diff --git a/content/en/docs/contrib/troubleshooting.md b/content/en/docs/contrib/troubleshooting.md index b89deac..307a100 100644 --- a/content/en/docs/contrib/troubleshooting.md +++ b/content/en/docs/contrib/troubleshooting.md @@ -16,7 +16,7 @@ https://github.com/spinkube/spin-operator/releases/download/v0.3.0/spin-operator command: ```console -Error from server (InternalError): error when creating "https://github.com/spinkube/spin-operator/releases/download/v0.3.0/spin-operator.shim-executor.yaml": Internal error occurred: failed calling webhook "mspinappexecutor.kb.io": failed to call webhook: Post "https://spin-operator-webhook-service.spin-operator.svc:443/mutate-core-spinoperator-dev-v1alpha1-spinappexecutor?timeout=10s": no endpoints available for service "spin-operator-webhook-service" +Error from server (InternalError): error when creating "https://github.com/spinkube/spin-operator/releases/download/v0.3.0/spin-operator.shim-executor.yaml": Internal error occurred: failed calling webhook "mspinappexecutor.kb.io": failed to call webhook: Post "https://spin-operator-webhook-service.spin-operator.svc:443/mutate-core-spinkube-dev-v1alpha1-spinappexecutor?timeout=10s": no endpoints available for service "spin-operator-webhook-service" ``` To address the error above, first look to see if Spin Operator is running: diff --git a/content/en/docs/glossary.md b/content/en/docs/glossary.md index d8400bb..5c5ad9c 100644 --- a/content/en/docs/glossary.md +++ b/content/en/docs/glossary.md @@ -74,7 +74,7 @@ SpinApp CRD consists of several key fields that define the desired state of a Sp Here's an example of a SpinApp custom resource that uses the SpinApp CRD schema: ```yaml -apiVersion: core.spinoperator.dev/v1alpha1 +apiVersion: core.spinkube.dev/v1alpha1 kind: SpinApp metadata: name: simple-spinapp @@ -91,7 +91,7 @@ You can modify the example above to customize the SpinApp via a YAML file. Here' file with additional customization options: ```yaml -apiVersion: core.spinoperator.dev/v1alpha1 +apiVersion: core.spinkube.dev/v1alpha1 kind: SpinApp metadata: name: simple-spinapp diff --git a/content/en/docs/install/linode-kubernetes-engine.md b/content/en/docs/install/linode-kubernetes-engine.md index bae8dd1..1985a82 100644 --- a/content/en/docs/install/linode-kubernetes-engine.md +++ b/content/en/docs/install/linode-kubernetes-engine.md @@ -114,7 +114,7 @@ $ spin kube scaffold --from ghcr.io/spinkube/containerd-shim-spin/examples/spin- This will write the following to `hello-world.yaml`: ```yaml -apiVersion: core.spinoperator.dev/v1alpha1 +apiVersion: core.spinkube.dev/v1alpha1 kind: SpinApp metadata: name: spin-rust-hello @@ -128,7 +128,7 @@ Using `kubectl apply`, we can deploy that app: ```console $ kubectl apply -f hello-world.yaml -spinapp.core.spinoperator.dev/spin-rust-hello created +spinapp.core.spinkube.dev/spin-rust-hello created ``` With SpinKube, SpinApps will be deployed as `Pod` resources, so we can see the app using `kubectl @@ -157,7 +157,7 @@ metadata: annotations: service.beta.kubernetes.io/linode-loadbalancer-throttle: "4" labels: - core.spinoperator.dev/app-name: spin-rust-hello + core.spinkube.dev/app-name: spin-rust-hello spec: type: LoadBalancer ports: @@ -166,7 +166,7 @@ spec: protocol: TCP targetPort: 80 selector: - core.spinoperator.dev/app.spin-rust-hello.status: ready + core.spinkube.dev/app.spin-rust-hello.status: ready sessionAffinity: None ``` @@ -209,7 +209,7 @@ To delete this sample app, we will first delete the NodeBalancer, and then delet $ kubectl delete service spin-rust-hello-nodebalancer service "spin-rust-hello-nodebalancer" deleted $ kubectl delete spinapp spin-rust-hello -spinapp.core.spinoperator.dev "spin-rust-hello" deleted +spinapp.core.spinkube.dev "spin-rust-hello" deleted ``` > If you delete the NodeBalancer out of the Linode console, it will not automatically delete the diff --git a/content/en/docs/install/microk8s.md b/content/en/docs/install/microk8s.md index 3a33dfd..5037f85 100644 --- a/content/en/docs/install/microk8s.md +++ b/content/en/docs/install/microk8s.md @@ -116,7 +116,7 @@ $ microk8s kubectl apply -f https://raw.githubusercontent.com/spinkube/spin-oper The above installs a simple `SpinApp` YAML that looks like this: ```yaml -apiVersion: core.spinoperator.dev/v1alpha1 +apiVersion: core.spinkube.dev/v1alpha1 kind: SpinApp metadata: name: simple-spinapp diff --git a/content/en/docs/install/rancher-desktop.md b/content/en/docs/install/rancher-desktop.md index 2c72d2f..fb4fe80 100644 --- a/content/en/docs/install/rancher-desktop.md +++ b/content/en/docs/install/rancher-desktop.md @@ -91,7 +91,7 @@ Replace `ttl.sh/hello-k3s:0.1.0` with your registry URL and tag. ```bash $ spin kube scaffold --from ttl.sh/hello-k3s:0.1.0 -apiVersion: core.spinoperator.dev/v1alpha1 +apiVersion: core.spinkube.dev/v1alpha1 kind: SpinApp metadata: name: hello-k3s diff --git a/content/en/docs/reference/spin-app-executor.md b/content/en/docs/reference/spin-app-executor.md index 2cb3b14..938a5ae 100644 --- a/content/en/docs/reference/spin-app-executor.md +++ b/content/en/docs/reference/spin-app-executor.md @@ -25,7 +25,7 @@ SpinAppExecutor is the Schema for the spinappexecutors API apiVersion string - core.spinoperator.dev/v1alpha1 + core.spinkube.dev/v1alpha1 true @@ -109,14 +109,6 @@ createDeployment is true. - runtimeClassName - string - - RuntimeClassName is the runtime class name that should be used by pods created -as part of a deployment.
- - true - caCertSecret string @@ -141,6 +133,25 @@ defined in `CACertSecret` the secret name will be `spin-ca`.
Otel provides Kubernetes Bindings to Otel Variables.
false + + runtimeClassName + string + + RuntimeClassName is the runtime class name that should be used by pods created +as part of a deployment. This should only be defined when SpintainerImage is not defined.
+ + false + + spinImage + string + + SpinImage points to an image that will run Spin in a container to execute +your SpinApp. This is an alternative to using the shim to execute your +SpinApp. This should only be defined when RuntimeClassName is not +defined. When specified, application images must be available without +authentication.
+ + false diff --git a/content/en/docs/reference/spin-app.md b/content/en/docs/reference/spin-app.md index 4b8f4b5..f4cefd9 100644 --- a/content/en/docs/reference/spin-app.md +++ b/content/en/docs/reference/spin-app.md @@ -25,7 +25,7 @@ SpinApp is the Schema for the spinapps API apiVersion string - core.spinoperator.dev/v1alpha1 + core.spinkube.dev/v1alpha1 true @@ -78,7 +78,6 @@ SpinAppSpec defines the desired state of SpinApp Executor controls how this app is executed in the cluster. - Defaults to whatever executor is available on the cluster. If multiple executors are available then the first executor in alphabetical order will be chosen. If no executors are available then no default will be set.
@@ -98,6 +97,15 @@ will be chosen. If no executors are available then no default will be set.
Checks defines health checks that should be used by Kubernetes to monitor the application.
false + + components + []string + + Components of the app to execute. + +If this is not provided all components are executed.
+ + false deploymentAnnotations map[string]string @@ -546,9 +554,7 @@ referenced object inside the same namespace. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. -TODO: Add other useful fields. apiVersion, kind, uid? -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
@@ -786,9 +792,7 @@ Selects a key of a ConfigMap. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. -TODO: Add other useful fields. apiVersion, kind, uid? -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
@@ -834,9 +838,7 @@ Selects a key of a secret in the apps namespace This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. -TODO: Add other useful fields. apiVersion, kind, uid? -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
@@ -988,9 +990,7 @@ Selects a key of a ConfigMap. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. -TODO: Add other useful fields. apiVersion, kind, uid? -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
@@ -1036,9 +1036,7 @@ Selects a key of a secret in the apps namespace This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. -TODO: Add other useful fields. apiVersion, kind, uid? -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
@@ -1197,9 +1195,7 @@ Selects a key of a ConfigMap. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. -TODO: Add other useful fields. apiVersion, kind, uid? -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
@@ -1245,9 +1241,7 @@ Selects a key of a secret in the apps namespace This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. -TODO: Add other useful fields. apiVersion, kind, uid? -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
@@ -1382,9 +1376,7 @@ Selects a key of a ConfigMap. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. -TODO: Add other useful fields. apiVersion, kind, uid? -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
@@ -1505,9 +1497,7 @@ Selects a key of a secret in the pod's namespace This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. -TODO: Add other useful fields. apiVersion, kind, uid? -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
@@ -1580,10 +1570,8 @@ Defaults to false.
RecursiveReadOnly specifies whether read-only mounts should be handled recursively. - If ReadOnly is false, this field has no meaning and must be unspecified. - If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this @@ -1591,11 +1579,9 @@ field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. - If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). - If this field is not specified, it is treated as an equivalent of Disabled.
false @@ -1720,7 +1706,6 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -1731,17 +1716,14 @@ d) the storage driver supports dynamic volume provisioning through information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time.
@@ -1803,10 +1785,27 @@ More info: https://examples.k8s.io/volumes/glusterfs/README.md
machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write.
+More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ + false + + image + object + + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +The volume is resolved at pod startup depending on which PullPolicy value is provided: + +- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + +The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +The volume will be mounted read-only (ro) and non-executable files (noexec). +Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
false @@ -1936,8 +1935,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
false @@ -2007,6 +2005,8 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+
+ Default: ext4
false @@ -2022,6 +2022,8 @@ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
+
+ Default: false
false @@ -2160,9 +2162,7 @@ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. -TODO: Add other useful fields. apiVersion, kind, uid? -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
@@ -2250,9 +2250,7 @@ to OpenStack. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. -TODO: Add other useful fields. apiVersion, kind, uid? -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
@@ -2312,9 +2310,7 @@ relative and may not contain the '..' path or start with '..'.
This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. -TODO: Add other useful fields. apiVersion, kind, uid? -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
@@ -2470,9 +2466,7 @@ secret object contains more than one secret, all secret references are passed. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. -TODO: Add other useful fields. apiVersion, kind, uid? -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
@@ -2702,7 +2696,6 @@ ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. - Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity @@ -2713,17 +2706,14 @@ d) the storage driver supports dynamic volume provisioning through information on the connection between this volume type and PersistentVolumeClaim). - Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. - A pod can use both types of ephemeral volumes and persistent volumes at the same time. @@ -2748,7 +2738,6 @@ pod. The name of the PVC will be `-` where entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -2758,11 +2747,9 @@ owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil.
false @@ -2782,7 +2769,6 @@ pod. The name of the PVC will be `-` where entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). - An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until @@ -2792,11 +2778,9 @@ owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. - This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. - Required, must not be nil. @@ -2941,7 +2925,7 @@ If the resource referred to by volumeAttributesClass does not exist, this Persis set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ -(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
@@ -3227,8 +3211,7 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach @@ -3356,9 +3339,7 @@ scripts. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. -TODO: Add other useful fields. apiVersion, kind, uid? -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
@@ -3433,8 +3414,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
@@ -3563,9 +3543,6 @@ machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write.
false
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -TODO: how do we prevent errors in the filesystem from compromising the machine
+Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
false
@@ -3598,6 +3575,61 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+### `SpinApp.spec.volumes[index].image` +[back to parent](#spinappspecvolumesindex) + + +image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +The volume is resolved at pod startup depending on which PullPolicy value is provided: + +- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + +The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +The volume will be mounted read-only (ro) and non-executable files (noexec). +Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
pullPolicystring + Policy for pulling OCI objects. Possible values are: +Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ 		false
referencestring + Required: Image or artifact reference to be used. +Behaves in the same way as pod.spec.containers[*].image. +Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. +More info: https://kubernetes.io/docs/concepts/containers/images +This field is optional to allow higher level config management to default or override +container images in workload controllers like Deployments and StatefulSets.
+ 		false
+ + ### `SpinApp.spec.volumes[index].iscsi` [back to parent](#spinappspecvolumesindex) @@ -3660,8 +3692,7 @@ is other than default (typically TCP ports 860 and 3260).
fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
false @@ -3679,6 +3710,8 @@ If initiatorName is specified with iscsiInterface simultaneously, new iSCSI inte iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
+
+ Default: default
false @@ -3731,9 +3764,7 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. -TODO: Add other useful fields. apiVersion, kind, uid? -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
@@ -3935,7 +3966,8 @@ mode, like fsGroup, and the result can be other mode bits set.
sources []object - sources is the list of volume projections
+ sources is the list of volume projections. Each entry in this list +handles one source.
false @@ -3946,7 +3978,8 @@ mode, like fsGroup, and the result can be other mode bits set.
[back to parent](#spinappspecvolumesindexprojected) -Projection that may be projected along with other supported volume types +Projection that may be projected along with other supported volume types. +Exactly one of these fields must be set. @@ -3964,14 +3997,11 @@ Projection that may be projected along with other supported volume types ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -4018,14 +4048,11 @@ may change the order over time.
ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. - Alpha, gated by the ClusterTrustBundleProjection feature gate. - ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. - Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. @@ -4209,9 +4236,7 @@ relative and may not contain the '..' path or start with '..'.
This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. -TODO: Add other useful fields. apiVersion, kind, uid? -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
@@ -4468,9 +4493,7 @@ relative and may not contain the '..' path or start with '..'.
This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. -TODO: Add other useful fields. apiVersion, kind, uid? -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
@@ -4693,8 +4716,7 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd -TODO: how do we prevent errors in the filesystem from compromising the machine
+More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
@@ -4704,6 +4726,8 @@ TODO: how do we prevent errors in the filesystem from compromising the machine +
+ Default: /etc/ceph/keyring
 @@ -4713,6 +4737,8 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+ Default: rbd
 @@ -4741,6 +4767,8 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+
+ Default: admin
 @@ -4773,9 +4801,7 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. -TODO: Add other useful fields. apiVersion, kind, uid? -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
@@ -4829,6 +4855,8 @@ sensitive information. If this is not provided, Login operation will fail.
Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
+
+ Default: xfs
 @@ -4859,6 +4887,8 @@ the ReadOnly setting in VolumeMounts.
 @@ -4904,9 +4934,7 @@ sensitive information. If this is not provided, Login operation will fail. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. -TODO: Add other useful fields. apiVersion, kind, uid? -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
@@ -5116,9 +5144,7 @@ credentials. If not specified, default values will be attempted. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. -TODO: Add other useful fields. apiVersion, kind, uid? -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
@@ -5230,22 +5256,6 @@ For further information see: https://github.com/kubernetes/community/blob/master Condition contains details for one aspect of the current state of this API Resource. ---- -This struct is intended for direct use as an array at the field path .status.conditions. For example, - - - type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` - - - // other fields - }
false
false
false
false
false
storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
+
+ Default: ThinProvisioned
 false
@@ -5298,11 +5308,7 @@ This field may not be empty.
 diff --git a/content/en/docs/topics/assigning-variables.md b/content/en/docs/topics/assigning-variables.md index 179fdb5..074b908 100644 --- a/content/en/docs/topics/assigning-variables.md +++ b/content/en/docs/topics/assigning-variables.md @@ -110,7 +110,7 @@ The deployment manifest (`config/samples/variable-explorer.yaml`) specifies a st ```yaml kind: SpinApp -apiVersion: core.spinoperator.dev/v1alpha1 +apiVersion: core.spinkube.dev/v1alpha1 metadata: name: variable-explorer spec: @@ -145,7 +145,7 @@ kubectl apply -f config/samples/variable-explorer.yaml configmap/spinapp-cfg created secret/spinapp-secret created -spinapp.core.spinoperator.dev/variable-explorer created +spinapp.core.spinkube.dev/variable-explorer created ``` ## Inspecting runtime logs of your SpinApp @@ -171,7 +171,7 @@ Hello from Kubernetes Finally, you can use `kubectl logs` to see all logs produced by the variable-explorer at runtime: ```bash -kubectl logs -l core.spinoperator.dev/app-name=variable-explorer +kubectl logs -l core.spinkube.dev/app-name=variable-explorer # Log Level: INFO # Platform Name: Kubernetes diff --git a/content/en/docs/topics/autoscaling/scaling-with-hpa.md b/content/en/docs/topics/autoscaling/scaling-with-hpa.md index f4486a8..67e379c 100644 --- a/content/en/docs/topics/autoscaling/scaling-with-hpa.md +++ b/content/en/docs/topics/autoscaling/scaling-with-hpa.md @@ -144,7 +144,7 @@ application and we will scale the instance count when we’ve reached a 50% util 10 and a minimum replica count of 1: ```yaml -apiVersion: core.spinoperator.dev/v1alpha1 +apiVersion: core.spinkube.dev/v1alpha1 kind: SpinApp metadata: name: hpa-spinapp @@ -190,7 +190,7 @@ For more information about HPA, please visit the following links: Below is an example of the configuration to scale resources: ```yaml -apiVersion: core.spinoperator.dev/v1alpha1 +apiVersion: core.spinkube.dev/v1alpha1 kind: SpinApp metadata: name: hpa-spinapp diff --git a/content/en/docs/topics/autoscaling/scaling-with-keda.md b/content/en/docs/topics/autoscaling/scaling-with-keda.md index a7c74f7..76ffebb 100644 --- a/content/en/docs/topics/autoscaling/scaling-with-keda.md +++ b/content/en/docs/topics/autoscaling/scaling-with-keda.md @@ -160,7 +160,7 @@ below. As you can see, we have explicitly specified resource limits to `500m` of ```yaml # https://raw.githubusercontent.com/spinkube/spin-operator/main/config/samples/keda-app.yaml -apiVersion: core.spinoperator.dev/v1alpha1 +apiVersion: core.spinkube.dev/v1alpha1 kind: SpinApp metadata: name: keda-spinapp @@ -212,7 +212,7 @@ command: ```console # Deploy the SpinApp kubectl apply -f https://raw.githubusercontent.com/spinkube/spin-operator/main/config/samples/keda-app.yaml -spinapp.core.spinoperator.dev/keda-spinapp created +spinapp.core.spinkube.dev/keda-spinapp created # Deploy the ScaledObject kubectl apply -f https://raw.githubusercontent.com/spinkube/spin-operator/main/config/samples/keda-scaledobject.yaml diff --git a/content/en/docs/topics/connecting-to-a-sqlite-database.md b/content/en/docs/topics/connecting-to-a-sqlite-database.md index 0fae0dd..ef6f985 100644 --- a/content/en/docs/topics/connecting-to-a-sqlite-database.md +++ b/content/en/docs/topics/connecting-to-a-sqlite-database.md @@ -95,7 +95,7 @@ You're now ready to assemble the SpinApp custom resource manifest. Plug the `$IMAGE_NAME` and `$DB_URL` values into the manifest below and save as `spinapp.yaml`: ```yaml -apiVersion: core.spinoperator.dev/v1alpha1 +apiVersion: core.spinkube.dev/v1alpha1 kind: SpinApp metadata: name: http-crud-go-sqlite diff --git a/content/en/docs/topics/external-variable-providers.md b/content/en/docs/topics/external-variable-providers.md index e020fd8..7e3cf4f 100644 --- a/content/en/docs/topics/external-variable-providers.md +++ b/content/en/docs/topics/external-variable-providers.md @@ -147,7 +147,7 @@ Hello from Kubernetes Finally, you can use `kubectl logs` to see all logs produced by the variable-explorer at runtime: ```bash -kubectl logs -l core.spinoperator.dev/app-name=variable-explorer +kubectl logs -l core.spinkube.dev/app-name=variable-explorer # Log Level: INFO # Platform Name: Kubernetes diff --git a/content/en/docs/topics/https-requests.md b/content/en/docs/topics/https-requests.md index 4d4136c..4c44e57 100644 --- a/content/en/docs/topics/https-requests.md +++ b/content/en/docs/topics/https-requests.md @@ -18,7 +18,7 @@ If you make a request without properly configured certificates, you'll encounter SpinKube can generate a default CA certificate bundle by setting `installDefaultCACerts` to `true`. This creates a secret named `spin-ca` populated with curl's [default bundle](https://curl.se/ca/cacert.pem). You can specify a custom secret name by setting `caCertSecret`. ```yaml -apiVersion: core.spinoperator.dev/v1alpha1 +apiVersion: core.spinkube.dev/v1alpha1 kind: SpinAppExecutor metadata: name: containerd-shim-spin @@ -46,7 +46,7 @@ kubectl create secret generic my-custom-ca --from-file=ca-certificates.crt Configure the executor to use the custom certificate secret: ```yaml -apiVersion: core.spinoperator.dev/v1alpha1 +apiVersion: core.spinkube.dev/v1alpha1 kind: SpinAppExecutor metadata: name: containerd-shim-spin diff --git a/content/en/docs/topics/monitoring-your-app.md b/content/en/docs/topics/monitoring-your-app.md index eb03d50..3e79035 100644 --- a/content/en/docs/topics/monitoring-your-app.md +++ b/content/en/docs/topics/monitoring-your-app.md @@ -82,7 +82,7 @@ The `SpinAppExecutor` resource determines how Spin applications are deployed in Create a file called `executor.yaml` with the following content: ```yaml -apiVersion: core.spinoperator.dev/v1alpha1 +apiVersion: core.spinkube.dev/v1alpha1 kind: SpinAppExecutor metadata: name: otel-shim-executor @@ -108,7 +108,7 @@ With everything in place, we can now deploy a `SpinApp` resource that uses the e Create a file called `app.yaml` with the following content: ```yaml -apiVersion: core.spinoperator.dev/v1alpha1 +apiVersion: core.spinkube.dev/v1alpha1 kind: SpinApp metadata: name: otel-spinapp diff --git a/content/en/docs/topics/packaging.md b/content/en/docs/topics/packaging.md index 31e3af6..b4d38ec 100644 --- a/content/en/docs/topics/packaging.md +++ b/content/en/docs/topics/packaging.md @@ -98,7 +98,7 @@ to your Kubernetes cluster: # Deploy the hello-spin app to your Kubernetes Cluster spin kube deploy --from ttl.sh/hello-spin:24h -spinapp.core.spinoperator.dev/hello-spin created +spinapp.core.spinkube.dev/hello-spin created ``` ## Scaffolding Spin Apps @@ -109,7 +109,7 @@ them. You use the `spin kube scaffold` command to generate Kubernetes manifests: ```shell spin kube scaffold --from ttl.sh/hello-spin:24h -apiVersion: core.spinoperator.dev/v1alpha1 +apiVersion: core.spinkube.dev/v1alpha1 kind: SpinApp metadata: name: hello-spin @@ -128,7 +128,7 @@ spin kube scaffold --from ttl.sh/hello-spin:24h \ # Print contents of spinapp.yaml cat spinapp.yaml -apiVersion: core.spinoperator.dev/v1alpha1 +apiVersion: core.spinkube.dev/v1alpha1 kind: SpinApp metadata: name: hello-spin @@ -202,7 +202,7 @@ previously created using the `imagePullSecrets` property. Your `SpinApp` manifes this: ```yaml -apiVersion: core.spinoperator.dev/v1alpha1 +apiVersion: core.spinkube.dev/v1alpha1 kind: SpinApp metadata: name: hello-spin @@ -222,6 +222,6 @@ Finally, you can deploy the app using `kubectl apply`: ```shell # Deploy the spinapp.yaml using kubectl kubectl apply -f spinapp.yaml -spinapp.core.spinoperator.dev/hello-spin created +spinapp.core.spinkube.dev/hello-spin created ``` ``` diff --git a/content/en/docs/topics/using-a-key-value-store.md b/content/en/docs/topics/using-a-key-value-store.md index 22fb6b7..b234171 100644 --- a/content/en/docs/topics/using-a-key-value-store.md +++ b/content/en/docs/topics/using-a-key-value-store.md @@ -92,7 +92,7 @@ You're now ready to assemble the SpinApp custom resource manifest for this appli Plug the `$IMAGE_NAME` and `$DB_URL` values into the manifest below and save as `spinapp.yaml`: ```yaml -apiVersion: core.spinoperator.dev/v1alpha1 +apiVersion: core.spinkube.dev/v1alpha1 kind: SpinApp metadata: name: kv-app diff --git a/crd-reference/generate.sh b/crd-reference/generate.sh index 47db11c..4ad7e5e 100755 --- a/crd-reference/generate.sh +++ b/crd-reference/generate.sh @@ -9,7 +9,7 @@ script_dir=$(dirname "$0") cd $script_dir -SPIN_OPERATOR_RELEASE=${SPIN_OPERATOR_RELEASE:-v0.3.0} +SPIN_OPERATOR_RELEASE=${SPIN_OPERATOR_RELEASE:-v0.4.0} echo "Installing crdoc" go install fybrik.io/crdoc@latest diff --git a/crd-reference/spin-app-executor-toc.yaml b/crd-reference/spin-app-executor-toc.yaml index 91f2cf3..b4d911a 100644 --- a/crd-reference/spin-app-executor-toc.yaml +++ b/crd-reference/spin-app-executor-toc.yaml @@ -4,7 +4,7 @@ metadata: description: "Custom Resource Definition (CRD) reference for `SpinAppExecutor`" category: Spin Operator groups: - - group: core.spinoperator.dev + - group: core.spinkube.dev version: v1alpha1 kinds: - name: SpinAppExecutor diff --git a/crd-reference/spin-app-toc.yaml b/crd-reference/spin-app-toc.yaml index f4a1c04..c1f0a42 100644 --- a/crd-reference/spin-app-toc.yaml +++ b/crd-reference/spin-app-toc.yaml @@ -3,7 +3,7 @@ metadata: weight: 1 description: "Custom Resource Definition (CRD) reference for `SpinApp`" groups: - - group: core.spinoperator.dev + - group: core.spinkube.dev version: v1alpha1 kinds: - name: SpinApp
type string - type of condition in CamelCase or in foo.example.com/CamelCase. ---- -Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be -useful (see .node.status.conditions), the ability to deconflict is important. -The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ type of condition in CamelCase or in foo.example.com/CamelCase.
 true