Skip to content

GitLab

Unverified Commit 9e2a2cc9 authored by Julien Mancuso's avatar Julien Mancuso Committed by GitHub
Browse files

feat: add epp component (#5611) 


Signed-off-by: default avatarJulien Mancuso <jmancuso@nvidia.com>
parent 6271a31f
Hide whitespace changes
Inline Side-by-side
Showing with 1757 additions and 126 deletions
deploy/helm/charts/crds/templates/nvidia.com_dynamocomponentdeployments.yaml
View file @ 9e2a2cc9
...@@ -702,7 +702,9 @@ spec: ...@@ -702,7 +702,9 @@ spec:
description: EnvVar represents an environment variable present in a Container. description: EnvVar represents an environment variable present in a Container.
properties: properties:
name: name:
description: Name of the environment variable. Must be a C_IDENTIFIER. description: |-
Name of the environment variable.
May consist of any printable ASCII characters except '='.
type: string type: string
value: value:
description: |- description: |-
...@@ -756,6 +758,42 @@ spec: ...@@ -756,6 +758,42 @@ spec:
- fieldPath - fieldPath
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
fileKeyRef:
description: |-
FileKeyRef selects a key of the env file.
Requires the EnvFiles feature gate to be enabled.
properties:
key:
description: |-
The key within the env file. An invalid key will prevent the pod from starting.
The keys defined within a source may consist of any printable ASCII characters except '='.
During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
type: string
optional:
default: false
description: |-
Specify whether the file or its key must be defined. If the file or key
does not exist, then the env var is not published.
If optional is set to true and the specified key does not exist,
the environment variable will not be set in the Pod's containers.
If optional is set to false and the specified key does not exist,
an error will be returned during Pod creation.
type: boolean
path:
description: |-
The path within the volume from which to select the file.
Must be relative and may not contain the '..' path or start with '..'.
type: string
volumeName:
description: The name of the volume mount containing the env file.
type: string
required:
- key
- path
- volumeName
type: object
x-kubernetes-map-type: atomic
resourceFieldRef: resourceFieldRef:
description: |- description: |-
Selects a resource of the container: only resources limits and requests Selects a resource of the container: only resources limits and requests
...@@ -805,6 +843,161 @@ spec: ...@@ -805,6 +843,161 @@ spec:
- name - name
type: object type: object
type: array type: array
eppConfig:
description: |-
EPPConfig defines EPP-specific configuration options for Endpoint Picker Plugin components.
Only applicable when ComponentType is "epp".
properties:
config:
description: |-
Config allows specifying EPP EndpointPickerConfig directly as a structured object.
The operator will marshal this to YAML and create a ConfigMap automatically.
Mutually exclusive with ConfigMapRef.
One of ConfigMapRef or Config must be specified (no default configuration).
Uses the upstream type from github.com/kubernetes-sigs/gateway-api-inference-extension
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
featureGates:
description: |-
FeatureGates is a set of flags that enable various experimental features with the EPP.
If omitted non of these experimental features will be enabled.
items:
type: string
type: array
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
plugins:
description: Plugins is the list of plugins that will be instantiated.
items:
description: |-
PluginSpec contains the information that describes a plugin that
will be instantiated.
properties:
name:
description: |-
Name provides a name for plugin entries to reference. If
omitted, the value of the Plugin's Type field will be used.
type: string
parameters:
description: |-
Parameters are the set of parameters to be passed to the plugin's
factory function. The factory function is responsible
to parse the parameters.
format: byte
type: string
type:
description: Type specifies the plugin type to be instantiated.
type: string
required:
- type
type: object
type: array
saturationDetector:
description: |-
SaturationDetector when present specifies the configuration of the
Saturation detector. If not present, default values are used.
properties:
kvCacheUtilThreshold:
description: |-
KVCacheUtilThreshold defines the KV cache utilization (0.0 to 1.0) above
which a pod is considered to have insufficient capacity.
type: number
metricsStalenessThreshold:
description: |-
MetricsStalenessThreshold defines how old a pod's metrics can be.
If a pod's metrics are older than this, it might be excluded from
"good capacity" considerations or treated as having no capacity for
safety.
type: string
queueDepthThreshold:
description: |-
QueueDepthThreshold defines the backend waiting queue size above which a
pod is considered to have insufficient capacity for new requests.
type: integer
type: object
schedulingProfiles:
description: |-
SchedulingProfiles is the list of named SchedulingProfiles
that will be created.
items:
description: |-
SchedulingProfile contains the information to create a SchedulingProfile
entry to be used by the scheduler.
properties:
name:
description: Name specifies the name of this SchedulingProfile
type: string
plugins:
description: |-
Plugins is the list of plugins for this SchedulingProfile. They are assigned
to the appropriate "slots" based on their type.
items:
description: |-
SchedulingPlugin describes a plugin that will be associated with a
SchedulingProfile entry.
properties:
pluginRef:
description: |-
PluginRef specifies a partiular Plugin instance to be associated with
this SchedulingProfile. The reference is to the name of an
entry of the Plugins defined in the configuration's Plugins
section
type: string
weight:
description: Weight is the weight fo be used if this plugin is a Scorer.
type: integer
required:
- pluginRef
type: object
type: array
required:
- name
- plugins
type: object
type: array
required:
- plugins
- schedulingProfiles
type: object
x-kubernetes-preserve-unknown-fields: true
configMapRef:
description: |-
ConfigMapRef references a user-provided ConfigMap containing EPP configuration.
The ConfigMap should contain EndpointPickerConfig YAML.
Mutually exclusive with Config.
properties:
key:
description: The key to select.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
optional:
description: Specify whether the ConfigMap or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
extraPodMetadata: extraPodMetadata:
description: ExtraPodMetadata adds labels/annotations to the created Pods. description: ExtraPodMetadata adds labels/annotations to the created Pods.
properties: properties:
...@@ -1372,8 +1565,8 @@ spec: ...@@ -1372,8 +1565,8 @@ spec:
most preferred is the one with the greatest sum of weights, i.e. most preferred is the one with the greatest sum of weights, i.e.
for each node that meets all of the scheduling requirements (resource for each node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling anti-affinity expressions, etc.), request, requiredDuringScheduling anti-affinity expressions, etc.),
compute a sum by iterating through the elements of this field and adding compute a sum by iterating through the elements of this field and subtracting
"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred. node(s) with the highest sum are the most preferred.
items: items:
description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
...@@ -1751,7 +1944,9 @@ spec: ...@@ -1751,7 +1944,9 @@ spec:
description: EnvVar represents an environment variable present in a Container. description: EnvVar represents an environment variable present in a Container.
properties: properties:
name: name:
description: Name of the environment variable. Must be a C_IDENTIFIER. description: |-
Name of the environment variable.
May consist of any printable ASCII characters except '='.
type: string type: string
value: value:
description: |- description: |-
...@@ -1805,6 +2000,42 @@ spec: ...@@ -1805,6 +2000,42 @@ spec:
- fieldPath - fieldPath
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
fileKeyRef:
description: |-
FileKeyRef selects a key of the env file.
Requires the EnvFiles feature gate to be enabled.
properties:
key:
description: |-
The key within the env file. An invalid key will prevent the pod from starting.
The keys defined within a source may consist of any printable ASCII characters except '='.
During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
type: string
optional:
default: false
description: |-
Specify whether the file or its key must be defined. If the file or key
does not exist, then the env var is not published.
If optional is set to true and the specified key does not exist,
the environment variable will not be set in the Pod's containers.
If optional is set to false and the specified key does not exist,
an error will be returned during Pod creation.
type: boolean
path:
description: |-
The path within the volume from which to select the file.
Must be relative and may not contain the '..' path or start with '..'.
type: string
volumeName:
description: The name of the volume mount containing the env file.
type: string
required:
- key
- path
- volumeName
type: object
x-kubernetes-map-type: atomic
resourceFieldRef: resourceFieldRef:
description: |- description: |-
Selects a resource of the container: only resources limits and requests Selects a resource of the container: only resources limits and requests
...@@ -1860,8 +2091,8 @@ spec: ...@@ -1860,8 +2091,8 @@ spec:
envFrom: envFrom:
description: |- description: |-
List of sources to populate environment variables in the container. List of sources to populate environment variables in the container.
The keys defined within a source must be a C_IDENTIFIER. All invalid keys The keys defined within a source may consist of any printable ASCII characters except '='.
will be reported as an event when the container is starting. When a key exists in multiple When a key exists in multiple
sources, the value associated with the last source will take precedence. sources, the value associated with the last source will take precedence.
Values defined by an Env with a duplicate key will take precedence. Values defined by an Env with a duplicate key will take precedence.
Cannot be updated. Cannot be updated.
...@@ -1886,7 +2117,9 @@ spec: ...@@ -1886,7 +2117,9 @@ spec:
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
prefix: prefix:
description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. description: |-
Optional text to prepend to the name of each environment variable.
May consist of any printable ASCII characters except '='.
type: string type: string
secretRef: secretRef:
description: The Secret to select from description: The Secret to select from
...@@ -2531,7 +2764,7 @@ spec: ...@@ -2531,7 +2764,7 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims, Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container. that are used by this container.
   
This is an alpha field and requires enabling the This field depends on the
DynamicResourceAllocation feature gate. DynamicResourceAllocation feature gate.
   
This field is immutable. It can only be set for containers. This field is immutable. It can only be set for containers.
...@@ -2585,10 +2818,10 @@ spec: ...@@ -2585,10 +2818,10 @@ spec:
restartPolicy: restartPolicy:
description: |- description: |-
RestartPolicy defines the restart behavior of individual containers in a pod. RestartPolicy defines the restart behavior of individual containers in a pod.
This field may only be set for init containers, and the only allowed value is "Always". This overrides the pod-level restart policy. When this field is not specified,
For non-init containers or when this field is not specified,
the restart behavior is defined by the Pod's restart policy and the container type. the restart behavior is defined by the Pod's restart policy and the container type.
Setting the RestartPolicy as "Always" for the init container will have the following effect: Additionally, setting the RestartPolicy as "Always" for the init container will
have the following effect:
this init container will be continually restarted on this init container will be continually restarted on
exit until all regular containers have terminated. Once all regular exit until all regular containers have terminated. Once all regular
containers have completed, all init containers with restartPolicy "Always" containers have completed, all init containers with restartPolicy "Always"
...@@ -2600,6 +2833,57 @@ spec: ...@@ -2600,6 +2833,57 @@ spec:
init container is started, or after any startupProbe has successfully init container is started, or after any startupProbe has successfully
completed. completed.
type: string type: string
restartPolicyRules:
description: |-
Represents a list of rules to be checked to determine if the
container should be restarted on exit. The rules are evaluated in
order. Once a rule matches a container exit condition, the remaining
rules are ignored. If no rule matches the container exit condition,
the Container-level restart policy determines the whether the container
is restarted or not. Constraints on the rules:
- At most 20 rules are allowed.
- Rules can have the same action.
- Identical rules are not forbidden in validations.
When rules are specified, container MUST set RestartPolicy explicitly
even it if matches the Pod's RestartPolicy.
items:
description: ContainerRestartRule describes how a container exit is handled.
properties:
action:
description: |-
Specifies the action taken on a container exit if the requirements
are satisfied. The only possible value is "Restart" to restart the
container.
type: string
exitCodes:
description: Represents the exit codes to check on container exits.
properties:
operator:
description: |-
Represents the relationship between the container exit code(s) and the
specified values. Possible values are:
- In: the requirement is satisfied if the container exit code is in the
set of specified values.
- NotIn: the requirement is satisfied if the container exit code is
not in the set of specified values.
type: string
values:
description: |-
Specifies the set of values to check for container exit codes.
At most 255 elements are allowed.
items:
format: int32
type: integer
type: array
x-kubernetes-list-type: set
required:
- operator
type: object
required:
- action
type: object
type: array
x-kubernetes-list-type: atomic
securityContext: securityContext:
description: |- description: |-
SecurityContext defines the security options the container should be run with. SecurityContext defines the security options the container should be run with.
...@@ -3197,7 +3481,9 @@ spec: ...@@ -3197,7 +3481,9 @@ spec:
description: EnvVar represents an environment variable present in a Container. description: EnvVar represents an environment variable present in a Container.
properties: properties:
name: name:
description: Name of the environment variable. Must be a C_IDENTIFIER. description: |-
Name of the environment variable.
May consist of any printable ASCII characters except '='.
type: string type: string
value: value:
description: |- description: |-
...@@ -3251,6 +3537,42 @@ spec: ...@@ -3251,6 +3537,42 @@ spec:
- fieldPath - fieldPath
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
fileKeyRef:
description: |-
FileKeyRef selects a key of the env file.
Requires the EnvFiles feature gate to be enabled.
properties:
key:
description: |-
The key within the env file. An invalid key will prevent the pod from starting.
The keys defined within a source may consist of any printable ASCII characters except '='.
During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
type: string
optional:
default: false
description: |-
Specify whether the file or its key must be defined. If the file or key
does not exist, then the env var is not published.
If optional is set to true and the specified key does not exist,
the environment variable will not be set in the Pod's containers.
If optional is set to false and the specified key does not exist,
an error will be returned during Pod creation.
type: boolean
path:
description: |-
The path within the volume from which to select the file.
Must be relative and may not contain the '..' path or start with '..'.
type: string
volumeName:
description: The name of the volume mount containing the env file.
type: string
required:
- key
- path
- volumeName
type: object
x-kubernetes-map-type: atomic
resourceFieldRef: resourceFieldRef:
description: |- description: |-
Selects a resource of the container: only resources limits and requests Selects a resource of the container: only resources limits and requests
...@@ -3306,8 +3628,8 @@ spec: ...@@ -3306,8 +3628,8 @@ spec:
envFrom: envFrom:
description: |- description: |-
List of sources to populate environment variables in the container. List of sources to populate environment variables in the container.
The keys defined within a source must be a C_IDENTIFIER. All invalid keys The keys defined within a source may consist of any printable ASCII characters except '='.
will be reported as an event when the container is starting. When a key exists in multiple When a key exists in multiple
sources, the value associated with the last source will take precedence. sources, the value associated with the last source will take precedence.
Values defined by an Env with a duplicate key will take precedence. Values defined by an Env with a duplicate key will take precedence.
Cannot be updated. Cannot be updated.
...@@ -3332,7 +3654,9 @@ spec: ...@@ -3332,7 +3654,9 @@ spec:
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
prefix: prefix:
description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. description: |-
Optional text to prepend to the name of each environment variable.
May consist of any printable ASCII characters except '='.
type: string type: string
secretRef: secretRef:
description: The Secret to select from description: The Secret to select from
...@@ -3956,7 +4280,7 @@ spec: ...@@ -3956,7 +4280,7 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims, Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container. that are used by this container.
   
This is an alpha field and requires enabling the This field depends on the
DynamicResourceAllocation feature gate. DynamicResourceAllocation feature gate.
   
This field is immutable. It can only be set for containers. This field is immutable. It can only be set for containers.
...@@ -4011,9 +4335,51 @@ spec: ...@@ -4011,9 +4335,51 @@ spec:
description: |- description: |-
Restart policy for the container to manage the restart behavior of each Restart policy for the container to manage the restart behavior of each
container within a pod. container within a pod.
This may only be set for init containers. You cannot set this field on You cannot set this field on ephemeral containers.
ephemeral containers.
type: string type: string
restartPolicyRules:
description: |-
Represents a list of rules to be checked to determine if the
container should be restarted on exit. You cannot set this field on
ephemeral containers.
items:
description: ContainerRestartRule describes how a container exit is handled.
properties:
action:
description: |-
Specifies the action taken on a container exit if the requirements
are satisfied. The only possible value is "Restart" to restart the
container.
type: string
exitCodes:
description: Represents the exit codes to check on container exits.
properties:
operator:
description: |-
Represents the relationship between the container exit code(s) and the
specified values. Possible values are:
- In: the requirement is satisfied if the container exit code is in the
set of specified values.
- NotIn: the requirement is satisfied if the container exit code is
not in the set of specified values.
type: string
values:
description: |-
Specifies the set of values to check for container exit codes.
At most 255 elements are allowed.
items:
format: int32
type: integer
type: array
x-kubernetes-list-type: set
required:
- operator
type: object
required:
- action
type: object
type: array
x-kubernetes-list-type: atomic
securityContext: securityContext:
description: |- description: |-
Optional: SecurityContext defines the security options the ephemeral container should be run with. Optional: SecurityContext defines the security options the ephemeral container should be run with.
...@@ -4532,7 +4898,9 @@ spec: ...@@ -4532,7 +4898,9 @@ spec:
hostNetwork: hostNetwork:
description: |- description: |-
Host networking requested for this pod. Use the host's network namespace. Host networking requested for this pod. Use the host's network namespace.
If this option is set, the ports that will be used must be specified. When using HostNetwork you should specify ports so the scheduler is aware.
When `hostNetwork` is true, specified `hostPort` fields in port definitions must match `containerPort`,
and unspecified `hostPort` fields in port definitions are defaulted to match `containerPort`.
Default to false. Default to false.
type: boolean type: boolean
hostPID: hostPID:
...@@ -4557,6 +4925,19 @@ spec: ...@@ -4557,6 +4925,19 @@ spec:
Specifies the hostname of the Pod Specifies the hostname of the Pod
If not specified, the pod's hostname will be set to a system-defined value. If not specified, the pod's hostname will be set to a system-defined value.
type: string type: string
hostnameOverride:
description: |-
HostnameOverride specifies an explicit override for the pod's hostname as perceived by the pod.
This field only specifies the pod's hostname and does not affect its DNS records.
When this field is set to a non-empty string:
- It takes precedence over the values set in `hostname` and `subdomain`.
- The Pod's hostname will be set to this value.
- `setHostnameAsFQDN` must be nil or set to false.
- `hostNetwork` must be set to false.
This field must be a valid DNS subdomain as defined in RFC 1123 and contain at most 64 characters.
Requires the HostnameOverride feature gate to be enabled.
type: string
imagePullSecrets: imagePullSecrets:
description: |- description: |-
ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
...@@ -4636,7 +5017,9 @@ spec: ...@@ -4636,7 +5017,9 @@ spec:
description: EnvVar represents an environment variable present in a Container. description: EnvVar represents an environment variable present in a Container.
properties: properties:
name: name:
description: Name of the environment variable. Must be a C_IDENTIFIER. description: |-
Name of the environment variable.
May consist of any printable ASCII characters except '='.
type: string type: string
value: value:
description: |- description: |-
...@@ -4690,6 +5073,42 @@ spec: ...@@ -4690,6 +5073,42 @@ spec:
- fieldPath - fieldPath
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
fileKeyRef:
description: |-
FileKeyRef selects a key of the env file.
Requires the EnvFiles feature gate to be enabled.
properties:
key:
description: |-
The key within the env file. An invalid key will prevent the pod from starting.
The keys defined within a source may consist of any printable ASCII characters except '='.
During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
type: string
optional:
default: false
description: |-
Specify whether the file or its key must be defined. If the file or key
does not exist, then the env var is not published.
If optional is set to true and the specified key does not exist,
the environment variable will not be set in the Pod's containers.
If optional is set to false and the specified key does not exist,
an error will be returned during Pod creation.
type: boolean
path:
description: |-
The path within the volume from which to select the file.
Must be relative and may not contain the '..' path or start with '..'.
type: string
volumeName:
description: The name of the volume mount containing the env file.
type: string
required:
- key
- path
- volumeName
type: object
x-kubernetes-map-type: atomic
resourceFieldRef: resourceFieldRef:
description: |- description: |-
Selects a resource of the container: only resources limits and requests Selects a resource of the container: only resources limits and requests
...@@ -4745,8 +5164,8 @@ spec: ...@@ -4745,8 +5164,8 @@ spec:
envFrom: envFrom:
description: |- description: |-
List of sources to populate environment variables in the container. List of sources to populate environment variables in the container.
The keys defined within a source must be a C_IDENTIFIER. All invalid keys The keys defined within a source may consist of any printable ASCII characters except '='.
will be reported as an event when the container is starting. When a key exists in multiple When a key exists in multiple
sources, the value associated with the last source will take precedence. sources, the value associated with the last source will take precedence.
Values defined by an Env with a duplicate key will take precedence. Values defined by an Env with a duplicate key will take precedence.
Cannot be updated. Cannot be updated.
...@@ -4771,7 +5190,9 @@ spec: ...@@ -4771,7 +5190,9 @@ spec:
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
prefix: prefix:
description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. description: |-
Optional text to prepend to the name of each environment variable.
May consist of any printable ASCII characters except '='.
type: string type: string
secretRef: secretRef:
description: The Secret to select from description: The Secret to select from
...@@ -5416,7 +5837,7 @@ spec: ...@@ -5416,7 +5837,7 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims, Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container. that are used by this container.
   
This is an alpha field and requires enabling the This field depends on the
DynamicResourceAllocation feature gate. DynamicResourceAllocation feature gate.
   
This field is immutable. It can only be set for containers. This field is immutable. It can only be set for containers.
...@@ -5470,10 +5891,10 @@ spec: ...@@ -5470,10 +5891,10 @@ spec:
restartPolicy: restartPolicy:
description: |- description: |-
RestartPolicy defines the restart behavior of individual containers in a pod. RestartPolicy defines the restart behavior of individual containers in a pod.
This field may only be set for init containers, and the only allowed value is "Always". This overrides the pod-level restart policy. When this field is not specified,
For non-init containers or when this field is not specified,
the restart behavior is defined by the Pod's restart policy and the container type. the restart behavior is defined by the Pod's restart policy and the container type.
Setting the RestartPolicy as "Always" for the init container will have the following effect: Additionally, setting the RestartPolicy as "Always" for the init container will
have the following effect:
this init container will be continually restarted on this init container will be continually restarted on
exit until all regular containers have terminated. Once all regular exit until all regular containers have terminated. Once all regular
containers have completed, all init containers with restartPolicy "Always" containers have completed, all init containers with restartPolicy "Always"
...@@ -5485,6 +5906,57 @@ spec: ...@@ -5485,6 +5906,57 @@ spec:
init container is started, or after any startupProbe has successfully init container is started, or after any startupProbe has successfully
completed. completed.
type: string type: string
restartPolicyRules:
description: |-
Represents a list of rules to be checked to determine if the
container should be restarted on exit. The rules are evaluated in
order. Once a rule matches a container exit condition, the remaining
rules are ignored. If no rule matches the container exit condition,
the Container-level restart policy determines the whether the container
is restarted or not. Constraints on the rules:
- At most 20 rules are allowed.
- Rules can have the same action.
- Identical rules are not forbidden in validations.
When rules are specified, container MUST set RestartPolicy explicitly
even it if matches the Pod's RestartPolicy.
items:
description: ContainerRestartRule describes how a container exit is handled.
properties:
action:
description: |-
Specifies the action taken on a container exit if the requirements
are satisfied. The only possible value is "Restart" to restart the
container.
type: string
exitCodes:
description: Represents the exit codes to check on container exits.
properties:
operator:
description: |-
Represents the relationship between the container exit code(s) and the
specified values. Possible values are:
- In: the requirement is satisfied if the container exit code is in the
set of specified values.
- NotIn: the requirement is satisfied if the container exit code is
not in the set of specified values.
type: string
values:
description: |-
Specifies the set of values to check for container exit codes.
At most 255 elements are allowed.
items:
format: int32
type: integer
type: array
x-kubernetes-list-type: set
required:
- operator
type: object
required:
- action
type: object
type: array
x-kubernetes-list-type: atomic
securityContext: securityContext:
description: |- description: |-
SecurityContext defines the security options the container should be run with. SecurityContext defines the security options the container should be run with.
...@@ -6008,7 +6480,9 @@ spec: ...@@ -6008,7 +6480,9 @@ spec:
description: EnvVar represents an environment variable present in a Container. description: EnvVar represents an environment variable present in a Container.
properties: properties:
name: name:
description: Name of the environment variable. Must be a C_IDENTIFIER. description: |-
Name of the environment variable.
May consist of any printable ASCII characters except '='.
type: string type: string
value: value:
description: |- description: |-
...@@ -6062,6 +6536,42 @@ spec: ...@@ -6062,6 +6536,42 @@ spec:
- fieldPath - fieldPath
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
fileKeyRef:
description: |-
FileKeyRef selects a key of the env file.
Requires the EnvFiles feature gate to be enabled.
properties:
key:
description: |-
The key within the env file. An invalid key will prevent the pod from starting.
The keys defined within a source may consist of any printable ASCII characters except '='.
During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
type: string
optional:
default: false
description: |-
Specify whether the file or its key must be defined. If the file or key
does not exist, then the env var is not published.
If optional is set to true and the specified key does not exist,
the environment variable will not be set in the Pod's containers.
If optional is set to false and the specified key does not exist,
an error will be returned during Pod creation.
type: boolean
path:
description: |-
The path within the volume from which to select the file.
Must be relative and may not contain the '..' path or start with '..'.
type: string
volumeName:
description: The name of the volume mount containing the env file.
type: string
required:
- key
- path
- volumeName
type: object
x-kubernetes-map-type: atomic
resourceFieldRef: resourceFieldRef:
description: |- description: |-
Selects a resource of the container: only resources limits and requests Selects a resource of the container: only resources limits and requests
...@@ -6117,8 +6627,8 @@ spec: ...@@ -6117,8 +6627,8 @@ spec:
envFrom: envFrom:
description: |- description: |-
List of sources to populate environment variables in the container. List of sources to populate environment variables in the container.
The keys defined within a source must be a C_IDENTIFIER. All invalid keys The keys defined within a source may consist of any printable ASCII characters except '='.
will be reported as an event when the container is starting. When a key exists in multiple When a key exists in multiple
sources, the value associated with the last source will take precedence. sources, the value associated with the last source will take precedence.
Values defined by an Env with a duplicate key will take precedence. Values defined by an Env with a duplicate key will take precedence.
Cannot be updated. Cannot be updated.
...@@ -6143,7 +6653,9 @@ spec: ...@@ -6143,7 +6653,9 @@ spec:
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
prefix: prefix:
description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. description: |-
Optional text to prepend to the name of each environment variable.
May consist of any printable ASCII characters except '='.
type: string type: string
secretRef: secretRef:
description: The Secret to select from description: The Secret to select from
...@@ -6788,7 +7300,7 @@ spec: ...@@ -6788,7 +7300,7 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims, Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container. that are used by this container.
   
This is an alpha field and requires enabling the This field depends on the
DynamicResourceAllocation feature gate. DynamicResourceAllocation feature gate.
   
This field is immutable. It can only be set for containers. This field is immutable. It can only be set for containers.
...@@ -6842,10 +7354,10 @@ spec: ...@@ -6842,10 +7354,10 @@ spec:
restartPolicy: restartPolicy:
description: |- description: |-
RestartPolicy defines the restart behavior of individual containers in a pod. RestartPolicy defines the restart behavior of individual containers in a pod.
This field may only be set for init containers, and the only allowed value is "Always". This overrides the pod-level restart policy. When this field is not specified,
For non-init containers or when this field is not specified,
the restart behavior is defined by the Pod's restart policy and the container type. the restart behavior is defined by the Pod's restart policy and the container type.
Setting the RestartPolicy as "Always" for the init container will have the following effect: Additionally, setting the RestartPolicy as "Always" for the init container will
have the following effect:
this init container will be continually restarted on this init container will be continually restarted on
exit until all regular containers have terminated. Once all regular exit until all regular containers have terminated. Once all regular
containers have completed, all init containers with restartPolicy "Always" containers have completed, all init containers with restartPolicy "Always"
...@@ -6857,6 +7369,57 @@ spec: ...@@ -6857,6 +7369,57 @@ spec:
init container is started, or after any startupProbe has successfully init container is started, or after any startupProbe has successfully
completed. completed.
type: string type: string
restartPolicyRules:
description: |-
Represents a list of rules to be checked to determine if the
container should be restarted on exit. The rules are evaluated in
order. Once a rule matches a container exit condition, the remaining
rules are ignored. If no rule matches the container exit condition,
the Container-level restart policy determines the whether the container
is restarted or not. Constraints on the rules:
- At most 20 rules are allowed.
- Rules can have the same action.
- Identical rules are not forbidden in validations.
When rules are specified, container MUST set RestartPolicy explicitly
even it if matches the Pod's RestartPolicy.
items:
description: ContainerRestartRule describes how a container exit is handled.
properties:
action:
description: |-
Specifies the action taken on a container exit if the requirements
are satisfied. The only possible value is "Restart" to restart the
container.
type: string
exitCodes:
description: Represents the exit codes to check on container exits.
properties:
operator:
description: |-
Represents the relationship between the container exit code(s) and the
specified values. Possible values are:
- In: the requirement is satisfied if the container exit code is in the
set of specified values.
- NotIn: the requirement is satisfied if the container exit code is
not in the set of specified values.
type: string
values:
description: |-
Specifies the set of values to check for container exit codes.
At most 255 elements are allowed.
items:
format: int32
type: integer
type: array
x-kubernetes-list-type: set
required:
- operator
type: object
required:
- action
type: object
type: array
x-kubernetes-list-type: atomic
securityContext: securityContext:
description: |- description: |-
SecurityContext defines the security options the container should be run with. SecurityContext defines the security options the container should be run with.
...@@ -7365,6 +7928,7 @@ spec: ...@@ -7365,6 +7928,7 @@ spec:
- spec.hostPID - spec.hostPID
- spec.hostIPC - spec.hostIPC
- spec.hostUsers - spec.hostUsers
- spec.resources
- spec.securityContext.appArmorProfile - spec.securityContext.appArmorProfile
- spec.securityContext.seLinuxOptions - spec.securityContext.seLinuxOptions
- spec.securityContext.seccompProfile - spec.securityContext.seccompProfile
...@@ -7516,7 +8080,7 @@ spec: ...@@ -7516,7 +8080,7 @@ spec:
description: |- description: |-
Resources is the total amount of CPU and Memory resources required by all Resources is the total amount of CPU and Memory resources required by all
containers in the pod. It supports specifying Requests and Limits for containers in the pod. It supports specifying Requests and Limits for
"cpu" and "memory" resource names only. ResourceClaims are not supported. "cpu", "memory" and "hugepages-" resource names only. ResourceClaims are not supported.
   
This field enables fine-grained control over resource allocation for the This field enables fine-grained control over resource allocation for the
entire pod, allowing resource sharing among containers in a pod. entire pod, allowing resource sharing among containers in a pod.
...@@ -7529,7 +8093,7 @@ spec: ...@@ -7529,7 +8093,7 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims, Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container. that are used by this container.
   
This is an alpha field and requires enabling the This field depends on the
DynamicResourceAllocation feature gate. DynamicResourceAllocation feature gate.
   
This field is immutable. It can only be set for containers. This field is immutable. It can only be set for containers.
...@@ -8755,15 +9319,13 @@ spec: ...@@ -8755,15 +9319,13 @@ spec:
volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
If specified, the CSI driver will create or update the volume with the attributes defined If specified, the CSI driver will create or update the volume with the attributes defined
in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass it can be changed after the claim is created. An empty string or nil value indicates that no
will be applied to the claim but it's not allowed to reset this field to empty string once it is set. VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state,
If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass this field can be reset to its previous value (including nil) to cancel the modification.
will be set by the persistentvolume controller if it exists.
If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
exists. exists.
More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
type: string type: string
volumeMode: volumeMode:
description: |- description: |-
...@@ -8937,12 +9499,9 @@ spec: ...@@ -8937,12 +9499,9 @@ spec:
description: |- description: |-
glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.
More info: https://examples.k8s.io/volumes/glusterfs/README.md
properties: properties:
endpoints: endpoints:
description: |- description: endpoints is the endpoint name that details Glusterfs topology.
endpoints is the endpoint name that details Glusterfs topology.
More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
type: string type: string
path: path:
description: |- description: |-
...@@ -9021,7 +9580,7 @@ spec: ...@@ -9021,7 +9580,7 @@ spec:
description: |- description: |-
iscsi represents an ISCSI Disk resource that is attached to a iscsi represents an ISCSI Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. kubelet's host machine and then exposed to the pod.
More info: https://examples.k8s.io/volumes/iscsi/README.md More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi
properties: properties:
chapAuthDiscovery: chapAuthDiscovery:
description: chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication description: chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
...@@ -9411,6 +9970,110 @@ spec: ...@@ -9411,6 +9970,110 @@ spec:
type: array type: array
x-kubernetes-list-type: atomic x-kubernetes-list-type: atomic
type: object type: object
podCertificate:
description: |-
Projects an auto-rotating credential bundle (private key and certificate
chain) that the pod can use either as a TLS client or server.
Kubelet generates a private key and uses it to send a
PodCertificateRequest to the named signer. Once the signer approves the
request and issues a certificate chain, Kubelet writes the key and
certificate chain to the pod filesystem. The pod does not start until
certificates have been issued for each podCertificate projected volume
source in its spec.
Kubelet will begin trying to rotate the certificate at the time indicated
by the signer using the PodCertificateRequest.Status.BeginRefreshAt
timestamp.
Kubelet can write a single file, indicated by the credentialBundlePath
field, or separate files, indicated by the keyPath and
certificateChainPath fields.
The credential bundle is a single file in PEM format. The first PEM
entry is the private key (in PKCS#8 format), and the remaining PEM
entries are the certificate chain issued by the signer (typically,
signers will return their certificate chain in leaf-to-root order).
Prefer using the credential bundle format, since your application code
can read it atomically. If you use keyPath and certificateChainPath,
your application must make two separate file reads. If these coincide
with a certificate rotation, it is possible that the private key and leaf
certificate you read may not correspond to each other. Your application
will need to check for this condition, and re-read until they are
consistent.
The named signer controls chooses the format of the certificate it
issues; consult the signer implementation's documentation to learn how to
use the certificates it issues.
properties:
certificateChainPath:
description: |-
Write the certificate chain at this path in the projected volume.
Most applications should use credentialBundlePath. When using keyPath
and certificateChainPath, your application needs to check that the key
and leaf certificate are consistent, because it is possible to read the
files mid-rotation.
type: string
credentialBundlePath:
description: |-
Write the credential bundle at this path in the projected volume.
The credential bundle is a single file that contains multiple PEM blocks.
The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private
key.
The remaining blocks are CERTIFICATE blocks, containing the issued
certificate chain from the signer (leaf and any intermediates).
Using credentialBundlePath lets your Pod's application code make a single
atomic read that retrieves a consistent key and certificate chain. If you
project them to separate files, your application code will need to
additionally check that the leaf certificate was issued to the key.
type: string
keyPath:
description: |-
Write the key at this path in the projected volume.
Most applications should use credentialBundlePath. When using keyPath
and certificateChainPath, your application needs to check that the key
and leaf certificate are consistent, because it is possible to read the
files mid-rotation.
type: string
keyType:
description: |-
The type of keypair Kubelet will generate for the pod.
Valid values are "RSA3072", "RSA4096", "ECDSAP256", "ECDSAP384",
"ECDSAP521", and "ED25519".
type: string
maxExpirationSeconds:
description: |-
maxExpirationSeconds is the maximum lifetime permitted for the
certificate.
Kubelet copies this value verbatim into the PodCertificateRequests it
generates for this projection.
If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver
will reject values shorter than 3600 (1 hour). The maximum allowable
value is 7862400 (91 days).
The signer implementation is then free to issue a certificate with any
lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600
seconds (1 hour). This constraint is enforced by kube-apiserver.
`kubernetes.io` signers will never issue certificates with a lifetime
longer than 24 hours.
format: int32
type: integer
signerName:
description: Kubelet's generated CSRs will be addressed to this signer.
type: string
required:
- keyType
- signerName
type: object
secret: secret:
description: secret information about the secret data to project description: secret information about the secret data to project
properties: properties:
...@@ -9540,7 +10203,6 @@ spec: ...@@ -9540,7 +10203,6 @@ spec:
description: |- description: |-
rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported.
More info: https://examples.k8s.io/volumes/rbd/README.md
properties: properties:
fsType: fsType:
description: |- description: |-
......
deploy/helm/charts/crds/templates/nvidia.com_dynamographdeploymentrequests.yaml
View file @ 9e2a2cc9
...@@ -210,7 +210,7 @@ spec: ...@@ -210,7 +210,7 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims, Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container. that are used by this container.
This is an alpha field and requires enabling the This field depends on the
DynamicResourceAllocation feature gate. DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers. This field is immutable. It can only be set for containers.
......
deploy/helm/charts/crds/templates/nvidia.com_dynamographdeployments.yaml
View file @ 9e2a2cc9
...@@ -84,7 +84,9 @@ spec: ...@@ -84,7 +84,9 @@ spec:
description: EnvVar represents an environment variable present in a Container. description: EnvVar represents an environment variable present in a Container.
properties: properties:
name: name:
description: Name of the environment variable. Must be a C_IDENTIFIER. description: |-
Name of the environment variable.
May consist of any printable ASCII characters except '='.
type: string type: string
value: value:
description: |- description: |-
...@@ -138,6 +140,42 @@ spec: ...@@ -138,6 +140,42 @@ spec:
- fieldPath - fieldPath
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
fileKeyRef:
description: |-
FileKeyRef selects a key of the env file.
Requires the EnvFiles feature gate to be enabled.
properties:
key:
description: |-
The key within the env file. An invalid key will prevent the pod from starting.
The keys defined within a source may consist of any printable ASCII characters except '='.
During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
type: string
optional:
default: false
description: |-
Specify whether the file or its key must be defined. If the file or key
does not exist, then the env var is not published.
If optional is set to true and the specified key does not exist,
the environment variable will not be set in the Pod's containers.
If optional is set to false and the specified key does not exist,
an error will be returned during Pod creation.
type: boolean
path:
description: |-
The path within the volume from which to select the file.
Must be relative and may not contain the '..' path or start with '..'.
type: string
volumeName:
description: The name of the volume mount containing the env file.
type: string
required:
- key
- path
- volumeName
type: object
x-kubernetes-map-type: atomic
resourceFieldRef: resourceFieldRef:
description: |- description: |-
Selects a resource of the container: only resources limits and requests Selects a resource of the container: only resources limits and requests
...@@ -873,7 +911,9 @@ spec: ...@@ -873,7 +911,9 @@ spec:
description: EnvVar represents an environment variable present in a Container. description: EnvVar represents an environment variable present in a Container.
properties: properties:
name: name:
description: Name of the environment variable. Must be a C_IDENTIFIER. description: |-
Name of the environment variable.
May consist of any printable ASCII characters except '='.
type: string type: string
value: value:
description: |- description: |-
...@@ -927,6 +967,42 @@ spec: ...@@ -927,6 +967,42 @@ spec:
- fieldPath - fieldPath
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
fileKeyRef:
description: |-
FileKeyRef selects a key of the env file.
Requires the EnvFiles feature gate to be enabled.
properties:
key:
description: |-
The key within the env file. An invalid key will prevent the pod from starting.
The keys defined within a source may consist of any printable ASCII characters except '='.
During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
type: string
optional:
default: false
description: |-
Specify whether the file or its key must be defined. If the file or key
does not exist, then the env var is not published.
If optional is set to true and the specified key does not exist,
the environment variable will not be set in the Pod's containers.
If optional is set to false and the specified key does not exist,
an error will be returned during Pod creation.
type: boolean
path:
description: |-
The path within the volume from which to select the file.
Must be relative and may not contain the '..' path or start with '..'.
type: string
volumeName:
description: The name of the volume mount containing the env file.
type: string
required:
- key
- path
- volumeName
type: object
x-kubernetes-map-type: atomic
resourceFieldRef: resourceFieldRef:
description: |- description: |-
Selects a resource of the container: only resources limits and requests Selects a resource of the container: only resources limits and requests
...@@ -976,6 +1052,161 @@ spec: ...@@ -976,6 +1052,161 @@ spec:
- name - name
type: object type: object
type: array type: array
eppConfig:
description: |-
EPPConfig defines EPP-specific configuration options for Endpoint Picker Plugin components.
Only applicable when ComponentType is "epp".
properties:
config:
description: |-
Config allows specifying EPP EndpointPickerConfig directly as a structured object.
The operator will marshal this to YAML and create a ConfigMap automatically.
Mutually exclusive with ConfigMapRef.
One of ConfigMapRef or Config must be specified (no default configuration).
Uses the upstream type from github.com/kubernetes-sigs/gateway-api-inference-extension
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
featureGates:
description: |-
FeatureGates is a set of flags that enable various experimental features with the EPP.
If omitted non of these experimental features will be enabled.
items:
type: string
type: array
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
plugins:
description: Plugins is the list of plugins that will be instantiated.
items:
description: |-
PluginSpec contains the information that describes a plugin that
will be instantiated.
properties:
name:
description: |-
Name provides a name for plugin entries to reference. If
omitted, the value of the Plugin's Type field will be used.
type: string
parameters:
description: |-
Parameters are the set of parameters to be passed to the plugin's
factory function. The factory function is responsible
to parse the parameters.
format: byte
type: string
type:
description: Type specifies the plugin type to be instantiated.
type: string
required:
- type
type: object
type: array
saturationDetector:
description: |-
SaturationDetector when present specifies the configuration of the
Saturation detector. If not present, default values are used.
properties:
kvCacheUtilThreshold:
description: |-
KVCacheUtilThreshold defines the KV cache utilization (0.0 to 1.0) above
which a pod is considered to have insufficient capacity.
type: number
metricsStalenessThreshold:
description: |-
MetricsStalenessThreshold defines how old a pod's metrics can be.
If a pod's metrics are older than this, it might be excluded from
"good capacity" considerations or treated as having no capacity for
safety.
type: string
queueDepthThreshold:
description: |-
QueueDepthThreshold defines the backend waiting queue size above which a
pod is considered to have insufficient capacity for new requests.
type: integer
type: object
schedulingProfiles:
description: |-
SchedulingProfiles is the list of named SchedulingProfiles
that will be created.
items:
description: |-
SchedulingProfile contains the information to create a SchedulingProfile
entry to be used by the scheduler.
properties:
name:
description: Name specifies the name of this SchedulingProfile
type: string
plugins:
description: |-
Plugins is the list of plugins for this SchedulingProfile. They are assigned
to the appropriate "slots" based on their type.
items:
description: |-
SchedulingPlugin describes a plugin that will be associated with a
SchedulingProfile entry.
properties:
pluginRef:
description: |-
PluginRef specifies a partiular Plugin instance to be associated with
this SchedulingProfile. The reference is to the name of an
entry of the Plugins defined in the configuration's Plugins
section
type: string
weight:
description: Weight is the weight fo be used if this plugin is a Scorer.
type: integer
required:
- pluginRef
type: object
type: array
required:
- name
- plugins
type: object
type: array
required:
- plugins
- schedulingProfiles
type: object
x-kubernetes-preserve-unknown-fields: true
configMapRef:
description: |-
ConfigMapRef references a user-provided ConfigMap containing EPP configuration.
The ConfigMap should contain EndpointPickerConfig YAML.
Mutually exclusive with Config.
properties:
key:
description: The key to select.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
optional:
description: Specify whether the ConfigMap or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
extraPodMetadata: extraPodMetadata:
description: ExtraPodMetadata adds labels/annotations to the created Pods. description: ExtraPodMetadata adds labels/annotations to the created Pods.
properties: properties:
...@@ -1543,8 +1774,8 @@ spec: ...@@ -1543,8 +1774,8 @@ spec:
most preferred is the one with the greatest sum of weights, i.e. most preferred is the one with the greatest sum of weights, i.e.
for each node that meets all of the scheduling requirements (resource for each node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling anti-affinity expressions, etc.), request, requiredDuringScheduling anti-affinity expressions, etc.),
compute a sum by iterating through the elements of this field and adding compute a sum by iterating through the elements of this field and subtracting
"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred. node(s) with the highest sum are the most preferred.
items: items:
description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
...@@ -1922,7 +2153,9 @@ spec: ...@@ -1922,7 +2153,9 @@ spec:
description: EnvVar represents an environment variable present in a Container. description: EnvVar represents an environment variable present in a Container.
properties: properties:
name: name:
description: Name of the environment variable. Must be a C_IDENTIFIER. description: |-
Name of the environment variable.
May consist of any printable ASCII characters except '='.
type: string type: string
value: value:
description: |- description: |-
...@@ -1976,6 +2209,42 @@ spec: ...@@ -1976,6 +2209,42 @@ spec:
- fieldPath - fieldPath
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
fileKeyRef:
description: |-
FileKeyRef selects a key of the env file.
Requires the EnvFiles feature gate to be enabled.
properties:
key:
description: |-
The key within the env file. An invalid key will prevent the pod from starting.
The keys defined within a source may consist of any printable ASCII characters except '='.
During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
type: string
optional:
default: false
description: |-
Specify whether the file or its key must be defined. If the file or key
does not exist, then the env var is not published.
If optional is set to true and the specified key does not exist,
the environment variable will not be set in the Pod's containers.
If optional is set to false and the specified key does not exist,
an error will be returned during Pod creation.
type: boolean
path:
description: |-
The path within the volume from which to select the file.
Must be relative and may not contain the '..' path or start with '..'.
type: string
volumeName:
description: The name of the volume mount containing the env file.
type: string
required:
- key
- path
- volumeName
type: object
x-kubernetes-map-type: atomic
resourceFieldRef: resourceFieldRef:
description: |- description: |-
Selects a resource of the container: only resources limits and requests Selects a resource of the container: only resources limits and requests
...@@ -2031,8 +2300,8 @@ spec: ...@@ -2031,8 +2300,8 @@ spec:
envFrom: envFrom:
description: |- description: |-
List of sources to populate environment variables in the container. List of sources to populate environment variables in the container.
The keys defined within a source must be a C_IDENTIFIER. All invalid keys The keys defined within a source may consist of any printable ASCII characters except '='.
will be reported as an event when the container is starting. When a key exists in multiple When a key exists in multiple
sources, the value associated with the last source will take precedence. sources, the value associated with the last source will take precedence.
Values defined by an Env with a duplicate key will take precedence. Values defined by an Env with a duplicate key will take precedence.
Cannot be updated. Cannot be updated.
...@@ -2057,7 +2326,9 @@ spec: ...@@ -2057,7 +2326,9 @@ spec:
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
prefix: prefix:
description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. description: |-
Optional text to prepend to the name of each environment variable.
May consist of any printable ASCII characters except '='.
type: string type: string
secretRef: secretRef:
description: The Secret to select from description: The Secret to select from
...@@ -2702,7 +2973,7 @@ spec: ...@@ -2702,7 +2973,7 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims, Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container. that are used by this container.
   
This is an alpha field and requires enabling the This field depends on the
DynamicResourceAllocation feature gate. DynamicResourceAllocation feature gate.
   
This field is immutable. It can only be set for containers. This field is immutable. It can only be set for containers.
...@@ -2756,10 +3027,10 @@ spec: ...@@ -2756,10 +3027,10 @@ spec:
restartPolicy: restartPolicy:
description: |- description: |-
RestartPolicy defines the restart behavior of individual containers in a pod. RestartPolicy defines the restart behavior of individual containers in a pod.
This field may only be set for init containers, and the only allowed value is "Always". This overrides the pod-level restart policy. When this field is not specified,
For non-init containers or when this field is not specified,
the restart behavior is defined by the Pod's restart policy and the container type. the restart behavior is defined by the Pod's restart policy and the container type.
Setting the RestartPolicy as "Always" for the init container will have the following effect: Additionally, setting the RestartPolicy as "Always" for the init container will
have the following effect:
this init container will be continually restarted on this init container will be continually restarted on
exit until all regular containers have terminated. Once all regular exit until all regular containers have terminated. Once all regular
containers have completed, all init containers with restartPolicy "Always" containers have completed, all init containers with restartPolicy "Always"
...@@ -2771,6 +3042,57 @@ spec: ...@@ -2771,6 +3042,57 @@ spec:
init container is started, or after any startupProbe has successfully init container is started, or after any startupProbe has successfully
completed. completed.
type: string type: string
restartPolicyRules:
description: |-
Represents a list of rules to be checked to determine if the
container should be restarted on exit. The rules are evaluated in
order. Once a rule matches a container exit condition, the remaining
rules are ignored. If no rule matches the container exit condition,
the Container-level restart policy determines the whether the container
is restarted or not. Constraints on the rules:
- At most 20 rules are allowed.
- Rules can have the same action.
- Identical rules are not forbidden in validations.
When rules are specified, container MUST set RestartPolicy explicitly
even it if matches the Pod's RestartPolicy.
items:
description: ContainerRestartRule describes how a container exit is handled.
properties:
action:
description: |-
Specifies the action taken on a container exit if the requirements
are satisfied. The only possible value is "Restart" to restart the
container.
type: string
exitCodes:
description: Represents the exit codes to check on container exits.
properties:
operator:
description: |-
Represents the relationship between the container exit code(s) and the
specified values. Possible values are:
- In: the requirement is satisfied if the container exit code is in the
set of specified values.
- NotIn: the requirement is satisfied if the container exit code is
not in the set of specified values.
type: string
values:
description: |-
Specifies the set of values to check for container exit codes.
At most 255 elements are allowed.
items:
format: int32
type: integer
type: array
x-kubernetes-list-type: set
required:
- operator
type: object
required:
- action
type: object
type: array
x-kubernetes-list-type: atomic
securityContext: securityContext:
description: |- description: |-
SecurityContext defines the security options the container should be run with. SecurityContext defines the security options the container should be run with.
...@@ -3368,7 +3690,9 @@ spec: ...@@ -3368,7 +3690,9 @@ spec:
description: EnvVar represents an environment variable present in a Container. description: EnvVar represents an environment variable present in a Container.
properties: properties:
name: name:
description: Name of the environment variable. Must be a C_IDENTIFIER. description: |-
Name of the environment variable.
May consist of any printable ASCII characters except '='.
type: string type: string
value: value:
description: |- description: |-
...@@ -3422,6 +3746,42 @@ spec: ...@@ -3422,6 +3746,42 @@ spec:
- fieldPath - fieldPath
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
fileKeyRef:
description: |-
FileKeyRef selects a key of the env file.
Requires the EnvFiles feature gate to be enabled.
properties:
key:
description: |-
The key within the env file. An invalid key will prevent the pod from starting.
The keys defined within a source may consist of any printable ASCII characters except '='.
During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
type: string
optional:
default: false
description: |-
Specify whether the file or its key must be defined. If the file or key
does not exist, then the env var is not published.
If optional is set to true and the specified key does not exist,
the environment variable will not be set in the Pod's containers.
If optional is set to false and the specified key does not exist,
an error will be returned during Pod creation.
type: boolean
path:
description: |-
The path within the volume from which to select the file.
Must be relative and may not contain the '..' path or start with '..'.
type: string
volumeName:
description: The name of the volume mount containing the env file.
type: string
required:
- key
- path
- volumeName
type: object
x-kubernetes-map-type: atomic
resourceFieldRef: resourceFieldRef:
description: |- description: |-
Selects a resource of the container: only resources limits and requests Selects a resource of the container: only resources limits and requests
...@@ -3477,8 +3837,8 @@ spec: ...@@ -3477,8 +3837,8 @@ spec:
envFrom: envFrom:
description: |- description: |-
List of sources to populate environment variables in the container. List of sources to populate environment variables in the container.
The keys defined within a source must be a C_IDENTIFIER. All invalid keys The keys defined within a source may consist of any printable ASCII characters except '='.
will be reported as an event when the container is starting. When a key exists in multiple When a key exists in multiple
sources, the value associated with the last source will take precedence. sources, the value associated with the last source will take precedence.
Values defined by an Env with a duplicate key will take precedence. Values defined by an Env with a duplicate key will take precedence.
Cannot be updated. Cannot be updated.
...@@ -3503,7 +3863,9 @@ spec: ...@@ -3503,7 +3863,9 @@ spec:
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
prefix: prefix:
description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. description: |-
Optional text to prepend to the name of each environment variable.
May consist of any printable ASCII characters except '='.
type: string type: string
secretRef: secretRef:
description: The Secret to select from description: The Secret to select from
...@@ -4127,7 +4489,7 @@ spec: ...@@ -4127,7 +4489,7 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims, Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container. that are used by this container.
   
This is an alpha field and requires enabling the This field depends on the
DynamicResourceAllocation feature gate. DynamicResourceAllocation feature gate.
   
This field is immutable. It can only be set for containers. This field is immutable. It can only be set for containers.
...@@ -4182,9 +4544,51 @@ spec: ...@@ -4182,9 +4544,51 @@ spec:
description: |- description: |-
Restart policy for the container to manage the restart behavior of each Restart policy for the container to manage the restart behavior of each
container within a pod. container within a pod.
This may only be set for init containers. You cannot set this field on You cannot set this field on ephemeral containers.
ephemeral containers.
type: string type: string
restartPolicyRules:
description: |-
Represents a list of rules to be checked to determine if the
container should be restarted on exit. You cannot set this field on
ephemeral containers.
items:
description: ContainerRestartRule describes how a container exit is handled.
properties:
action:
description: |-
Specifies the action taken on a container exit if the requirements
are satisfied. The only possible value is "Restart" to restart the
container.
type: string
exitCodes:
description: Represents the exit codes to check on container exits.
properties:
operator:
description: |-
Represents the relationship between the container exit code(s) and the
specified values. Possible values are:
- In: the requirement is satisfied if the container exit code is in the
set of specified values.
- NotIn: the requirement is satisfied if the container exit code is
not in the set of specified values.
type: string
values:
description: |-
Specifies the set of values to check for container exit codes.
At most 255 elements are allowed.
items:
format: int32
type: integer
type: array
x-kubernetes-list-type: set
required:
- operator
type: object
required:
- action
type: object
type: array
x-kubernetes-list-type: atomic
securityContext: securityContext:
description: |- description: |-
Optional: SecurityContext defines the security options the ephemeral container should be run with. Optional: SecurityContext defines the security options the ephemeral container should be run with.
...@@ -4703,7 +5107,9 @@ spec: ...@@ -4703,7 +5107,9 @@ spec:
hostNetwork: hostNetwork:
description: |- description: |-
Host networking requested for this pod. Use the host's network namespace. Host networking requested for this pod. Use the host's network namespace.
If this option is set, the ports that will be used must be specified. When using HostNetwork you should specify ports so the scheduler is aware.
When `hostNetwork` is true, specified `hostPort` fields in port definitions must match `containerPort`,
and unspecified `hostPort` fields in port definitions are defaulted to match `containerPort`.
Default to false. Default to false.
type: boolean type: boolean
hostPID: hostPID:
...@@ -4728,6 +5134,19 @@ spec: ...@@ -4728,6 +5134,19 @@ spec:
Specifies the hostname of the Pod Specifies the hostname of the Pod
If not specified, the pod's hostname will be set to a system-defined value. If not specified, the pod's hostname will be set to a system-defined value.
type: string type: string
hostnameOverride:
description: |-
HostnameOverride specifies an explicit override for the pod's hostname as perceived by the pod.
This field only specifies the pod's hostname and does not affect its DNS records.
When this field is set to a non-empty string:
- It takes precedence over the values set in `hostname` and `subdomain`.
- The Pod's hostname will be set to this value.
- `setHostnameAsFQDN` must be nil or set to false.
- `hostNetwork` must be set to false.
This field must be a valid DNS subdomain as defined in RFC 1123 and contain at most 64 characters.
Requires the HostnameOverride feature gate to be enabled.
type: string
imagePullSecrets: imagePullSecrets:
description: |- description: |-
ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
...@@ -4807,7 +5226,9 @@ spec: ...@@ -4807,7 +5226,9 @@ spec:
description: EnvVar represents an environment variable present in a Container. description: EnvVar represents an environment variable present in a Container.
properties: properties:
name: name:
description: Name of the environment variable. Must be a C_IDENTIFIER. description: |-
Name of the environment variable.
May consist of any printable ASCII characters except '='.
type: string type: string
value: value:
description: |- description: |-
...@@ -4861,6 +5282,42 @@ spec: ...@@ -4861,6 +5282,42 @@ spec:
- fieldPath - fieldPath
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
fileKeyRef:
description: |-
FileKeyRef selects a key of the env file.
Requires the EnvFiles feature gate to be enabled.
properties:
key:
description: |-
The key within the env file. An invalid key will prevent the pod from starting.
The keys defined within a source may consist of any printable ASCII characters except '='.
During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
type: string
optional:
default: false
description: |-
Specify whether the file or its key must be defined. If the file or key
does not exist, then the env var is not published.
If optional is set to true and the specified key does not exist,
the environment variable will not be set in the Pod's containers.
If optional is set to false and the specified key does not exist,
an error will be returned during Pod creation.
type: boolean
path:
description: |-
The path within the volume from which to select the file.
Must be relative and may not contain the '..' path or start with '..'.
type: string
volumeName:
description: The name of the volume mount containing the env file.
type: string
required:
- key
- path
- volumeName
type: object
x-kubernetes-map-type: atomic
resourceFieldRef: resourceFieldRef:
description: |- description: |-
Selects a resource of the container: only resources limits and requests Selects a resource of the container: only resources limits and requests
...@@ -4916,8 +5373,8 @@ spec: ...@@ -4916,8 +5373,8 @@ spec:
envFrom: envFrom:
description: |- description: |-
List of sources to populate environment variables in the container. List of sources to populate environment variables in the container.
The keys defined within a source must be a C_IDENTIFIER. All invalid keys The keys defined within a source may consist of any printable ASCII characters except '='.
will be reported as an event when the container is starting. When a key exists in multiple When a key exists in multiple
sources, the value associated with the last source will take precedence. sources, the value associated with the last source will take precedence.
Values defined by an Env with a duplicate key will take precedence. Values defined by an Env with a duplicate key will take precedence.
Cannot be updated. Cannot be updated.
...@@ -4942,7 +5399,9 @@ spec: ...@@ -4942,7 +5399,9 @@ spec:
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
prefix: prefix:
description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. description: |-
Optional text to prepend to the name of each environment variable.
May consist of any printable ASCII characters except '='.
type: string type: string
secretRef: secretRef:
description: The Secret to select from description: The Secret to select from
...@@ -5587,7 +6046,7 @@ spec: ...@@ -5587,7 +6046,7 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims, Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container. that are used by this container.
   
This is an alpha field and requires enabling the This field depends on the
DynamicResourceAllocation feature gate. DynamicResourceAllocation feature gate.
   
This field is immutable. It can only be set for containers. This field is immutable. It can only be set for containers.
...@@ -5641,10 +6100,10 @@ spec: ...@@ -5641,10 +6100,10 @@ spec:
restartPolicy: restartPolicy:
description: |- description: |-
RestartPolicy defines the restart behavior of individual containers in a pod. RestartPolicy defines the restart behavior of individual containers in a pod.
This field may only be set for init containers, and the only allowed value is "Always". This overrides the pod-level restart policy. When this field is not specified,
For non-init containers or when this field is not specified,
the restart behavior is defined by the Pod's restart policy and the container type. the restart behavior is defined by the Pod's restart policy and the container type.
Setting the RestartPolicy as "Always" for the init container will have the following effect: Additionally, setting the RestartPolicy as "Always" for the init container will
have the following effect:
this init container will be continually restarted on this init container will be continually restarted on
exit until all regular containers have terminated. Once all regular exit until all regular containers have terminated. Once all regular
containers have completed, all init containers with restartPolicy "Always" containers have completed, all init containers with restartPolicy "Always"
...@@ -5656,6 +6115,57 @@ spec: ...@@ -5656,6 +6115,57 @@ spec:
init container is started, or after any startupProbe has successfully init container is started, or after any startupProbe has successfully
completed. completed.
type: string type: string
restartPolicyRules:
description: |-
Represents a list of rules to be checked to determine if the
container should be restarted on exit. The rules are evaluated in
order. Once a rule matches a container exit condition, the remaining
rules are ignored. If no rule matches the container exit condition,
the Container-level restart policy determines the whether the container
is restarted or not. Constraints on the rules:
- At most 20 rules are allowed.
- Rules can have the same action.
- Identical rules are not forbidden in validations.
When rules are specified, container MUST set RestartPolicy explicitly
even it if matches the Pod's RestartPolicy.
items:
description: ContainerRestartRule describes how a container exit is handled.
properties:
action:
description: |-
Specifies the action taken on a container exit if the requirements
are satisfied. The only possible value is "Restart" to restart the
container.
type: string
exitCodes:
description: Represents the exit codes to check on container exits.
properties:
operator:
description: |-
Represents the relationship between the container exit code(s) and the
specified values. Possible values are:
- In: the requirement is satisfied if the container exit code is in the
set of specified values.
- NotIn: the requirement is satisfied if the container exit code is
not in the set of specified values.
type: string
values:
description: |-
Specifies the set of values to check for container exit codes.
At most 255 elements are allowed.
items:
format: int32
type: integer
type: array
x-kubernetes-list-type: set
required:
- operator
type: object
required:
- action
type: object
type: array
x-kubernetes-list-type: atomic
securityContext: securityContext:
description: |- description: |-
SecurityContext defines the security options the container should be run with. SecurityContext defines the security options the container should be run with.
...@@ -6179,7 +6689,9 @@ spec: ...@@ -6179,7 +6689,9 @@ spec:
description: EnvVar represents an environment variable present in a Container. description: EnvVar represents an environment variable present in a Container.
properties: properties:
name: name:
description: Name of the environment variable. Must be a C_IDENTIFIER. description: |-
Name of the environment variable.
May consist of any printable ASCII characters except '='.
type: string type: string
value: value:
description: |- description: |-
...@@ -6233,6 +6745,42 @@ spec: ...@@ -6233,6 +6745,42 @@ spec:
- fieldPath - fieldPath
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
fileKeyRef:
description: |-
FileKeyRef selects a key of the env file.
Requires the EnvFiles feature gate to be enabled.
properties:
key:
description: |-
The key within the env file. An invalid key will prevent the pod from starting.
The keys defined within a source may consist of any printable ASCII characters except '='.
During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
type: string
optional:
default: false
description: |-
Specify whether the file or its key must be defined. If the file or key
does not exist, then the env var is not published.
If optional is set to true and the specified key does not exist,
the environment variable will not be set in the Pod's containers.
If optional is set to false and the specified key does not exist,
an error will be returned during Pod creation.
type: boolean
path:
description: |-
The path within the volume from which to select the file.
Must be relative and may not contain the '..' path or start with '..'.
type: string
volumeName:
description: The name of the volume mount containing the env file.
type: string
required:
- key
- path
- volumeName
type: object
x-kubernetes-map-type: atomic
resourceFieldRef: resourceFieldRef:
description: |- description: |-
Selects a resource of the container: only resources limits and requests Selects a resource of the container: only resources limits and requests
...@@ -6288,8 +6836,8 @@ spec: ...@@ -6288,8 +6836,8 @@ spec:
envFrom: envFrom:
description: |- description: |-
List of sources to populate environment variables in the container. List of sources to populate environment variables in the container.
The keys defined within a source must be a C_IDENTIFIER. All invalid keys The keys defined within a source may consist of any printable ASCII characters except '='.
will be reported as an event when the container is starting. When a key exists in multiple When a key exists in multiple
sources, the value associated with the last source will take precedence. sources, the value associated with the last source will take precedence.
Values defined by an Env with a duplicate key will take precedence. Values defined by an Env with a duplicate key will take precedence.
Cannot be updated. Cannot be updated.
...@@ -6314,7 +6862,9 @@ spec: ...@@ -6314,7 +6862,9 @@ spec:
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
prefix: prefix:
description: Optional text to prepend to the name of each environment variable. Must be a C_IDENTIFIER. description: |-
Optional text to prepend to the name of each environment variable.
May consist of any printable ASCII characters except '='.
type: string type: string
secretRef: secretRef:
description: The Secret to select from description: The Secret to select from
...@@ -6959,7 +7509,7 @@ spec: ...@@ -6959,7 +7509,7 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims, Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container. that are used by this container.
   
This is an alpha field and requires enabling the This field depends on the
DynamicResourceAllocation feature gate. DynamicResourceAllocation feature gate.
   
This field is immutable. It can only be set for containers. This field is immutable. It can only be set for containers.
...@@ -7013,10 +7563,10 @@ spec: ...@@ -7013,10 +7563,10 @@ spec:
restartPolicy: restartPolicy:
description: |- description: |-
RestartPolicy defines the restart behavior of individual containers in a pod. RestartPolicy defines the restart behavior of individual containers in a pod.
This field may only be set for init containers, and the only allowed value is "Always". This overrides the pod-level restart policy. When this field is not specified,
For non-init containers or when this field is not specified,
the restart behavior is defined by the Pod's restart policy and the container type. the restart behavior is defined by the Pod's restart policy and the container type.
Setting the RestartPolicy as "Always" for the init container will have the following effect: Additionally, setting the RestartPolicy as "Always" for the init container will
have the following effect:
this init container will be continually restarted on this init container will be continually restarted on
exit until all regular containers have terminated. Once all regular exit until all regular containers have terminated. Once all regular
containers have completed, all init containers with restartPolicy "Always" containers have completed, all init containers with restartPolicy "Always"
...@@ -7028,6 +7578,57 @@ spec: ...@@ -7028,6 +7578,57 @@ spec:
init container is started, or after any startupProbe has successfully init container is started, or after any startupProbe has successfully
completed. completed.
type: string type: string
restartPolicyRules:
description: |-
Represents a list of rules to be checked to determine if the
container should be restarted on exit. The rules are evaluated in
order. Once a rule matches a container exit condition, the remaining
rules are ignored. If no rule matches the container exit condition,
the Container-level restart policy determines the whether the container
is restarted or not. Constraints on the rules:
- At most 20 rules are allowed.
- Rules can have the same action.
- Identical rules are not forbidden in validations.
When rules are specified, container MUST set RestartPolicy explicitly
even it if matches the Pod's RestartPolicy.
items:
description: ContainerRestartRule describes how a container exit is handled.
properties:
action:
description: |-
Specifies the action taken on a container exit if the requirements
are satisfied. The only possible value is "Restart" to restart the
container.
type: string
exitCodes:
description: Represents the exit codes to check on container exits.
properties:
operator:
description: |-
Represents the relationship between the container exit code(s) and the
specified values. Possible values are:
- In: the requirement is satisfied if the container exit code is in the
set of specified values.
- NotIn: the requirement is satisfied if the container exit code is
not in the set of specified values.
type: string
values:
description: |-
Specifies the set of values to check for container exit codes.
At most 255 elements are allowed.
items:
format: int32
type: integer
type: array
x-kubernetes-list-type: set
required:
- operator
type: object
required:
- action
type: object
type: array
x-kubernetes-list-type: atomic
securityContext: securityContext:
description: |- description: |-
SecurityContext defines the security options the container should be run with. SecurityContext defines the security options the container should be run with.
...@@ -7536,6 +8137,7 @@ spec: ...@@ -7536,6 +8137,7 @@ spec:
- spec.hostPID - spec.hostPID
- spec.hostIPC - spec.hostIPC
- spec.hostUsers - spec.hostUsers
- spec.resources
- spec.securityContext.appArmorProfile - spec.securityContext.appArmorProfile
- spec.securityContext.seLinuxOptions - spec.securityContext.seLinuxOptions
- spec.securityContext.seccompProfile - spec.securityContext.seccompProfile
...@@ -7687,7 +8289,7 @@ spec: ...@@ -7687,7 +8289,7 @@ spec:
description: |- description: |-
Resources is the total amount of CPU and Memory resources required by all Resources is the total amount of CPU and Memory resources required by all
containers in the pod. It supports specifying Requests and Limits for containers in the pod. It supports specifying Requests and Limits for
"cpu" and "memory" resource names only. ResourceClaims are not supported. "cpu", "memory" and "hugepages-" resource names only. ResourceClaims are not supported.
   
This field enables fine-grained control over resource allocation for the This field enables fine-grained control over resource allocation for the
entire pod, allowing resource sharing among containers in a pod. entire pod, allowing resource sharing among containers in a pod.
...@@ -7700,7 +8302,7 @@ spec: ...@@ -7700,7 +8302,7 @@ spec:
Claims lists the names of resources, defined in spec.resourceClaims, Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container. that are used by this container.
   
This is an alpha field and requires enabling the This field depends on the
DynamicResourceAllocation feature gate. DynamicResourceAllocation feature gate.
   
This field is immutable. It can only be set for containers. This field is immutable. It can only be set for containers.
...@@ -8926,15 +9528,13 @@ spec: ...@@ -8926,15 +9528,13 @@ spec:
volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
If specified, the CSI driver will create or update the volume with the attributes defined If specified, the CSI driver will create or update the volume with the attributes defined
in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass it can be changed after the claim is created. An empty string or nil value indicates that no
will be applied to the claim but it's not allowed to reset this field to empty string once it is set. VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state,
If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass this field can be reset to its previous value (including nil) to cancel the modification.
will be set by the persistentvolume controller if it exists.
If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
exists. exists.
More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
type: string type: string
volumeMode: volumeMode:
description: |- description: |-
...@@ -9108,12 +9708,9 @@ spec: ...@@ -9108,12 +9708,9 @@ spec:
description: |- description: |-
glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.
More info: https://examples.k8s.io/volumes/glusterfs/README.md
properties: properties:
endpoints: endpoints:
description: |- description: endpoints is the endpoint name that details Glusterfs topology.
endpoints is the endpoint name that details Glusterfs topology.
More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
type: string type: string
path: path:
description: |- description: |-
...@@ -9192,7 +9789,7 @@ spec: ...@@ -9192,7 +9789,7 @@ spec:
description: |- description: |-
iscsi represents an ISCSI Disk resource that is attached to a iscsi represents an ISCSI Disk resource that is attached to a
kubelet's host machine and then exposed to the pod. kubelet's host machine and then exposed to the pod.
More info: https://examples.k8s.io/volumes/iscsi/README.md More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi
properties: properties:
chapAuthDiscovery: chapAuthDiscovery:
description: chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication description: chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
...@@ -9582,6 +10179,110 @@ spec: ...@@ -9582,6 +10179,110 @@ spec:
type: array type: array
x-kubernetes-list-type: atomic x-kubernetes-list-type: atomic
type: object type: object
podCertificate:
description: |-
Projects an auto-rotating credential bundle (private key and certificate
chain) that the pod can use either as a TLS client or server.
Kubelet generates a private key and uses it to send a
PodCertificateRequest to the named signer. Once the signer approves the
request and issues a certificate chain, Kubelet writes the key and
certificate chain to the pod filesystem. The pod does not start until
certificates have been issued for each podCertificate projected volume
source in its spec.
Kubelet will begin trying to rotate the certificate at the time indicated
by the signer using the PodCertificateRequest.Status.BeginRefreshAt
timestamp.
Kubelet can write a single file, indicated by the credentialBundlePath
field, or separate files, indicated by the keyPath and
certificateChainPath fields.
The credential bundle is a single file in PEM format. The first PEM
entry is the private key (in PKCS#8 format), and the remaining PEM
entries are the certificate chain issued by the signer (typically,
signers will return their certificate chain in leaf-to-root order).
Prefer using the credential bundle format, since your application code
can read it atomically. If you use keyPath and certificateChainPath,
your application must make two separate file reads. If these coincide
with a certificate rotation, it is possible that the private key and leaf
certificate you read may not correspond to each other. Your application
will need to check for this condition, and re-read until they are
consistent.
The named signer controls chooses the format of the certificate it
issues; consult the signer implementation's documentation to learn how to
use the certificates it issues.
properties:
certificateChainPath:
description: |-
Write the certificate chain at this path in the projected volume.
Most applications should use credentialBundlePath. When using keyPath
and certificateChainPath, your application needs to check that the key
and leaf certificate are consistent, because it is possible to read the
files mid-rotation.
type: string
credentialBundlePath:
description: |-
Write the credential bundle at this path in the projected volume.
The credential bundle is a single file that contains multiple PEM blocks.
The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private
key.
The remaining blocks are CERTIFICATE blocks, containing the issued
certificate chain from the signer (leaf and any intermediates).
Using credentialBundlePath lets your Pod's application code make a single
atomic read that retrieves a consistent key and certificate chain. If you
project them to separate files, your application code will need to
additionally check that the leaf certificate was issued to the key.
type: string
keyPath:
description: |-
Write the key at this path in the projected volume.
Most applications should use credentialBundlePath. When using keyPath
and certificateChainPath, your application needs to check that the key
and leaf certificate are consistent, because it is possible to read the
files mid-rotation.
type: string
keyType:
description: |-
The type of keypair Kubelet will generate for the pod.
Valid values are "RSA3072", "RSA4096", "ECDSAP256", "ECDSAP384",
"ECDSAP521", and "ED25519".
type: string
maxExpirationSeconds:
description: |-
maxExpirationSeconds is the maximum lifetime permitted for the
certificate.
Kubelet copies this value verbatim into the PodCertificateRequests it
generates for this projection.
If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver
will reject values shorter than 3600 (1 hour). The maximum allowable
value is 7862400 (91 days).
The signer implementation is then free to issue a certificate with any
lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600
seconds (1 hour). This constraint is enforced by kube-apiserver.
`kubernetes.io` signers will never issue certificates with a lifetime
longer than 24 hours.
format: int32
type: integer
signerName:
description: Kubelet's generated CSRs will be addressed to this signer.
type: string
required:
- keyType
- signerName
type: object
secret: secret:
description: secret information about the secret data to project description: secret information about the secret data to project
properties: properties:
...@@ -9711,7 +10412,6 @@ spec: ...@@ -9711,7 +10412,6 @@ spec:
description: |- description: |-
rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported.
More info: https://examples.k8s.io/volumes/rbd/README.md
properties: properties:
fsType: fsType:
description: |- description: |-
......
deploy/helm/charts/platform/README.md
View file @ 9e2a2cc9
...@@ -19,7 +19,7 @@ limitations under the License. ...@@ -19,7 +19,7 @@ limitations under the License.
A Helm chart for NVIDIA Dynamo Platform. A Helm chart for NVIDIA Dynamo Platform.
![Version: 0.7.1](https://img.shields.io/badge/Version-0.7.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.8.0](https://img.shields.io/badge/Version-0.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
## 🚀 Overview ## 🚀 Overview
...@@ -86,7 +86,7 @@ The chart includes built-in validation to prevent all operator conflicts: ...@@ -86,7 +86,7 @@ The chart includes built-in validation to prevent all operator conflicts:
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
| file://components/operator | dynamo-operator | 0.6.1 | | file://components/operator | dynamo-operator | 0.7.1 |
| https://charts.bitnami.com/bitnami | etcd | 12.0.18 | | https://charts.bitnami.com/bitnami | etcd | 12.0.18 |
| https://nats-io.github.io/k8s/helm/charts/ | nats | 1.3.2 | | https://nats-io.github.io/k8s/helm/charts/ | nats | 1.3.2 |
| oci://ghcr.io/nvidia/grove | grove(grove-charts) | v0.1.0-alpha.3 | | oci://ghcr.io/nvidia/grove | grove(grove-charts) | v0.1.0-alpha.3 |
...@@ -99,6 +99,7 @@ The chart includes built-in validation to prevent all operator conflicts: ...@@ -99,6 +99,7 @@ The chart includes built-in validation to prevent all operator conflicts:
| dynamo-operator.enabled | bool | `true` | Whether to enable the Dynamo Kubernetes operator deployment | | dynamo-operator.enabled | bool | `true` | Whether to enable the Dynamo Kubernetes operator deployment |
| dynamo-operator.natsAddr | string | `""` | NATS server address for operator communication (leave empty to use the bundled NATS chart). Format: "nats://hostname:port" | | dynamo-operator.natsAddr | string | `""` | NATS server address for operator communication (leave empty to use the bundled NATS chart). Format: "nats://hostname:port" |
| dynamo-operator.etcdAddr | string | `""` | etcd server address for operator state storage (leave empty to use the bundled etcd chart). Format: "http://hostname:port" or "https://hostname:port" | | dynamo-operator.etcdAddr | string | `""` | etcd server address for operator state storage (leave empty to use the bundled etcd chart). Format: "http://hostname:port" or "https://hostname:port" |
| dynamo-operator.nats.enabled | bool | `true` | Whether the NATS is enabled |
| dynamo-operator.modelExpressURL | string | `""` | URL for the Model Express server if not deployed by this helm chart. This is ignored if Model Express server is installed by this helm chart (global.model-express.enabled is true). | | dynamo-operator.modelExpressURL | string | `""` | URL for the Model Express server if not deployed by this helm chart. This is ignored if Model Express server is installed by this helm chart (global.model-express.enabled is true). |
| dynamo-operator.namespaceRestriction | object | `{"enabled":false,"lease":{"duration":"30s","renewInterval":"10s"},"targetNamespace":null}` | Namespace access controls for the operator | | dynamo-operator.namespaceRestriction | object | `{"enabled":false,"lease":{"duration":"30s","renewInterval":"10s"},"targetNamespace":null}` | Namespace access controls for the operator |
| dynamo-operator.namespaceRestriction.enabled | bool | `false` | Whether to restrict operator to specific namespaces. By default, the operator will run with cluster-wide permissions. Only 1 instance of the operator should be deployed in the cluster. If you want to deploy multiple operator instances, you can set this to true and specify the target namespace (by default, the target namespace is the helm release namespace). | | dynamo-operator.namespaceRestriction.enabled | bool | `false` | Whether to restrict operator to specific namespaces. By default, the operator will run with cluster-wide permissions. Only 1 instance of the operator should be deployed in the cluster. If you want to deploy multiple operator instances, you can set this to true and specify the target namespace (by default, the target namespace is the helm release namespace). |
...@@ -176,7 +177,7 @@ For detailed etcd configuration options beyond `etcd.enabled`, please refer to t ...@@ -176,7 +177,7 @@ For detailed etcd configuration options beyond `etcd.enabled`, please refer to t
## 📚 Additional Resources ## 📚 Additional Resources
- [Dynamo Kubernetes Platform Deployment Installation Guide](../../../../docs/kubernetes/installation_guide.md) - [Dynamo Cloud Deployment Installation Guide](../../../../docs/kubernetes/installation_guide.md)
- [NATS Documentation](https://docs.nats.io/) - [NATS Documentation](https://docs.nats.io/)
- [etcd Documentation](https://etcd.io/docs/) - [etcd Documentation](https://etcd.io/docs/)
- [Kubernetes Operator Pattern](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/) - [Kubernetes Operator Pattern](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/)
......
deploy/helm/charts/platform/components/operator/templates/deployment.yaml
View file @ 9e2a2cc9
...@@ -131,6 +131,7 @@ spec: ...@@ -131,6 +131,7 @@ spec:
{{- if not .Values.namespaceRestriction.enabled }} {{- if not .Values.namespaceRestriction.enabled }}
- --dgdr-profiling-cluster-role-name={{ include "dynamo-operator.fullname" . }}-dgdr-profiling - --dgdr-profiling-cluster-role-name={{ include "dynamo-operator.fullname" . }}-dgdr-profiling
- --planner-cluster-role-name={{ include "dynamo-operator.fullname" . }}-planner - --planner-cluster-role-name={{ include "dynamo-operator.fullname" . }}-planner
- --epp-cluster-role-name={{ include "dynamo-operator.fullname" . }}-epp
{{- end }} {{- end }}
{{- if .Values.discoveryBackend }} {{- if .Values.discoveryBackend }}
- --discovery-backend={{ .Values.discoveryBackend }} - --discovery-backend={{ .Values.discoveryBackend }}
......
deploy/helm/charts/platform/components/operator/templates/epp.yaml 0 → 100644
View file @ 9e2a2cc9
# SPDX-FileCopyrightText: Copyright (c) 2025-2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- if .Values.namespaceRestriction.enabled }}
# Namespace-restricted mode: Role + ServiceAccount + RoleBinding
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: epp-serviceaccount
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynamo-operator.labels" . | nindent 4 }}
{{- if .Values.dynamo.dockerRegistry.useKubernetesSecret }}
imagePullSecrets:
- name: {{ include "dynamo-operator.componentsDockerRegistrySecretName" . }}
{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: epp-role
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynamo-operator.labels" . | nindent 4 }}
rules:
# Gateway API inference resources
- apiGroups: ["inference.networking.x-k8s.io"]
resources: ["inferencepools", "inferenceobjectives", "inferencemodelrewrites"]
verbs: ["get", "watch", "list"]
- apiGroups: ["inference.networking.k8s.io"]
resources: ["inferencepools"]
verbs: ["get", "watch", "list"]
# Core resources for pod discovery
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "watch", "list"]
# Dynamo k8s service discovery - endpointslices
- apiGroups: ["discovery.k8s.io"]
resources: ["endpointslices"]
verbs: ["get", "list", "watch"]
# Dynamo k8s service discovery - worker metadata CRs
- apiGroups: ["nvidia.com"]
resources: ["dynamoworkermetadatas"]
verbs: ["create", "get", "list", "watch", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: epp-binding
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynamo-operator.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: epp-serviceaccount
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: epp-role
apiGroup: rbac.authorization.k8s.io
{{- else }}
# Cluster-wide mode: ClusterRole for EPP
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "dynamo-operator.fullname" . }}-epp
labels:
{{- include "dynamo-operator.labels" . | nindent 4 }}
rules:
# Gateway API inference resources
- apiGroups: ["inference.networking.x-k8s.io"]
resources: ["inferencepools", "inferenceobjectives", "inferencemodelrewrites"]
verbs: ["get", "watch", "list"]
- apiGroups: ["inference.networking.k8s.io"]
resources: ["inferencepools"]
verbs: ["get", "watch", "list"]
# Core resources for pod discovery
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "watch", "list"]
# Dynamo k8s service discovery - endpointslices
- apiGroups: ["discovery.k8s.io"]
resources: ["endpointslices"]
verbs: ["get", "list", "watch"]
# Dynamo k8s service discovery - worker metadata CRs
- apiGroups: ["nvidia.com"]
resources: ["dynamoworkermetadatas"]
verbs: ["create", "get", "list", "watch", "update", "patch", "delete"]
# Authentication/authorization
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
{{- end }}
deploy/helm/charts/platform/components/operator/templates/manager-rbac.yaml
View file @ 9e2a2cc9
...@@ -363,6 +363,18 @@ rules: ...@@ -363,6 +363,18 @@ rules:
- patch - patch
- update - update
- watch - watch
- apiGroups:
- inference.networking.k8s.io
resources:
- inferencepools
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups: - apiGroups:
- nvidia.com - nvidia.com
resources: resources:
......
deploy/inference-gateway/README.md
View file @ 9e2a2cc9
...@@ -22,8 +22,8 @@ Currently, these setups are only supported with the kGateway based Inference Gat ...@@ -22,8 +22,8 @@ Currently, these setups are only supported with the kGateway based Inference Gat
- [1. Install Dynamo Platform](#1-install-dynamo-platform) - [1. Install Dynamo Platform](#1-install-dynamo-platform)
- [2. Deploy Inference Gateway](#2-deploy-inference-gateway) - [2. Deploy Inference Gateway](#2-deploy-inference-gateway)
- [3. Deploy Your Model](#3-deploy-your-model) - [3. Deploy Your Model](#3-deploy-your-model)
- [4. Build EPP image](#4-build-epp-image) - [4. Build EPP image (Optional)](#4-build-epp-image-optional)
- [5. Install Dynamo GAIE helm chart](#5-install-dynamo-gaie-helm-chart) - [5. Deploy](#5-deploy)
- [6. Verify Installation](#6-verify-installation) - [6. Verify Installation](#6-verify-installation)
- [7. Usage](#7-usage) - [7. Usage](#7-usage)
- [8. Deleting the installation](#8-deleting-the-installation) - [8. Deleting the installation](#8-deleting-the-installation)
...@@ -49,6 +49,7 @@ First, deploy an inference gateway service. In this example, we'll install `kgat ...@@ -49,6 +49,7 @@ First, deploy an inference gateway service. In this example, we'll install `kgat
```bash ```bash
cd deploy/inference-gateway cd deploy/inference-gateway
export NAMESPACE=my-model # You can put the inference gateway into another namespace and then adjust your http-route.yaml
./scripts/install_gaie_crd_kgateway.sh ./scripts/install_gaie_crd_kgateway.sh
``` ```
**Note**: The manifest at `config/manifests/gateway/kgateway/gateway.yaml` uses `gatewayClassName: agentgateway`, but kGateway's helm chart creates a GatewayClass named `kgateway`. The patch command in the script fixes this mismatch. **Note**: The manifest at `config/manifests/gateway/kgateway/gateway.yaml` uses `gatewayClassName: agentgateway`, but kGateway's helm chart creates a GatewayClass named `kgateway`. The patch command in the script fixes this mismatch.
...@@ -64,7 +65,7 @@ kubectl get gateway inference-gateway ...@@ -64,7 +65,7 @@ kubectl get gateway inference-gateway
``` ```
### 3. Deploy Your Model ### ### 3. Setup secrets ###
Follow the steps in [model deployment](../../examples/backends/vllm/deploy/README.md) to deploy `Qwen/Qwen3-0.6B` model in aggregate mode using [agg.yaml](../../examples/backends/vllm/deploy/agg.yaml) in `my-model` kubernetes namespace. Follow the steps in [model deployment](../../examples/backends/vllm/deploy/README.md) to deploy `Qwen/Qwen3-0.6B` model in aggregate mode using [agg.yaml](../../examples/backends/vllm/deploy/agg.yaml) in `my-model` kubernetes namespace.
Make sure to enable kv-routing by adding the env var in the FrontEnd. Make sure to enable kv-routing by adding the env var in the FrontEnd.
...@@ -109,7 +110,7 @@ Create a model configuration file similar to the vllm_agg_qwen.yaml for your mod ...@@ -109,7 +110,7 @@ Create a model configuration file similar to the vllm_agg_qwen.yaml for your mod
This file demonstrates the values needed for the Vllm Agg setup in [agg.yaml](../../examples/backends/vllm/deploy/agg.yaml) This file demonstrates the values needed for the Vllm Agg setup in [agg.yaml](../../examples/backends/vllm/deploy/agg.yaml)
Take a note of the model's block size provided in the model card. Take a note of the model's block size provided in the model card.
### 4. Build EPP image ### 4. Build EPP image (Optional)
You can either use the provided Dynamo FrontEnd image for the EPP image or you need to build your own Dynamo EPP custom image following the steps below. You can either use the provided Dynamo FrontEnd image for the EPP image or you need to build your own Dynamo EPP custom image following the steps below.
...@@ -137,14 +138,44 @@ make info # Check image tag ...@@ -137,14 +138,44 @@ make info # Check image tag
| `make all` | Build Dynamo lib + Docker image + load locally | | `make all` | Build Dynamo lib + Docker image + load locally |
| `make all-push` | Build Dynamo lib + Docker image + push to registry | | `make all-push` | Build Dynamo lib + Docker image + push to registry |
### 5. Install Dynamo GAIE helm chart ### ### 5. Deploy
The Inference Gateway is configured through the `inference-gateway-resources.yaml` file. We recommend deploying Inference Gateway's Endpoint Picker as a Dynamo operator's managed component. Alternatively,
you could deploy it as a standalone pod
Deploy the Inference Gateway resources to your Kubernetes cluster by running the command below. #### 5.a. Deploy as a DGD component
```bash ```bash
cd deploy/inference-gateway/ kubectl apply -f operator-managed/examples/agg.yaml -n ${NAMESPACE}
kubectl apply -f operator-managed/examples/http-route.yaml -n ${NAMESPACE}
```
Note that this assumes your gateway is installed into `NAMESPACE=my-model` (examples' default)
If you installed it into a different namespace, you need to adjust the HttpRoute entry in http-route.yaml.
#### 5.b. Deploy as a standalone pod
##### 5.b.1 Deploy Your Model ###
Follow the steps in [model deployment](../../examples/backends/vllm/deploy/README.md) to deploy `Qwen/Qwen3-0.6B` model in aggregate mode using [agg.yaml](../../examples/backends/vllm/deploy/agg.yaml) in `my-model` kubernetes namespace.
Sample commands to deploy model:
```bash
cd <dynamo-source-root>
cd examples/backends/vllm/deploy
kubectl apply -f agg.yaml -n my-model
```
Take a note of or change the DYNAMO_IMAGE in the model deployment file.
Do not forget docker registry secret if needed.
##### 5.b.2 Install Dynamo GIE helm chart ###
```bash
cd deploy/inference-gateway/standalone
# Export the Dynamo image you have used when deploying your model in Step 3. # Export the Dynamo image you have used when deploying your model in Step 3.
export DYNAMO_IMAGE=<the-dynamo-image-you-have-used-when-deploying-the-model> export DYNAMO_IMAGE=<the-dynamo-image-you-have-used-when-deploying-the-model>
...@@ -179,10 +210,10 @@ You can configure the plugin by setting environment vars in your [values-dynamo- ...@@ -179,10 +210,10 @@ You can configure the plugin by setting environment vars in your [values-dynamo-
- Set `DYNAMO_ENFORCE_DISAGG=true` if you want to enforce every request being served in the disaggregated manner. By default it is false meaning if the the prefill worker is not available the request will be served in the aggregated manner. - Set `DYNAMO_ENFORCE_DISAGG=true` if you want to enforce every request being served in the disaggregated manner. By default it is false meaning if the the prefill worker is not available the request will be served in the aggregated manner.
- By default the Dynamo plugin uses KV routing. You can expose `DYNAMO_USE_KV_ROUTING=false` in your [values-dynamo-epp.yaml] if you prefer to route in the round-robin fashion. - By default the Dynamo plugin uses KV routing. You can expose `DYNAMO_USE_KV_ROUTING=false` in your [values-dynamo-epp.yaml] if you prefer to route in the round-robin fashion.
- If using kv-routing: - If using kv-routing:
- Overwrite the `DYNAMO_KV_BLOCK_SIZE` in your [values-dynamo-epp.yaml](./values-dynamo-epp.yaml) to match your model's block size.The `DYNAMO_KV_BLOCK_SIZE` env var is ***MANDATORY*** to prevent silent KV routing failures. - Overwrite the `DYN_KV_BLOCK_SIZE` in your [values-dynamo-epp.yaml](./values-dynamo-epp.yaml) to match your model's block size.The `DYN_KV_BLOCK_SIZE` env var is ***MANDATORY*** to prevent silent KV routing failures.
- Set `DYNAMO_OVERLAP_SCORE_WEIGHT` to weigh how heavily the score uses token overlap (predicted KV cache hits) versus other factors (load, historical hit rate). Higher weight biases toward reusing workers with similar cached prefixes. - Set `DYNAMO_OVERLAP_SCORE_WEIGHT` to weigh how heavily the score uses token overlap (predicted KV cache hits) versus other factors (load, historical hit rate). Higher weight biases toward reusing workers with similar cached prefixes.
- Set `DYNAMO_ROUTER_TEMPERATURE` to soften or sharpen the selection curve when combining scores. Low temperature makes the router pick the top candidate deterministically; higher temperature lets lower-scoring workers through more often (exploration). - Set `DYNAMO_ROUTER_TEMPERATURE` to soften or sharpen the selection curve when combining scores. Low temperature makes the router pick the top candidate deterministically; higher temperature lets lower-scoring workers through more often (exploration).
- Set `DYNAMO_USE_KV_EVENTS=false` if you want to disable KV event tracking while using kv-routing - Set `DYNAMO_USE_KV_EVENTS=false` if you want to disable the workers sending KV events while using kv-routing
- See the [KV cache routing design](../../docs/router/kv_cache_routing.md) for details. - See the [KV cache routing design](../../docs/router/kv_cache_routing.md) for details.
...@@ -238,8 +269,7 @@ ps aux | grep "minikube tunnel" | grep -v grep # make sure minikube tunnel is no ...@@ -238,8 +269,7 @@ ps aux | grep "minikube tunnel" | grep -v grep # make sure minikube tunnel is no
minikube tunnel # start the tunnel minikube tunnel # start the tunnel
# in second terminal where you want to send inference requests # in second terminal where you want to send inference requests
GATEWAY_URL=$(kubectl get svc inference-gateway -n my-model -o jsonpath='{.spec.clusterIP}') GATEWAY_URL=$(kubectl get svc inference-gateway -n my-model -o jsonpath='{.spec.clusterIP}') & echo $GATEWAY_URL
echo $GATEWAY_URL
``` ```
b. use port-forward to expose the gateway to the host b. use port-forward to expose the gateway to the host
......
deploy/inference-gateway/epp/pkg/plugins/dynamo_kv_scorer/plugin.go
View file @ 9e2a2cc9
...@@ -231,31 +231,31 @@ var ( ...@@ -231,31 +231,31 @@ var (
) )
func loadDynamoConfig() { func loadDynamoConfig() {
ffiNamespace = getEnvOrDefault("DYNAMO_NAMESPACE", "vllm-agg") ffiNamespace = getEnvOrDefault("DYN_NAMESPACE", "vllm-agg")
ffiComponent = getEnvOrDefault("DYNAMO_COMPONENT", "backend") ffiComponent = "backend" // The pipeline uses backend not DYN_COMPONENT which is epp
ffiModel = getEnvOrDefault("DYNAMO_MODEL", "Qwen/Qwen3-0.6B") ffiModel = getEnvOrDefault("DYN_MODEL", "Qwen/Qwen3-0.6B")
ffiWorkerID = getEnvInt64OrDefault("DYNAMO_WORKER_ID", 1) ffiWorkerID = getEnvInt64OrDefault("DYNAMO_WORKER_ID", 1)
ffiEnforceDisagg = getEnvBoolOrDefault("DYNAMO_ENFORCE_DISAGG", false) ffiEnforceDisagg = getEnvBoolOrDefault("DYNAMO_ENFORCE_DISAGG", false)
ffiOverlapScoreWeight = getEnvFloatOrDefault("DYNAMO_OVERLAP_SCORE_WEIGHT", -1.0) ffiOverlapScoreWeight = getEnvFloatOrDefault("DYNAMO_OVERLAP_SCORE_WEIGHT", -1.0)
ffiRouterTemperature = getEnvFloatOrDefault("DYNAMO_ROUTER_TEMPERATURE", -1.0) ffiRouterTemperature = getEnvFloatOrDefault("DYNAMO_ROUTER_TEMPERATURE", -1.0)
kvBlockSizeStr := os.Getenv("DYNAMO_KV_BLOCK_SIZE") kvBlockSizeStr := os.Getenv("DYN_KV_BLOCK_SIZE")
if kvBlockSizeStr == "" { if kvBlockSizeStr == "" {
panic("DYNAMO_KV_BLOCK_SIZE is required and must match the model card's kv_cache_block_size") panic("DYN_KV_BLOCK_SIZE is required and must match the model card's kv_cache_block_size")
} }
var tmp int64 var tmp int64
if n, err := fmt.Sscanf(kvBlockSizeStr, "%d", &tmp); err != nil || n != 1 { if n, err := fmt.Sscanf(kvBlockSizeStr, "%d", &tmp); err != nil || n != 1 {
panic(fmt.Sprintf("DYNAMO_KV_BLOCK_SIZE='%s' is not a valid integer", kvBlockSizeStr)) panic(fmt.Sprintf("DYN_KV_BLOCK_SIZE='%s' is not a valid integer", kvBlockSizeStr))
} }
ffiKvBlockSize = uint32(tmp) ffiKvBlockSize = uint32(tmp)
if ffiKvBlockSize < 16 || ffiKvBlockSize > 8192 { if ffiKvBlockSize < 16 || ffiKvBlockSize > 8192 {
panic(fmt.Sprintf("DYNAMO_KV_BLOCK_SIZE=%d outside [16,8192]", ffiKvBlockSize)) panic(fmt.Sprintf("DYN_KV_BLOCK_SIZE=%d outside [16,8192]", ffiKvBlockSize))
} }
if (ffiKvBlockSize & (ffiKvBlockSize - 1)) != 0 { if (ffiKvBlockSize & (ffiKvBlockSize - 1)) != 0 {
panic(fmt.Sprintf("DYNAMO_KV_BLOCK_SIZE=%d must be a power of 2", ffiKvBlockSize)) panic(fmt.Sprintf("DYN_KV_BLOCK_SIZE=%d must be a power of 2", ffiKvBlockSize))
} }
fmt.Printf("Dynamo KV Scorer: Loaded DYNAMO_KV_BLOCK_SIZE=%d\n", ffiKvBlockSize) fmt.Printf("Dynamo KV Scorer: Loaded DYN_KV_BLOCK_SIZE=%d\n", ffiKvBlockSize)
} }
func getEnvOrDefault(key, def string) string { func getEnvOrDefault(key, def string) string {
......
deploy/inference-gateway/operator-managed/examples/agg.yaml 0 → 100644
View file @ 9e2a2cc9
# SPDX-FileCopyrightText: Copyright (c) 2025-2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
# SPDX-License-Identifier: Apache-2.0
apiVersion: nvidia.com/v1alpha1
kind: DynamoGraphDeployment
metadata:
name: vllm-agg
spec:
services:
Epp:
envFromSecret: hf-token-secret
componentType: epp
replicas: 1
extraPodSpec:
mainContainer:
image: nvcr.io/nvidia/ai-dynamo/frontend-image:my-tag
env:
- name: DYN_KV_BLOCK_SIZE
value: "16"
- name: DYN_MODEL
value: "Qwen/Qwen3-0.6B" # Match your model
- name: DYN_DISCOVERY_TIMEOUT
value: "300"
eppConfig:
# This configuration uses Dynamo's KV-aware scorer for intelligent routing
config:
# Plugins define the behavior of EPP
plugins:
# Required: tells EPP which profile to use (even if you only have one)
- type: single-profile-handler
# Picker: chooses the final endpoint after scoring
- name: picker
type: max-score-picker
- name: dyn-kv
type: kv-aware-scorer
# Scheduling profiles configure which plugins are used and their weights
schedulingProfiles:
- name: default
plugins:
- pluginRef: dyn-kv
weight: 1
- pluginRef: picker
Frontend:
envFromSecret: hf-token-secret
componentType: frontend
replicas: 1
extraPodSpec:
mainContainer:
image: nvcr.io/nvidia/ai-dynamo/vllm-runtime:my-tag
env:
- name: DYN_LOG
value: "debug,dynamo_llm::kv_router=trace"
- name: DYN_STORE_KV
value: "mem"
- name: DYN_ROUTER_MODE
value: "kv"
VllmDecodeWorker:
envFromSecret: hf-token-secret
componentType: worker
replicas: 1
resources:
limits:
gpu: "1"
extraPodSpec:
mainContainer:
image: nvcr.io/nvidia/ai-dynamo/vllm-runtime:my-tag
workingDir: /workspace/examples/backends/vllm
command:
- python3
- -m
- dynamo.vllm
args:
- --model
- Qwen/Qwen3-0.6B
env:
- name: DYN_STORE_KV
value: "mem"
deploy/inference-gateway/operator-managed/examples/http-route.yaml 0 → 100644
View file @ 9e2a2cc9
# SPDX-FileCopyrightText: Copyright (c) 2025-2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
# SPDX-License-Identifier: Apache-2.0
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: vllm-agg-route
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: inference-gateway
# Note: This assumes your gateway is installed into the same namespace as this HTTPRoute.
# If you installed it into a different namespace, add: namespace: <your-gateway-namespace>
rules:
- backendRefs:
- group: inference.networking.k8s.io
kind: InferencePool
name: vllm-agg-pool
port: 8000
weight: 1
matches:
- path:
type: PathPrefix
value: /
timeouts:
request: 300s
\ No newline at end of file
deploy/inference-gateway/scripts/install_gaie_crd_kgateway.sh
View file @ 9e2a2cc9
...@@ -18,6 +18,11 @@ ...@@ -18,6 +18,11 @@
set -euo pipefail set -euo pipefail
trap 'echo "Error at line $LINENO. Exiting."' ERR trap 'echo "Error at line $LINENO. Exiting."' ERR
# Namespace where the inference-gateway will be deployed
# Defaults to 'default' if NAMESPACE env var is not set
NAMESPACE=${NAMESPACE:-default}
echo "Installing inference-gateway into namespace: $NAMESPACE"
# Install the Gateway API # Install the Gateway API
GATEWAY_API_VERSION=v1.4.1 GATEWAY_API_VERSION=v1.4.1
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/$GATEWAY_API_VERSION/standard-install.yaml kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/$GATEWAY_API_VERSION/standard-install.yaml
...@@ -37,7 +42,7 @@ helm upgrade -i --namespace kgateway-system --version $KGTW_VERSION kgateway \ ...@@ -37,7 +42,7 @@ helm upgrade -i --namespace kgateway-system --version $KGTW_VERSION kgateway \
oci://cr.kgateway.dev/kgateway-dev/charts/kgateway \ oci://cr.kgateway.dev/kgateway-dev/charts/kgateway \
--set inferenceExtension.enabled=true --set inferenceExtension.enabled=true
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/gateway-api-inference-extension/refs/tags/${IGW_LATEST_RELEASE}/config/manifests/gateway/kgateway/gateway.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/gateway-api-inference-extension/refs/tags/${IGW_LATEST_RELEASE}/config/manifests/gateway/kgateway/gateway.yaml -n "$NAMESPACE"
kubectl patch gateway inference-gateway --type='json' \ kubectl patch gateway inference-gateway -n "$NAMESPACE" --type='json' \
-p='[{"op": "replace", "path": "/spec/gatewayClassName", "value": "kgateway"}]' -p='[{"op": "replace", "path": "/spec/gatewayClassName", "value": "kgateway"}]'
deploy/inference-gateway/helm/dynamo-gaie/templates/dynamo-epp.yaml deploy/inference-gateway/standalone/helm/dynamo-gaie/templates/dynamo-epp.yaml
View file @ 9e2a2cc9
...@@ -114,9 +114,9 @@ spec: ...@@ -114,9 +114,9 @@ spec:
{{- end }} {{- end }}
- name: NATS_SERVER - name: NATS_SERVER
value: "nats://{{ $platformName }}-nats.{{ $platformNs }}:4222" value: "nats://{{ $platformName }}-nats.{{ $platformNs }}:4222"
- name: DYNAMO_NAMESPACE - name: DYN_NAMESPACE
value: "{{ $ns }}" value: "{{ $ns }}"
- name: DYNAMO_KV_BLOCK_SIZE - name: DYN_KV_BLOCK_SIZE
value: "{{ $kv }}" value: "{{ $kv }}"
- name: USE_STREAMING - name: USE_STREAMING
value: "true" value: "true"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment