-
Notifications
You must be signed in to change notification settings - Fork 2
/
radixapptypes.go
1483 lines (1226 loc) · 59.8 KB
/
radixapptypes.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
package v1
import (
"strings"
commonUtils "github.com/equinor/radix-common/utils"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// DynamicTagNameInEnvironmentConfig Pattern to indicate that the
// image tag should be taken from the environment config
const DynamicTagNameInEnvironmentConfig = "{imageTagName}"
// +genclient
// +genclient:noStatus
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:path=radixapplications,shortName=ra
// RadixApplication describes an application
type RadixApplication struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata"`
// Specification for an application.
// More info: https://www.radix.equinor.com/references/reference-radix-config/
Spec RadixApplicationSpec `json:"spec"`
}
// RadixApplicationSpec is the specification for an application.
type RadixApplicationSpec struct {
// Build contains configuration used by pipeline jobs.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#build
// +optional
Build *BuildSpec `json:"build,omitempty"`
// List of environments belonging to the application.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#environments
// +listType=map
// +listMapKey=name
// +kubebuilder:validation:MinItems=1
Environments []Environment `json:"environments"`
// List of job specification for the application.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#jobs
// +listType=map
// +listMapKey=name
// +optional
Jobs []RadixJobComponent `json:"jobs,omitempty"`
// List of component specification for the application.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#components
// +listType=map
// +listMapKey=name
// +optional
Components []RadixComponent `json:"components,omitempty"`
// Configure a component and environment to be linked to the app alias DNS record.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#dnsappalias
// +optional
DNSAppAlias AppAlias `json:"dnsAppAlias,omitempty"`
// List of external DNS names and which component and environment incoming requests shall be routed to.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#dnsexternalalias
// +listType=map
// +listMapKey=alias
// +optional
DNSExternalAlias []ExternalAlias `json:"dnsExternalAlias,omitempty"`
// Defines protected container registries used by components or jobs.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#privateimagehubs
// +optional
PrivateImageHubs PrivateImageHubEntries `json:"privateImageHubs,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// RadixApplicationList is a collection of RadixApplication.
type RadixApplicationList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []RadixApplication `json:"items"`
}
// Map of environment variables in the form '<envvarname>: <value>'
type EnvVarsMap map[string]string
// BuildSpec contains configuration used by pipeline jobs.
type BuildSpec struct {
// Defines a list of secrets that will be passed as ARGs when building Dockerfile.
// The secrets can also be accessed in sub-pipelines.
// +optional
Secrets []string `json:"secrets,omitempty"`
// Defines variables that will be available in sub-pipelines.
// +optional
Variables EnvVarsMap `json:"variables,omitempty"`
// Enables BuildKit when building Dockerfile.
// More info about BuildKit: https://docs.docker.com/build/buildkit/
// +optional
UseBuildKit *bool `json:"useBuildKit,omitempty"`
}
// Environment contains environment specific configuration.
type Environment struct {
// Name of the environment.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=63
// +kubebuilder:validation:Pattern=^(([a-z0-9][-a-z0-9.]*)?[a-z0-9])?$
Name string `json:"name"`
// Build configuration for the environment.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#build-2
// +optional
Build EnvBuild `json:"build,omitempty"`
// Configure egress traffic rules for components and jobs.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#egress
// +optional
Egress EgressConfig `json:"egress,omitempty"`
}
// EnvBuild contains configuration used to determine how to build an environment.
type EnvBuild struct {
// Name of the Github branch to build from
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=255
// +optional
From string `json:"from,omitempty"`
// Defines variables that will be available in sub-pipelines
// +optional
Variables EnvVarsMap `json:"variables,omitempty"`
}
// EgressConfig contains egress configuration.
type EgressConfig struct {
// Allow or deny outgoing traffic to the public IP of the Radix cluster.
// +optional
AllowRadix *bool `json:"allowRadix,omitempty"`
// Defines a list of egress rules.
// +kubebuilder:validation:MaxItems=1000
// +optional
Rules []EgressRule `json:"rules,omitempty"`
}
// +kubebuilder:validation:Pattern=`^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\/([0-9]|[1-2][0-9]|3[0-2]))?$`
type EgressDestination string
// EgressRule defines an egress rule.
type EgressRule struct {
// List of allowed destinations.
// Each destination must be a valid IPv4 CIDR.
// +kubebuilder:validation:MinItems=1
Destinations []EgressDestination `json:"destinations"`
// List of allowed ports.
// +kubebuilder:validation:MinItems=1
Ports []EgressPort `json:"ports"`
}
// EgressPort defines a port in context of EgressRule.
type EgressPort struct {
// Port number.
// +kubebuilder:validation:Minimum=1
// +kubebuilder:validation:Maximum=65535
Port int32 `json:"port"`
// Protocol.
// +kubebuilder:validation:Enum=TCP;UDP
Protocol string `json:"protocol"`
}
// AppAlias contains information about the component and
// environment to be linked to the app alias DNS record.
type AppAlias struct {
// Name of the environment for the component.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=63
// +kubebuilder:validation:Pattern=^(([a-z0-9][-a-z0-9.]*)?[a-z0-9])?$
Environment string `json:"environment,omitempty"`
// Name of the component that shall receive the incoming requests.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=63
// +kubebuilder:validation:Pattern=^(([a-z0-9][-a-z0-9.]*)?[a-z0-9])?$
Component string `json:"component,omitempty"`
}
// ExternalAlias defines mapping between an external DNS name and a component and environment.
type ExternalAlias struct {
// DNS name, e.g. myapp.example.com.
// +kubebuilder:validation:MinLength=4
// +kubebuilder:validation:MaxLength=255
// +kubebuilder:validation:Pattern=`^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$`
Alias string `json:"alias"`
// Name of the environment for the component.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=63
// +kubebuilder:validation:Pattern=^(([a-z0-9][-a-z0-9.]*)?[a-z0-9])?$
Environment string `json:"environment"`
// Name of the component that shall receive the incoming requests.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=63
// +kubebuilder:validation:Pattern=^(([a-z0-9][-a-z0-9.]*)?[a-z0-9])?$
Component string `json:"component"`
}
// ComponentPort defines a named port.
type ComponentPort struct {
// Name of the port.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=15
// +kubebuilder:validation:Pattern=^(([a-z0-9][-a-z0-9.]*)?[a-z0-9])?$
Name string `json:"name"`
// Port number.
// +kubebuilder:validation:Minimum=1024
// +kubebuilder:validation:Maximum=65535
Port int32 `json:"port"`
}
// ResourceList defines a resource and a value.
type ResourceList map[string]string
// ResourceRequirements describes the compute resource requirements.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#resources-common
type ResourceRequirements struct {
// Limits describes the maximum amount of compute resources allowed.
// +optional
Limits ResourceList `json:"limits,omitempty"`
// Requests describes the minimum amount of compute resources required.
// If Requests is omitted for a container, it defaults to Limits if
// that is explicitly specified, otherwise to an implementation-defined value.
// +optional
Requests ResourceList `json:"requests,omitempty"`
}
// RadixComponent defines a component.
type RadixComponent struct {
// Name of the component.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=253
// +kubebuilder:validation:Pattern=^(([a-z0-9][-a-z0-9.]*)?[a-z0-9])?$
Name string `json:"name"`
// Path to the Dockerfile that builds the component.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#src
// +optional
SourceFolder string `json:"src,omitempty"`
// Name of the Dockerfile that builds the component.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#dockerfilename
// +optional
DockerfileName string `json:"dockerfileName,omitempty"`
// Name of an existing container image to use when running the component.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#image
// +optional
Image string `json:"image,omitempty"`
// List of ports that the component bind to.
// +kubebuilder:validation:MinItems=1
// +listType=map
// +listMapKey=name
Ports []ComponentPort `json:"ports"`
// Configures the monitoring endpoint exposed by the component.
// This endpoint is used by Prometheus to collect custom metrics.
// environmentConfig.monitoring must be set to true to enable collection of metrics for an environment.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#monitoringconfig
// +optional
MonitoringConfig MonitoringConfig `json:"monitoringConfig,omitempty"`
// Deprecated, use publicPort instead.
// +optional
Public bool `json:"public,omitempty"` // Deprecated: For backwards compatibility Public is still supported, new code should use PublicPort instead
// Defines which port (name) from the ports list that shall be accessible from the internet.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#publicport
// +kubebuilder:validation:MaxLength=15
// +kubebuilder:validation:Pattern=^(([a-z0-9][-a-z0-9.]*)?[a-z0-9])?$
// +optional
PublicPort string `json:"publicPort,omitempty"`
// List of secret environment variable names.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#secrets
// +optional
Secrets []string `json:"secrets,omitempty"`
// Configuration for external secret stores, like Azure KeyVault.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#secretrefs
// +optional
SecretRefs RadixSecretRefs `json:"secretRefs,omitempty"`
// Additional configuration settings for ingress traffic.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#ingressconfiguration
// +optional
IngressConfiguration []string `json:"ingressConfiguration,omitempty"`
// Configure environment specific settings for the component.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#environmentconfig
// +listType=map
// +listMapKey=environment
// +optional
EnvironmentConfig []RadixEnvironmentConfig `json:"environmentConfig,omitempty"`
// List of environment variables and values.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#variables-common
// +optional
Variables EnvVarsMap `json:"variables,omitempty"`
// Configures CPU and memory resources for the component.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#resources-common
// +optional
Resources ResourceRequirements `json:"resources,omitempty"`
// Forces check/pull of images using static tags, e.g. myimage:latest, when deploying using deploy-only.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#alwayspullimageondeploy
// +optional
AlwaysPullImageOnDeploy *bool `json:"alwaysPullImageOnDeploy,omitempty"`
// Defines GPU requirements for the component.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#node
// +optional
Node RadixNode `json:"node,omitempty"`
// Configuration for TLS client certificate or OAuth2 authentication.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#authentication
// +optional
Authentication *Authentication `json:"authentication,omitempty"`
// Configuration for workload identity (federated credentials).
// More info: https://www.radix.equinor.com/references/reference-radix-config/#identity
// +optional
Identity *Identity `json:"identity,omitempty"`
// Controls if the component shall be deployed.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#enabled
// +optional
Enabled *bool `json:"enabled,omitempty"`
}
// RadixEnvironmentConfig defines environment specific settings for component.
type RadixEnvironmentConfig struct {
// Name of the environment which the settings applies to.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=63
// +kubebuilder:validation:Pattern=^(([a-z0-9][-a-z0-9.]*)?[a-z0-9])?$
Environment string `json:"environment"`
// Number of desired replicas.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#replicas
// +kubebuilder:validation:Minimum=0
// +optional
Replicas *int `json:"replicas,omitempty"`
// Enabled or disables collection of custom Prometheus metrics.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#monitoring
// +optional
Monitoring bool `json:"monitoring"`
// Environment specific configuration for CPU and memory resources.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#resources
// +optional
Resources ResourceRequirements `json:"resources,omitempty"`
// Environment specific environment variables.
// Variable names defined here have precedence over variables defined on component level.
// +optional
Variables EnvVarsMap `json:"variables,omitempty"`
// Configuration for automatic horizontal scaling of replicas.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#horizontalscaling
// +optional
HorizontalScaling *RadixHorizontalScaling `json:"horizontalScaling,omitempty"`
// The imageTagName allows for flexible configuration of fixed images,
// built outside of Radix, to be configured with separate tag for each environment.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#imagetagname
// +optional
ImageTagName string `json:"imageTagName,omitempty"`
// Forces check/pull of images using static tags, e.g. myimage:latest, when deploying using deploy-only.
// +optional
AlwaysPullImageOnDeploy *bool `json:"alwaysPullImageOnDeploy,omitempty"`
// Configuration for mounting cloud storage into the component.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#volumemounts
// +optional
VolumeMounts []RadixVolumeMount `json:"volumeMounts,omitempty"`
// Environment specific GPU requirements for the component.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#node
// +optional
Node RadixNode `json:"node,omitempty"`
// Environment specific configuration for TLS client certificate or OAuth2 authentication.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#authentication
// +optional
Authentication *Authentication `json:"authentication,omitempty"`
// Environment specific configuration for external secret stores, like Azure KeyVault.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#secretrefs
// +optional
SecretRefs RadixSecretRefs `json:"secretRefs,omitempty"`
// Environment specific configuration for workload identity (federated credentials).
// More info: https://www.radix.equinor.com/references/reference-radix-config/#identity
// +optional
Identity *Identity `json:"identity,omitempty"`
// Controls if the component shall be deployed to this environment.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#enabled
// +optional
Enabled *bool `json:"enabled,omitempty"`
}
// RadixJobComponent defines a single job component within a RadixApplication
// The job component is used by the radix-job-scheduler to create Kubernetes Job objects
type RadixJobComponent struct {
// Name of the environment which the settings applies to.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=253
// +kubebuilder:validation:Pattern=^(([a-z0-9][-a-z0-9.]*)?[a-z0-9])?$
Name string `json:"name"`
// Path to the Dockerfile that builds the job.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#src-2
// +optional
SourceFolder string `json:"src,omitempty"`
// Name of the Dockerfile that builds the job.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#dockerfilename-2
// +optional
DockerfileName string `json:"dockerfileName,omitempty"`
// Name of an existing container image to use when running the job.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#image-2
// +optional
Image string `json:"image,omitempty"`
// Defines the port number that the job-scheduler API server will listen to.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#schedulerport
// +kubebuilder:validation:Minimum=1024
// +kubebuilder:validation:Maximum=65535
// +optional
SchedulerPort *int32 `json:"schedulerPort,omitempty"`
// Defines the path where the job payload is mounted.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#payload
// +optional
Payload *RadixJobComponentPayload `json:"payload,omitempty"`
// List of ports that the job binds to.
// +listType=map
// +listMapKey=name
// +optional
Ports []ComponentPort `json:"ports,omitempty"`
// Configures the monitoring endpoint exposed by the job.
// This endpoint is used by Prometheus to collect custom metrics.
// environmentConfig.monitoring must be set to true to enable collection of metrics for an environment.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#monitoringconfig-2
// +optional
MonitoringConfig MonitoringConfig `json:"monitoringConfig,omitempty"`
// List of secret environment variable names.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#secrets-2
// +optional
Secrets []string `json:"secrets,omitempty"`
// Configuration for external secret stores, like Azure KeyVault.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#secretrefs
// +optional
SecretRefs RadixSecretRefs `json:"secretRefs,omitempty"`
// Configure environment specific settings for the job.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#environmentconfig-2
// +listType=map
// +listMapKey=environment
// +optional
EnvironmentConfig []RadixJobComponentEnvironmentConfig `json:"environmentConfig,omitempty"`
// List of environment variables and values.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#variables-common-2
// +optional
Variables EnvVarsMap `json:"variables,omitempty"`
// Configures CPU and memory resources for the job.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#resources-common-2
// +optional
Resources ResourceRequirements `json:"resources,omitempty"`
// Defines GPU requirements for the job.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#node
// +optional
Node RadixNode `json:"node,omitempty"`
// The maximum number of seconds the job can run.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#timelimitseconds
// +optional
TimeLimitSeconds *int64 `json:"timeLimitSeconds,omitempty"`
// Specifies the number of retries before marking this job failed.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#backofflimit
// +optional
// +kubebuilder:validation:Minimum:=0
BackoffLimit *int32 `json:"backoffLimit,omitempty"`
// Configuration for workload identity (federated credentials).
// More info: https://www.radix.equinor.com/references/reference-radix-config/#identity-2
// +optional
Identity *Identity `json:"identity,omitempty"`
// Controls if the job shall be deployed.
// +optional
Enabled *bool `json:"enabled,omitempty"`
// Notifications about batch or job status changes
// +optional
Notifications *Notifications `json:"notifications,omitempty"`
}
// RadixJobComponentEnvironmentConfig defines environment specific settings
// for a single job component within a RadixApplication
type RadixJobComponentEnvironmentConfig struct {
// Name of the environment which the settings applies to.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=63
// +kubebuilder:validation:Pattern=^(([a-z0-9][-a-z0-9.]*)?[a-z0-9])?$
Environment string `json:"environment"`
// Enabled or disables collection of custom Prometheus metrics.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#monitoring-2
// +optional
Monitoring bool `json:"monitoring,omitempty"`
// Environment specific configuration for CPU and memory resources.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#resources-3
// +optional
Resources ResourceRequirements `json:"resources,omitempty"`
// Environment specific environment variables.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#variables-2
// +optional
Variables EnvVarsMap `json:"variables,omitempty"`
// The imageTagName allows for flexible configuration of fixed images,
// built outside of Radix, to be configured with separate tag for each environment.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#imagetagname-2
// +optional
ImageTagName string `json:"imageTagName,omitempty"`
// Configuration for mounting cloud storage into the job.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#volumemounts-2
// +optional
VolumeMounts []RadixVolumeMount `json:"volumeMounts,omitempty"`
// Environment specific GPU requirements for the job.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#node
// +optional
Node RadixNode `json:"node,omitempty"`
// Environment specific configuration for external secret stores, like Azure KeyVault.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#secretrefs
// +optional
SecretRefs RadixSecretRefs `json:"secretRefs,omitempty"`
// Environment specific value for the maximum number of seconds the job can run.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#timelimitseconds-2
// +optional
TimeLimitSeconds *int64 `json:"timeLimitSeconds,omitempty"`
// Environment specific value for the number of retries before marking this job failed.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#backofflimit-2
// +optional
// +kubebuilder:validation:Minimum:=0
BackoffLimit *int32 `json:"backoffLimit,omitempty"`
// Environment specific configuration for workload identity (federated credentials).
// More info: https://www.radix.equinor.com/references/reference-radix-config/#identity-2
// +optional
Identity *Identity `json:"identity,omitempty"`
// Controls if the job shall be deployed to this environment.
// +optional
Enabled *bool `json:"enabled,omitempty"`
// Notifications about batch or job status changes
// +optional
Notifications *Notifications `json:"notifications,omitempty"`
}
// RadixJobComponentPayload defines the path and where the payload received
// by radix-job-scheduler will be mounted to the job container
type RadixJobComponentPayload struct {
// Path to the folder where payload is mounted
// +kubebuilder:validation:MinLength=1
Path string `json:"path"`
}
// RadixHorizontalScaling defines configuration for horizontal pod autoscaler.
// If set, this will override replicas config
type RadixHorizontalScaling struct {
// Defines the minimum number of replicas.
// +kubebuilder:validation:Minimum=0
// +optional
MinReplicas *int32 `json:"minReplicas,omitempty"`
// Defines the maximum number of replicas.
// +kubebuilder:validation:Minimum=1
MaxReplicas int32 `json:"maxReplicas"`
// Defines the resource usage parameters for the horizontal pod autoscaler.
// +optional
RadixHorizontalScalingResources *RadixHorizontalScalingResources `json:"resources,omitempty"`
}
type RadixHorizontalScalingResource struct {
// Defines the resource usage which triggers scaling for the horizontal pod autoscaler.
// +kubebuilder:validation:Minimum=1
AverageUtilization *int32 `json:"averageUtilization"`
}
type RadixHorizontalScalingResources struct {
// Defines the CPU usage parameters for the horizontal pod autoscaler.
// +optional
Cpu *RadixHorizontalScalingResource `json:"cpu,omitempty"`
// Defines the memory usage parameters for the horizontal pod autoscaler.
// +optional
Memory *RadixHorizontalScalingResource `json:"memory,omitempty"`
}
// PrivateImageHubEntries defines authentication information for private image registries.
type PrivateImageHubEntries map[string]*RadixPrivateImageHubCredential
// RadixPrivateImageHubCredential contains credentials to use when pulling images
// from a protected container registry.
type RadixPrivateImageHubCredential struct {
// Username with permission to pull images.
// The password is set in Radix Web Console.
// +kubebuilder:validation:MinLength=1
Username string `json:"username"`
// The email address linked to the username.
// +kubebuilder:validation:MinLength=3
Email string `json:"email"`
}
// RadixVolumeMount defines an external storage resource.
type RadixVolumeMount struct {
// Type defines the storage type.
// Deprecated, use BlobFuse2 or AzureFile instead.
// +kubebuilder:validation:Enum=blob;azure-blob;azure-file;""
// +optional
Type MountType `json:"type"`
// User-defined name of the volume mount.
// Must be unique for the component.
// +kubebuilder:validation:MinLength=1
Name string `json:"name"`
// Deprecated. Only required by the deprecated type: blob.
// +optional
Container string `json:"container,omitempty"` // Outdated. Use Storage instead
// Storage defines the name of the container in the external storage resource.
// Deprecated, use BlobFuse2 or AzureFile instead.
// +optional
Storage string `json:"storage"` // Container name, file Share name, etc.
// Path defines in which directory the external storage is mounted.
// +kubebuilder:validation:MinLength=1
Path string `json:"path"` // Path within the pod (replica), where the volume mount has been mounted to
// GID defines the group ID (number) which will be set as owner of the mounted volume.
// Deprecated, use BlobFuse2 or AzureFile instead.
// +optional
GID string `json:"gid,omitempty"` // Optional. Volume mount owner GroupID. Used when drivers do not honor fsGroup securityContext setting. https://github.com/kubernetes-sigs/blob-csi-driver/blob/master/docs/driver-parameters.md
// UID defines the user ID (number) which will be set as owner of the mounted volume.
// Deprecated, use BlobFuse2 or AzureFile instead.
// +optional
UID string `json:"uid,omitempty"` // Optional. Volume mount owner UserID. Used instead of GID.
// TODO: describe
// More info: https://www.radix.equinor.com/guides/volume-mounts/optional-settings/
// Deprecated, use BlobFuse2 or AzureFile instead.
// +optional
SkuName string `json:"skuName,omitempty"` // Available values: Standard_LRS (default), Premium_LRS, Standard_GRS, Standard_RAGRS. https://docs.microsoft.com/en-us/rest/api/storagerp/srp_sku_types
// TODO: describe
// More info: https://www.radix.equinor.com/guides/volume-mounts/optional-settings/
// Deprecated, use BlobFuse2 or AzureFile instead.
// +optional
RequestsStorage string `json:"requestsStorage,omitempty"` // Requests resource storage size. Default "1Mi". https://kubernetes.io/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#create-a-persistentvolumeclaim
// Access mode from a container to an external storage. ReadOnlyMany (default), ReadWriteOnce, ReadWriteMany.
// More info: https://www.radix.equinor.com/guides/volume-mounts/optional-settings/
// Deprecated, use BlobFuse2 or AzureFile instead.
// +kubebuilder:validation:Enum=ReadOnlyMany;ReadWriteOnce;ReadWriteMany;""
// +optional
AccessMode string `json:"accessMode,omitempty"` // Available values: ReadOnlyMany (default) - read-only by many nodes, ReadWriteOnce - read-write by a single node, ReadWriteMany - read-write by many nodes. https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes
// Binding mode from a container to an external storage. Immediate (default), WaitForFirstConsumer.
// More info: https://www.radix.equinor.com/guides/volume-mounts/optional-settings/
// Deprecated, use BlobFuse2 or AzureFile instead.
// +kubebuilder:validation:Enum=Immediate;WaitForFirstConsumer;""
// +optional
BindingMode string `json:"bindingMode,omitempty"` // Volume binding mode. Available values: Immediate (default), WaitForFirstConsumer. https://kubernetes.io/docs/concepts/storage/storage-classes/#volume-binding-mode
// BlobFuse2 settings for Azure Storage FUSE CSI driver
BlobFuse2 *RadixBlobFuse2VolumeMount `json:"blobFuse2,omitempty"`
// AzureFile settings for Azure File CSI driver
AzureFile *RadixAzureFileVolumeMount `json:"azureFile,omitempty"`
}
// BlobFuse2Protocol Holds protocols of BlobFuse2 Azure Storage FUSE driver
type BlobFuse2Protocol string
// These are valid types of mount
const (
// BlobFuse2ProtocolFuse2 Use of fuse2 protocol for storage account for blobfuse2
BlobFuse2ProtocolFuse2 BlobFuse2Protocol = "fuse2"
// BlobFuse2ProtocolNfs Use of NFS storage account for blobfuse2
BlobFuse2ProtocolNfs BlobFuse2Protocol = "nfs"
)
// RadixBlobFuse2VolumeMount defines an external storage resource, configured to use Blobfuse2 - A Microsoft supported Azure Storage FUSE driver.
// More info: https://github.com/Azure/azure-storage-fuse
type RadixBlobFuse2VolumeMount struct {
// Holds protocols of BlobFuse2 Azure Storage FUSE driver
// +kubebuilder:validation:Enum=fuse2;nfs
Protocol BlobFuse2Protocol `json:"protocol"`
// Container. Name of the container in the external storage resource.
// +optional
Container string `json:"container,omitempty"`
// GID defines the group ID (number) which will be set as owner of the mounted volume.
// +optional
GID string `json:"gid,omitempty"` // Optional. Volume mount owner GroupID. Used when drivers do not honor fsGroup securityContext setting. https://github.com/kubernetes-sigs/blob-csi-driver/blob/master/docs/driver-parameters.md
// UID defines the user ID (number) which will be set as owner of the mounted volume.
// +optional
UID string `json:"uid,omitempty"` // Optional. Volume mount owner UserID. Used instead of GID.
// SKU Type of Azure storage.
// More info: https://learn.microsoft.com/en-us/rest/api/storagerp/srp_sku_types
// +optional
SkuName string `json:"skuName,omitempty"` // Available values: Standard_LRS (default), Premium_LRS, Standard_GRS, Standard_RAGRS. https://docs.microsoft.com/en-us/rest/api/storagerp/srp_sku_types
// Requested size (opens new window)of allocated mounted volume. Default value is set to "1Mi" (1 megabyte). Current version of the driver does not affect mounted volume size
// More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#create-a-persistentvolumeclaim
// +optional
RequestsStorage string `json:"requestsStorage,omitempty"` // Requests resource storage size. Default "1Mi". https://kubernetes.io/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#create-a-persistentvolumeclaim
// Access mode from a container to an external storage. ReadOnlyMany (default), ReadWriteOnce, ReadWriteMany.
// More info: https://www.radix.equinor.com/guides/volume-mounts/optional-settings/
// +kubebuilder:validation:Enum=ReadOnlyMany;ReadWriteOnce;ReadWriteMany;""
// +optional
AccessMode string `json:"accessMode,omitempty"` // Available values: ReadOnlyMany (default) - read-only by many nodes, ReadWriteOnce - read-write by a single node, ReadWriteMany - read-write by many nodes. https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes
// Binding mode from a container to an external storage. Immediate (default), WaitForFirstConsumer.
// More info: https://www.radix.equinor.com/guides/volume-mounts/optional-settings/
// +kubebuilder:validation:Enum=Immediate;WaitForFirstConsumer;""
// +optional
BindingMode string `json:"bindingMode,omitempty"` // Volume binding mode. Available values: Immediate (default), WaitForFirstConsumer. https://kubernetes.io/docs/concepts/storage/storage-classes/#volume-binding-mode
// Enables blobfuse to access Azure DataLake storage account. When set to false, blobfuse will access Azure Block Blob storage account, hierarchical file system is not supported.
// Default false. This must be turned on when HNS enabled account is mounted.
// +optional
UseAdls *bool `json:"useAdls,omitempty"`
// Configure Streaming mode. Used for blobfuse2.
// More info: https://github.com/Azure/azure-storage-fuse/blob/main/STREAMING.md
// +optional
Streaming *RadixVolumeMountStreaming `json:"streaming,omitempty"` // Optional. Streaming configuration. Used for blobfuse2.
}
// RadixAzureFileVolumeMount defines an external storage resource, configured to use Azure File with CSI driver.
// More info: https://github.com/kubernetes-sigs/azurefile-csi-driver
// https://github.com/kubernetes-sigs/azurefile-csi-driver/blob/master/docs/driver-parameters.md
type RadixAzureFileVolumeMount struct {
// Share. Name of the file share in the external storage resource.
// +optional
Share string `json:"share,omitempty"`
// GID defines the group ID (number) which will be set as owner of the mounted volume.
// +optional
GID string `json:"gid,omitempty"` // Optional. Volume mount owner GroupID. Used when drivers do not honor fsGroup securityContext setting. https://github.com/kubernetes-sigs/blob-csi-driver/blob/master/docs/driver-parameters.md
// UID defines the user ID (number) which will be set as owner of the mounted volume.
// +optional
UID string `json:"uid,omitempty"` // Optional. Volume mount owner UserID. Used instead of GID.
// SKU Type of Azure storage.
// More info: https://learn.microsoft.com/en-us/rest/api/storagerp/srp_sku_types
// +optional
SkuName string `json:"skuName,omitempty"` // Available values: Standard_LRS (default), Premium_LRS, Standard_GRS, Standard_RAGRS. https://docs.microsoft.com/en-us/rest/api/storagerp/srp_sku_types
// Requested size (opens new window)of allocated mounted volume. Default value is set to "1Mi" (1 megabyte). Current version of the driver does not affect mounted volume size
// More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#create-a-persistentvolumeclaim
// +optional
RequestsStorage string `json:"requestsStorage,omitempty"` // Requests resource storage size. Default "1Mi". https://kubernetes.io/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#create-a-persistentvolumeclaim
// Access mode from a container to an external storage. ReadOnlyMany (default), ReadWriteOnce, ReadWriteMany.
// More info: https://www.radix.equinor.com/guides/volume-mounts/optional-settings/
// +kubebuilder:validation:Enum=ReadOnlyMany;ReadWriteOnce;ReadWriteMany;""
// +optional
AccessMode string `json:"accessMode,omitempty"` // Available values: ReadOnlyMany (default) - read-only by many nodes, ReadWriteOnce - read-write by a single node, ReadWriteMany - read-write by many nodes. https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes
// Binding mode from a container to an external storage. Immediate (default), WaitForFirstConsumer.
// More info: https://www.radix.equinor.com/guides/volume-mounts/optional-settings/
// +kubebuilder:validation:Enum=Immediate;WaitForFirstConsumer;""
// +optional
BindingMode string `json:"bindingMode,omitempty"` // Volume binding mode. Available values: Immediate (default), WaitForFirstConsumer. https://kubernetes.io/docs/concepts/storage/storage-classes/#volume-binding-mode
}
// RadixVolumeMountStreaming configure streaming to read and write large files that will not fit in the file cache on the local disk. Used for blobfuse2.
// More info: https://github.com/Azure/azure-storage-fuse/blob/main/STREAMING.md
type RadixVolumeMountStreaming struct {
// Enable streaming mode. Default true.
// +optional
Enabled *bool `json:"enabled,omitempty"`
// Optional. The size of each block to be cached in memory (in MB).
// +kubebuilder:validation:Minimum=1
// +optional
BlockSize *uint64 `json:"blockSize,omitempty"`
// Optional. The total number of buffers to be cached in memory (in MB).
// +kubebuilder:validation:Minimum=1
// +optional
MaxBuffers *uint64 `json:"maxBuffers,omitempty"`
// Optional. The size of each buffer to be cached in memory (in MB).
// +kubebuilder:validation:Minimum=1
// +optional
BufferSize *uint64 `json:"bufferSize,omitempty"`
// Optional. Limit total amount of data being cached in memory to conserve memory footprint of blobfuse (in MB).
// +kubebuilder:validation:Minimum=1
// +optional
StreamCache *uint64 `json:"streamCache,omitempty"`
// Optional. The maximum number of blocks to be cached in memory.
// +kubebuilder:validation:Minimum=1
// +optional
MaxBlocksPerFile *uint64 `json:"maxBlocksPerFile,omitempty"`
// Optional. File name based caching. Default is false which specifies file handle based caching.
// +optional
FileCaching *bool `json:"fileCaching,omitempty"`
}
// MountType Holds types of mount
type MountType string
// These are valid types of mount
const (
// MountTypeBlob Use of azure/blobfuse flexvolume
MountTypeBlob MountType = "blob"
// MountTypeBlobFuse2FuseCsiAzure Use of azure/csi driver for blobfuse2, protocol Fuse in Azure storage account
MountTypeBlobFuse2FuseCsiAzure MountType = "azure-blob"
// MountTypeBlobFuse2Fuse2CsiAzure Use of azure/csi driver for blobfuse2, protocol Fuse2 in Azure storage account
MountTypeBlobFuse2Fuse2CsiAzure MountType = "blobfuse2-fuse2"
// MountTypeBlobFuse2NfsCsiAzure Use of azure/csi driver for blobfuse2, protocol NFS in Azure storage account
MountTypeBlobFuse2NfsCsiAzure MountType = "blobfuse2-nfs"
// MountTypeAzureFileCsiAzure Use of azure/csi driver for Azure File in Azure storage account
MountTypeAzureFileCsiAzure MountType = "azure-file"
)
// These are valid storage class provisioners
const (
// ProvisionerBlobCsiAzure Use of azure/csi driver for blob in Azure storage account
ProvisionerBlobCsiAzure string = "blob.csi.azure.com"
// ProvisionerFileCsiAzure Use of azure/csi driver for files in Azure storage account
ProvisionerFileCsiAzure string = "file.csi.azure.com"
)
// GetStorageClassProvisionerByVolumeMountType convert volume mount type to Storage Class provisioner
func GetStorageClassProvisionerByVolumeMountType(radixVolumeMount *RadixVolumeMount) (string, bool) {
if radixVolumeMount.BlobFuse2 != nil {
return ProvisionerBlobCsiAzure, true
}
if radixVolumeMount.AzureFile != nil {
return ProvisionerFileCsiAzure, true
}
switch radixVolumeMount.Type {
case MountTypeBlobFuse2FuseCsiAzure, MountTypeBlobFuse2Fuse2CsiAzure, MountTypeBlobFuse2NfsCsiAzure:
return ProvisionerBlobCsiAzure, true
case MountTypeAzureFileCsiAzure:
return ProvisionerFileCsiAzure, true
}
return "", false
}
// GetCsiAzureStorageClassProvisioners CSI Azure provisioners
func GetCsiAzureStorageClassProvisioners() []string {
return []string{ProvisionerBlobCsiAzure, ProvisionerFileCsiAzure}
}
// IsKnownVolumeMount Gets if volume mount is supported
func IsKnownVolumeMount(volumeMount string) bool {
return IsKnownBlobFlexVolumeMount(volumeMount) ||
IsKnownCsiAzureVolumeMount(volumeMount)
}
// IsKnownCsiAzureVolumeMount Supported volume mount type CSI Azure Blob volume
func IsKnownCsiAzureVolumeMount(volumeMount string) bool {
switch volumeMount {
case string(MountTypeBlobFuse2FuseCsiAzure), string(MountTypeBlobFuse2Fuse2CsiAzure), string(MountTypeBlobFuse2NfsCsiAzure), string(MountTypeAzureFileCsiAzure):
return true
}
return false
}
// IsKnownBlobFlexVolumeMount Supported volume mount type Azure Blobfuse
func IsKnownBlobFlexVolumeMount(volumeMount string) bool {
return volumeMount == string(MountTypeBlob)
}
// RadixNode defines node attributes, where container should be scheduled
type RadixNode struct {
// Defines rules for allowed GPU types.
// More info: https://www.radix.equinor.com/references/reference-radix-config/#gpu
// +optional
Gpu string `json:"gpu,omitempty"`
// Defines minimum number of required GPUs.
// +optional
GpuCount string `json:"gpuCount,omitempty"`
}
// MonitoringConfig Monitoring configuration
type MonitoringConfig struct {
// Defines which port in the ports list where metrics is served.
// +kubebuilder:validation:MaxLength=15
// +kubebuilder:validation:Pattern=^(([a-z0-9][-a-z0-9.]*)?[a-z0-9])?$
PortName string `json:"portName,omitempty"`
// Defines the path where metrics is served.
// +optional
Path string `json:"path,omitempty"`
}
// RadixSecretRefType Radix secret-ref of type
type RadixSecretRefType string
const (
// RadixSecretRefTypeAzureKeyVault Radix secret-ref of type Azure Key vault
RadixSecretRefTypeAzureKeyVault RadixSecretRefType = "az-keyvault"
)
// RadixSecretRefs defines secret vault
type RadixSecretRefs struct {
// List of Azure Key Vaults to get secrets from.
// +optional
AzureKeyVaults []RadixAzureKeyVault `json:"azureKeyVaults,omitempty"`
}
// RadixAzureKeyVault defines an Azure keyvault.
type RadixAzureKeyVault struct {
// Name of the Azure keyvault.
// +kubebuilder:validation:MinLength=3
// +kubebuilder:validation:MaxLength=24
Name string `json:"name"`
// Path where secrets from the keyvault is mounted.
// +kubebuilder:validation:MinLength=1
// +optional
Path *string `json:"path,omitempty"`
// List of keyvault items (secrets, keys and certificates).
// +kubebuilder:validation:MinItems=1
Items []RadixAzureKeyVaultItem `json:"items"`
// UseAzureIdentity defines that credentials for accessing Azure Key Vault will be acquired using Azure Workload Identity instead of using a ClientID and Secret.
// +optional
UseAzureIdentity *bool `json:"useAzureIdentity,omitempty"`
}
// RadixAzureKeyVaultObjectType Azure Key Vault item type
type RadixAzureKeyVaultObjectType string
const (
// RadixAzureKeyVaultObjectTypeSecret Azure Key Vault item of type secret
RadixAzureKeyVaultObjectTypeSecret RadixAzureKeyVaultObjectType = "secret"
// RadixAzureKeyVaultObjectTypeKey Azure Key Vault item of type key
RadixAzureKeyVaultObjectTypeKey RadixAzureKeyVaultObjectType = "key"
// RadixAzureKeyVaultObjectTypeCert Azure Key Vault item of type certificate
RadixAzureKeyVaultObjectTypeCert RadixAzureKeyVaultObjectType = "cert"
)
// RadixAzureKeyVaultK8sSecretType Azure Key Vault secret item Kubernetes type
type RadixAzureKeyVaultK8sSecretType string