the apiserver as a particular User Account (currently this
	// is usually admin, unless your cluster administrator has customized your
	// cluster). Processes in containers inside pods can also contact the
	// apiserver. When they do, they are authenticated as a particular Service
	// Account (for example, default).
	// See: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
	//
	// Default: - No service account.
	//
	ServiceAccount IServiceAccount `field:"optional" json:"serviceAccount" yaml:"serviceAccount"`
	// Grace period until the pod is terminated.
	// Default: Duration.seconds(30)
	//
	TerminationGracePeriod cdk8s.Duration `field:"optional" json:"terminationGracePeriod" yaml:"terminationGracePeriod"`
	// List of volumes that can be mounted by containers belonging to the pod.
	//
	// You can also add volumes later using `podSpec.addVolume()`
	// See: https://kubernetes.io/docs/concepts/storage/volumes
	//
	// Default: - No volumes.
	//
	Volumes *[]Volume `field:"optional" json:"volumes" yaml:"volumes"`
	// The pod metadata of this workload.
	PodMetadata *cdk8s.ApiObjectMetadata `field:"optional" json:"podMetadata" yaml:"podMetadata"`
	// Automatically allocates a pod label selector for this workload and add it to the pod metadata.
	//
	// This ensures this workload manages pods created by
	// its pod template.
	// Default: true.
	//
	Select *bool `field:"optional" json:"select" yaml:"select"`
	// Automatically spread pods across hostname and zones.
	// See: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#internal-default-constraints
	//
	// Default: false.
	//
	Spread *bool `field:"optional" json:"spread" yaml:"spread"`
	// Minimum duration for which a newly created pod should be ready without any of its container crashing, for it to be considered available.
	//
	// Zero means the pod will be considered available as soon as it is ready.
	//
	// This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate.
	// See: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#min-ready-seconds
	//
	// Default: Duration.seconds(0)
	//
	MinReady cdk8s.Duration `field:"optional" json:"minReady" yaml:"minReady"`
	// Pod management policy to use for this statefulset.
	// Default: PodManagementPolicy.ORDERED_READY
	//
	PodManagementPolicy PodManagementPolicy `field:"optional" json:"podManagementPolicy" yaml:"podManagementPolicy"`
	// Number of desired pods.
	// Default: 1.
	//
	Replicas *float64 `field:"optional" json:"replicas" yaml:"replicas"`
	// Service to associate with the statefulset.
	// Default: - A new headless service will be created.
	//
	Service Service `field:"optional" json:"service" yaml:"service"`
	// Indicates the StatefulSetUpdateStrategy that will be employed to update Pods in the StatefulSet when a revision is made to Template.
	// Default: - RollingUpdate with partition set to 0.
	//
	Strategy StatefulSetUpdateStrategy `field:"optional" json:"strategy" yaml:"strategy"`
}

Properties for initialization of `StatefulSet`.

type StatefulSetUpdateStrategy ¶

type StatefulSetUpdateStrategy interface {
}

StatefulSet update strategies.

func StatefulSetUpdateStrategy_OnDelete ¶

func StatefulSetUpdateStrategy_OnDelete() StatefulSetUpdateStrategy

The controller will not automatically update the Pods in a StatefulSet.

Users must manually delete Pods to cause the controller to create new Pods that reflect modifications.

func StatefulSetUpdateStrategy_RollingUpdate ¶

func StatefulSetUpdateStrategy_RollingUpdate(options *StatefulSetUpdateStrategyRollingUpdateOptions) StatefulSetUpdateStrategy

The controller will delete and recreate each Pod in the StatefulSet.

It will proceed in the same order as Pod termination (from the largest ordinal to the smallest), updating each Pod one at a time. The Kubernetes control plane waits until an updated Pod is Running and Ready prior to updating its predecessor.

type StatefulSetUpdateStrategyRollingUpdateOptions ¶

type StatefulSetUpdateStrategyRollingUpdateOptions struct {
	// If specified, all Pods with an ordinal that is greater than or equal to the partition will be updated when the StatefulSet's .spec.template is updated. All Pods with an ordinal that is less than the partition will not be updated, and, even if they are deleted, they will be recreated at the previous version.
	//
	// If the partition is greater than replicas, updates to the pod template will not be propagated to Pods.
	// In most cases you will not need to use a partition, but they are useful if you want to stage an
	// update, roll out a canary, or perform a phased roll out.
	// See: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions
	//
	// Default: 0.
	//
	Partition *float64 `field:"optional" json:"partition" yaml:"partition"`
}

Options for `StatefulSetUpdateStrategy.rollingUpdate`.

type SubjectConfiguration ¶

type SubjectConfiguration struct {
	// Kind of object being referenced.
	//
	// Values defined by this API group are
	// "User", "Group", and "ServiceAccount". If the Authorizer does not
	// recognized the kind value, the Authorizer should report an error.
	Kind *string `field:"required" json:"kind" yaml:"kind"`
	// Name of the object being referenced.
	Name *string `field:"required" json:"name" yaml:"name"`
	// APIGroup holds the API group of the referenced subject.
	//
	// Defaults to "" for
	// ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User
	// and Group subjects.
	ApiGroup *string `field:"optional" json:"apiGroup" yaml:"apiGroup"`
	// Namespace of the referenced object.
	//
	// If the object kind is non-namespace,
	// such as "User" or "Group", and this value is not empty the Authorizer
	// should report an error.
	Namespace *string `field:"optional" json:"namespace" yaml:"namespace"`
}

Subject contains a reference to the object or user identities a role binding applies to.

This can either hold a direct API object reference, or a value for non-objects such as user and group names.

type Sysctl ¶

type Sysctl struct {
	// Name of a property to set.
	Name *string `field:"required" json:"name" yaml:"name"`
	// Value of a property to set.
	Value *string `field:"required" json:"value" yaml:"value"`
}

Sysctl defines a kernel parameter to be set.

type TaintEffect ¶

type TaintEffect string

Taint effects.

const (
	// This means that no pod will be able to schedule onto the node unless it has a matching toleration.
	TaintEffect_NO_SCHEDULE TaintEffect = "NO_SCHEDULE"
	// This is a "preference" or "soft" version of `NO_SCHEDULE` -- the system will try to avoid placing a pod that does not tolerate the taint on the node, but it is not required.
	TaintEffect_PREFER_NO_SCHEDULE TaintEffect = "PREFER_NO_SCHEDULE"
	// This affects pods that are already running on the node as follows:.
	//
	// - Pods that do not tolerate the taint are evicted immediately.
	// - Pods that tolerate the taint without specifying `duration` remain bound forever.
	// - Pods that tolerate the taint with a specified `duration` remain bound for
	//    the specified amount of time.
	TaintEffect_NO_EXECUTE TaintEffect = "NO_EXECUTE"
)

type TaintedNode ¶

type TaintedNode interface {
	TaintSelector() *[]NodeTaintQuery
}

A node that is matched by taint selectors.

func NewTaintedNode ¶

func NewTaintedNode(taintSelector *[]NodeTaintQuery) TaintedNode

func Node_Tainted ¶

func Node_Tainted(taintSelector ...NodeTaintQuery) TaintedNode

Match a node by its taints.

type TcpSocketProbeOptions ¶

type TcpSocketProbeOptions struct {
	// Minimum consecutive failures for the probe to be considered failed after having succeeded.
	//
	// Defaults to 3. Minimum value is 1.
	// Default: 3.
	//
	FailureThreshold *float64 `field:"optional" json:"failureThreshold" yaml:"failureThreshold"`
	// Number of seconds after the container has started before liveness probes are initiated.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
	//
	// Default: - immediate.
	//
	InitialDelaySeconds cdk8s.Duration `field:"optional" json:"initialDelaySeconds" yaml:"initialDelaySeconds"`
	// How often (in seconds) to perform the probe.
	//
	// Default to 10 seconds. Minimum value is 1.
	// Default: Duration.seconds(10) Minimum value is 1.
	//
	PeriodSeconds cdk8s.Duration `field:"optional" json:"periodSeconds" yaml:"periodSeconds"`
	// Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1.
	//
	// Must be 1 for liveness and startup. Minimum value is 1.
	// Default: 1 Must be 1 for liveness and startup. Minimum value is 1.
	//
	SuccessThreshold *float64 `field:"optional" json:"successThreshold" yaml:"successThreshold"`
	// Number of seconds after which the probe times out.
	//
	// Defaults to 1 second. Minimum value is 1.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
	//
	// Default: Duration.seconds(1)
	//
	TimeoutSeconds cdk8s.Duration `field:"optional" json:"timeoutSeconds" yaml:"timeoutSeconds"`
	// The host name to connect to on the container.
	// Default: - defaults to the pod IP.
	//
	Host *string `field:"optional" json:"host" yaml:"host"`
	// The TCP port to connect to on the container.
	// Default: - defaults to `container.port`.
	//
	Port *float64 `field:"optional" json:"port" yaml:"port"`
}

Options for `Probe.fromTcpSocket()`.

type TlsSecret ¶

type TlsSecret interface {
	Secret
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	// See: base.Resource.apiObject
	//
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	// Whether or not the secret is immutable.
	Immutable() *bool
	// The object kind (e.g. "Deployment").
	Kind() *string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	// Adds a string data field to the secret.
	AddStringData(key *string, value *string)
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	// Returns EnvValue object from a secret's key.
	EnvValue(key *string, options *EnvValueFromSecretOptions) EnvValue
	// Gets a string data by key or undefined.
	GetStringData(key *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

Create a secret for storing a TLS certificate and its associated key. See: https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets

func NewTlsSecret ¶

func NewTlsSecret(scope constructs.Construct, id *string, props *TlsSecretProps) TlsSecret

type TlsSecretProps ¶

type TlsSecretProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).
	//
	// If not set to true, the field can be modified at any time.
	// Default: false.
	//
	Immutable *bool `field:"optional" json:"immutable" yaml:"immutable"`
	// The TLS cert.
	TlsCert *string `field:"required" json:"tlsCert" yaml:"tlsCert"`
	// The TLS key.
	TlsKey *string `field:"required" json:"tlsKey" yaml:"tlsKey"`
}

Options for `TlsSecret`.

type Topology ¶

type Topology interface {
	Key() *string
}

Available topology domains.

func Topology_Custom ¶

func Topology_Custom(key *string) Topology

Custom key for the node label that the system uses to denote the topology domain.

func Topology_HOSTNAME ¶

func Topology_HOSTNAME() Topology

func Topology_REGION ¶

func Topology_REGION() Topology

func Topology_ZONE ¶

func Topology_ZONE() Topology

type User ¶

type User interface {
	constructs.Construct
	ISubject
	ApiGroup() *string
	Kind() *string
	Name() *string
	// The tree node.
	Node() constructs.Node
	// Returns a string representation of this construct.
	ToString() *string
	// Return the subject configuration.
	// See: ISubect.toSubjectConfiguration()
	//
	ToSubjectConfiguration() *SubjectConfiguration
}

Represents a user.

func User_FromName ¶

func User_FromName(scope constructs.Construct, id *string, name *string) User

Reference a user in the cluster by name.

type Volume ¶

type Volume interface {
	constructs.Construct
	IStorage
	Name() *string
	// The tree node.
	Node() constructs.Node
	// Convert the piece of storage into a concrete volume.
	AsVolume() Volume
	// Returns a string representation of this construct.
	ToString() *string
}

Volume represents a named volume in a pod that may be accessed by any container in the pod.

Docker also has a concept of volumes, though it is somewhat looser and less managed. In Docker, a volume is simply a directory on disk or in another Container. Lifetimes are not managed and until very recently there were only local-disk-backed volumes. Docker now provides volume drivers, but the functionality is very limited for now (e.g. as of Docker 1.7 only one volume driver is allowed per Container and there is no way to pass parameters to volumes).

A Kubernetes volume, on the other hand, has an explicit lifetime - the same as the Pod that encloses it. Consequently, a volume outlives any Containers that run within the Pod, and data is preserved across Container restarts. Of course, when a Pod ceases to exist, the volume will cease to exist, too. Perhaps more importantly than this, Kubernetes supports many types of volumes, and a Pod can use any number of them simultaneously.

At its core, a volume is just a directory, possibly with some data in it, which is accessible to the Containers in a Pod. How that directory comes to be, the medium that backs it, and the contents of it are determined by the particular volume type used.

To use a volume, a Pod specifies what volumes to provide for the Pod (the .spec.volumes field) and where to mount those into Containers (the .spec.containers[*].volumeMounts field).

A process in a container sees a filesystem view composed from their Docker image and volumes. The Docker image is at the root of the filesystem hierarchy, and any volumes are mounted at the specified paths within the image. Volumes can not mount onto other volumes

func Volume_FromAwsElasticBlockStore ¶

func Volume_FromAwsElasticBlockStore(scope constructs.Construct, id *string, volumeId *string, options *AwsElasticBlockStoreVolumeOptions) Volume

Mounts an Amazon Web Services (AWS) EBS volume into your pod.

Unlike emptyDir, which is erased when a pod is removed, the contents of an EBS volume are persisted and the volume is unmounted. This means that an EBS volume can be pre-populated with data, and that data can be shared between pods.

There are some restrictions when using an awsElasticBlockStore volume:

- the nodes on which pods are running must be AWS EC2 instances. - those instances need to be in the same region and availability zone as the EBS volume. - EBS only supports a single EC2 instance mounting a volume.

func Volume_FromAzureDisk ¶

func Volume_FromAzureDisk(scope constructs.Construct, id *string, diskName *string, diskUri *string, options *AzureDiskVolumeOptions) Volume

Mounts a Microsoft Azure Data Disk into a pod.

func Volume_FromConfigMap ¶

func Volume_FromConfigMap(scope constructs.Construct, id *string, configMap IConfigMap, options *ConfigMapVolumeOptions) Volume

Populate the volume from a ConfigMap.

The configMap resource provides a way to inject configuration data into Pods. The data stored in a ConfigMap object can be referenced in a volume of type configMap and then consumed by containerized applications running in a Pod.

When referencing a configMap object, you can simply provide its name in the volume to reference it. You can also customize the path to use for a specific entry in the ConfigMap.

func Volume_FromCsi ¶

func Volume_FromCsi(scope constructs.Construct, id *string, driver *string, options *CsiVolumeOptions) Volume

Populate the volume from a CSI driver, for example the Secrets Store CSI Driver: https://secrets-store-csi-driver.sigs.k8s.io/introduction.html. Which in turn needs an associated provider to source the secrets, such as the AWS Secrets Manager and Systems Manager Parameter Store provider: https://aws.github.io/secrets-store-csi-driver-provider-aws/.

func Volume_FromEmptyDir ¶

func Volume_FromEmptyDir(scope constructs.Construct, id *string, name *string, options *EmptyDirVolumeOptions) Volume

An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node.

As the name says, it is initially empty. Containers in the Pod can all read and write the same files in the emptyDir volume, though that volume can be mounted at the same or different paths in each Container. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever. See: http://kubernetes.io/docs/user-guide/volumes#emptydir

func Volume_FromGcePersistentDisk ¶

func Volume_FromGcePersistentDisk(scope constructs.Construct, id *string, pdName *string, options *GCEPersistentDiskVolumeOptions) Volume

Mounts a Google Compute Engine (GCE) persistent disk (PD) into your Pod.

Unlike emptyDir, which is erased when a pod is removed, the contents of a PD are preserved and the volume is merely unmounted. This means that a PD can be pre-populated with data, and that data can be shared between pods.

There are some restrictions when using a gcePersistentDisk:

- the nodes on which Pods are running must be GCE VMs - those VMs need to be in the same GCE project and zone as the persistent disk.

func Volume_FromHostPath ¶

func Volume_FromHostPath(scope constructs.Construct, id *string, name *string, options *HostPathVolumeOptions) Volume

Used to mount a file or directory from the host node's filesystem into a Pod.

This is not something that most Pods will need, but it offers a powerful escape hatch for some applications. See: https://kubernetes.io/docs/concepts/storage/volumes/#hostpath

func Volume_FromNfs ¶

func Volume_FromNfs(scope constructs.Construct, id *string, name *string, options *NfsVolumeOptions) Volume

Used to mount an NFS share into a Pod. See: https://kubernetes.io/docs/concepts/storage/volumes/#nfs

func Volume_FromPersistentVolumeClaim ¶

func Volume_FromPersistentVolumeClaim(scope constructs.Construct, id *string, claim IPersistentVolumeClaim, options *PersistentVolumeClaimVolumeOptions) Volume

Used to mount a PersistentVolume into a Pod.

PersistentVolumeClaims are a way for users to "claim" durable storage (such as a GCE PersistentDisk or an iSCSI volume) without knowing the details of the particular cloud environment. See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/

func Volume_FromSecret ¶

func Volume_FromSecret(scope constructs.Construct, id *string, secr ISecret, options *SecretVolumeOptions) Volume

Populate the volume from a Secret.

A secret volume is used to pass sensitive information, such as passwords, to Pods. You can store secrets in the Kubernetes API and mount them as files for use by pods without coupling to Kubernetes directly.

secret volumes are backed by tmpfs (a RAM-backed filesystem) so they are never written to non-volatile storage. See: https://kubernetes.io/docs/concepts/storage/volumes/#secret

type VolumeMount ¶

type VolumeMount struct {
	// Determines how mounts are propagated from the host to container and the other way around.
	//
	// When not set, MountPropagationNone is used.
	//
	// Mount propagation allows for sharing volumes mounted by a Container to
	// other Containers in the same Pod, or even to other Pods on the same node.
	// Default: MountPropagation.NONE
	//
	Propagation MountPropagation `field:"optional" json:"propagation" yaml:"propagation"`
	// Mounted read-only if true, read-write otherwise (false or unspecified).
	//
	// Defaults to false.
	// Default: false.
	//
	ReadOnly *bool `field:"optional" json:"readOnly" yaml:"readOnly"`
	// Path within the volume from which the container's volume should be mounted.).
	// Default: "" the volume's root.
	//
	SubPath *string `field:"optional" json:"subPath" yaml:"subPath"`
	// Expanded path within the volume from which the container's volume should be mounted.
	//
	// Behaves similarly to SubPath but environment variable references
	// $(VAR_NAME) are expanded using the container's environment. Defaults to ""
	// (volume's root).
	//
	// `subPathExpr` and `subPath` are mutually exclusive.
	// Default: "" volume's root.
	//
	SubPathExpr *string `field:"optional" json:"subPathExpr" yaml:"subPathExpr"`
	// Path within the container at which the volume should be mounted.
	//
	// Must not
	// contain ':'.
	Path *string `field:"required" json:"path" yaml:"path"`
	// The volume to mount.
	Volume Volume `field:"required" json:"volume" yaml:"volume"`
}

Mount a volume from the pod to the container.

type Workload ¶

type Workload interface {
	AbstractPod
	// The group portion of the API version (e.g. "authorization.k8s.io").
	ApiGroup() *string
	// The underlying cdk8s API object.
	ApiObject() cdk8s.ApiObject
	// The object's API version (e.g. "authorization.k8s.io/v1").
	ApiVersion() *string
	AutomountServiceAccountToken() *bool
	Connections() PodConnections
	Containers() *[]Container
	Dns() PodDns
	DockerRegistryAuth() ISecret
	HostAliases() *[]*HostAlias
	HostNetwork() *bool
	InitContainers() *[]Container
	Isolate() *bool
	// The object kind (e.g. "Deployment").
	Kind() *string
	// The expression matchers this workload will use in order to select pods.
	//
	// Returns a a copy. Use `select()` to add expression matchers.
	MatchExpressions() *[]*LabelSelectorRequirement
	// The label matchers this workload will use in order to select pods.
	//
	// Returns a a copy. Use `select()` to add label matchers.
	MatchLabels() *map[string]*string
	Metadata() cdk8s.ApiObjectMetadataDefinition
	// The name of this API object.
	Name() *string
	// The tree node.
	Node() constructs.Node
	Permissions() ResourcePermissions
	// The metadata of pods in this workload.
	PodMetadata() cdk8s.ApiObjectMetadataDefinition
	// The unique, namespace-global, name of an object inside the Kubernetes cluster.
	//
	// If this is omitted, the ApiResource should represent all objects of the given type.
	ResourceName() *string
	// The name of a resource type as it appears in the relevant API endpoint.
	ResourceType() *string
	RestartPolicy() RestartPolicy
	Scheduling() WorkloadScheduling
	SecurityContext() PodSecurityContext
	ServiceAccount() IServiceAccount
	TerminationGracePeriod() cdk8s.Duration
	Volumes() *[]Volume
	AddContainer(cont *ContainerProps) Container
	AddHostAlias(hostAlias *HostAlias)
	AddInitContainer(cont *ContainerProps) Container
	AddVolume(vol Volume)
	// Return the IApiResource this object represents.
	AsApiResource() IApiResource
	// Return the non resource url this object represents.
	AsNonApiResource() *string
	AttachContainer(cont Container)
	// Configure selectors for this workload.
	Select(selectors ...LabelSelector)
	// Return the configuration of this peer.
	// See: INetworkPolicyPeer.toNetworkPolicyPeerConfig()
	//
	ToNetworkPolicyPeerConfig() *NetworkPolicyPeerConfig
	// Convert the peer into a pod selector, if possible.
	// See: INetworkPolicyPeer.toPodSelector()
	//
	ToPodSelector() IPodSelector
	// Return the configuration of this selector.
	// See: IPodSelector.toPodSelectorConfig()
	//
	ToPodSelectorConfig() *PodSelectorConfig
	// Returns a string representation of this construct.
	ToString() *string
	// Return the subject configuration.
	// See: ISubect.toSubjectConfiguration()
	//
	ToSubjectConfiguration() *SubjectConfiguration
}

A workload is an application running on Kubernetes.

Whether your workload is a single component or several that work together, on Kubernetes you run it inside a set of pods. In Kubernetes, a Pod represents a set of running containers on your cluster.

type WorkloadProps ¶

type WorkloadProps struct {
	// Metadata that all persisted resources must have, which includes all objects users must create.
	Metadata *cdk8s.ApiObjectMetadata `field:"optional" json:"metadata" yaml:"metadata"`
	// Indicates whether a service account token should be automatically mounted.
	// See: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
	//
	// Default: false.
	//
	AutomountServiceAccountToken *bool `field:"optional" json:"automountServiceAccountToken" yaml:"automountServiceAccountToken"`
	// List of containers belonging to the pod.
	//
	// Containers cannot currently be
	// added or removed. There must be at least one container in a Pod.
	//
	// You can add additionnal containers using `podSpec.addContainer()`
	// Default: - No containers. Note that a pod spec must include at least one container.
	//
	Containers *[]*ContainerProps `field:"optional" json:"containers" yaml:"containers"`
	// DNS settings for the pod.
	// See: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
	//
	// Default:  policy: DnsPolicy.CLUSTER_FIRST
	// hostnameAsFQDN: false.
	//
	Dns *PodDnsProps `field:"optional" json:"dns" yaml:"dns"`
	// A secret containing docker credentials for authenticating to a registry.
	// Default: - No auth. Images are assumed to be publicly available.
	//
	DockerRegistryAuth ISecret `field:"optional" json:"dockerRegistryAuth" yaml:"dockerRegistryAuth"`
	// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.
	HostAliases *[]*HostAlias `field:"optional" json:"hostAliases" yaml:"hostAliases"`
	// Host network for the pod.
	// Default: false.
	//
	HostNetwork *bool `field:"optional" json:"hostNetwork" yaml:"hostNetwork"`
	// List of initialization containers belonging to the pod.
	//
	// Init containers are executed in order prior to containers being started.
	// If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy.
	// The name for an init container or normal container must be unique among all containers.
	// Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
	// The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit
	// for each resource type, and then using the max of of that value or the sum of the normal containers.
	// Limits are applied to init containers in a similar fashion.
	//
	// Init containers cannot currently be added ,removed or updated.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
	//
	// Default: - No init containers.
	//
	InitContainers *[]*ContainerProps `field:"optional" json:"initContainers" yaml:"initContainers"`
	// Isolates the pod.
	//
	// This will prevent any ingress or egress connections to / from this pod.
	// You can however allow explicit connections post instantiation by using the `.connections` property.
	// Default: false.
	//
	Isolate *bool `field:"optional" json:"isolate" yaml:"isolate"`
	// Restart policy for all containers within the pod.
	// See: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
	//
	// Default: RestartPolicy.ALWAYS
	//
	RestartPolicy RestartPolicy `field:"optional" json:"restartPolicy" yaml:"restartPolicy"`
	// SecurityContext holds pod-level security attributes and common container settings.
	// Default:   fsGroupChangePolicy: FsGroupChangePolicy.FsGroupChangePolicy.ALWAYS
	// ensureNonRoot: true.
	//
	SecurityContext *PodSecurityContextProps `field:"optional" json:"securityContext" yaml:"securityContext"`
	// A service account provides an identity for processes that run in a Pod.
	//
	// When you (a human) access the cluster (for example, using kubectl), you are
	// authenticated by the apiserver as a particular User Account (currently this
	// is usually admin, unless your cluster administrator has customized your
	// cluster). Processes in containers inside pods can also contact the
	// apiserver. When they do, they are authenticated as a particular Service
	// Account (for example, default).
	// See: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
	//
	// Default: - No service account.
	//
	ServiceAccount IServiceAccount `field:"optional" json:"serviceAccount" yaml:"serviceAccount"`
	// Grace period until the pod is terminated.
	// Default: Duration.seconds(30)
	//
	TerminationGracePeriod cdk8s.Duration `field:"optional" json:"terminationGracePeriod" yaml:"terminationGracePeriod"`
	// List of volumes that can be mounted by containers belonging to the pod.
	//
	// You can also add volumes later using `podSpec.addVolume()`
	// See: https://kubernetes.io/docs/concepts/storage/volumes
	//
	// Default: - No volumes.
	//
	Volumes *[]Volume `field:"optional" json:"volumes" yaml:"volumes"`
	// The pod metadata of this workload.
	PodMetadata *cdk8s.ApiObjectMetadata `field:"optional" json:"podMetadata" yaml:"podMetadata"`
	// Automatically allocates a pod label selector for this workload and add it to the pod metadata.
	//
	// This ensures this workload manages pods created by
	// its pod template.
	// Default: true.
	//
	Select *bool `field:"optional" json:"select" yaml:"select"`
	// Automatically spread pods across hostname and zones.
	// See: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#internal-default-constraints
	//
	// Default: false.
	//
	Spread *bool `field:"optional" json:"spread" yaml:"spread"`
}

Properties for `Workload`.

type WorkloadScheduling ¶

type WorkloadScheduling interface {
	PodScheduling
	Instance() AbstractPod
	// Assign this pod a specific node by name.
	//
	// The scheduler ignores the Pod, and the kubelet on the named node
	// tries to place the Pod on that node. Overrules any affinity rules of the pod.
	//
	// Some limitations of static assignment are:
	//
	// - If the named node does not exist, the Pod will not run, and in some
	//    cases may be automatically deleted.
	// - If the named node does not have the resources to accommodate the Pod,
	//    the Pod will fail and its reason will indicate why, for example OutOfmemory or OutOfcpu.
	// - Node names in cloud environments are not always predictable or stable.
	//
	// Will throw is the pod is already assigned to named node.
	//
	// Under the hood, this method utilizes the `nodeName` property.
	Assign(node NamedNode)
	// Attract this pod to a node matched by selectors. You can select a node by using `Node.labeled()`.
	//
	// Attracting to multiple nodes (i.e invoking this method multiple times) acts as
	// an OR condition, meaning the pod will be assigned to either one of the nodes.
	//
	// Under the hood, this method utilizes the `nodeAffinity` property.
	// See: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
	//
	Attract(node LabeledNode, options *PodSchedulingAttractOptions)
	// Co-locate this pod with a scheduling selection.
	//
	// A selection can be one of:
	//
	// - An instance of a `Pod`.
	// - An instance of a `Workload` (e.g `Deployment`, `StatefulSet`).
	// - An un-managed pod that can be selected via `Pods.select()`.
	//
	// Co-locating with multiple selections ((i.e invoking this method multiple times)) acts as
	// an AND condition. meaning the pod will be assigned to a node that satisfies all
	// selections (i.e runs at least one pod that satisifies each selection).
	//
	// Under the hood, this method utilizes the `podAffinity` property.
	// See: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
	//
	Colocate(selector IPodSelector, options *PodSchedulingColocateOptions)
	// Seperate this pod from a scheduling selection.
	//
	// A selection can be one of:
	//
	// - An instance of a `Pod`.
	// - An instance of a `Workload` (e.g `Deployment`, `StatefulSet`).
	// - An un-managed pod that can be selected via `Pods.select()`.
	//
	// Seperating from multiple selections acts as an AND condition. meaning the pod
	// will not be assigned to a node that satisfies all selections (i.e runs at least one pod that satisifies each selection).
	//
	// Under the hood, this method utilizes the `podAntiAffinity` property.
	// See: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
	//
	Separate(selector IPodSelector, options *PodSchedulingSeparateOptions)
	// Spread the pods in this workload by the topology key.
	//
	// A spread is a separation of the pod from itself and is used to
	// balance out pod replicas across a given topology.
	Spread(options *WorkloadSchedulingSpreadOptions)
	// Allow this pod to tolerate taints matching these tolerations.
	//
	// You can put multiple taints on the same node and multiple tolerations on the same pod.
	// The way Kubernetes processes multiple taints and tolerations is like a filter: start with
	// all of a node's taints, then ignore the ones for which the pod has a matching toleration;
	// the remaining un-ignored taints have the indicated effects on the pod. In particular:
	//
	// - if there is at least one un-ignored taint with effect NoSchedule then Kubernetes will
	//    not schedule the pod onto that node
	// - if there is no un-ignored taint with effect NoSchedule but there is at least one un-ignored
	//    taint with effect PreferNoSchedule then Kubernetes will try to not schedule the pod onto the node
	// - if there is at least one un-ignored taint with effect NoExecute then the pod will be evicted from
	//    the node (if it is already running on the node), and will not be scheduled onto the node (if it is
	//    not yet running on the node).
	//
	// Under the hood, this method utilizes the `tolerations` property.
	// See: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
	//
	Tolerate(node TaintedNode)
}

Controls the pod scheduling strategy of this workload.

It offers some additional API's on top of the core pod scheduling.

func NewWorkloadScheduling ¶

func NewWorkloadScheduling(instance AbstractPod) WorkloadScheduling

type WorkloadSchedulingSpreadOptions ¶

type WorkloadSchedulingSpreadOptions struct {
	// Which topology to spread on.
	// Default: - Topology.HOSTNAME
	//
	Topology Topology `field:"optional" json:"topology" yaml:"topology"`
	// Indicates the spread is optional, with this weight score.
	// Default: - no weight. spread is assumed to be required.
	//
	Weight *float64 `field:"optional" json:"weight" yaml:"weight"`
}

Options for `WorkloadScheduling.spread`.

Source Files ¶

Directories ¶

Path Synopsis
Package jsii contains the functionaility needed for jsii packages to initialize their dependencies and themselves.
Package jsii contains the functionaility needed for jsii packages to initialize their dependencies and themselves.
k8s

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL