# API Reference ## Constructs ### AbstractPod - *Implements:* [`cdk8s_plus_21.IPodSelector`](#cdk8s_plus_21.IPodSelector) #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.AbstractPod( scope: Construct, id: str, metadata: ApiObjectMetadata = None, automount_service_account_token: bool = None, containers: typing.List[ContainerProps] = None, dns: PodDnsProps = None, docker_registry_auth: DockerConfigSecret = None, host_aliases: typing.List[HostAlias] = None, init_containers: typing.List[ContainerProps] = None, restart_policy: RestartPolicy = None, security_context: PodSecurityContextProps = None, service_account: IServiceAccount = None, volumes: typing.List[Volume] = None ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `automount_service_account_token`^Optional - *Type:* `bool` - *Default:* true Indicates whether a service account token should be automatically mounted. > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server --- ##### `containers`^Optional - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No containers. Note that a pod spec must include at least one container. List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. You can add additionnal containers using `podSpec.addContainer()` --- ##### `dns`^Optional - *Type:* [`cdk8s_plus_21.PodDnsProps`](#cdk8s_plus_21.PodDnsProps) - *Default:* policy: DnsPolicy.CLUSTER_FIRST hostnameAsFQDN: false DNS settings for the pod. > https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ --- ##### `docker_registry_auth`^Optional - *Type:* [`cdk8s_plus_21.DockerConfigSecret`](#cdk8s_plus_21.DockerConfigSecret) - *Default:* No auth. Images are assumed to be publicly available. A secret containing docker credentials for authenticating to a registry. --- ##### `host_aliases`^Optional - *Type:* typing.List[[`cdk8s_plus_21.HostAlias`](#cdk8s_plus_21.HostAlias)] HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. --- ##### `init_containers`^Optional - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No init containers. List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added ,removed or updated. > https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ --- ##### `restart_policy`^Optional - *Type:* [`cdk8s_plus_21.RestartPolicy`](#cdk8s_plus_21.RestartPolicy) - *Default:* RestartPolicy.ALWAYS Restart policy for all containers within the pod. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy --- ##### `security_context`^Optional - *Type:* [`cdk8s_plus_21.PodSecurityContextProps`](#cdk8s_plus_21.PodSecurityContextProps) - *Default:* fsGroupChangePolicy: FsGroupChangePolicy.FsGroupChangePolicy.ALWAYS ensureNonRoot: false SecurityContext holds pod-level security attributes and common container settings. --- ##### `service_account`^Optional - *Type:* [`cdk8s_plus_21.IServiceAccount`](#cdk8s_plus_21.IServiceAccount) - *Default:* No service account. A service account provides an identity for processes that run in a Pod. When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default). > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ --- ##### `volumes`^Optional - *Type:* typing.List[[`cdk8s_plus_21.Volume`](#cdk8s_plus_21.Volume)] - *Default:* No volumes. List of volumes that can be mounted by containers belonging to the pod. You can also add volumes later using `podSpec.addVolume()` > https://kubernetes.io/docs/concepts/storage/volumes --- #### Methods ##### `add_container` ```python def add_container( image: str, args: typing.List[str] = None, command: typing.List[str] = None, env_from: typing.List[EnvFrom] = None, env_variables: typing.Mapping[EnvValue] = None, image_pull_policy: ImagePullPolicy = None, lifecycle: ContainerLifecycle = None, liveness: Probe = None, name: str = None, port: typing.Union[int, float] = None, readiness: Probe = None, resources: ContainerResources = None, security_context: ContainerSecurityContextProps = None, startup: Probe = None, volume_mounts: typing.List[VolumeMount] = None, working_dir: str = None ) ``` ###### `image`^Required - *Type:* `str` Docker image name. --- ###### `args`^Optional - *Type:* typing.List[`str`] - *Default:* [] Arguments to the entrypoint. The docker image's CMD is used if `command` is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. > https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell --- ###### `command`^Optional - *Type:* typing.List[`str`] - *Default:* The docker image's ENTRYPOINT. Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell --- ###### `env_from`^Optional - *Type:* typing.List[[`cdk8s_plus_21.EnvFrom`](#cdk8s_plus_21.EnvFrom)] - *Default:* No sources. List of sources to populate environment variables in the container. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by the `envVariables` property with a duplicate key will take precedence. --- ###### `env_variables`^Optional - *Type:* typing.Mapping[[`cdk8s_plus_21.EnvValue`](#cdk8s_plus_21.EnvValue)] - *Default:* No environment variables. Environment variables to set in the container. --- ###### `image_pull_policy`^Optional - *Type:* [`cdk8s_plus_21.ImagePullPolicy`](#cdk8s_plus_21.ImagePullPolicy) - *Default:* ImagePullPolicy.ALWAYS Image pull policy for this container. --- ###### `lifecycle`^Optional - *Type:* [`cdk8s_plus_21.ContainerLifecycle`](#cdk8s_plus_21.ContainerLifecycle) Describes actions that the management system should take in response to container lifecycle events. --- ###### `liveness`^Optional - *Type:* [`cdk8s_plus_21.Probe`](#cdk8s_plus_21.Probe) - *Default:* no liveness probe is defined Periodic probe of container liveness. Container will be restarted if the probe fails. --- ###### `name`^Optional - *Type:* `str` - *Default:* 'main' Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. --- ###### `port`^Optional - *Type:* `typing.Union[int, float]` - *Default:* No port is exposed. Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. --- ###### `readiness`^Optional - *Type:* [`cdk8s_plus_21.Probe`](#cdk8s_plus_21.Probe) - *Default:* no readiness probe is defined Determines when the container is ready to serve traffic. --- ###### `resources`^Optional - *Type:* [`cdk8s_plus_21.ContainerResources`](#cdk8s_plus_21.ContainerResources) Compute resources (CPU and memory requests and limits) required by the container. > https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ --- ###### `security_context`^Optional - *Type:* [`cdk8s_plus_21.ContainerSecurityContextProps`](#cdk8s_plus_21.ContainerSecurityContextProps) - *Default:* ensureNonRoot: false privileged: false readOnlyRootFilesystem: false SecurityContext defines the security options the container should be run with. If set, the fields override equivalent fields of the pod's security context. > https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ --- ###### `startup`^Optional - *Type:* [`cdk8s_plus_21.Probe`](#cdk8s_plus_21.Probe) - *Default:* no startup probe is defined. StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully --- ###### `volume_mounts`^Optional - *Type:* typing.List[[`cdk8s_plus_21.VolumeMount`](#cdk8s_plus_21.VolumeMount)] Pod volumes to mount into the container's filesystem. Cannot be updated. --- ###### `working_dir`^Optional - *Type:* `str` - *Default:* The container runtime's default. Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. --- ##### `add_host_alias` ```python def add_host_alias( hostnames: typing.List[str], ip: str ) ``` ###### `hostnames`^Required - *Type:* typing.List[`str`] Hostnames for the chosen IP address. --- ###### `ip`^Required - *Type:* `str` IP address of the host file entry. --- ##### `add_init_container` ```python def add_init_container( image: str, args: typing.List[str] = None, command: typing.List[str] = None, env_from: typing.List[EnvFrom] = None, env_variables: typing.Mapping[EnvValue] = None, image_pull_policy: ImagePullPolicy = None, lifecycle: ContainerLifecycle = None, liveness: Probe = None, name: str = None, port: typing.Union[int, float] = None, readiness: Probe = None, resources: ContainerResources = None, security_context: ContainerSecurityContextProps = None, startup: Probe = None, volume_mounts: typing.List[VolumeMount] = None, working_dir: str = None ) ``` ###### `image`^Required - *Type:* `str` Docker image name. --- ###### `args`^Optional - *Type:* typing.List[`str`] - *Default:* [] Arguments to the entrypoint. The docker image's CMD is used if `command` is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. > https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell --- ###### `command`^Optional - *Type:* typing.List[`str`] - *Default:* The docker image's ENTRYPOINT. Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell --- ###### `env_from`^Optional - *Type:* typing.List[[`cdk8s_plus_21.EnvFrom`](#cdk8s_plus_21.EnvFrom)] - *Default:* No sources. List of sources to populate environment variables in the container. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by the `envVariables` property with a duplicate key will take precedence. --- ###### `env_variables`^Optional - *Type:* typing.Mapping[[`cdk8s_plus_21.EnvValue`](#cdk8s_plus_21.EnvValue)] - *Default:* No environment variables. Environment variables to set in the container. --- ###### `image_pull_policy`^Optional - *Type:* [`cdk8s_plus_21.ImagePullPolicy`](#cdk8s_plus_21.ImagePullPolicy) - *Default:* ImagePullPolicy.ALWAYS Image pull policy for this container. --- ###### `lifecycle`^Optional - *Type:* [`cdk8s_plus_21.ContainerLifecycle`](#cdk8s_plus_21.ContainerLifecycle) Describes actions that the management system should take in response to container lifecycle events. --- ###### `liveness`^Optional - *Type:* [`cdk8s_plus_21.Probe`](#cdk8s_plus_21.Probe) - *Default:* no liveness probe is defined Periodic probe of container liveness. Container will be restarted if the probe fails. --- ###### `name`^Optional - *Type:* `str` - *Default:* 'main' Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. --- ###### `port`^Optional - *Type:* `typing.Union[int, float]` - *Default:* No port is exposed. Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. --- ###### `readiness`^Optional - *Type:* [`cdk8s_plus_21.Probe`](#cdk8s_plus_21.Probe) - *Default:* no readiness probe is defined Determines when the container is ready to serve traffic. --- ###### `resources`^Optional - *Type:* [`cdk8s_plus_21.ContainerResources`](#cdk8s_plus_21.ContainerResources) Compute resources (CPU and memory requests and limits) required by the container. > https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ --- ###### `security_context`^Optional - *Type:* [`cdk8s_plus_21.ContainerSecurityContextProps`](#cdk8s_plus_21.ContainerSecurityContextProps) - *Default:* ensureNonRoot: false privileged: false readOnlyRootFilesystem: false SecurityContext defines the security options the container should be run with. If set, the fields override equivalent fields of the pod's security context. > https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ --- ###### `startup`^Optional - *Type:* [`cdk8s_plus_21.Probe`](#cdk8s_plus_21.Probe) - *Default:* no startup probe is defined. StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully --- ###### `volume_mounts`^Optional - *Type:* typing.List[[`cdk8s_plus_21.VolumeMount`](#cdk8s_plus_21.VolumeMount)] Pod volumes to mount into the container's filesystem. Cannot be updated. --- ###### `working_dir`^Optional - *Type:* `str` - *Default:* The container runtime's default. Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. --- ##### `add_volume` ```python def add_volume( vol: Volume ) ``` ###### `vol`^Required - *Type:* [`cdk8s_plus_21.Volume`](#cdk8s_plus_21.Volume) --- ##### `to_pod_selector_config` ```python def to_pod_selector_config() ``` #### Properties ##### `automount_service_account_token`^Required ```python automount_service_account_token: bool ``` - *Type:* `bool` --- ##### `containers`^Required ```python containers: typing.List[Container] ``` - *Type:* typing.List[[`cdk8s_plus_21.Container`](#cdk8s_plus_21.Container)] --- ##### `dns`^Required ```python dns: PodDns ``` - *Type:* [`cdk8s_plus_21.PodDns`](#cdk8s_plus_21.PodDns) --- ##### `host_aliases`^Required ```python host_aliases: typing.List[HostAlias] ``` - *Type:* typing.List[[`cdk8s_plus_21.HostAlias`](#cdk8s_plus_21.HostAlias)] --- ##### `init_containers`^Required ```python init_containers: typing.List[Container] ``` - *Type:* typing.List[[`cdk8s_plus_21.Container`](#cdk8s_plus_21.Container)] --- ##### `pod_metadata`^Required ```python pod_metadata: ApiObjectMetadataDefinition ``` - *Type:* [`cdk8s.ApiObjectMetadataDefinition`](#cdk8s.ApiObjectMetadataDefinition) --- ##### `security_context`^Required ```python security_context: PodSecurityContext ``` - *Type:* [`cdk8s_plus_21.PodSecurityContext`](#cdk8s_plus_21.PodSecurityContext) --- ##### `volumes`^Required ```python volumes: typing.List[Volume] ``` - *Type:* typing.List[[`cdk8s_plus_21.Volume`](#cdk8s_plus_21.Volume)] --- ##### `docker_registry_auth`^Optional ```python docker_registry_auth: DockerConfigSecret ``` - *Type:* [`cdk8s_plus_21.DockerConfigSecret`](#cdk8s_plus_21.DockerConfigSecret) --- ##### `restart_policy`^Optional ```python restart_policy: RestartPolicy ``` - *Type:* [`cdk8s_plus_21.RestartPolicy`](#cdk8s_plus_21.RestartPolicy) --- ##### `service_account`^Optional ```python service_account: IServiceAccount ``` - *Type:* [`cdk8s_plus_21.IServiceAccount`](#cdk8s_plus_21.IServiceAccount) --- ### AwsElasticBlockStorePersistentVolume Represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. > https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.AwsElasticBlockStorePersistentVolume( scope: Construct, id: str, metadata: ApiObjectMetadata = None, access_modes: typing.List[PersistentVolumeAccessMode] = None, claim: IPersistentVolumeClaim = None, mount_options: typing.List[str] = None, reclaim_policy: PersistentVolumeReclaimPolicy = None, storage: Size = None, storage_class_name: str = None, volume_mode: PersistentVolumeMode = None, volume_id: str, fs_type: str = None, partition: typing.Union[int, float] = None, read_only: bool = None ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `access_modes`^Optional - *Type:* typing.List[[`cdk8s_plus_21.PersistentVolumeAccessMode`](#cdk8s_plus_21.PersistentVolumeAccessMode)] - *Default:* No access modes. Contains all ways the volume can be mounted. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes --- ##### `claim`^Optional - *Type:* [`cdk8s_plus_21.IPersistentVolumeClaim`](#cdk8s_plus_21.IPersistentVolumeClaim) - *Default:* Not bound to a specific claim. Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding --- ##### `mount_options`^Optional - *Type:* typing.List[`str`] - *Default:* No options. A list of mount options, e.g. ["ro", "soft"]. Not validated - mount will simply fail if one is invalid. > https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options --- ##### `reclaim_policy`^Optional - *Type:* [`cdk8s_plus_21.PersistentVolumeReclaimPolicy`](#cdk8s_plus_21.PersistentVolumeReclaimPolicy) - *Default:* PersistentVolumeReclaimPolicy.RETAIN When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource. The reclaim policy tells the cluster what to do with the volume after it has been released of its claim. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming --- ##### `storage`^Optional - *Type:* [`cdk8s.Size`](#cdk8s.Size) - *Default:* No specified. What is the storage capacity of this volume. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources --- ##### `storage_class_name`^Optional - *Type:* `str` - *Default:* Volume does not belong to any storage class. Name of StorageClass to which this persistent volume belongs. --- ##### `volume_mode`^Optional - *Type:* [`cdk8s_plus_21.PersistentVolumeMode`](#cdk8s_plus_21.PersistentVolumeMode) - *Default:* VolumeMode.FILE_SYSTEM Defines what type of volume is required by the claim. --- ##### `volume_id`^Required - *Type:* `str` Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore > https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore --- ##### `fs_type`^Optional - *Type:* `str` - *Default:* 'ext4' Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. > https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore --- ##### `partition`^Optional - *Type:* `typing.Union[int, float]` - *Default:* No partition. The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). --- ##### `read_only`^Optional - *Type:* `bool` - *Default:* false Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". > https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore --- #### Properties ##### `fs_type`^Required ```python fs_type: str ``` - *Type:* `str` File system type of this volume. --- ##### `read_only`^Required ```python read_only: bool ``` - *Type:* `bool` Whether or not it is mounted as a read-only volume. --- ##### `volume_id`^Required ```python volume_id: str ``` - *Type:* `str` Volume id of this volume. --- ##### `partition`^Optional ```python partition: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` Partition of this volume. --- ### AzureDiskPersistentVolume AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.AzureDiskPersistentVolume( scope: Construct, id: str, metadata: ApiObjectMetadata = None, access_modes: typing.List[PersistentVolumeAccessMode] = None, claim: IPersistentVolumeClaim = None, mount_options: typing.List[str] = None, reclaim_policy: PersistentVolumeReclaimPolicy = None, storage: Size = None, storage_class_name: str = None, volume_mode: PersistentVolumeMode = None, disk_name: str, disk_uri: str, caching_mode: AzureDiskPersistentVolumeCachingMode = None, fs_type: str = None, kind: AzureDiskPersistentVolumeKind = None, read_only: bool = None ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `access_modes`^Optional - *Type:* typing.List[[`cdk8s_plus_21.PersistentVolumeAccessMode`](#cdk8s_plus_21.PersistentVolumeAccessMode)] - *Default:* No access modes. Contains all ways the volume can be mounted. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes --- ##### `claim`^Optional - *Type:* [`cdk8s_plus_21.IPersistentVolumeClaim`](#cdk8s_plus_21.IPersistentVolumeClaim) - *Default:* Not bound to a specific claim. Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding --- ##### `mount_options`^Optional - *Type:* typing.List[`str`] - *Default:* No options. A list of mount options, e.g. ["ro", "soft"]. Not validated - mount will simply fail if one is invalid. > https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options --- ##### `reclaim_policy`^Optional - *Type:* [`cdk8s_plus_21.PersistentVolumeReclaimPolicy`](#cdk8s_plus_21.PersistentVolumeReclaimPolicy) - *Default:* PersistentVolumeReclaimPolicy.RETAIN When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource. The reclaim policy tells the cluster what to do with the volume after it has been released of its claim. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming --- ##### `storage`^Optional - *Type:* [`cdk8s.Size`](#cdk8s.Size) - *Default:* No specified. What is the storage capacity of this volume. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources --- ##### `storage_class_name`^Optional - *Type:* `str` - *Default:* Volume does not belong to any storage class. Name of StorageClass to which this persistent volume belongs. --- ##### `volume_mode`^Optional - *Type:* [`cdk8s_plus_21.PersistentVolumeMode`](#cdk8s_plus_21.PersistentVolumeMode) - *Default:* VolumeMode.FILE_SYSTEM Defines what type of volume is required by the claim. --- ##### `disk_name`^Required - *Type:* `str` The Name of the data disk in the blob storage. --- ##### `disk_uri`^Required - *Type:* `str` The URI the data disk in the blob storage. --- ##### `caching_mode`^Optional - *Type:* [`cdk8s_plus_21.AzureDiskPersistentVolumeCachingMode`](#cdk8s_plus_21.AzureDiskPersistentVolumeCachingMode) - *Default:* AzureDiskPersistentVolumeCachingMode.NONE. Host Caching mode. --- ##### `fs_type`^Optional - *Type:* `str` - *Default:* 'ext4' Filesystem type to mount. Must be a filesystem type supported by the host operating system. --- ##### `kind`^Optional - *Type:* [`cdk8s_plus_21.AzureDiskPersistentVolumeKind`](#cdk8s_plus_21.AzureDiskPersistentVolumeKind) - *Default:* AzureDiskPersistentVolumeKind.SHARED Kind of disk. --- ##### `read_only`^Optional - *Type:* `bool` - *Default:* false Force the ReadOnly setting in VolumeMounts. --- #### Properties ##### `azure_kind`^Required ```python azure_kind: AzureDiskPersistentVolumeKind ``` - *Type:* [`cdk8s_plus_21.AzureDiskPersistentVolumeKind`](#cdk8s_plus_21.AzureDiskPersistentVolumeKind) Azure kind of this volume. --- ##### `caching_mode`^Required ```python caching_mode: AzureDiskPersistentVolumeCachingMode ``` - *Type:* [`cdk8s_plus_21.AzureDiskPersistentVolumeCachingMode`](#cdk8s_plus_21.AzureDiskPersistentVolumeCachingMode) Caching mode of this volume. --- ##### `disk_name`^Required ```python disk_name: str ``` - *Type:* `str` Disk name of this volume. --- ##### `disk_uri`^Required ```python disk_uri: str ``` - *Type:* `str` Disk URI of this volume. --- ##### `fs_type`^Required ```python fs_type: str ``` - *Type:* `str` File system type of this volume. --- ##### `read_only`^Required ```python read_only: bool ``` - *Type:* `bool` Whether or not it is mounted as a read-only volume. --- ### BasicAuthSecret Create a secret for basic authentication. > https://kubernetes.io/docs/concepts/configuration/secret/#basic-authentication-secret #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.BasicAuthSecret( scope: Construct, id: str, metadata: ApiObjectMetadata = None, immutable: bool = None, password: str, username: str ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `immutable`^Optional - *Type:* `bool` - *Default:* false If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. --- ##### `password`^Required - *Type:* `str` The password or token for authentication. --- ##### `username`^Required - *Type:* `str` The user name for authentication. --- ### ClusterRole - *Implements:* [`cdk8s_plus_21.IClusterRole`](#cdk8s_plus_21.IClusterRole), [`cdk8s_plus_21.IRole`](#cdk8s_plus_21.IRole) ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.ClusterRole( scope: Construct, id: str, metadata: ApiObjectMetadata = None, aggregation_labels: typing.Mapping[str] = None, rules: typing.List[ClusterRolePolicyRule] = None ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `aggregation_labels`^Optional - *Type:* typing.Mapping[`str`] Specify labels that should be used to locate ClusterRoles, whose rules will be automatically filled into this ClusterRole's rules. --- ##### `rules`^Optional - *Type:* typing.List[[`cdk8s_plus_21.ClusterRolePolicyRule`](#cdk8s_plus_21.ClusterRolePolicyRule)] - *Default:* [] A list of rules the role should allow. --- #### Methods ##### `aggregate` ```python def aggregate( key: str, value: str ) ``` ###### `key`^Required - *Type:* `str` --- ###### `value`^Required - *Type:* `str` --- ##### `allow` ```python def allow( verbs: typing.List[str], endpoints: IApiEndpoint ) ``` ###### `verbs`^Required - *Type:* typing.List[`str`] --- ###### `endpoints`^Required - *Type:* [`cdk8s_plus_21.IApiEndpoint`](#cdk8s_plus_21.IApiEndpoint) The endpoints(s) to apply to. --- ##### `allow_create` ```python def allow_create( endpoints: IApiEndpoint ) ``` ###### `endpoints`^Required - *Type:* [`cdk8s_plus_21.IApiEndpoint`](#cdk8s_plus_21.IApiEndpoint) The resource(s) to apply to. --- ##### `allow_delete` ```python def allow_delete( endpoints: IApiEndpoint ) ``` ###### `endpoints`^Required - *Type:* [`cdk8s_plus_21.IApiEndpoint`](#cdk8s_plus_21.IApiEndpoint) The resource(s) to apply to. --- ##### `allow_delete_collection` ```python def allow_delete_collection( endpoints: IApiEndpoint ) ``` ###### `endpoints`^Required - *Type:* [`cdk8s_plus_21.IApiEndpoint`](#cdk8s_plus_21.IApiEndpoint) The resource(s) to apply to. --- ##### `allow_get` ```python def allow_get( endpoints: IApiEndpoint ) ``` ###### `endpoints`^Required - *Type:* [`cdk8s_plus_21.IApiEndpoint`](#cdk8s_plus_21.IApiEndpoint) The resource(s) to apply to. --- ##### `allow_list` ```python def allow_list( endpoints: IApiEndpoint ) ``` ###### `endpoints`^Required - *Type:* [`cdk8s_plus_21.IApiEndpoint`](#cdk8s_plus_21.IApiEndpoint) The resource(s) to apply to. --- ##### `allow_patch` ```python def allow_patch( endpoints: IApiEndpoint ) ``` ###### `endpoints`^Required - *Type:* [`cdk8s_plus_21.IApiEndpoint`](#cdk8s_plus_21.IApiEndpoint) The resource(s) to apply to. --- ##### `allow_read` ```python def allow_read( endpoints: IApiEndpoint ) ``` ###### `endpoints`^Required - *Type:* [`cdk8s_plus_21.IApiEndpoint`](#cdk8s_plus_21.IApiEndpoint) The resource(s) to apply to. --- ##### `allow_read_write` ```python def allow_read_write( endpoints: IApiEndpoint ) ``` ###### `endpoints`^Required - *Type:* [`cdk8s_plus_21.IApiEndpoint`](#cdk8s_plus_21.IApiEndpoint) The resource(s) to apply to. --- ##### `allow_update` ```python def allow_update( endpoints: IApiEndpoint ) ``` ###### `endpoints`^Required - *Type:* [`cdk8s_plus_21.IApiEndpoint`](#cdk8s_plus_21.IApiEndpoint) The resource(s) to apply to. --- ##### `allow_watch` ```python def allow_watch( endpoints: IApiEndpoint ) ``` ###### `endpoints`^Required - *Type:* [`cdk8s_plus_21.IApiEndpoint`](#cdk8s_plus_21.IApiEndpoint) The resource(s) to apply to. --- ##### `bind` ```python def bind( subjects: ISubject ) ``` ###### `subjects`^Required - *Type:* [`cdk8s_plus_21.ISubject`](#cdk8s_plus_21.ISubject) a list of subjects to bind to. --- ##### `bind_in_namespace` ```python def bind_in_namespace( namespace: str, subjects: ISubject ) ``` ###### `namespace`^Required - *Type:* `str` the namespace to limit permissions to. --- ###### `subjects`^Required - *Type:* [`cdk8s_plus_21.ISubject`](#cdk8s_plus_21.ISubject) a list of subjects to bind to. --- ##### `combine` ```python def combine( rol: ClusterRole ) ``` ###### `rol`^Required - *Type:* [`cdk8s_plus_21.ClusterRole`](#cdk8s_plus_21.ClusterRole) --- #### Static Functions ##### `from_cluster_role_name` ```python import cdk8s_plus_21 cdk8s_plus_21.ClusterRole.from_cluster_role_name( name: str ) ``` ###### `name`^Required - *Type:* `str` The name of the role resource. --- #### Properties ##### `resource_type`^Required ```python resource_type: str ``` - *Type:* `str` The name of a resource type as it appears in the relevant API endpoint. --- ##### `rules`^Required ```python rules: typing.List[ClusterRolePolicyRule] ``` - *Type:* typing.List[[`cdk8s_plus_21.ClusterRolePolicyRule`](#cdk8s_plus_21.ClusterRolePolicyRule)] Rules associaated with this Role. Returns a copy, use `allow` to add rules. --- ### ClusterRoleBinding A ClusterRoleBinding grants permissions cluster-wide to a user or set of users. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.ClusterRoleBinding( scope: Construct, id: str, metadata: ApiObjectMetadata = None, role: IClusterRole ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `role`^Required - *Type:* [`cdk8s_plus_21.IClusterRole`](#cdk8s_plus_21.IClusterRole) The role to bind to. --- #### Methods ##### `add_subjects` ```python def add_subjects( subjects: ISubject ) ``` ###### `subjects`^Required - *Type:* [`cdk8s_plus_21.ISubject`](#cdk8s_plus_21.ISubject) The subjects to add. --- #### Properties ##### `resource_type`^Required ```python resource_type: str ``` - *Type:* `str` The name of a resource type as it appears in the relevant API endpoint. --- ##### `role`^Required ```python role: IClusterRole ``` - *Type:* [`cdk8s_plus_21.IClusterRole`](#cdk8s_plus_21.IClusterRole) --- ##### `subjects`^Required ```python subjects: typing.List[ISubject] ``` - *Type:* typing.List[[`cdk8s_plus_21.ISubject`](#cdk8s_plus_21.ISubject)] --- ### ConfigMap - *Implements:* [`cdk8s_plus_21.IConfigMap`](#cdk8s_plus_21.IConfigMap) ConfigMap holds configuration data for pods to consume. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.ConfigMap( scope: Construct, id: str, metadata: ApiObjectMetadata = None, binary_data: typing.Mapping[str] = None, data: typing.Mapping[str] = None, immutable: bool = None ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `binary_data`^Optional - *Type:* typing.Mapping[`str`] BinaryData contains the binary data. Each key must consist of alphanumeric characters, '-', '_' or '.'. BinaryData can contain byte sequences that are not in the UTF-8 range. The keys stored in BinaryData must not overlap with the ones in the Data field, this is enforced during validation process. You can also add binary data using `configMap.addBinaryData()`. --- ##### `data`^Optional - *Type:* typing.Mapping[`str`] Data contains the configuration data. Each key must consist of alphanumeric characters, '-', '_' or '.'. Values with non-UTF-8 byte sequences must use the BinaryData field. The keys stored in Data must not overlap with the keys in the BinaryData field, this is enforced during validation process. You can also add data using `configMap.addData()`. --- ##### `immutable`^Optional - *Type:* `bool` - *Default:* false If set to true, ensures that data stored in the ConfigMap cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. --- #### Methods ##### `add_binary_data` ```python def add_binary_data( key: str, value: str ) ``` ###### `key`^Required - *Type:* `str` The key. --- ###### `value`^Required - *Type:* `str` The value. --- ##### `add_data` ```python def add_data( key: str, value: str ) ``` ###### `key`^Required - *Type:* `str` The key. --- ###### `value`^Required - *Type:* `str` The value. --- ##### `add_directory` ```python def add_directory( local_dir: str, exclude: typing.List[str] = None, key_prefix: str = None ) ``` ###### `local_dir`^Required - *Type:* `str` A path to a local directory. --- ###### `exclude`^Optional - *Type:* typing.List[`str`] - *Default:* include all files Glob patterns to exclude when adding files. --- ###### `key_prefix`^Optional - *Type:* `str` - *Default:* "" A prefix to add to all keys in the config map. --- ##### `add_file` ```python def add_file( local_file: str, key: str = None ) ``` ###### `local_file`^Required - *Type:* `str` The path to the local file. --- ###### `key`^Optional - *Type:* `str` The ConfigMap key (default to the file name). --- #### Static Functions ##### `from_config_map_name` ```python import cdk8s_plus_21 cdk8s_plus_21.ConfigMap.from_config_map_name( name: str ) ``` ###### `name`^Required - *Type:* `str` The name of the config map to import. --- #### Properties ##### `binary_data`^Required ```python binary_data: typing.Mapping[str] ``` - *Type:* typing.Mapping[`str`] The binary data associated with this config map. Returns a copy. To add data records, use `addBinaryData()` or `addData()`. --- ##### `data`^Required ```python data: typing.Mapping[str] ``` - *Type:* typing.Mapping[`str`] The data associated with this config map. Returns an copy. To add data records, use `addData()` or `addBinaryData()`. --- ##### `immutable`^Required ```python immutable: bool ``` - *Type:* `bool` Whether or not this config map is immutable. --- ##### `resource_type`^Required ```python resource_type: str ``` - *Type:* `str` The name of a resource type as it appears in the relevant API endpoint. --- ### DaemonSet A DaemonSet ensures that all (or some) Nodes run a copy of a Pod. As nodes are added to the cluster, Pods are added to them. As nodes are removed from the cluster, those Pods are garbage collected. Deleting a DaemonSet will clean up the Pods it created. Some typical uses of a DaemonSet are: * running a cluster storage daemon on every node * running a logs collection daemon on every node * running a node monitoring daemon on every node In a simple case, one DaemonSet, covering all nodes, would be used for each type of daemon. A more complex setup might use multiple DaemonSets for a single type of daemon, but with different flags and/or different memory and cpu requests for different hardware types. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.DaemonSet( scope: Construct, id: str, metadata: ApiObjectMetadata = None, automount_service_account_token: bool = None, containers: typing.List[ContainerProps] = None, dns: PodDnsProps = None, docker_registry_auth: DockerConfigSecret = None, host_aliases: typing.List[HostAlias] = None, init_containers: typing.List[ContainerProps] = None, restart_policy: RestartPolicy = None, security_context: PodSecurityContextProps = None, service_account: IServiceAccount = None, volumes: typing.List[Volume] = None, pod_metadata: ApiObjectMetadata = None, select: bool = None, min_ready_seconds: typing.Union[int, float] = None ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `automount_service_account_token`^Optional - *Type:* `bool` - *Default:* true Indicates whether a service account token should be automatically mounted. > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server --- ##### `containers`^Optional - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No containers. Note that a pod spec must include at least one container. List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. You can add additionnal containers using `podSpec.addContainer()` --- ##### `dns`^Optional - *Type:* [`cdk8s_plus_21.PodDnsProps`](#cdk8s_plus_21.PodDnsProps) - *Default:* policy: DnsPolicy.CLUSTER_FIRST hostnameAsFQDN: false DNS settings for the pod. > https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ --- ##### `docker_registry_auth`^Optional - *Type:* [`cdk8s_plus_21.DockerConfigSecret`](#cdk8s_plus_21.DockerConfigSecret) - *Default:* No auth. Images are assumed to be publicly available. A secret containing docker credentials for authenticating to a registry. --- ##### `host_aliases`^Optional - *Type:* typing.List[[`cdk8s_plus_21.HostAlias`](#cdk8s_plus_21.HostAlias)] HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. --- ##### `init_containers`^Optional - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No init containers. List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added ,removed or updated. > https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ --- ##### `restart_policy`^Optional - *Type:* [`cdk8s_plus_21.RestartPolicy`](#cdk8s_plus_21.RestartPolicy) - *Default:* RestartPolicy.ALWAYS Restart policy for all containers within the pod. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy --- ##### `security_context`^Optional - *Type:* [`cdk8s_plus_21.PodSecurityContextProps`](#cdk8s_plus_21.PodSecurityContextProps) - *Default:* fsGroupChangePolicy: FsGroupChangePolicy.FsGroupChangePolicy.ALWAYS ensureNonRoot: false SecurityContext holds pod-level security attributes and common container settings. --- ##### `service_account`^Optional - *Type:* [`cdk8s_plus_21.IServiceAccount`](#cdk8s_plus_21.IServiceAccount) - *Default:* No service account. A service account provides an identity for processes that run in a Pod. When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default). > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ --- ##### `volumes`^Optional - *Type:* typing.List[[`cdk8s_plus_21.Volume`](#cdk8s_plus_21.Volume)] - *Default:* No volumes. List of volumes that can be mounted by containers belonging to the pod. You can also add volumes later using `podSpec.addVolume()` > https://kubernetes.io/docs/concepts/storage/volumes --- ##### `pod_metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) The pod metadata of this workload. --- ##### `select`^Optional - *Type:* `bool` - *Default:* true Automatically allocates a pod label selector for this workload and add it to the pod metadata. This ensures this workload manages pods created by its pod template. --- ##### `min_ready_seconds`^Optional - *Type:* `typing.Union[int, float]` - *Default:* 0 Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. --- #### Properties ##### `min_ready_seconds`^Required ```python min_ready_seconds: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` --- ##### `resource_type`^Required ```python resource_type: str ``` - *Type:* `str` The name of a resource type as it appears in the relevant API endpoint. --- ### Deployment A Deployment provides declarative updates for Pods and ReplicaSets. You describe a desired state in a Deployment, and the Deployment Controller changes the actual state to the desired state at a controlled rate. You can define Deployments to create new ReplicaSets, or to remove existing Deployments and adopt all their resources with new Deployments. > Note: Do not manage ReplicaSets owned by a Deployment. Consider opening an issue in the main Kubernetes repository if your use case is not covered below. ## Use Case The following are typical use cases for Deployments: * Create a Deployment to rollout a ReplicaSet. The ReplicaSet creates Pods in the background. Check the status of the rollout to see if it succeeds or not. * Declare the new state of the Pods by updating the PodTemplateSpec of the Deployment. A new ReplicaSet is created and the Deployment manages moving the Pods from the old ReplicaSet to the new one at a controlled rate. Each new ReplicaSet updates the revision of the Deployment. * Rollback to an earlier Deployment revision if the current state of the Deployment is not stable. Each rollback updates the revision of the Deployment. * Scale up the Deployment to facilitate more load. * Pause the Deployment to apply multiple fixes to its PodTemplateSpec and then resume it to start a new rollout. * Use the status of the Deployment as an indicator that a rollout has stuck. * Clean up older ReplicaSets that you don't need anymore. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.Deployment( scope: Construct, id: str, metadata: ApiObjectMetadata = None, automount_service_account_token: bool = None, containers: typing.List[ContainerProps] = None, dns: PodDnsProps = None, docker_registry_auth: DockerConfigSecret = None, host_aliases: typing.List[HostAlias] = None, init_containers: typing.List[ContainerProps] = None, restart_policy: RestartPolicy = None, security_context: PodSecurityContextProps = None, service_account: IServiceAccount = None, volumes: typing.List[Volume] = None, pod_metadata: ApiObjectMetadata = None, select: bool = None, min_ready: Duration = None, progress_deadline: Duration = None, replicas: typing.Union[int, float] = None, strategy: DeploymentStrategy = None ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `automount_service_account_token`^Optional - *Type:* `bool` - *Default:* true Indicates whether a service account token should be automatically mounted. > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server --- ##### `containers`^Optional - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No containers. Note that a pod spec must include at least one container. List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. You can add additionnal containers using `podSpec.addContainer()` --- ##### `dns`^Optional - *Type:* [`cdk8s_plus_21.PodDnsProps`](#cdk8s_plus_21.PodDnsProps) - *Default:* policy: DnsPolicy.CLUSTER_FIRST hostnameAsFQDN: false DNS settings for the pod. > https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ --- ##### `docker_registry_auth`^Optional - *Type:* [`cdk8s_plus_21.DockerConfigSecret`](#cdk8s_plus_21.DockerConfigSecret) - *Default:* No auth. Images are assumed to be publicly available. A secret containing docker credentials for authenticating to a registry. --- ##### `host_aliases`^Optional - *Type:* typing.List[[`cdk8s_plus_21.HostAlias`](#cdk8s_plus_21.HostAlias)] HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. --- ##### `init_containers`^Optional - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No init containers. List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added ,removed or updated. > https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ --- ##### `restart_policy`^Optional - *Type:* [`cdk8s_plus_21.RestartPolicy`](#cdk8s_plus_21.RestartPolicy) - *Default:* RestartPolicy.ALWAYS Restart policy for all containers within the pod. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy --- ##### `security_context`^Optional - *Type:* [`cdk8s_plus_21.PodSecurityContextProps`](#cdk8s_plus_21.PodSecurityContextProps) - *Default:* fsGroupChangePolicy: FsGroupChangePolicy.FsGroupChangePolicy.ALWAYS ensureNonRoot: false SecurityContext holds pod-level security attributes and common container settings. --- ##### `service_account`^Optional - *Type:* [`cdk8s_plus_21.IServiceAccount`](#cdk8s_plus_21.IServiceAccount) - *Default:* No service account. A service account provides an identity for processes that run in a Pod. When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default). > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ --- ##### `volumes`^Optional - *Type:* typing.List[[`cdk8s_plus_21.Volume`](#cdk8s_plus_21.Volume)] - *Default:* No volumes. List of volumes that can be mounted by containers belonging to the pod. You can also add volumes later using `podSpec.addVolume()` > https://kubernetes.io/docs/concepts/storage/volumes --- ##### `pod_metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) The pod metadata of this workload. --- ##### `select`^Optional - *Type:* `bool` - *Default:* true Automatically allocates a pod label selector for this workload and add it to the pod metadata. This ensures this workload manages pods created by its pod template. --- ##### `min_ready`^Optional - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* Duration.seconds(0) Minimum duration for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Zero means the pod will be considered available as soon as it is ready. > https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#min-ready-seconds --- ##### `progress_deadline`^Optional - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* Duration.seconds(600) The maximum duration for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. > https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#progress-deadline-seconds --- ##### `replicas`^Optional - *Type:* `typing.Union[int, float]` - *Default:* 1 Number of desired pods. --- ##### `strategy`^Optional - *Type:* [`cdk8s_plus_21.DeploymentStrategy`](#cdk8s_plus_21.DeploymentStrategy) - *Default:* RollingUpdate with maxSurge and maxUnavailable set to 25%. Specifies the strategy used to replace old Pods by new ones. --- #### Methods ##### `expose_via_ingress` ```python def expose_via_ingress( path: str, name: str = None, port: typing.Union[int, float] = None, protocol: Protocol = None, service_type: ServiceType = None, target_port: typing.Union[int, float] = None, ingress: IngressV1Beta1 = None ) ``` ###### `path`^Required - *Type:* `str` The ingress path to register under. --- ###### `name`^Optional - *Type:* `str` - *Default:* undefined Uses the system generated name. The name of the service to expose. This will be set on the Service.metadata and must be a DNS_LABEL --- ###### `port`^Optional - *Type:* `typing.Union[int, float]` - *Default:* Copied from the container of the deployment. If a port could not be determined, throws an error. The port that the service should serve on. --- ###### `protocol`^Optional - *Type:* [`cdk8s_plus_21.Protocol`](#cdk8s_plus_21.Protocol) - *Default:* Protocol.TCP The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. --- ###### `service_type`^Optional - *Type:* [`cdk8s_plus_21.ServiceType`](#cdk8s_plus_21.ServiceType) - *Default:* ClusterIP. The type of the exposed service. --- ###### `target_port`^Optional - *Type:* `typing.Union[int, float]` - *Default:* The port of the first container in the deployment (ie. containers[0].port) The port number the service will redirect to. --- ###### `ingress`^Optional - *Type:* [`cdk8s_plus_21.IngressV1Beta1`](#cdk8s_plus_21.IngressV1Beta1) - *Default:* An ingress will be automatically created. The ingress to add rules to. --- ##### `expose_via_service` ```python def expose_via_service( name: str = None, port: typing.Union[int, float] = None, protocol: Protocol = None, service_type: ServiceType = None, target_port: typing.Union[int, float] = None ) ``` ###### `name`^Optional - *Type:* `str` - *Default:* undefined Uses the system generated name. The name of the service to expose. This will be set on the Service.metadata and must be a DNS_LABEL --- ###### `port`^Optional - *Type:* `typing.Union[int, float]` - *Default:* Copied from the container of the deployment. If a port could not be determined, throws an error. The port that the service should serve on. --- ###### `protocol`^Optional - *Type:* [`cdk8s_plus_21.Protocol`](#cdk8s_plus_21.Protocol) - *Default:* Protocol.TCP The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. --- ###### `service_type`^Optional - *Type:* [`cdk8s_plus_21.ServiceType`](#cdk8s_plus_21.ServiceType) - *Default:* ClusterIP. The type of the exposed service. --- ###### `target_port`^Optional - *Type:* `typing.Union[int, float]` - *Default:* The port of the first container in the deployment (ie. containers[0].port) The port number the service will redirect to. --- #### Properties ##### `min_ready`^Required ```python min_ready: Duration ``` - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) Minimum duration for which a newly created pod should be ready without any of its container crashing, for it to be considered available. --- ##### `progress_deadline`^Required ```python progress_deadline: Duration ``` - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) The maximum duration for a deployment to make progress before it is considered to be failed. --- ##### `replicas`^Required ```python replicas: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` Number of desired pods. --- ##### `resource_type`^Required ```python resource_type: str ``` - *Type:* `str` The name of a resource type as it appears in the relevant API endpoint. --- ##### `strategy`^Required ```python strategy: DeploymentStrategy ``` - *Type:* [`cdk8s_plus_21.DeploymentStrategy`](#cdk8s_plus_21.DeploymentStrategy) --- ### DockerConfigSecret Create a secret for storing credentials for accessing a container image registry. > https://kubernetes.io/docs/concepts/configuration/secret/#docker-config-secrets #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.DockerConfigSecret( scope: Construct, id: str, metadata: ApiObjectMetadata = None, immutable: bool = None, data: typing.Mapping[typing.Any] ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `immutable`^Optional - *Type:* `bool` - *Default:* false If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. --- ##### `data`^Required - *Type:* typing.Mapping[`typing.Any`] JSON content to provide for the `~/.docker/config.json` file. This will be stringified and inserted as stringData. > https://docs.docker.com/engine/reference/commandline/cli/#sample-configuration-file --- ### GCEPersistentDiskPersistentVolume GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. > https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.GCEPersistentDiskPersistentVolume( scope: Construct, id: str, metadata: ApiObjectMetadata = None, access_modes: typing.List[PersistentVolumeAccessMode] = None, claim: IPersistentVolumeClaim = None, mount_options: typing.List[str] = None, reclaim_policy: PersistentVolumeReclaimPolicy = None, storage: Size = None, storage_class_name: str = None, volume_mode: PersistentVolumeMode = None, pd_name: str, fs_type: str = None, partition: typing.Union[int, float] = None, read_only: bool = None ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `access_modes`^Optional - *Type:* typing.List[[`cdk8s_plus_21.PersistentVolumeAccessMode`](#cdk8s_plus_21.PersistentVolumeAccessMode)] - *Default:* No access modes. Contains all ways the volume can be mounted. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes --- ##### `claim`^Optional - *Type:* [`cdk8s_plus_21.IPersistentVolumeClaim`](#cdk8s_plus_21.IPersistentVolumeClaim) - *Default:* Not bound to a specific claim. Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding --- ##### `mount_options`^Optional - *Type:* typing.List[`str`] - *Default:* No options. A list of mount options, e.g. ["ro", "soft"]. Not validated - mount will simply fail if one is invalid. > https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options --- ##### `reclaim_policy`^Optional - *Type:* [`cdk8s_plus_21.PersistentVolumeReclaimPolicy`](#cdk8s_plus_21.PersistentVolumeReclaimPolicy) - *Default:* PersistentVolumeReclaimPolicy.RETAIN When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource. The reclaim policy tells the cluster what to do with the volume after it has been released of its claim. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming --- ##### `storage`^Optional - *Type:* [`cdk8s.Size`](#cdk8s.Size) - *Default:* No specified. What is the storage capacity of this volume. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources --- ##### `storage_class_name`^Optional - *Type:* `str` - *Default:* Volume does not belong to any storage class. Name of StorageClass to which this persistent volume belongs. --- ##### `volume_mode`^Optional - *Type:* [`cdk8s_plus_21.PersistentVolumeMode`](#cdk8s_plus_21.PersistentVolumeMode) - *Default:* VolumeMode.FILE_SYSTEM Defines what type of volume is required by the claim. --- ##### `pd_name`^Required - *Type:* `str` Unique name of the PD resource in GCE. Used to identify the disk in GCE. > https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk --- ##### `fs_type`^Optional - *Type:* `str` - *Default:* 'ext4' Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. > https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore --- ##### `partition`^Optional - *Type:* `typing.Union[int, float]` - *Default:* No partition. The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). --- ##### `read_only`^Optional - *Type:* `bool` - *Default:* false Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". > https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore --- #### Properties ##### `fs_type`^Required ```python fs_type: str ``` - *Type:* `str` File system type of this volume. --- ##### `pd_name`^Required ```python pd_name: str ``` - *Type:* `str` PD resource in GCE of this volume. --- ##### `read_only`^Required ```python read_only: bool ``` - *Type:* `bool` Whether or not it is mounted as a read-only volume. --- ##### `partition`^Optional ```python partition: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` Partition of this volume. --- ### IngressV1Beta1 Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.IngressV1Beta1( scope: Construct, id: str, metadata: ApiObjectMetadata = None, default_backend: IngressV1Beta1Backend = None, rules: typing.List[IngressV1Beta1Rule] = None, tls: typing.List[IngressV1Beta1Tls] = None ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `default_backend`^Optional - *Type:* [`cdk8s_plus_21.IngressV1Beta1Backend`](#cdk8s_plus_21.IngressV1Beta1Backend) The default backend services requests that do not match any rule. Using this option or the `addDefaultBackend()` method is equivalent to adding a rule with both `path` and `host` undefined. --- ##### `rules`^Optional - *Type:* typing.List[[`cdk8s_plus_21.IngressV1Beta1Rule`](#cdk8s_plus_21.IngressV1Beta1Rule)] Routing rules for this ingress. Each rule must define an `IngressBackend` that will receive the requests that match this rule. If both `host` and `path` are not specifiec, this backend will be used as the default backend of the ingress. You can also add rules later using `addRule()`, `addHostRule()`, `addDefaultBackend()` and `addHostDefaultBackend()`. --- ##### `tls`^Optional - *Type:* typing.List[[`cdk8s_plus_21.IngressV1Beta1Tls`](#cdk8s_plus_21.IngressV1Beta1Tls)] TLS settings for this ingress. Using this option tells the ingress controller to expose a TLS endpoint. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI. --- #### Methods ##### `add_default_backend` ```python def add_default_backend( backend: IngressV1Beta1Backend ) ``` ###### `backend`^Required - *Type:* [`cdk8s_plus_21.IngressV1Beta1Backend`](#cdk8s_plus_21.IngressV1Beta1Backend) The backend to use for requests that do not match any rule. --- ##### `add_host_default_backend` ```python def add_host_default_backend( host: str, backend: IngressV1Beta1Backend ) ``` ###### `host`^Required - *Type:* `str` The host name to match. --- ###### `backend`^Required - *Type:* [`cdk8s_plus_21.IngressV1Beta1Backend`](#cdk8s_plus_21.IngressV1Beta1Backend) The backend to route to. --- ##### `add_host_rule` ```python def add_host_rule( host: str, path: str, backend: IngressV1Beta1Backend ) ``` ###### `host`^Required - *Type:* `str` The host name. --- ###### `path`^Required - *Type:* `str` The HTTP path. --- ###### `backend`^Required - *Type:* [`cdk8s_plus_21.IngressV1Beta1Backend`](#cdk8s_plus_21.IngressV1Beta1Backend) The backend to route requests to. --- ##### `add_rule` ```python def add_rule( path: str, backend: IngressV1Beta1Backend ) ``` ###### `path`^Required - *Type:* `str` The HTTP path. --- ###### `backend`^Required - *Type:* [`cdk8s_plus_21.IngressV1Beta1Backend`](#cdk8s_plus_21.IngressV1Beta1Backend) The backend to route requests to. --- ##### `add_rules` ```python def add_rules( backend: IngressV1Beta1Backend, host: str = None, path: str = None ) ``` ###### `backend`^Required - *Type:* [`cdk8s_plus_21.IngressV1Beta1Backend`](#cdk8s_plus_21.IngressV1Beta1Backend) Backend defines the referenced service endpoint to which the traffic will be forwarded to. --- ###### `host`^Optional - *Type:* `str` - *Default:* If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in the RFC: 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the IP in the Spec of the parent Ingress. 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. Incoming requests are matched against the host before the IngressRuleValue. --- ###### `path`^Optional - *Type:* `str` - *Default:* If unspecified, the path defaults to a catch all sending traffic to the backend. Path is an extended POSIX regex as defined by IEEE Std 1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax) matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/'. --- ##### `add_tls` ```python def add_tls( tls: typing.List[IngressV1Beta1Tls] ) ``` ###### `tls`^Required - *Type:* typing.List[[`cdk8s_plus_21.IngressV1Beta1Tls`](#cdk8s_plus_21.IngressV1Beta1Tls)] --- #### Properties ##### `resource_type`^Required ```python resource_type: str ``` - *Type:* `str` The name of a resource type as it appears in the relevant API endpoint. --- ### Job A Job creates one or more Pods and ensures that a specified number of them successfully terminate. As pods successfully complete, the Job tracks the successful completions. When a specified number of successful completions is reached, the task (ie, Job) is complete. Deleting a Job will clean up the Pods it created. A simple case is to create one Job object in order to reliably run one Pod to completion. The Job object will start a new Pod if the first Pod fails or is deleted (for example due to a node hardware failure or a node reboot). You can also use a Job to run multiple Pods in parallel. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.Job( scope: Construct, id: str, metadata: ApiObjectMetadata = None, automount_service_account_token: bool = None, containers: typing.List[ContainerProps] = None, dns: PodDnsProps = None, docker_registry_auth: DockerConfigSecret = None, host_aliases: typing.List[HostAlias] = None, init_containers: typing.List[ContainerProps] = None, restart_policy: RestartPolicy = None, security_context: PodSecurityContextProps = None, service_account: IServiceAccount = None, volumes: typing.List[Volume] = None, pod_metadata: ApiObjectMetadata = None, select: bool = None, active_deadline: Duration = None, backoff_limit: typing.Union[int, float] = None, ttl_after_finished: Duration = None ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `automount_service_account_token`^Optional - *Type:* `bool` - *Default:* true Indicates whether a service account token should be automatically mounted. > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server --- ##### `containers`^Optional - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No containers. Note that a pod spec must include at least one container. List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. You can add additionnal containers using `podSpec.addContainer()` --- ##### `dns`^Optional - *Type:* [`cdk8s_plus_21.PodDnsProps`](#cdk8s_plus_21.PodDnsProps) - *Default:* policy: DnsPolicy.CLUSTER_FIRST hostnameAsFQDN: false DNS settings for the pod. > https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ --- ##### `docker_registry_auth`^Optional - *Type:* [`cdk8s_plus_21.DockerConfigSecret`](#cdk8s_plus_21.DockerConfigSecret) - *Default:* No auth. Images are assumed to be publicly available. A secret containing docker credentials for authenticating to a registry. --- ##### `host_aliases`^Optional - *Type:* typing.List[[`cdk8s_plus_21.HostAlias`](#cdk8s_plus_21.HostAlias)] HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. --- ##### `init_containers`^Optional - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No init containers. List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added ,removed or updated. > https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ --- ##### `restart_policy`^Optional - *Type:* [`cdk8s_plus_21.RestartPolicy`](#cdk8s_plus_21.RestartPolicy) - *Default:* RestartPolicy.ALWAYS Restart policy for all containers within the pod. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy --- ##### `security_context`^Optional - *Type:* [`cdk8s_plus_21.PodSecurityContextProps`](#cdk8s_plus_21.PodSecurityContextProps) - *Default:* fsGroupChangePolicy: FsGroupChangePolicy.FsGroupChangePolicy.ALWAYS ensureNonRoot: false SecurityContext holds pod-level security attributes and common container settings. --- ##### `service_account`^Optional - *Type:* [`cdk8s_plus_21.IServiceAccount`](#cdk8s_plus_21.IServiceAccount) - *Default:* No service account. A service account provides an identity for processes that run in a Pod. When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default). > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ --- ##### `volumes`^Optional - *Type:* typing.List[[`cdk8s_plus_21.Volume`](#cdk8s_plus_21.Volume)] - *Default:* No volumes. List of volumes that can be mounted by containers belonging to the pod. You can also add volumes later using `podSpec.addVolume()` > https://kubernetes.io/docs/concepts/storage/volumes --- ##### `pod_metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) The pod metadata of this workload. --- ##### `select`^Optional - *Type:* `bool` - *Default:* true Automatically allocates a pod label selector for this workload and add it to the pod metadata. This ensures this workload manages pods created by its pod template. --- ##### `active_deadline`^Optional - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* If unset, then there is no deadline. Specifies the duration the job may be active before the system tries to terminate it. --- ##### `backoff_limit`^Optional - *Type:* `typing.Union[int, float]` - *Default:* If not set, system defaults to 6. Specifies the number of retries before marking this job failed. --- ##### `ttl_after_finished`^Optional - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* If this field is unset, the Job won't be automatically deleted. Limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes. This field is alpha-level and is only honored by servers that enable the `TTLAfterFinished` feature. --- #### Properties ##### `resource_type`^Required ```python resource_type: str ``` - *Type:* `str` The name of a resource type as it appears in the relevant API endpoint. --- ##### `active_deadline`^Optional ```python active_deadline: Duration ``` - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) Duration before job is terminated. If undefined, there is no deadline. --- ##### `backoff_limit`^Optional ```python backoff_limit: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` Number of retries before marking failed. --- ##### `ttl_after_finished`^Optional ```python ttl_after_finished: Duration ``` - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) TTL before the job is deleted after it is finished. --- ### Namespace - *Implements:* [`cdk8s_plus_21.INamespaceSelector`](#cdk8s_plus_21.INamespaceSelector) In Kubernetes, namespaces provides a mechanism for isolating groups of resources within a single cluster. Names of resources need to be unique within a namespace, but not across namespaces. Namespace-based scoping is applicable only for namespaced objects (e.g. Deployments, Services, etc) and not for cluster-wide objects (e.g. StorageClass, Nodes, PersistentVolumes, etc). #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.Namespace( scope: Construct, id: str, metadata: ApiObjectMetadata = None ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- #### Methods ##### `to_namespace_selector_config` ```python def to_namespace_selector_config() ``` #### Properties ##### `resource_type`^Required ```python resource_type: str ``` - *Type:* `str` The name of a resource type as it appears in the relevant API endpoint. --- #### Constants ##### `NAME_LABEL` - *Type:* `str` > https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/#automatic-labelling --- ### PersistentVolume - *Implements:* [`cdk8s_plus_21.IPersistentVolume`](#cdk8s_plus_21.IPersistentVolume), [`cdk8s_plus_21.IStorage`](#cdk8s_plus_21.IStorage) A PersistentVolume (PV) is a piece of storage in the cluster that has been provisioned by an administrator or dynamically provisioned using Storage Classes. It is a resource in the cluster just like a node is a cluster resource. PVs are volume plugins like Volumes, but have a lifecycle independent of any individual Pod that uses the PV. This API object captures the details of the implementation of the storage, be that NFS, iSCSI, or a cloud-provider-specific storage system. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.PersistentVolume( scope: Construct, id: str, metadata: ApiObjectMetadata = None, access_modes: typing.List[PersistentVolumeAccessMode] = None, claim: IPersistentVolumeClaim = None, mount_options: typing.List[str] = None, reclaim_policy: PersistentVolumeReclaimPolicy = None, storage: Size = None, storage_class_name: str = None, volume_mode: PersistentVolumeMode = None ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `access_modes`^Optional - *Type:* typing.List[[`cdk8s_plus_21.PersistentVolumeAccessMode`](#cdk8s_plus_21.PersistentVolumeAccessMode)] - *Default:* No access modes. Contains all ways the volume can be mounted. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes --- ##### `claim`^Optional - *Type:* [`cdk8s_plus_21.IPersistentVolumeClaim`](#cdk8s_plus_21.IPersistentVolumeClaim) - *Default:* Not bound to a specific claim. Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding --- ##### `mount_options`^Optional - *Type:* typing.List[`str`] - *Default:* No options. A list of mount options, e.g. ["ro", "soft"]. Not validated - mount will simply fail if one is invalid. > https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options --- ##### `reclaim_policy`^Optional - *Type:* [`cdk8s_plus_21.PersistentVolumeReclaimPolicy`](#cdk8s_plus_21.PersistentVolumeReclaimPolicy) - *Default:* PersistentVolumeReclaimPolicy.RETAIN When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource. The reclaim policy tells the cluster what to do with the volume after it has been released of its claim. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming --- ##### `storage`^Optional - *Type:* [`cdk8s.Size`](#cdk8s.Size) - *Default:* No specified. What is the storage capacity of this volume. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources --- ##### `storage_class_name`^Optional - *Type:* `str` - *Default:* Volume does not belong to any storage class. Name of StorageClass to which this persistent volume belongs. --- ##### `volume_mode`^Optional - *Type:* [`cdk8s_plus_21.PersistentVolumeMode`](#cdk8s_plus_21.PersistentVolumeMode) - *Default:* VolumeMode.FILE_SYSTEM Defines what type of volume is required by the claim. --- #### Methods ##### `as_volume` ```python def as_volume() ``` ##### `bind` ```python def bind( claim: IPersistentVolumeClaim ) ``` ###### `claim`^Required - *Type:* [`cdk8s_plus_21.IPersistentVolumeClaim`](#cdk8s_plus_21.IPersistentVolumeClaim) The PVC to bind to. --- ##### `reserve` ```python def reserve() ``` #### Static Functions ##### `from_persistent_volume_name` ```python import cdk8s_plus_21 cdk8s_plus_21.PersistentVolume.from_persistent_volume_name( volume_name: str ) ``` ###### `volume_name`^Required - *Type:* `str` The name of the pv to reference. --- #### Properties ##### `mode`^Required ```python mode: PersistentVolumeMode ``` - *Type:* [`cdk8s_plus_21.PersistentVolumeMode`](#cdk8s_plus_21.PersistentVolumeMode) Volume mode of this volume. --- ##### `reclaim_policy`^Required ```python reclaim_policy: PersistentVolumeReclaimPolicy ``` - *Type:* [`cdk8s_plus_21.PersistentVolumeReclaimPolicy`](#cdk8s_plus_21.PersistentVolumeReclaimPolicy) Reclaim policy of this volume. --- ##### `resource_type`^Required ```python resource_type: str ``` - *Type:* `str` The name of a resource type as it appears in the relevant API endpoint. --- ##### `access_modes`^Optional ```python access_modes: typing.List[PersistentVolumeAccessMode] ``` - *Type:* typing.List[[`cdk8s_plus_21.PersistentVolumeAccessMode`](#cdk8s_plus_21.PersistentVolumeAccessMode)] Access modes requirement of this claim. --- ##### `claim`^Optional ```python claim: IPersistentVolumeClaim ``` - *Type:* [`cdk8s_plus_21.IPersistentVolumeClaim`](#cdk8s_plus_21.IPersistentVolumeClaim) PVC this volume is bound to. Undefined means this volume is not yet claimed by any PVC. --- ##### `mount_options`^Optional ```python mount_options: typing.List[str] ``` - *Type:* typing.List[`str`] Mount options of this volume. --- ##### `storage`^Optional ```python storage: Size ``` - *Type:* [`cdk8s.Size`](#cdk8s.Size) Storage size of this volume. --- ##### `storage_class_name`^Optional ```python storage_class_name: str ``` - *Type:* `str` Storage class this volume belongs to. --- ### PersistentVolumeClaim - *Implements:* [`cdk8s_plus_21.IPersistentVolumeClaim`](#cdk8s_plus_21.IPersistentVolumeClaim) A PersistentVolumeClaim (PVC) is a request for storage by a user. It is similar to a Pod. Pods consume node resources and PVCs consume PV resources. Pods can request specific levels of resources (CPU and Memory). Claims can request specific size and access modes #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.PersistentVolumeClaim( scope: Construct, id: str, metadata: ApiObjectMetadata = None, access_modes: typing.List[PersistentVolumeAccessMode] = None, storage: Size = None, storage_class_name: str = None, volume: IPersistentVolume = None, volume_mode: PersistentVolumeMode = None ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `access_modes`^Optional - *Type:* typing.List[[`cdk8s_plus_21.PersistentVolumeAccessMode`](#cdk8s_plus_21.PersistentVolumeAccessMode)] - *Default:* No access modes requirement. Contains the access modes the volume should support. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 --- ##### `storage`^Optional - *Type:* [`cdk8s.Size`](#cdk8s.Size) - *Default:* No storage requirement. Minimum storage size the volume should have. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources --- ##### `storage_class_name`^Optional - *Type:* `str` - *Default:* Not set. Name of the StorageClass required by the claim. When this property is not set, the behavior is as follows:. * If the admission plugin is turned on, the storage class marked as default will be used. * If the admission plugin is turned off, the pvc can only be bound to volumes without a storage class. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 --- ##### `volume`^Optional - *Type:* [`cdk8s_plus_21.IPersistentVolume`](#cdk8s_plus_21.IPersistentVolume) - *Default:* No specific volume binding. The PersistentVolume backing this claim. The control plane still checks that storage class, access modes, and requested storage size on the volume are valid. Note that in order to guarantee a proper binding, the volume should also define a `claimRef` referring to this claim. Otherwise, the volume may be claimed be other pvc's before it gets a chance to bind to this one. If the volume is managed (i.e not imported), you can use `pv.claim()` to easily create a bi-directional bounded claim. > https://kubernetes.io/docs/concepts/storage/persistent-volumes/#binding. --- ##### `volume_mode`^Optional - *Type:* [`cdk8s_plus_21.PersistentVolumeMode`](#cdk8s_plus_21.PersistentVolumeMode) - *Default:* VolumeMode.FILE_SYSTEM Defines what type of volume is required by the claim. --- #### Methods ##### `bind` ```python def bind( vol: IPersistentVolume ) ``` ###### `vol`^Required - *Type:* [`cdk8s_plus_21.IPersistentVolume`](#cdk8s_plus_21.IPersistentVolume) The PV to bind to. --- #### Static Functions ##### `from_claim_name` ```python import cdk8s_plus_21 cdk8s_plus_21.PersistentVolumeClaim.from_claim_name( claim_name: str ) ``` ###### `claim_name`^Required - *Type:* `str` The name of the pvc to reference. --- #### Properties ##### `resource_type`^Required ```python resource_type: str ``` - *Type:* `str` The name of a resource type as it appears in the relevant API endpoint. --- ##### `volume_mode`^Required ```python volume_mode: PersistentVolumeMode ``` - *Type:* [`cdk8s_plus_21.PersistentVolumeMode`](#cdk8s_plus_21.PersistentVolumeMode) Volume mode requirement of this claim. --- ##### `access_modes`^Optional ```python access_modes: typing.List[PersistentVolumeAccessMode] ``` - *Type:* typing.List[[`cdk8s_plus_21.PersistentVolumeAccessMode`](#cdk8s_plus_21.PersistentVolumeAccessMode)] Access modes requirement of this claim. --- ##### `storage`^Optional ```python storage: Size ``` - *Type:* [`cdk8s.Size`](#cdk8s.Size) Storage requirement of this claim. --- ##### `storage_class_name`^Optional ```python storage_class_name: str ``` - *Type:* `str` Storage class requirment of this claim. --- ##### `volume`^Optional ```python volume: IPersistentVolume ``` - *Type:* [`cdk8s_plus_21.IPersistentVolume`](#cdk8s_plus_21.IPersistentVolume) PV this claim is bound to. Undefined means the claim is not bound to any specific volume. --- ### Pod Pod is a collection of containers that can run on a host. This resource is created by clients and scheduled onto hosts. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.Pod( scope: Construct, id: str, metadata: ApiObjectMetadata = None, automount_service_account_token: bool = None, containers: typing.List[ContainerProps] = None, dns: PodDnsProps = None, docker_registry_auth: DockerConfigSecret = None, host_aliases: typing.List[HostAlias] = None, init_containers: typing.List[ContainerProps] = None, restart_policy: RestartPolicy = None, security_context: PodSecurityContextProps = None, service_account: IServiceAccount = None, volumes: typing.List[Volume] = None ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `automount_service_account_token`^Optional - *Type:* `bool` - *Default:* true Indicates whether a service account token should be automatically mounted. > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server --- ##### `containers`^Optional - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No containers. Note that a pod spec must include at least one container. List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. You can add additionnal containers using `podSpec.addContainer()` --- ##### `dns`^Optional - *Type:* [`cdk8s_plus_21.PodDnsProps`](#cdk8s_plus_21.PodDnsProps) - *Default:* policy: DnsPolicy.CLUSTER_FIRST hostnameAsFQDN: false DNS settings for the pod. > https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ --- ##### `docker_registry_auth`^Optional - *Type:* [`cdk8s_plus_21.DockerConfigSecret`](#cdk8s_plus_21.DockerConfigSecret) - *Default:* No auth. Images are assumed to be publicly available. A secret containing docker credentials for authenticating to a registry. --- ##### `host_aliases`^Optional - *Type:* typing.List[[`cdk8s_plus_21.HostAlias`](#cdk8s_plus_21.HostAlias)] HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. --- ##### `init_containers`^Optional - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No init containers. List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added ,removed or updated. > https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ --- ##### `restart_policy`^Optional - *Type:* [`cdk8s_plus_21.RestartPolicy`](#cdk8s_plus_21.RestartPolicy) - *Default:* RestartPolicy.ALWAYS Restart policy for all containers within the pod. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy --- ##### `security_context`^Optional - *Type:* [`cdk8s_plus_21.PodSecurityContextProps`](#cdk8s_plus_21.PodSecurityContextProps) - *Default:* fsGroupChangePolicy: FsGroupChangePolicy.FsGroupChangePolicy.ALWAYS ensureNonRoot: false SecurityContext holds pod-level security attributes and common container settings. --- ##### `service_account`^Optional - *Type:* [`cdk8s_plus_21.IServiceAccount`](#cdk8s_plus_21.IServiceAccount) - *Default:* No service account. A service account provides an identity for processes that run in a Pod. When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default). > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ --- ##### `volumes`^Optional - *Type:* typing.List[[`cdk8s_plus_21.Volume`](#cdk8s_plus_21.Volume)] - *Default:* No volumes. List of volumes that can be mounted by containers belonging to the pod. You can also add volumes later using `podSpec.addVolume()` > https://kubernetes.io/docs/concepts/storage/volumes --- #### Properties ##### `pod_metadata`^Required ```python pod_metadata: ApiObjectMetadataDefinition ``` - *Type:* [`cdk8s.ApiObjectMetadataDefinition`](#cdk8s.ApiObjectMetadataDefinition) --- ##### `resource_type`^Required ```python resource_type: str ``` - *Type:* `str` The name of a resource type as it appears in the relevant API endpoint. --- ##### `scheduling`^Required ```python scheduling: PodScheduling ``` - *Type:* [`cdk8s_plus_21.PodScheduling`](#cdk8s_plus_21.PodScheduling) --- #### Constants ##### `ADDRESS_LABEL` - *Type:* `str` This label is autoamtically added by cdk8s to any pod. It provides a unique and stable identifier for the pod. --- ### Resource - *Implements:* [`cdk8s_plus_21.IResource`](#cdk8s_plus_21.IResource), [`cdk8s_plus_21.IApiResource`](#cdk8s_plus_21.IApiResource), [`cdk8s_plus_21.IApiEndpoint`](#cdk8s_plus_21.IApiEndpoint) Base class for all Kubernetes objects in stdk8s. Represents a single resource. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.Resource( scope: Construct, id: str ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) The scope in which to define this construct. --- ##### `id`^Required - *Type:* `str` The scoped construct ID. Must be unique amongst siblings. If the ID includes a path separator (`/`), then it will be replaced by double dash `--`. --- #### Methods ##### `as_api_resource` ```python def as_api_resource() ``` ##### `as_non_api_resource` ```python def as_non_api_resource() ``` #### Properties ##### `api_group`^Required ```python api_group: str ``` - *Type:* `str` The group portion of the API version (e.g. "authorization.k8s.io"). --- ##### `api_version`^Required ```python api_version: str ``` - *Type:* `str` The object's API version (e.g. "authorization.k8s.io/v1"). --- ##### `kind`^Required ```python kind: str ``` - *Type:* `str` The object kind (e.g. "Deployment"). --- ##### `metadata`^Required ```python metadata: ApiObjectMetadataDefinition ``` - *Type:* [`cdk8s.ApiObjectMetadataDefinition`](#cdk8s.ApiObjectMetadataDefinition) --- ##### `name`^Required ```python name: str ``` - *Type:* `str` The name of this API object. --- ##### `resource_type`^Required ```python resource_type: str ``` - *Type:* `str` The name of a resource type as it appears in the relevant API endpoint. --- ##### `resource_name`^Optional ```python resource_name: str ``` - *Type:* `str` The unique, namespace-global, name of an object inside the Kubernetes cluster. If this is omitted, the ApiResource should represent all objects of the given type. --- ### Role - *Implements:* [`cdk8s_plus_21.IRole`](#cdk8s_plus_21.IRole) Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.Role( scope: Construct, id: str, metadata: ApiObjectMetadata = None, rules: typing.List[RolePolicyRule] = None ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `rules`^Optional - *Type:* typing.List[[`cdk8s_plus_21.RolePolicyRule`](#cdk8s_plus_21.RolePolicyRule)] - *Default:* [] A list of rules the role should allow. --- #### Methods ##### `allow` ```python def allow( verbs: typing.List[str], resources: IApiResource ) ``` ###### `verbs`^Required - *Type:* typing.List[`str`] --- ###### `resources`^Required - *Type:* [`cdk8s_plus_21.IApiResource`](#cdk8s_plus_21.IApiResource) The resource(s) to apply to. --- ##### `allow_create` ```python def allow_create( resources: IApiResource ) ``` ###### `resources`^Required - *Type:* [`cdk8s_plus_21.IApiResource`](#cdk8s_plus_21.IApiResource) The resource(s) to apply to. --- ##### `allow_delete` ```python def allow_delete( resources: IApiResource ) ``` ###### `resources`^Required - *Type:* [`cdk8s_plus_21.IApiResource`](#cdk8s_plus_21.IApiResource) The resource(s) to apply to. --- ##### `allow_delete_collection` ```python def allow_delete_collection( resources: IApiResource ) ``` ###### `resources`^Required - *Type:* [`cdk8s_plus_21.IApiResource`](#cdk8s_plus_21.IApiResource) The resource(s) to apply to. --- ##### `allow_get` ```python def allow_get( resources: IApiResource ) ``` ###### `resources`^Required - *Type:* [`cdk8s_plus_21.IApiResource`](#cdk8s_plus_21.IApiResource) The resource(s) to apply to. --- ##### `allow_list` ```python def allow_list( resources: IApiResource ) ``` ###### `resources`^Required - *Type:* [`cdk8s_plus_21.IApiResource`](#cdk8s_plus_21.IApiResource) The resource(s) to apply to. --- ##### `allow_patch` ```python def allow_patch( resources: IApiResource ) ``` ###### `resources`^Required - *Type:* [`cdk8s_plus_21.IApiResource`](#cdk8s_plus_21.IApiResource) The resource(s) to apply to. --- ##### `allow_read` ```python def allow_read( resources: IApiResource ) ``` ###### `resources`^Required - *Type:* [`cdk8s_plus_21.IApiResource`](#cdk8s_plus_21.IApiResource) The resource(s) to apply to. --- ##### `allow_read_write` ```python def allow_read_write( resources: IApiResource ) ``` ###### `resources`^Required - *Type:* [`cdk8s_plus_21.IApiResource`](#cdk8s_plus_21.IApiResource) The resource(s) to apply to. --- ##### `allow_update` ```python def allow_update( resources: IApiResource ) ``` ###### `resources`^Required - *Type:* [`cdk8s_plus_21.IApiResource`](#cdk8s_plus_21.IApiResource) The resource(s) to apply to. --- ##### `allow_watch` ```python def allow_watch( resources: IApiResource ) ``` ###### `resources`^Required - *Type:* [`cdk8s_plus_21.IApiResource`](#cdk8s_plus_21.IApiResource) The resource(s) to apply to. --- ##### `bind` ```python def bind( subjects: ISubject ) ``` ###### `subjects`^Required - *Type:* [`cdk8s_plus_21.ISubject`](#cdk8s_plus_21.ISubject) a list of subjects to bind to. --- #### Static Functions ##### `from_role_name` ```python import cdk8s_plus_21 cdk8s_plus_21.Role.from_role_name( name: str ) ``` ###### `name`^Required - *Type:* `str` The name of the role resource. --- #### Properties ##### `resource_type`^Required ```python resource_type: str ``` - *Type:* `str` The name of a resource type as it appears in the relevant API endpoint. --- ##### `rules`^Required ```python rules: typing.List[RolePolicyRule] ``` - *Type:* typing.List[[`cdk8s_plus_21.RolePolicyRule`](#cdk8s_plus_21.RolePolicyRule)] Rules associaated with this Role. Returns a copy, use `allow` to add rules. --- ### RoleBinding A RoleBinding grants permissions within a specific namespace to a user or set of users. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.RoleBinding( scope: Construct, id: str, metadata: ApiObjectMetadata = None, role: IRole ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `role`^Required - *Type:* [`cdk8s_plus_21.IRole`](#cdk8s_plus_21.IRole) The role to bind to. A RoleBinding can reference a Role or a ClusterRole. --- #### Methods ##### `add_subjects` ```python def add_subjects( subjects: ISubject ) ``` ###### `subjects`^Required - *Type:* [`cdk8s_plus_21.ISubject`](#cdk8s_plus_21.ISubject) The subjects to add. --- #### Properties ##### `resource_type`^Required ```python resource_type: str ``` - *Type:* `str` The name of a resource type as it appears in the relevant API endpoint. --- ##### `role`^Required ```python role: IRole ``` - *Type:* [`cdk8s_plus_21.IRole`](#cdk8s_plus_21.IRole) --- ##### `subjects`^Required ```python subjects: typing.List[ISubject] ``` - *Type:* typing.List[[`cdk8s_plus_21.ISubject`](#cdk8s_plus_21.ISubject)] --- ### Secret - *Implements:* [`cdk8s_plus_21.ISecret`](#cdk8s_plus_21.ISecret) Kubernetes Secrets let you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys. Storing confidential information in a Secret is safer and more flexible than putting it verbatim in a Pod definition or in a container image. > https://kubernetes.io/docs/concepts/configuration/secret #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.Secret( scope: Construct, id: str, metadata: ApiObjectMetadata = None, immutable: bool = None, string_data: typing.Mapping[str] = None, type: str = None ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `immutable`^Optional - *Type:* `bool` - *Default:* false If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. --- ##### `string_data`^Optional - *Type:* typing.Mapping[`str`] stringData allows specifying non-binary secret data in string form. It is provided as a write-only convenience method. All keys and values are merged into the data field on write, overwriting any existing values. It is never output when reading from the API. --- ##### `type`^Optional - *Type:* `str` - *Default:* undefined - Don't set a type. Optional type associated with the secret. Used to facilitate programmatic handling of secret data by various controllers. --- #### Methods ##### `add_string_data` ```python def add_string_data( key: str, value: str ) ``` ###### `key`^Required - *Type:* `str` Key. --- ###### `value`^Required - *Type:* `str` Value. --- ##### `get_string_data` ```python def get_string_data( key: str ) ``` ###### `key`^Required - *Type:* `str` Key. --- #### Static Functions ##### `from_secret_name` ```python import cdk8s_plus_21 cdk8s_plus_21.Secret.from_secret_name( name: str ) ``` ###### `name`^Required - *Type:* `str` The name of the secret to reference. --- #### Properties ##### `immutable`^Required ```python immutable: bool ``` - *Type:* `bool` Whether or not the secret is immutable. --- ##### `resource_type`^Required ```python resource_type: str ``` - *Type:* `str` The name of a resource type as it appears in the relevant API endpoint. --- ### Service An abstract way to expose an application running on a set of Pods as a network service. With Kubernetes you don't need to modify your application to use an unfamiliar service discovery mechanism. Kubernetes gives Pods their own IP addresses and a single DNS name for a set of Pods, and can load-balance across them. For example, consider a stateless image-processing backend which is running with 3 replicas. Those replicas are fungible—frontends do not care which backend they use. While the actual Pods that compose the backend set may change, the frontend clients should not need to be aware of that, nor should they need to keep track of the set of backends themselves. The Service abstraction enables this decoupling. If you're able to use Kubernetes APIs for service discovery in your application, you can query the API server for Endpoints, that get updated whenever the set of Pods in a Service changes. For non-native applications, Kubernetes offers ways to place a network port or load balancer in between your application and the backend Pods. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.Service( scope: Construct, id: str, metadata: ApiObjectMetadata = None, cluster_i_p: str = None, external_i_ps: typing.List[str] = None, external_name: str = None, load_balancer_source_ranges: typing.List[str] = None, ports: typing.List[ServicePort] = None, type: ServiceType = None ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `cluster_i_p`^Optional - *Type:* `str` - *Default:* Automatically assigned. The IP address of the service and is usually assigned randomly by the master. If an address is specified manually and is not in use by others, it will be allocated to the service; otherwise, creation of the service will fail. This field can not be changed through updates. Valid values are "None", empty string (""), or a valid IP address. "None" can be specified for headless services when proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. > https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies --- ##### `external_i_ps`^Optional - *Type:* typing.List[`str`] - *Default:* No external IPs. A list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system. --- ##### `external_name`^Optional - *Type:* `str` - *Default:* No external name. The externalName to be used when ServiceType.EXTERNAL_NAME is set. --- ##### `load_balancer_source_ranges`^Optional - *Type:* typing.List[`str`] A list of CIDR IP addresses, if specified and supported by the platform, will restrict traffic through the cloud-provider load-balancer to the specified client IPs. More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ --- ##### `ports`^Optional - *Type:* typing.List[[`cdk8s_plus_21.ServicePort`](#cdk8s_plus_21.ServicePort)] The port exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies --- ##### `type`^Optional - *Type:* [`cdk8s_plus_21.ServiceType`](#cdk8s_plus_21.ServiceType) - *Default:* ServiceType.ClusterIP Determines how the Service is exposed. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types --- #### Methods ##### `add_deployment` ```python def add_deployment( depl: Deployment, name: str = None, node_port: typing.Union[int, float] = None, protocol: Protocol = None, target_port: typing.Union[int, float] = None, port: typing.Union[int, float] = None ) ``` ###### `depl`^Required - *Type:* [`cdk8s_plus_21.Deployment`](#cdk8s_plus_21.Deployment) The deployment to expose. --- ###### `name`^Optional - *Type:* `str` The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. This maps to the 'Name' field in EndpointPort objects. Optional if only one ServicePort is defined on this service. --- ###### `node_port`^Optional - *Type:* `typing.Union[int, float]` - *Default:* auto-allocate a port if the ServiceType of this Service requires one. The port on each node on which this service is exposed when type=NodePort or LoadBalancer. Usually assigned by the system. If specified, it will be allocated to the service if unused or else creation of the service will fail. Default is to auto-allocate a port if the ServiceType of this Service requires one. > https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport --- ###### `protocol`^Optional - *Type:* [`cdk8s_plus_21.Protocol`](#cdk8s_plus_21.Protocol) - *Default:* Protocol.TCP The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. --- ###### `target_port`^Optional - *Type:* `typing.Union[int, float]` - *Default:* The value of `port` will be used. The port number the service will redirect to. --- ###### `port`^Optional - *Type:* `typing.Union[int, float]` - *Default:* Copied from the first container of the deployment. The port number the service will bind to. --- ##### `add_selector` ```python def add_selector( label: str, value: str ) ``` ###### `label`^Required - *Type:* `str` The label key. --- ###### `value`^Required - *Type:* `str` The label value. --- ##### `expose_via_ingress` ```python def expose_via_ingress( path: str, ingress: IngressV1Beta1 = None ) ``` ###### `path`^Required - *Type:* `str` The path to expose the service under. --- ###### `ingress`^Optional - *Type:* [`cdk8s_plus_21.IngressV1Beta1`](#cdk8s_plus_21.IngressV1Beta1) - *Default:* An ingress will be automatically created. The ingress to add rules to. --- ##### `serve` ```python def serve( port: typing.Union[int, float], name: str = None, node_port: typing.Union[int, float] = None, protocol: Protocol = None, target_port: typing.Union[int, float] = None ) ``` ###### `port`^Required - *Type:* `typing.Union[int, float]` The port definition. --- ###### `name`^Optional - *Type:* `str` The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. This maps to the 'Name' field in EndpointPort objects. Optional if only one ServicePort is defined on this service. --- ###### `node_port`^Optional - *Type:* `typing.Union[int, float]` - *Default:* auto-allocate a port if the ServiceType of this Service requires one. The port on each node on which this service is exposed when type=NodePort or LoadBalancer. Usually assigned by the system. If specified, it will be allocated to the service if unused or else creation of the service will fail. Default is to auto-allocate a port if the ServiceType of this Service requires one. > https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport --- ###### `protocol`^Optional - *Type:* [`cdk8s_plus_21.Protocol`](#cdk8s_plus_21.Protocol) - *Default:* Protocol.TCP The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. --- ###### `target_port`^Optional - *Type:* `typing.Union[int, float]` - *Default:* The value of `port` will be used. The port number the service will redirect to. --- #### Properties ##### `ports`^Required ```python ports: typing.List[ServicePort] ``` - *Type:* typing.List[[`cdk8s_plus_21.ServicePort`](#cdk8s_plus_21.ServicePort)] Ports for this service. Use `serve()` to expose additional service ports. --- ##### `resource_type`^Required ```python resource_type: str ``` - *Type:* `str` The name of a resource type as it appears in the relevant API endpoint. --- ##### `selector`^Required ```python selector: typing.Mapping[str] ``` - *Type:* typing.Mapping[`str`] Returns the labels which are used to select pods for this service. --- ##### `type`^Required ```python type: ServiceType ``` - *Type:* [`cdk8s_plus_21.ServiceType`](#cdk8s_plus_21.ServiceType) Determines how the Service is exposed. --- ##### `cluster_i_p`^Optional ```python cluster_i_p: str ``` - *Type:* `str` The IP address of the service and is usually assigned randomly by the master. --- ##### `external_name`^Optional ```python external_name: str ``` - *Type:* `str` The externalName to be used for EXTERNAL_NAME types. --- ### ServiceAccount - *Implements:* [`cdk8s_plus_21.IServiceAccount`](#cdk8s_plus_21.IServiceAccount), [`cdk8s_plus_21.ISubject`](#cdk8s_plus_21.ISubject) A service account provides an identity for processes that run in a Pod. When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default). > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.ServiceAccount( scope: Construct, id: str, metadata: ApiObjectMetadata = None, automount_token: bool = None, secrets: typing.List[ISecret] = None ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `automount_token`^Optional - *Type:* `bool` - *Default:* true Indicates whether pods running as this service account should have an API token automatically mounted. Can be overridden at the pod level. > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server --- ##### `secrets`^Optional - *Type:* typing.List[[`cdk8s_plus_21.ISecret`](#cdk8s_plus_21.ISecret)] List of secrets allowed to be used by pods running using this ServiceAccount. > https://kubernetes.io/docs/concepts/configuration/secret --- #### Methods ##### `add_secret` ```python def add_secret( secr: ISecret ) ``` ###### `secr`^Required - *Type:* [`cdk8s_plus_21.ISecret`](#cdk8s_plus_21.ISecret) The secret. --- #### Static Functions ##### `from_service_account_name` ```python import cdk8s_plus_21 cdk8s_plus_21.ServiceAccount.from_service_account_name( name: str ) ``` ###### `name`^Required - *Type:* `str` The name of the service account resource. --- #### Properties ##### `automount_token`^Required ```python automount_token: bool ``` - *Type:* `bool` Whether or not a token is automatically mounted for this service account. --- ##### `resource_type`^Required ```python resource_type: str ``` - *Type:* `str` The name of a resource type as it appears in the relevant API endpoint. --- ##### `secrets`^Required ```python secrets: typing.List[ISecret] ``` - *Type:* typing.List[[`cdk8s_plus_21.ISecret`](#cdk8s_plus_21.ISecret)] List of secrets allowed to be used by pods running using this service account. Returns a copy. To add a secret, use `addSecret()`. --- ### ServiceAccountTokenSecret Create a secret for a service account token. > https://kubernetes.io/docs/concepts/configuration/secret/#service-account-token-secrets #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.ServiceAccountTokenSecret( scope: Construct, id: str, metadata: ApiObjectMetadata = None, immutable: bool = None, service_account: IServiceAccount ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `immutable`^Optional - *Type:* `bool` - *Default:* false If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. --- ##### `service_account`^Required - *Type:* [`cdk8s_plus_21.IServiceAccount`](#cdk8s_plus_21.IServiceAccount) The service account to store a secret for. --- ### SshAuthSecret Create a secret for ssh authentication. > https://kubernetes.io/docs/concepts/configuration/secret/#ssh-authentication-secrets #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.SshAuthSecret( scope: Construct, id: str, metadata: ApiObjectMetadata = None, immutable: bool = None, ssh_private_key: str ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `immutable`^Optional - *Type:* `bool` - *Default:* false If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. --- ##### `ssh_private_key`^Required - *Type:* `str` The SSH private key to use. --- ### StatefulSet StatefulSet is the workload API object used to manage stateful applications. Manages the deployment and scaling of a set of Pods, and provides guarantees about the ordering and uniqueness of these Pods. Like a Deployment, a StatefulSet manages Pods that are based on an identical container spec. Unlike a Deployment, a StatefulSet maintains a sticky identity for each of their Pods. These pods are created from the same spec, but are not interchangeable: each has a persistent identifier that it maintains across any rescheduling. If you want to use storage volumes to provide persistence for your workload, you can use a StatefulSet as part of the solution. Although individual Pods in a StatefulSet are susceptible to failure, the persistent Pod identifiers make it easier to match existing volumes to the new Pods that replace any that have failed. ## Using StatefulSets StatefulSets are valuable for applications that require one or more of the following. * Stable, unique network identifiers. * Stable, persistent storage. * Ordered, graceful deployment and scaling. * Ordered, automated rolling updates. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.StatefulSet( scope: Construct, id: str, metadata: ApiObjectMetadata = None, automount_service_account_token: bool = None, containers: typing.List[ContainerProps] = None, dns: PodDnsProps = None, docker_registry_auth: DockerConfigSecret = None, host_aliases: typing.List[HostAlias] = None, init_containers: typing.List[ContainerProps] = None, restart_policy: RestartPolicy = None, security_context: PodSecurityContextProps = None, service_account: IServiceAccount = None, volumes: typing.List[Volume] = None, pod_metadata: ApiObjectMetadata = None, select: bool = None, service: Service, pod_management_policy: PodManagementPolicy = None, replicas: typing.Union[int, float] = None, strategy: StatefulSetUpdateStrategy = None ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `automount_service_account_token`^Optional - *Type:* `bool` - *Default:* true Indicates whether a service account token should be automatically mounted. > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server --- ##### `containers`^Optional - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No containers. Note that a pod spec must include at least one container. List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. You can add additionnal containers using `podSpec.addContainer()` --- ##### `dns`^Optional - *Type:* [`cdk8s_plus_21.PodDnsProps`](#cdk8s_plus_21.PodDnsProps) - *Default:* policy: DnsPolicy.CLUSTER_FIRST hostnameAsFQDN: false DNS settings for the pod. > https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ --- ##### `docker_registry_auth`^Optional - *Type:* [`cdk8s_plus_21.DockerConfigSecret`](#cdk8s_plus_21.DockerConfigSecret) - *Default:* No auth. Images are assumed to be publicly available. A secret containing docker credentials for authenticating to a registry. --- ##### `host_aliases`^Optional - *Type:* typing.List[[`cdk8s_plus_21.HostAlias`](#cdk8s_plus_21.HostAlias)] HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. --- ##### `init_containers`^Optional - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No init containers. List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added ,removed or updated. > https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ --- ##### `restart_policy`^Optional - *Type:* [`cdk8s_plus_21.RestartPolicy`](#cdk8s_plus_21.RestartPolicy) - *Default:* RestartPolicy.ALWAYS Restart policy for all containers within the pod. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy --- ##### `security_context`^Optional - *Type:* [`cdk8s_plus_21.PodSecurityContextProps`](#cdk8s_plus_21.PodSecurityContextProps) - *Default:* fsGroupChangePolicy: FsGroupChangePolicy.FsGroupChangePolicy.ALWAYS ensureNonRoot: false SecurityContext holds pod-level security attributes and common container settings. --- ##### `service_account`^Optional - *Type:* [`cdk8s_plus_21.IServiceAccount`](#cdk8s_plus_21.IServiceAccount) - *Default:* No service account. A service account provides an identity for processes that run in a Pod. When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default). > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ --- ##### `volumes`^Optional - *Type:* typing.List[[`cdk8s_plus_21.Volume`](#cdk8s_plus_21.Volume)] - *Default:* No volumes. List of volumes that can be mounted by containers belonging to the pod. You can also add volumes later using `podSpec.addVolume()` > https://kubernetes.io/docs/concepts/storage/volumes --- ##### `pod_metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) The pod metadata of this workload. --- ##### `select`^Optional - *Type:* `bool` - *Default:* true Automatically allocates a pod label selector for this workload and add it to the pod metadata. This ensures this workload manages pods created by its pod template. --- ##### `service`^Required - *Type:* [`cdk8s_plus_21.Service`](#cdk8s_plus_21.Service) Service to associate with the statefulset. --- ##### `pod_management_policy`^Optional - *Type:* [`cdk8s_plus_21.PodManagementPolicy`](#cdk8s_plus_21.PodManagementPolicy) - *Default:* PodManagementPolicy.ORDERED_READY Pod management policy to use for this statefulset. --- ##### `replicas`^Optional - *Type:* `typing.Union[int, float]` - *Default:* 1 Number of desired pods. --- ##### `strategy`^Optional - *Type:* [`cdk8s_plus_21.StatefulSetUpdateStrategy`](#cdk8s_plus_21.StatefulSetUpdateStrategy) - *Default:* RollingUpdate with partition set to 0 Indicates the StatefulSetUpdateStrategy that will be employed to update Pods in the StatefulSet when a revision is made to Template. --- #### Properties ##### `pod_management_policy`^Required ```python pod_management_policy: PodManagementPolicy ``` - *Type:* [`cdk8s_plus_21.PodManagementPolicy`](#cdk8s_plus_21.PodManagementPolicy) Management policy to use for the set. --- ##### `replicas`^Required ```python replicas: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` Number of desired pods. --- ##### `resource_type`^Required ```python resource_type: str ``` - *Type:* `str` The name of a resource type as it appears in the relevant API endpoint. --- ##### `strategy`^Required ```python strategy: StatefulSetUpdateStrategy ``` - *Type:* [`cdk8s_plus_21.StatefulSetUpdateStrategy`](#cdk8s_plus_21.StatefulSetUpdateStrategy) The update startegy of this stateful set. --- ### TlsSecret Create a secret for storing a TLS certificate and its associated key. > https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.TlsSecret( scope: Construct, id: str, metadata: ApiObjectMetadata = None, immutable: bool = None, tls_cert: str, tls_key: str ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `immutable`^Optional - *Type:* `bool` - *Default:* false If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. --- ##### `tls_cert`^Required - *Type:* `str` The TLS cert. --- ##### `tls_key`^Required - *Type:* `str` The TLS key. --- ### Workload A workload is an application running on Kubernetes. Whether your workload is a single component or several that work together, on Kubernetes you run it inside a set of pods. In Kubernetes, a Pod represents a set of running containers on your cluster. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.Workload( scope: Construct, id: str, metadata: ApiObjectMetadata = None, automount_service_account_token: bool = None, containers: typing.List[ContainerProps] = None, dns: PodDnsProps = None, docker_registry_auth: DockerConfigSecret = None, host_aliases: typing.List[HostAlias] = None, init_containers: typing.List[ContainerProps] = None, restart_policy: RestartPolicy = None, security_context: PodSecurityContextProps = None, service_account: IServiceAccount = None, volumes: typing.List[Volume] = None, pod_metadata: ApiObjectMetadata = None, select: bool = None ) ``` ##### `scope`^Required - *Type:* [`constructs.Construct`](#constructs.Construct) --- ##### `id`^Required - *Type:* `str` --- ##### `metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `automount_service_account_token`^Optional - *Type:* `bool` - *Default:* true Indicates whether a service account token should be automatically mounted. > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server --- ##### `containers`^Optional - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No containers. Note that a pod spec must include at least one container. List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. You can add additionnal containers using `podSpec.addContainer()` --- ##### `dns`^Optional - *Type:* [`cdk8s_plus_21.PodDnsProps`](#cdk8s_plus_21.PodDnsProps) - *Default:* policy: DnsPolicy.CLUSTER_FIRST hostnameAsFQDN: false DNS settings for the pod. > https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ --- ##### `docker_registry_auth`^Optional - *Type:* [`cdk8s_plus_21.DockerConfigSecret`](#cdk8s_plus_21.DockerConfigSecret) - *Default:* No auth. Images are assumed to be publicly available. A secret containing docker credentials for authenticating to a registry. --- ##### `host_aliases`^Optional - *Type:* typing.List[[`cdk8s_plus_21.HostAlias`](#cdk8s_plus_21.HostAlias)] HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. --- ##### `init_containers`^Optional - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No init containers. List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added ,removed or updated. > https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ --- ##### `restart_policy`^Optional - *Type:* [`cdk8s_plus_21.RestartPolicy`](#cdk8s_plus_21.RestartPolicy) - *Default:* RestartPolicy.ALWAYS Restart policy for all containers within the pod. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy --- ##### `security_context`^Optional - *Type:* [`cdk8s_plus_21.PodSecurityContextProps`](#cdk8s_plus_21.PodSecurityContextProps) - *Default:* fsGroupChangePolicy: FsGroupChangePolicy.FsGroupChangePolicy.ALWAYS ensureNonRoot: false SecurityContext holds pod-level security attributes and common container settings. --- ##### `service_account`^Optional - *Type:* [`cdk8s_plus_21.IServiceAccount`](#cdk8s_plus_21.IServiceAccount) - *Default:* No service account. A service account provides an identity for processes that run in a Pod. When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default). > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ --- ##### `volumes`^Optional - *Type:* typing.List[[`cdk8s_plus_21.Volume`](#cdk8s_plus_21.Volume)] - *Default:* No volumes. List of volumes that can be mounted by containers belonging to the pod. You can also add volumes later using `podSpec.addVolume()` > https://kubernetes.io/docs/concepts/storage/volumes --- ##### `pod_metadata`^Optional - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) The pod metadata of this workload. --- ##### `select`^Optional - *Type:* `bool` - *Default:* true Automatically allocates a pod label selector for this workload and add it to the pod metadata. This ensures this workload manages pods created by its pod template. --- #### Methods ##### `select` ```python def select( selectors: LabelSelector ) ``` ###### `selectors`^Required - *Type:* [`cdk8s_plus_21.LabelSelector`](#cdk8s_plus_21.LabelSelector) --- #### Properties ##### `match_expressions`^Required ```python match_expressions: typing.List[LabelSelectorRequirement] ``` - *Type:* typing.List[[`cdk8s_plus_21.LabelSelectorRequirement`](#cdk8s_plus_21.LabelSelectorRequirement)] The expression matchers this workload will use in order to select pods. Returns a a copy. Use `select()` to add expression matchers. --- ##### `match_labels`^Required ```python match_labels: typing.Mapping[str] ``` - *Type:* typing.Mapping[`str`] The label matchers this workload will use in order to select pods. Returns a a copy. Use `select()` to add label matchers. --- ##### `pod_metadata`^Required ```python pod_metadata: ApiObjectMetadataDefinition ``` - *Type:* [`cdk8s.ApiObjectMetadataDefinition`](#cdk8s.ApiObjectMetadataDefinition) The metadata of pods in this workload. --- ##### `scheduling`^Required ```python scheduling: WorkloadScheduling ``` - *Type:* [`cdk8s_plus_21.WorkloadScheduling`](#cdk8s_plus_21.WorkloadScheduling) --- ## Structs ### AbstractPodProps Properties for `AbstractPod`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.AbstractPodProps( metadata: ApiObjectMetadata = None, automount_service_account_token: bool = None, containers: typing.List[ContainerProps] = None, dns: PodDnsProps = None, docker_registry_auth: DockerConfigSecret = None, host_aliases: typing.List[HostAlias] = None, init_containers: typing.List[ContainerProps] = None, restart_policy: RestartPolicy = None, security_context: PodSecurityContextProps = None, service_account: IServiceAccount = None, volumes: typing.List[Volume] = None ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `automount_service_account_token`^Optional ```python automount_service_account_token: bool ``` - *Type:* `bool` - *Default:* true Indicates whether a service account token should be automatically mounted. > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server --- ##### `containers`^Optional ```python containers: typing.List[ContainerProps] ``` - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No containers. Note that a pod spec must include at least one container. List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. You can add additionnal containers using `podSpec.addContainer()` --- ##### `dns`^Optional ```python dns: PodDnsProps ``` - *Type:* [`cdk8s_plus_21.PodDnsProps`](#cdk8s_plus_21.PodDnsProps) - *Default:* policy: DnsPolicy.CLUSTER_FIRST hostnameAsFQDN: false DNS settings for the pod. > https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ --- ##### `docker_registry_auth`^Optional ```python docker_registry_auth: DockerConfigSecret ``` - *Type:* [`cdk8s_plus_21.DockerConfigSecret`](#cdk8s_plus_21.DockerConfigSecret) - *Default:* No auth. Images are assumed to be publicly available. A secret containing docker credentials for authenticating to a registry. --- ##### `host_aliases`^Optional ```python host_aliases: typing.List[HostAlias] ``` - *Type:* typing.List[[`cdk8s_plus_21.HostAlias`](#cdk8s_plus_21.HostAlias)] HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. --- ##### `init_containers`^Optional ```python init_containers: typing.List[ContainerProps] ``` - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No init containers. List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added ,removed or updated. > https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ --- ##### `restart_policy`^Optional ```python restart_policy: RestartPolicy ``` - *Type:* [`cdk8s_plus_21.RestartPolicy`](#cdk8s_plus_21.RestartPolicy) - *Default:* RestartPolicy.ALWAYS Restart policy for all containers within the pod. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy --- ##### `security_context`^Optional ```python security_context: PodSecurityContextProps ``` - *Type:* [`cdk8s_plus_21.PodSecurityContextProps`](#cdk8s_plus_21.PodSecurityContextProps) - *Default:* fsGroupChangePolicy: FsGroupChangePolicy.FsGroupChangePolicy.ALWAYS ensureNonRoot: false SecurityContext holds pod-level security attributes and common container settings. --- ##### `service_account`^Optional ```python service_account: IServiceAccount ``` - *Type:* [`cdk8s_plus_21.IServiceAccount`](#cdk8s_plus_21.IServiceAccount) - *Default:* No service account. A service account provides an identity for processes that run in a Pod. When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default). > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ --- ##### `volumes`^Optional ```python volumes: typing.List[Volume] ``` - *Type:* typing.List[[`cdk8s_plus_21.Volume`](#cdk8s_plus_21.Volume)] - *Default:* No volumes. List of volumes that can be mounted by containers belonging to the pod. You can also add volumes later using `podSpec.addVolume()` > https://kubernetes.io/docs/concepts/storage/volumes --- ### AddDeploymentOptions Options to add a deployment to a service. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.AddDeploymentOptions( name: str = None, node_port: typing.Union[int, float] = None, protocol: Protocol = None, target_port: typing.Union[int, float] = None, port: typing.Union[int, float] = None ) ``` ##### `name`^Optional ```python name: str ``` - *Type:* `str` The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. This maps to the 'Name' field in EndpointPort objects. Optional if only one ServicePort is defined on this service. --- ##### `node_port`^Optional ```python node_port: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* auto-allocate a port if the ServiceType of this Service requires one. The port on each node on which this service is exposed when type=NodePort or LoadBalancer. Usually assigned by the system. If specified, it will be allocated to the service if unused or else creation of the service will fail. Default is to auto-allocate a port if the ServiceType of this Service requires one. > https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport --- ##### `protocol`^Optional ```python protocol: Protocol ``` - *Type:* [`cdk8s_plus_21.Protocol`](#cdk8s_plus_21.Protocol) - *Default:* Protocol.TCP The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. --- ##### `target_port`^Optional ```python target_port: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* The value of `port` will be used. The port number the service will redirect to. --- ##### `port`^Optional ```python port: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* Copied from the first container of the deployment. The port number the service will bind to. --- ### AddDirectoryOptions Options for `configmap.addDirectory()`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.AddDirectoryOptions( exclude: typing.List[str] = None, key_prefix: str = None ) ``` ##### `exclude`^Optional ```python exclude: typing.List[str] ``` - *Type:* typing.List[`str`] - *Default:* include all files Glob patterns to exclude when adding files. --- ##### `key_prefix`^Optional ```python key_prefix: str ``` - *Type:* `str` - *Default:* "" A prefix to add to all keys in the config map. --- ### ApiResourceOptions Options for `ApiResource`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.ApiResourceOptions( api_group: str, resource_type: str ) ``` ##### `api_group`^Required ```python api_group: str ``` - *Type:* `str` The group portion of the API version (e.g. `authorization.k8s.io`). --- ##### `resource_type`^Required ```python resource_type: str ``` - *Type:* `str` The name of the resource type as it appears in the relevant API endpoint. > https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources --- ### AwsElasticBlockStorePersistentVolumeProps Properties for `AwsElasticBlockStorePersistentVolume`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.AwsElasticBlockStorePersistentVolumeProps( metadata: ApiObjectMetadata = None, access_modes: typing.List[PersistentVolumeAccessMode] = None, claim: IPersistentVolumeClaim = None, mount_options: typing.List[str] = None, reclaim_policy: PersistentVolumeReclaimPolicy = None, storage: Size = None, storage_class_name: str = None, volume_mode: PersistentVolumeMode = None, volume_id: str, fs_type: str = None, partition: typing.Union[int, float] = None, read_only: bool = None ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `access_modes`^Optional ```python access_modes: typing.List[PersistentVolumeAccessMode] ``` - *Type:* typing.List[[`cdk8s_plus_21.PersistentVolumeAccessMode`](#cdk8s_plus_21.PersistentVolumeAccessMode)] - *Default:* No access modes. Contains all ways the volume can be mounted. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes --- ##### `claim`^Optional ```python claim: IPersistentVolumeClaim ``` - *Type:* [`cdk8s_plus_21.IPersistentVolumeClaim`](#cdk8s_plus_21.IPersistentVolumeClaim) - *Default:* Not bound to a specific claim. Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding --- ##### `mount_options`^Optional ```python mount_options: typing.List[str] ``` - *Type:* typing.List[`str`] - *Default:* No options. A list of mount options, e.g. ["ro", "soft"]. Not validated - mount will simply fail if one is invalid. > https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options --- ##### `reclaim_policy`^Optional ```python reclaim_policy: PersistentVolumeReclaimPolicy ``` - *Type:* [`cdk8s_plus_21.PersistentVolumeReclaimPolicy`](#cdk8s_plus_21.PersistentVolumeReclaimPolicy) - *Default:* PersistentVolumeReclaimPolicy.RETAIN When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource. The reclaim policy tells the cluster what to do with the volume after it has been released of its claim. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming --- ##### `storage`^Optional ```python storage: Size ``` - *Type:* [`cdk8s.Size`](#cdk8s.Size) - *Default:* No specified. What is the storage capacity of this volume. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources --- ##### `storage_class_name`^Optional ```python storage_class_name: str ``` - *Type:* `str` - *Default:* Volume does not belong to any storage class. Name of StorageClass to which this persistent volume belongs. --- ##### `volume_mode`^Optional ```python volume_mode: PersistentVolumeMode ``` - *Type:* [`cdk8s_plus_21.PersistentVolumeMode`](#cdk8s_plus_21.PersistentVolumeMode) - *Default:* VolumeMode.FILE_SYSTEM Defines what type of volume is required by the claim. --- ##### `volume_id`^Required ```python volume_id: str ``` - *Type:* `str` Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore > https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore --- ##### `fs_type`^Optional ```python fs_type: str ``` - *Type:* `str` - *Default:* 'ext4' Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. > https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore --- ##### `partition`^Optional ```python partition: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* No partition. The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). --- ##### `read_only`^Optional ```python read_only: bool ``` - *Type:* `bool` - *Default:* false Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". > https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore --- ### AwsElasticBlockStoreVolumeOptions Options of `Volume.fromAwsElasticBlockStore`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.AwsElasticBlockStoreVolumeOptions( fs_type: str = None, name: str = None, partition: typing.Union[int, float] = None, read_only: bool = None ) ``` ##### `fs_type`^Optional ```python fs_type: str ``` - *Type:* `str` - *Default:* 'ext4' Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. > https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore --- ##### `name`^Optional ```python name: str ``` - *Type:* `str` - *Default:* auto-generated The volume name. --- ##### `partition`^Optional ```python partition: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* No partition. The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). --- ##### `read_only`^Optional ```python read_only: bool ``` - *Type:* `bool` - *Default:* false Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". > https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore --- ### AzureDiskPersistentVolumeProps Properties for `AzureDiskPersistentVolume`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.AzureDiskPersistentVolumeProps( metadata: ApiObjectMetadata = None, access_modes: typing.List[PersistentVolumeAccessMode] = None, claim: IPersistentVolumeClaim = None, mount_options: typing.List[str] = None, reclaim_policy: PersistentVolumeReclaimPolicy = None, storage: Size = None, storage_class_name: str = None, volume_mode: PersistentVolumeMode = None, disk_name: str, disk_uri: str, caching_mode: AzureDiskPersistentVolumeCachingMode = None, fs_type: str = None, kind: AzureDiskPersistentVolumeKind = None, read_only: bool = None ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `access_modes`^Optional ```python access_modes: typing.List[PersistentVolumeAccessMode] ``` - *Type:* typing.List[[`cdk8s_plus_21.PersistentVolumeAccessMode`](#cdk8s_plus_21.PersistentVolumeAccessMode)] - *Default:* No access modes. Contains all ways the volume can be mounted. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes --- ##### `claim`^Optional ```python claim: IPersistentVolumeClaim ``` - *Type:* [`cdk8s_plus_21.IPersistentVolumeClaim`](#cdk8s_plus_21.IPersistentVolumeClaim) - *Default:* Not bound to a specific claim. Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding --- ##### `mount_options`^Optional ```python mount_options: typing.List[str] ``` - *Type:* typing.List[`str`] - *Default:* No options. A list of mount options, e.g. ["ro", "soft"]. Not validated - mount will simply fail if one is invalid. > https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options --- ##### `reclaim_policy`^Optional ```python reclaim_policy: PersistentVolumeReclaimPolicy ``` - *Type:* [`cdk8s_plus_21.PersistentVolumeReclaimPolicy`](#cdk8s_plus_21.PersistentVolumeReclaimPolicy) - *Default:* PersistentVolumeReclaimPolicy.RETAIN When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource. The reclaim policy tells the cluster what to do with the volume after it has been released of its claim. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming --- ##### `storage`^Optional ```python storage: Size ``` - *Type:* [`cdk8s.Size`](#cdk8s.Size) - *Default:* No specified. What is the storage capacity of this volume. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources --- ##### `storage_class_name`^Optional ```python storage_class_name: str ``` - *Type:* `str` - *Default:* Volume does not belong to any storage class. Name of StorageClass to which this persistent volume belongs. --- ##### `volume_mode`^Optional ```python volume_mode: PersistentVolumeMode ``` - *Type:* [`cdk8s_plus_21.PersistentVolumeMode`](#cdk8s_plus_21.PersistentVolumeMode) - *Default:* VolumeMode.FILE_SYSTEM Defines what type of volume is required by the claim. --- ##### `disk_name`^Required ```python disk_name: str ``` - *Type:* `str` The Name of the data disk in the blob storage. --- ##### `disk_uri`^Required ```python disk_uri: str ``` - *Type:* `str` The URI the data disk in the blob storage. --- ##### `caching_mode`^Optional ```python caching_mode: AzureDiskPersistentVolumeCachingMode ``` - *Type:* [`cdk8s_plus_21.AzureDiskPersistentVolumeCachingMode`](#cdk8s_plus_21.AzureDiskPersistentVolumeCachingMode) - *Default:* AzureDiskPersistentVolumeCachingMode.NONE. Host Caching mode. --- ##### `fs_type`^Optional ```python fs_type: str ``` - *Type:* `str` - *Default:* 'ext4' Filesystem type to mount. Must be a filesystem type supported by the host operating system. --- ##### `kind`^Optional ```python kind: AzureDiskPersistentVolumeKind ``` - *Type:* [`cdk8s_plus_21.AzureDiskPersistentVolumeKind`](#cdk8s_plus_21.AzureDiskPersistentVolumeKind) - *Default:* AzureDiskPersistentVolumeKind.SHARED Kind of disk. --- ##### `read_only`^Optional ```python read_only: bool ``` - *Type:* `bool` - *Default:* false Force the ReadOnly setting in VolumeMounts. --- ### AzureDiskVolumeOptions Options of `Volume.fromAzureDisk`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.AzureDiskVolumeOptions( caching_mode: AzureDiskPersistentVolumeCachingMode = None, fs_type: str = None, kind: AzureDiskPersistentVolumeKind = None, name: str = None, read_only: bool = None ) ``` ##### `caching_mode`^Optional ```python caching_mode: AzureDiskPersistentVolumeCachingMode ``` - *Type:* [`cdk8s_plus_21.AzureDiskPersistentVolumeCachingMode`](#cdk8s_plus_21.AzureDiskPersistentVolumeCachingMode) - *Default:* AzureDiskPersistentVolumeCachingMode.NONE. Host Caching mode. --- ##### `fs_type`^Optional ```python fs_type: str ``` - *Type:* `str` - *Default:* 'ext4' Filesystem type to mount. Must be a filesystem type supported by the host operating system. --- ##### `kind`^Optional ```python kind: AzureDiskPersistentVolumeKind ``` - *Type:* [`cdk8s_plus_21.AzureDiskPersistentVolumeKind`](#cdk8s_plus_21.AzureDiskPersistentVolumeKind) - *Default:* AzureDiskPersistentVolumeKind.SHARED Kind of disk. --- ##### `name`^Optional ```python name: str ``` - *Type:* `str` - *Default:* auto-generated The volume name. --- ##### `read_only`^Optional ```python read_only: bool ``` - *Type:* `bool` - *Default:* false Force the ReadOnly setting in VolumeMounts. --- ### BasicAuthSecretProps Options for `BasicAuthSecret`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.BasicAuthSecretProps( metadata: ApiObjectMetadata = None, immutable: bool = None, password: str, username: str ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `immutable`^Optional ```python immutable: bool ``` - *Type:* `bool` - *Default:* false If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. --- ##### `password`^Required ```python password: str ``` - *Type:* `str` The password or token for authentication. --- ##### `username`^Required ```python username: str ``` - *Type:* `str` The user name for authentication. --- ### ClusterRoleBindingProps Properties for `ClusterRoleBinding`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.ClusterRoleBindingProps( metadata: ApiObjectMetadata = None, role: IClusterRole ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `role`^Required ```python role: IClusterRole ``` - *Type:* [`cdk8s_plus_21.IClusterRole`](#cdk8s_plus_21.IClusterRole) The role to bind to. --- ### ClusterRolePolicyRule Policy rule of a `ClusterRole. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.ClusterRolePolicyRule( endpoints: typing.List[IApiEndpoint], verbs: typing.List[str] ) ``` ##### `endpoints`^Required ```python endpoints: typing.List[IApiEndpoint] ``` - *Type:* typing.List[[`cdk8s_plus_21.IApiEndpoint`](#cdk8s_plus_21.IApiEndpoint)] Endpoints this rule applies to. Can be either api resources or non api resources. --- ##### `verbs`^Required ```python verbs: typing.List[str] ``` - *Type:* typing.List[`str`] Verbs to allow. (e.g ['get', 'watch']) --- ### ClusterRoleProps Properties for `ClusterRole`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.ClusterRoleProps( metadata: ApiObjectMetadata = None, aggregation_labels: typing.Mapping[str] = None, rules: typing.List[ClusterRolePolicyRule] = None ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `aggregation_labels`^Optional ```python aggregation_labels: typing.Mapping[str] ``` - *Type:* typing.Mapping[`str`] Specify labels that should be used to locate ClusterRoles, whose rules will be automatically filled into this ClusterRole's rules. --- ##### `rules`^Optional ```python rules: typing.List[ClusterRolePolicyRule] ``` - *Type:* typing.List[[`cdk8s_plus_21.ClusterRolePolicyRule`](#cdk8s_plus_21.ClusterRolePolicyRule)] - *Default:* [] A list of rules the role should allow. --- ### CommandProbeOptions Options for `Probe.fromCommand()`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.CommandProbeOptions( failure_threshold: typing.Union[int, float] = None, initial_delay_seconds: Duration = None, period_seconds: Duration = None, success_threshold: typing.Union[int, float] = None, timeout_seconds: Duration = None ) ``` ##### `failure_threshold`^Optional ```python failure_threshold: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* 3 Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. --- ##### `initial_delay_seconds`^Optional ```python initial_delay_seconds: Duration ``` - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* immediate Number of seconds after the container has started before liveness probes are initiated. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes --- ##### `period_seconds`^Optional ```python period_seconds: Duration ``` - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* Duration.seconds(10) Minimum value is 1. How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. --- ##### `success_threshold`^Optional ```python success_threshold: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* 1 Must be 1 for liveness and startup. Minimum value is 1. Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. --- ##### `timeout_seconds`^Optional ```python timeout_seconds: Duration ``` - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* Duration.seconds(1) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes --- ### CommonSecretProps Common properties for `Secret`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.CommonSecretProps( metadata: ApiObjectMetadata = None, immutable: bool = None ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `immutable`^Optional ```python immutable: bool ``` - *Type:* `bool` - *Default:* false If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. --- ### ConfigMapProps Properties for initialization of `ConfigMap`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.ConfigMapProps( metadata: ApiObjectMetadata = None, binary_data: typing.Mapping[str] = None, data: typing.Mapping[str] = None, immutable: bool = None ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `binary_data`^Optional ```python binary_data: typing.Mapping[str] ``` - *Type:* typing.Mapping[`str`] BinaryData contains the binary data. Each key must consist of alphanumeric characters, '-', '_' or '.'. BinaryData can contain byte sequences that are not in the UTF-8 range. The keys stored in BinaryData must not overlap with the ones in the Data field, this is enforced during validation process. You can also add binary data using `configMap.addBinaryData()`. --- ##### `data`^Optional ```python data: typing.Mapping[str] ``` - *Type:* typing.Mapping[`str`] Data contains the configuration data. Each key must consist of alphanumeric characters, '-', '_' or '.'. Values with non-UTF-8 byte sequences must use the BinaryData field. The keys stored in Data must not overlap with the keys in the BinaryData field, this is enforced during validation process. You can also add data using `configMap.addData()`. --- ##### `immutable`^Optional ```python immutable: bool ``` - *Type:* `bool` - *Default:* false If set to true, ensures that data stored in the ConfigMap cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. --- ### ConfigMapVolumeOptions Options for the ConfigMap-based volume. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.ConfigMapVolumeOptions( default_mode: typing.Union[int, float] = None, items: typing.Mapping[PathMapping] = None, name: str = None, optional: bool = None ) ``` ##### `default_mode`^Optional ```python default_mode: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. Mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. --- ##### `items`^Optional ```python items: typing.Mapping[PathMapping] ``` - *Type:* typing.Mapping[[`cdk8s_plus_21.PathMapping`](#cdk8s_plus_21.PathMapping)] - *Default:* no mapping If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. --- ##### `name`^Optional ```python name: str ``` - *Type:* `str` - *Default:* auto-generated The volume name. --- ##### `optional`^Optional ```python optional: bool ``` - *Type:* `bool` - *Default:* undocumented Specify whether the ConfigMap or its keys must be defined. --- ### ContainerLifecycle Container lifecycle properties. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.ContainerLifecycle( post_start: Handler = None, pre_stop: Handler = None ) ``` ##### `post_start`^Optional ```python post_start: Handler ``` - *Type:* [`cdk8s_plus_21.Handler`](#cdk8s_plus_21.Handler) - *Default:* No post start handler. This hook is executed immediately after a container is created. However, there is no guarantee that the hook will execute before the container ENTRYPOINT. --- ##### `pre_stop`^Optional ```python pre_stop: Handler ``` - *Type:* [`cdk8s_plus_21.Handler`](#cdk8s_plus_21.Handler) - *Default:* No pre stop handler. This hook is called immediately before a container is terminated due to an API request or management event such as a liveness/startup probe failure, preemption, resource contention and others. A call to the PreStop hook fails if the container is already in a terminated or completed state and the hook must complete before the TERM signal to stop the container can be sent. The Pod's termination grace period countdown begins before the PreStop hook is executed, so regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. No parameters are passed to the handler. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination --- ### ContainerProps Properties for creating a container. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.ContainerProps( image: str, args: typing.List[str] = None, command: typing.List[str] = None, env_from: typing.List[EnvFrom] = None, env_variables: typing.Mapping[EnvValue] = None, image_pull_policy: ImagePullPolicy = None, lifecycle: ContainerLifecycle = None, liveness: Probe = None, name: str = None, port: typing.Union[int, float] = None, readiness: Probe = None, resources: ContainerResources = None, security_context: ContainerSecurityContextProps = None, startup: Probe = None, volume_mounts: typing.List[VolumeMount] = None, working_dir: str = None ) ``` ##### `image`^Required ```python image: str ``` - *Type:* `str` Docker image name. --- ##### `args`^Optional ```python args: typing.List[str] ``` - *Type:* typing.List[`str`] - *Default:* [] Arguments to the entrypoint. The docker image's CMD is used if `command` is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. > https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell --- ##### `command`^Optional ```python command: typing.List[str] ``` - *Type:* typing.List[`str`] - *Default:* The docker image's ENTRYPOINT. Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell --- ##### `env_from`^Optional ```python env_from: typing.List[EnvFrom] ``` - *Type:* typing.List[[`cdk8s_plus_21.EnvFrom`](#cdk8s_plus_21.EnvFrom)] - *Default:* No sources. List of sources to populate environment variables in the container. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by the `envVariables` property with a duplicate key will take precedence. --- ##### `env_variables`^Optional ```python env_variables: typing.Mapping[EnvValue] ``` - *Type:* typing.Mapping[[`cdk8s_plus_21.EnvValue`](#cdk8s_plus_21.EnvValue)] - *Default:* No environment variables. Environment variables to set in the container. --- ##### `image_pull_policy`^Optional ```python image_pull_policy: ImagePullPolicy ``` - *Type:* [`cdk8s_plus_21.ImagePullPolicy`](#cdk8s_plus_21.ImagePullPolicy) - *Default:* ImagePullPolicy.ALWAYS Image pull policy for this container. --- ##### `lifecycle`^Optional ```python lifecycle: ContainerLifecycle ``` - *Type:* [`cdk8s_plus_21.ContainerLifecycle`](#cdk8s_plus_21.ContainerLifecycle) Describes actions that the management system should take in response to container lifecycle events. --- ##### `liveness`^Optional ```python liveness: Probe ``` - *Type:* [`cdk8s_plus_21.Probe`](#cdk8s_plus_21.Probe) - *Default:* no liveness probe is defined Periodic probe of container liveness. Container will be restarted if the probe fails. --- ##### `name`^Optional ```python name: str ``` - *Type:* `str` - *Default:* 'main' Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. --- ##### `port`^Optional ```python port: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* No port is exposed. Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. --- ##### `readiness`^Optional ```python readiness: Probe ``` - *Type:* [`cdk8s_plus_21.Probe`](#cdk8s_plus_21.Probe) - *Default:* no readiness probe is defined Determines when the container is ready to serve traffic. --- ##### `resources`^Optional ```python resources: ContainerResources ``` - *Type:* [`cdk8s_plus_21.ContainerResources`](#cdk8s_plus_21.ContainerResources) Compute resources (CPU and memory requests and limits) required by the container. > https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ --- ##### `security_context`^Optional ```python security_context: ContainerSecurityContextProps ``` - *Type:* [`cdk8s_plus_21.ContainerSecurityContextProps`](#cdk8s_plus_21.ContainerSecurityContextProps) - *Default:* ensureNonRoot: false privileged: false readOnlyRootFilesystem: false SecurityContext defines the security options the container should be run with. If set, the fields override equivalent fields of the pod's security context. > https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ --- ##### `startup`^Optional ```python startup: Probe ``` - *Type:* [`cdk8s_plus_21.Probe`](#cdk8s_plus_21.Probe) - *Default:* no startup probe is defined. StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully --- ##### `volume_mounts`^Optional ```python volume_mounts: typing.List[VolumeMount] ``` - *Type:* typing.List[[`cdk8s_plus_21.VolumeMount`](#cdk8s_plus_21.VolumeMount)] Pod volumes to mount into the container's filesystem. Cannot be updated. --- ##### `working_dir`^Optional ```python working_dir: str ``` - *Type:* `str` - *Default:* The container runtime's default. Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. --- ### ContainerResources CPU and memory compute resources. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.ContainerResources( cpu: CpuResources, memory: MemoryResources ) ``` ##### `cpu`^Required ```python cpu: CpuResources ``` - *Type:* [`cdk8s_plus_21.CpuResources`](#cdk8s_plus_21.CpuResources) --- ##### `memory`^Required ```python memory: MemoryResources ``` - *Type:* [`cdk8s_plus_21.MemoryResources`](#cdk8s_plus_21.MemoryResources) --- ### ContainerSecurityContextProps Properties for `ContainerSecurityContext`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.ContainerSecurityContextProps( ensure_non_root: bool = None, group: typing.Union[int, float] = None, privileged: bool = None, read_only_root_filesystem: bool = None, user: typing.Union[int, float] = None ) ``` ##### `ensure_non_root`^Optional ```python ensure_non_root: bool ``` - *Type:* `bool` - *Default:* false Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. --- ##### `group`^Optional ```python group: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* Group configured by container runtime The GID to run the entrypoint of the container process. --- ##### `privileged`^Optional ```python privileged: bool ``` - *Type:* `bool` - *Default:* false Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. --- ##### `read_only_root_filesystem`^Optional ```python read_only_root_filesystem: bool ``` - *Type:* `bool` - *Default:* false Whether this container has a read-only root filesystem. --- ##### `user`^Optional ```python user: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* User specified in image metadata The UID to run the entrypoint of the container process. --- ### CpuResources CPU request and limit. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.CpuResources( limit: Cpu, request: Cpu ) ``` ##### `limit`^Required ```python limit: Cpu ``` - *Type:* [`cdk8s_plus_21.Cpu`](#cdk8s_plus_21.Cpu) --- ##### `request`^Required ```python request: Cpu ``` - *Type:* [`cdk8s_plus_21.Cpu`](#cdk8s_plus_21.Cpu) --- ### DaemonSetProps Properties for `DaemonSet`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.DaemonSetProps( metadata: ApiObjectMetadata = None, automount_service_account_token: bool = None, containers: typing.List[ContainerProps] = None, dns: PodDnsProps = None, docker_registry_auth: DockerConfigSecret = None, host_aliases: typing.List[HostAlias] = None, init_containers: typing.List[ContainerProps] = None, restart_policy: RestartPolicy = None, security_context: PodSecurityContextProps = None, service_account: IServiceAccount = None, volumes: typing.List[Volume] = None, pod_metadata: ApiObjectMetadata = None, select: bool = None, min_ready_seconds: typing.Union[int, float] = None ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `automount_service_account_token`^Optional ```python automount_service_account_token: bool ``` - *Type:* `bool` - *Default:* true Indicates whether a service account token should be automatically mounted. > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server --- ##### `containers`^Optional ```python containers: typing.List[ContainerProps] ``` - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No containers. Note that a pod spec must include at least one container. List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. You can add additionnal containers using `podSpec.addContainer()` --- ##### `dns`^Optional ```python dns: PodDnsProps ``` - *Type:* [`cdk8s_plus_21.PodDnsProps`](#cdk8s_plus_21.PodDnsProps) - *Default:* policy: DnsPolicy.CLUSTER_FIRST hostnameAsFQDN: false DNS settings for the pod. > https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ --- ##### `docker_registry_auth`^Optional ```python docker_registry_auth: DockerConfigSecret ``` - *Type:* [`cdk8s_plus_21.DockerConfigSecret`](#cdk8s_plus_21.DockerConfigSecret) - *Default:* No auth. Images are assumed to be publicly available. A secret containing docker credentials for authenticating to a registry. --- ##### `host_aliases`^Optional ```python host_aliases: typing.List[HostAlias] ``` - *Type:* typing.List[[`cdk8s_plus_21.HostAlias`](#cdk8s_plus_21.HostAlias)] HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. --- ##### `init_containers`^Optional ```python init_containers: typing.List[ContainerProps] ``` - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No init containers. List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added ,removed or updated. > https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ --- ##### `restart_policy`^Optional ```python restart_policy: RestartPolicy ``` - *Type:* [`cdk8s_plus_21.RestartPolicy`](#cdk8s_plus_21.RestartPolicy) - *Default:* RestartPolicy.ALWAYS Restart policy for all containers within the pod. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy --- ##### `security_context`^Optional ```python security_context: PodSecurityContextProps ``` - *Type:* [`cdk8s_plus_21.PodSecurityContextProps`](#cdk8s_plus_21.PodSecurityContextProps) - *Default:* fsGroupChangePolicy: FsGroupChangePolicy.FsGroupChangePolicy.ALWAYS ensureNonRoot: false SecurityContext holds pod-level security attributes and common container settings. --- ##### `service_account`^Optional ```python service_account: IServiceAccount ``` - *Type:* [`cdk8s_plus_21.IServiceAccount`](#cdk8s_plus_21.IServiceAccount) - *Default:* No service account. A service account provides an identity for processes that run in a Pod. When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default). > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ --- ##### `volumes`^Optional ```python volumes: typing.List[Volume] ``` - *Type:* typing.List[[`cdk8s_plus_21.Volume`](#cdk8s_plus_21.Volume)] - *Default:* No volumes. List of volumes that can be mounted by containers belonging to the pod. You can also add volumes later using `podSpec.addVolume()` > https://kubernetes.io/docs/concepts/storage/volumes --- ##### `pod_metadata`^Optional ```python pod_metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) The pod metadata of this workload. --- ##### `select`^Optional ```python select: bool ``` - *Type:* `bool` - *Default:* true Automatically allocates a pod label selector for this workload and add it to the pod metadata. This ensures this workload manages pods created by its pod template. --- ##### `min_ready_seconds`^Optional ```python min_ready_seconds: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* 0 Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. --- ### DeploymentProps Properties for `Deployment`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.DeploymentProps( metadata: ApiObjectMetadata = None, automount_service_account_token: bool = None, containers: typing.List[ContainerProps] = None, dns: PodDnsProps = None, docker_registry_auth: DockerConfigSecret = None, host_aliases: typing.List[HostAlias] = None, init_containers: typing.List[ContainerProps] = None, restart_policy: RestartPolicy = None, security_context: PodSecurityContextProps = None, service_account: IServiceAccount = None, volumes: typing.List[Volume] = None, pod_metadata: ApiObjectMetadata = None, select: bool = None, min_ready: Duration = None, progress_deadline: Duration = None, replicas: typing.Union[int, float] = None, strategy: DeploymentStrategy = None ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `automount_service_account_token`^Optional ```python automount_service_account_token: bool ``` - *Type:* `bool` - *Default:* true Indicates whether a service account token should be automatically mounted. > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server --- ##### `containers`^Optional ```python containers: typing.List[ContainerProps] ``` - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No containers. Note that a pod spec must include at least one container. List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. You can add additionnal containers using `podSpec.addContainer()` --- ##### `dns`^Optional ```python dns: PodDnsProps ``` - *Type:* [`cdk8s_plus_21.PodDnsProps`](#cdk8s_plus_21.PodDnsProps) - *Default:* policy: DnsPolicy.CLUSTER_FIRST hostnameAsFQDN: false DNS settings for the pod. > https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ --- ##### `docker_registry_auth`^Optional ```python docker_registry_auth: DockerConfigSecret ``` - *Type:* [`cdk8s_plus_21.DockerConfigSecret`](#cdk8s_plus_21.DockerConfigSecret) - *Default:* No auth. Images are assumed to be publicly available. A secret containing docker credentials for authenticating to a registry. --- ##### `host_aliases`^Optional ```python host_aliases: typing.List[HostAlias] ``` - *Type:* typing.List[[`cdk8s_plus_21.HostAlias`](#cdk8s_plus_21.HostAlias)] HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. --- ##### `init_containers`^Optional ```python init_containers: typing.List[ContainerProps] ``` - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No init containers. List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added ,removed or updated. > https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ --- ##### `restart_policy`^Optional ```python restart_policy: RestartPolicy ``` - *Type:* [`cdk8s_plus_21.RestartPolicy`](#cdk8s_plus_21.RestartPolicy) - *Default:* RestartPolicy.ALWAYS Restart policy for all containers within the pod. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy --- ##### `security_context`^Optional ```python security_context: PodSecurityContextProps ``` - *Type:* [`cdk8s_plus_21.PodSecurityContextProps`](#cdk8s_plus_21.PodSecurityContextProps) - *Default:* fsGroupChangePolicy: FsGroupChangePolicy.FsGroupChangePolicy.ALWAYS ensureNonRoot: false SecurityContext holds pod-level security attributes and common container settings. --- ##### `service_account`^Optional ```python service_account: IServiceAccount ``` - *Type:* [`cdk8s_plus_21.IServiceAccount`](#cdk8s_plus_21.IServiceAccount) - *Default:* No service account. A service account provides an identity for processes that run in a Pod. When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default). > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ --- ##### `volumes`^Optional ```python volumes: typing.List[Volume] ``` - *Type:* typing.List[[`cdk8s_plus_21.Volume`](#cdk8s_plus_21.Volume)] - *Default:* No volumes. List of volumes that can be mounted by containers belonging to the pod. You can also add volumes later using `podSpec.addVolume()` > https://kubernetes.io/docs/concepts/storage/volumes --- ##### `pod_metadata`^Optional ```python pod_metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) The pod metadata of this workload. --- ##### `select`^Optional ```python select: bool ``` - *Type:* `bool` - *Default:* true Automatically allocates a pod label selector for this workload and add it to the pod metadata. This ensures this workload manages pods created by its pod template. --- ##### `min_ready`^Optional ```python min_ready: Duration ``` - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* Duration.seconds(0) Minimum duration for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Zero means the pod will be considered available as soon as it is ready. > https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#min-ready-seconds --- ##### `progress_deadline`^Optional ```python progress_deadline: Duration ``` - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* Duration.seconds(600) The maximum duration for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. > https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#progress-deadline-seconds --- ##### `replicas`^Optional ```python replicas: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* 1 Number of desired pods. --- ##### `strategy`^Optional ```python strategy: DeploymentStrategy ``` - *Type:* [`cdk8s_plus_21.DeploymentStrategy`](#cdk8s_plus_21.DeploymentStrategy) - *Default:* RollingUpdate with maxSurge and maxUnavailable set to 25%. Specifies the strategy used to replace old Pods by new ones. --- ### DeploymentStrategyRollingUpdateOptions Options for `DeploymentStrategy.rollingUpdate`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.DeploymentStrategyRollingUpdateOptions( max_surge: PercentOrAbsolute = None, max_unavailable: PercentOrAbsolute = None ) ``` ##### `max_surge`^Optional ```python max_surge: PercentOrAbsolute ``` - *Type:* [`cdk8s_plus_21.PercentOrAbsolute`](#cdk8s_plus_21.PercentOrAbsolute) - *Default:* '25%' The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding up. This can not be 0 if `maxUnavailable` is 0. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods. --- ##### `max_unavailable`^Optional ```python max_unavailable: PercentOrAbsolute ``` - *Type:* [`cdk8s_plus_21.PercentOrAbsolute`](#cdk8s_plus_21.PercentOrAbsolute) - *Default:* '25%' The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if `maxSurge` is 0. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods. --- ### DnsOption Custom DNS option. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.DnsOption( name: str, value: str = None ) ``` ##### `name`^Required ```python name: str ``` - *Type:* `str` Option name. --- ##### `value`^Optional ```python value: str ``` - *Type:* `str` - *Default:* No value. Option value. --- ### DockerConfigSecretProps Options for `DockerConfigSecret`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.DockerConfigSecretProps( metadata: ApiObjectMetadata = None, immutable: bool = None, data: typing.Mapping[typing.Any] ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `immutable`^Optional ```python immutable: bool ``` - *Type:* `bool` - *Default:* false If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. --- ##### `data`^Required ```python data: typing.Mapping[typing.Any] ``` - *Type:* typing.Mapping[`typing.Any`] JSON content to provide for the `~/.docker/config.json` file. This will be stringified and inserted as stringData. > https://docs.docker.com/engine/reference/commandline/cli/#sample-configuration-file --- ### EmptyDirVolumeOptions Options for volumes populated with an empty directory. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.EmptyDirVolumeOptions( medium: EmptyDirMedium = None, size_limit: Size = None ) ``` ##### `medium`^Optional ```python medium: EmptyDirMedium ``` - *Type:* [`cdk8s_plus_21.EmptyDirMedium`](#cdk8s_plus_21.EmptyDirMedium) - *Default:* EmptyDirMedium.DEFAULT By default, emptyDir volumes are stored on whatever medium is backing the node - that might be disk or SSD or network storage, depending on your environment. However, you can set the emptyDir.medium field to `EmptyDirMedium.MEMORY` to tell Kubernetes to mount a tmpfs (RAM-backed filesystem) for you instead. While tmpfs is very fast, be aware that unlike disks, tmpfs is cleared on node reboot and any files you write will count against your Container's memory limit. --- ##### `size_limit`^Optional ```python size_limit: Size ``` - *Type:* [`cdk8s.Size`](#cdk8s.Size) - *Default:* limit is undefined Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. --- ### EnvValueFromConfigMapOptions Options to specify an envionment variable value from a ConfigMap key. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.EnvValueFromConfigMapOptions( optional: bool = None ) ``` ##### `optional`^Optional ```python optional: bool ``` - *Type:* `bool` - *Default:* false Specify whether the ConfigMap or its key must be defined. --- ### EnvValueFromFieldRefOptions Options to specify an environment variable value from a field reference. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.EnvValueFromFieldRefOptions( api_version: str = None, key: str = None ) ``` ##### `api_version`^Optional ```python api_version: str ``` - *Type:* `str` Version of the schema the FieldPath is written in terms of. --- ##### `key`^Optional ```python key: str ``` - *Type:* `str` The key to select the pod label or annotation. --- ### EnvValueFromProcessOptions Options to specify an environment variable value from the process environment. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.EnvValueFromProcessOptions( required: bool = None ) ``` ##### `required`^Optional ```python required: bool ``` - *Type:* `bool` - *Default:* false Specify whether the key must exist in the environment. If this is set to true, and the key does not exist, an error will thrown. --- ### EnvValueFromResourceOptions Options to specify an environment variable value from a resource. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.EnvValueFromResourceOptions( container: Container = None, divisor: str = None ) ``` ##### `container`^Optional ```python container: Container ``` - *Type:* [`cdk8s_plus_21.Container`](#cdk8s_plus_21.Container) The container to select the value from. --- ##### `divisor`^Optional ```python divisor: str ``` - *Type:* `str` The output format of the exposed resource. --- ### EnvValueFromSecretOptions Options to specify an environment variable value from a Secret. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.EnvValueFromSecretOptions( optional: bool = None ) ``` ##### `optional`^Optional ```python optional: bool ``` - *Type:* `bool` - *Default:* false Specify whether the Secret or its key must be defined. --- ### ExposeDeploymentViaIngressOptions Options for exposing a deployment via an ingress. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.ExposeDeploymentViaIngressOptions( name: str = None, port: typing.Union[int, float] = None, protocol: Protocol = None, service_type: ServiceType = None, target_port: typing.Union[int, float] = None, ingress: IngressV1Beta1 = None ) ``` ##### `name`^Optional ```python name: str ``` - *Type:* `str` - *Default:* undefined Uses the system generated name. The name of the service to expose. This will be set on the Service.metadata and must be a DNS_LABEL --- ##### `port`^Optional ```python port: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* Copied from the container of the deployment. If a port could not be determined, throws an error. The port that the service should serve on. --- ##### `protocol`^Optional ```python protocol: Protocol ``` - *Type:* [`cdk8s_plus_21.Protocol`](#cdk8s_plus_21.Protocol) - *Default:* Protocol.TCP The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. --- ##### `service_type`^Optional ```python service_type: ServiceType ``` - *Type:* [`cdk8s_plus_21.ServiceType`](#cdk8s_plus_21.ServiceType) - *Default:* ClusterIP. The type of the exposed service. --- ##### `target_port`^Optional ```python target_port: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* The port of the first container in the deployment (ie. containers[0].port) The port number the service will redirect to. --- ##### `ingress`^Optional ```python ingress: IngressV1Beta1 ``` - *Type:* [`cdk8s_plus_21.IngressV1Beta1`](#cdk8s_plus_21.IngressV1Beta1) - *Default:* An ingress will be automatically created. The ingress to add rules to. --- ### ExposeDeploymentViaServiceOptions Options for exposing a deployment via a service. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.ExposeDeploymentViaServiceOptions( name: str = None, port: typing.Union[int, float] = None, protocol: Protocol = None, service_type: ServiceType = None, target_port: typing.Union[int, float] = None ) ``` ##### `name`^Optional ```python name: str ``` - *Type:* `str` - *Default:* undefined Uses the system generated name. The name of the service to expose. This will be set on the Service.metadata and must be a DNS_LABEL --- ##### `port`^Optional ```python port: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* Copied from the container of the deployment. If a port could not be determined, throws an error. The port that the service should serve on. --- ##### `protocol`^Optional ```python protocol: Protocol ``` - *Type:* [`cdk8s_plus_21.Protocol`](#cdk8s_plus_21.Protocol) - *Default:* Protocol.TCP The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. --- ##### `service_type`^Optional ```python service_type: ServiceType ``` - *Type:* [`cdk8s_plus_21.ServiceType`](#cdk8s_plus_21.ServiceType) - *Default:* ClusterIP. The type of the exposed service. --- ##### `target_port`^Optional ```python target_port: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* The port of the first container in the deployment (ie. containers[0].port) The port number the service will redirect to. --- ### ExposeServiceViaIngressOptions Options for exposing a service using an ingress. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.ExposeServiceViaIngressOptions( ingress: IngressV1Beta1 = None ) ``` ##### `ingress`^Optional ```python ingress: IngressV1Beta1 ``` - *Type:* [`cdk8s_plus_21.IngressV1Beta1`](#cdk8s_plus_21.IngressV1Beta1) - *Default:* An ingress will be automatically created. The ingress to add rules to. --- ### GCEPersistentDiskPersistentVolumeProps Properties for `GCEPersistentDiskPersistentVolume`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.GCEPersistentDiskPersistentVolumeProps( metadata: ApiObjectMetadata = None, access_modes: typing.List[PersistentVolumeAccessMode] = None, claim: IPersistentVolumeClaim = None, mount_options: typing.List[str] = None, reclaim_policy: PersistentVolumeReclaimPolicy = None, storage: Size = None, storage_class_name: str = None, volume_mode: PersistentVolumeMode = None, pd_name: str, fs_type: str = None, partition: typing.Union[int, float] = None, read_only: bool = None ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `access_modes`^Optional ```python access_modes: typing.List[PersistentVolumeAccessMode] ``` - *Type:* typing.List[[`cdk8s_plus_21.PersistentVolumeAccessMode`](#cdk8s_plus_21.PersistentVolumeAccessMode)] - *Default:* No access modes. Contains all ways the volume can be mounted. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes --- ##### `claim`^Optional ```python claim: IPersistentVolumeClaim ``` - *Type:* [`cdk8s_plus_21.IPersistentVolumeClaim`](#cdk8s_plus_21.IPersistentVolumeClaim) - *Default:* Not bound to a specific claim. Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding --- ##### `mount_options`^Optional ```python mount_options: typing.List[str] ``` - *Type:* typing.List[`str`] - *Default:* No options. A list of mount options, e.g. ["ro", "soft"]. Not validated - mount will simply fail if one is invalid. > https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options --- ##### `reclaim_policy`^Optional ```python reclaim_policy: PersistentVolumeReclaimPolicy ``` - *Type:* [`cdk8s_plus_21.PersistentVolumeReclaimPolicy`](#cdk8s_plus_21.PersistentVolumeReclaimPolicy) - *Default:* PersistentVolumeReclaimPolicy.RETAIN When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource. The reclaim policy tells the cluster what to do with the volume after it has been released of its claim. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming --- ##### `storage`^Optional ```python storage: Size ``` - *Type:* [`cdk8s.Size`](#cdk8s.Size) - *Default:* No specified. What is the storage capacity of this volume. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources --- ##### `storage_class_name`^Optional ```python storage_class_name: str ``` - *Type:* `str` - *Default:* Volume does not belong to any storage class. Name of StorageClass to which this persistent volume belongs. --- ##### `volume_mode`^Optional ```python volume_mode: PersistentVolumeMode ``` - *Type:* [`cdk8s_plus_21.PersistentVolumeMode`](#cdk8s_plus_21.PersistentVolumeMode) - *Default:* VolumeMode.FILE_SYSTEM Defines what type of volume is required by the claim. --- ##### `pd_name`^Required ```python pd_name: str ``` - *Type:* `str` Unique name of the PD resource in GCE. Used to identify the disk in GCE. > https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk --- ##### `fs_type`^Optional ```python fs_type: str ``` - *Type:* `str` - *Default:* 'ext4' Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. > https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore --- ##### `partition`^Optional ```python partition: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* No partition. The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). --- ##### `read_only`^Optional ```python read_only: bool ``` - *Type:* `bool` - *Default:* false Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". > https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore --- ### GCEPersistentDiskVolumeOptions Options of `Volume.fromGcePersistentDisk`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.GCEPersistentDiskVolumeOptions( fs_type: str = None, name: str = None, partition: typing.Union[int, float] = None, read_only: bool = None ) ``` ##### `fs_type`^Optional ```python fs_type: str ``` - *Type:* `str` - *Default:* 'ext4' Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. > https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore --- ##### `name`^Optional ```python name: str ``` - *Type:* `str` - *Default:* auto-generated The volume name. --- ##### `partition`^Optional ```python partition: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* No partition. The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). --- ##### `read_only`^Optional ```python read_only: bool ``` - *Type:* `bool` - *Default:* false Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". > https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore --- ### GroupProps Properties for `Group`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.GroupProps( name: str ) ``` ##### `name`^Required ```python name: str ``` - *Type:* `str` The name of the group. --- ### HandlerFromHttpGetOptions Options for `Handler.fromHttpGet`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.HandlerFromHttpGetOptions( port: typing.Union[int, float] = None ) ``` ##### `port`^Optional ```python port: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* defaults to `container.port`. The TCP port to use when sending the GET request. --- ### HandlerFromTcpSocketOptions Options for `Handler.fromTcpSocket`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.HandlerFromTcpSocketOptions( host: str = None, port: typing.Union[int, float] = None ) ``` ##### `host`^Optional ```python host: str ``` - *Type:* `str` - *Default:* defaults to the pod IP The host name to connect to on the container. --- ##### `port`^Optional ```python port: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* defaults to `container.port`. The TCP port to connect to on the container. --- ### HostAlias HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's /etc/hosts file. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.HostAlias( hostnames: typing.List[str], ip: str ) ``` ##### `hostnames`^Required ```python hostnames: typing.List[str] ``` - *Type:* typing.List[`str`] Hostnames for the chosen IP address. --- ##### `ip`^Required ```python ip: str ``` - *Type:* `str` IP address of the host file entry. --- ### HttpGetProbeOptions Options for `Probe.fromHttpGet()`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.HttpGetProbeOptions( failure_threshold: typing.Union[int, float] = None, initial_delay_seconds: Duration = None, period_seconds: Duration = None, success_threshold: typing.Union[int, float] = None, timeout_seconds: Duration = None, port: typing.Union[int, float] = None ) ``` ##### `failure_threshold`^Optional ```python failure_threshold: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* 3 Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. --- ##### `initial_delay_seconds`^Optional ```python initial_delay_seconds: Duration ``` - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* immediate Number of seconds after the container has started before liveness probes are initiated. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes --- ##### `period_seconds`^Optional ```python period_seconds: Duration ``` - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* Duration.seconds(10) Minimum value is 1. How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. --- ##### `success_threshold`^Optional ```python success_threshold: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* 1 Must be 1 for liveness and startup. Minimum value is 1. Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. --- ##### `timeout_seconds`^Optional ```python timeout_seconds: Duration ``` - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* Duration.seconds(1) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes --- ##### `port`^Optional ```python port: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* defaults to `container.port`. The TCP port to use when sending the GET request. --- ### IngressV1Beta1Props Properties for `Ingress`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.IngressV1Beta1Props( metadata: ApiObjectMetadata = None, default_backend: IngressV1Beta1Backend = None, rules: typing.List[IngressV1Beta1Rule] = None, tls: typing.List[IngressV1Beta1Tls] = None ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `default_backend`^Optional ```python default_backend: IngressV1Beta1Backend ``` - *Type:* [`cdk8s_plus_21.IngressV1Beta1Backend`](#cdk8s_plus_21.IngressV1Beta1Backend) The default backend services requests that do not match any rule. Using this option or the `addDefaultBackend()` method is equivalent to adding a rule with both `path` and `host` undefined. --- ##### `rules`^Optional ```python rules: typing.List[IngressV1Beta1Rule] ``` - *Type:* typing.List[[`cdk8s_plus_21.IngressV1Beta1Rule`](#cdk8s_plus_21.IngressV1Beta1Rule)] Routing rules for this ingress. Each rule must define an `IngressBackend` that will receive the requests that match this rule. If both `host` and `path` are not specifiec, this backend will be used as the default backend of the ingress. You can also add rules later using `addRule()`, `addHostRule()`, `addDefaultBackend()` and `addHostDefaultBackend()`. --- ##### `tls`^Optional ```python tls: typing.List[IngressV1Beta1Tls] ``` - *Type:* typing.List[[`cdk8s_plus_21.IngressV1Beta1Tls`](#cdk8s_plus_21.IngressV1Beta1Tls)] TLS settings for this ingress. Using this option tells the ingress controller to expose a TLS endpoint. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI. --- ### IngressV1Beta1Rule Represents the rules mapping the paths under a specified host to the related backend services. Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching path. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.IngressV1Beta1Rule( backend: IngressV1Beta1Backend, host: str = None, path: str = None ) ``` ##### `backend`^Required ```python backend: IngressV1Beta1Backend ``` - *Type:* [`cdk8s_plus_21.IngressV1Beta1Backend`](#cdk8s_plus_21.IngressV1Beta1Backend) Backend defines the referenced service endpoint to which the traffic will be forwarded to. --- ##### `host`^Optional ```python host: str ``` - *Type:* `str` - *Default:* If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in the RFC: 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the IP in the Spec of the parent Ingress. 2. The `:` delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. Incoming requests are matched against the host before the IngressRuleValue. --- ##### `path`^Optional ```python path: str ``` - *Type:* `str` - *Default:* If unspecified, the path defaults to a catch all sending traffic to the backend. Path is an extended POSIX regex as defined by IEEE Std 1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax) matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/'. --- ### IngressV1Beta1Tls Represents the TLS configuration mapping that is passed to the ingress controller for SSL termination. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.IngressV1Beta1Tls( hosts: typing.List[str] = None, secret: ISecret = None ) ``` ##### `hosts`^Optional ```python hosts: typing.List[str] ``` - *Type:* typing.List[`str`] - *Default:* If unspecified, it defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress. Hosts are a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the TLS Secret. --- ##### `secret`^Optional ```python secret: ISecret ``` - *Type:* [`cdk8s_plus_21.ISecret`](#cdk8s_plus_21.ISecret) - *Default:* If unspecified, it allows SSL routing based on SNI hostname. Secret is the secret that contains the certificate and key used to terminate SSL traffic on 443. If the SNI host in a listener conflicts with the "Host" header field used by an IngressRule, the SNI host is used for termination and value of the Host header is used for routing. --- ### JobProps Properties for `Job`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.JobProps( metadata: ApiObjectMetadata = None, automount_service_account_token: bool = None, containers: typing.List[ContainerProps] = None, dns: PodDnsProps = None, docker_registry_auth: DockerConfigSecret = None, host_aliases: typing.List[HostAlias] = None, init_containers: typing.List[ContainerProps] = None, restart_policy: RestartPolicy = None, security_context: PodSecurityContextProps = None, service_account: IServiceAccount = None, volumes: typing.List[Volume] = None, pod_metadata: ApiObjectMetadata = None, select: bool = None, active_deadline: Duration = None, backoff_limit: typing.Union[int, float] = None, ttl_after_finished: Duration = None ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `automount_service_account_token`^Optional ```python automount_service_account_token: bool ``` - *Type:* `bool` - *Default:* true Indicates whether a service account token should be automatically mounted. > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server --- ##### `containers`^Optional ```python containers: typing.List[ContainerProps] ``` - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No containers. Note that a pod spec must include at least one container. List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. You can add additionnal containers using `podSpec.addContainer()` --- ##### `dns`^Optional ```python dns: PodDnsProps ``` - *Type:* [`cdk8s_plus_21.PodDnsProps`](#cdk8s_plus_21.PodDnsProps) - *Default:* policy: DnsPolicy.CLUSTER_FIRST hostnameAsFQDN: false DNS settings for the pod. > https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ --- ##### `docker_registry_auth`^Optional ```python docker_registry_auth: DockerConfigSecret ``` - *Type:* [`cdk8s_plus_21.DockerConfigSecret`](#cdk8s_plus_21.DockerConfigSecret) - *Default:* No auth. Images are assumed to be publicly available. A secret containing docker credentials for authenticating to a registry. --- ##### `host_aliases`^Optional ```python host_aliases: typing.List[HostAlias] ``` - *Type:* typing.List[[`cdk8s_plus_21.HostAlias`](#cdk8s_plus_21.HostAlias)] HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. --- ##### `init_containers`^Optional ```python init_containers: typing.List[ContainerProps] ``` - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No init containers. List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added ,removed or updated. > https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ --- ##### `restart_policy`^Optional ```python restart_policy: RestartPolicy ``` - *Type:* [`cdk8s_plus_21.RestartPolicy`](#cdk8s_plus_21.RestartPolicy) - *Default:* RestartPolicy.ALWAYS Restart policy for all containers within the pod. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy --- ##### `security_context`^Optional ```python security_context: PodSecurityContextProps ``` - *Type:* [`cdk8s_plus_21.PodSecurityContextProps`](#cdk8s_plus_21.PodSecurityContextProps) - *Default:* fsGroupChangePolicy: FsGroupChangePolicy.FsGroupChangePolicy.ALWAYS ensureNonRoot: false SecurityContext holds pod-level security attributes and common container settings. --- ##### `service_account`^Optional ```python service_account: IServiceAccount ``` - *Type:* [`cdk8s_plus_21.IServiceAccount`](#cdk8s_plus_21.IServiceAccount) - *Default:* No service account. A service account provides an identity for processes that run in a Pod. When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default). > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ --- ##### `volumes`^Optional ```python volumes: typing.List[Volume] ``` - *Type:* typing.List[[`cdk8s_plus_21.Volume`](#cdk8s_plus_21.Volume)] - *Default:* No volumes. List of volumes that can be mounted by containers belonging to the pod. You can also add volumes later using `podSpec.addVolume()` > https://kubernetes.io/docs/concepts/storage/volumes --- ##### `pod_metadata`^Optional ```python pod_metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) The pod metadata of this workload. --- ##### `select`^Optional ```python select: bool ``` - *Type:* `bool` - *Default:* true Automatically allocates a pod label selector for this workload and add it to the pod metadata. This ensures this workload manages pods created by its pod template. --- ##### `active_deadline`^Optional ```python active_deadline: Duration ``` - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* If unset, then there is no deadline. Specifies the duration the job may be active before the system tries to terminate it. --- ##### `backoff_limit`^Optional ```python backoff_limit: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* If not set, system defaults to 6. Specifies the number of retries before marking this job failed. --- ##### `ttl_after_finished`^Optional ```python ttl_after_finished: Duration ``` - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* If this field is unset, the Job won't be automatically deleted. Limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes. This field is alpha-level and is only honored by servers that enable the `TTLAfterFinished` feature. --- ### LabelSelectorRequirement A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.LabelSelectorRequirement( key: str, operator: str, values: typing.List[str] = None ) ``` ##### `key`^Required ```python key: str ``` - *Type:* `str` The label key that the selector applies to. --- ##### `operator`^Required ```python operator: str ``` - *Type:* `str` Represents a key's relationship to a set of values. --- ##### `values`^Optional ```python values: typing.List[str] ``` - *Type:* typing.List[`str`] An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. --- ### MemoryResources Memory request and limit. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.MemoryResources( limit: Size, request: Size ) ``` ##### `limit`^Required ```python limit: Size ``` - *Type:* [`cdk8s.Size`](#cdk8s.Size) --- ##### `request`^Required ```python request: Size ``` - *Type:* [`cdk8s.Size`](#cdk8s.Size) --- ### MountOptions Options for mounts. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.MountOptions( propagation: MountPropagation = None, read_only: bool = None, sub_path: str = None, sub_path_expr: str = None ) ``` ##### `propagation`^Optional ```python propagation: MountPropagation ``` - *Type:* [`cdk8s_plus_21.MountPropagation`](#cdk8s_plus_21.MountPropagation) - *Default:* MountPropagation.NONE Determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. Mount propagation allows for sharing volumes mounted by a Container to other Containers in the same Pod, or even to other Pods on the same node. --- ##### `read_only`^Optional ```python read_only: bool ``` - *Type:* `bool` - *Default:* false Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. --- ##### `sub_path`^Optional ```python sub_path: str ``` - *Type:* `str` - *Default:* "" the volume's root Path within the volume from which the container's volume should be mounted.). --- ##### `sub_path_expr`^Optional ```python sub_path_expr: str ``` - *Type:* `str` - *Default:* "" volume's root. Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). `subPathExpr` and `subPath` are mutually exclusive. --- ### NamespaceProps Properties for `Namespace`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.NamespaceProps( metadata: ApiObjectMetadata = None ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ### NamespaceSelectorConfig Configuration for selecting namespaces. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.NamespaceSelectorConfig( label_selector: LabelSelector = None, names: typing.List[str] = None ) ``` ##### `label_selector`^Optional ```python label_selector: LabelSelector ``` - *Type:* [`cdk8s_plus_21.LabelSelector`](#cdk8s_plus_21.LabelSelector) A selector to select namespaces by labels. --- ##### `names`^Optional ```python names: typing.List[str] ``` - *Type:* typing.List[`str`] A list of names to select namespaces by names. --- ### NamespacesSelectOptions Options for `Namespaces.select`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.NamespacesSelectOptions( expressions: typing.List[LabelExpression] = None, labels: typing.Mapping[str] = None, names: typing.List[str] = None ) ``` ##### `expressions`^Optional ```python expressions: typing.List[LabelExpression] ``` - *Type:* typing.List[[`cdk8s_plus_21.LabelExpression`](#cdk8s_plus_21.LabelExpression)] - *Default:* no selector requirements. Namespaces must satisfy these selectors. The selectors query labels, just like the `labels` property, but they provide a more advanced matching mechanism. --- ##### `labels`^Optional ```python labels: typing.Mapping[str] ``` - *Type:* typing.Mapping[`str`] - *Default:* no strict labels requirements. Labels the namespaces must have. This is equivalent to using an 'Is' selector. --- ##### `names`^Optional ```python names: typing.List[str] ``` - *Type:* typing.List[`str`] - *Default:* no name requirements. Namespaces names must be one of these. --- ### NodeTaintQueryOptions Options for `NodeTaintQuery`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.NodeTaintQueryOptions( effect: TaintEffect = None, evict_after: Duration = None ) ``` ##### `effect`^Optional ```python effect: TaintEffect ``` - *Type:* [`cdk8s_plus_21.TaintEffect`](#cdk8s_plus_21.TaintEffect) - *Default:* all effects are matched. The taint effect to match. --- ##### `evict_after`^Optional ```python evict_after: Duration ``` - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* bound forever. How much time should a pod that tolerates the `NO_EXECUTE` effect be bound to the node. Only applies for the `NO_EXECUTE` effect. --- ### PathMapping Maps a string key to a path within a volume. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.PathMapping( path: str, mode: typing.Union[int, float] = None ) ``` ##### `path`^Required ```python path: str ``` - *Type:* `str` The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. --- ##### `mode`^Optional ```python mode: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. --- ### PersistentVolumeClaimProps Properties for `PersistentVolumeClaim`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.PersistentVolumeClaimProps( metadata: ApiObjectMetadata = None, access_modes: typing.List[PersistentVolumeAccessMode] = None, storage: Size = None, storage_class_name: str = None, volume: IPersistentVolume = None, volume_mode: PersistentVolumeMode = None ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `access_modes`^Optional ```python access_modes: typing.List[PersistentVolumeAccessMode] ``` - *Type:* typing.List[[`cdk8s_plus_21.PersistentVolumeAccessMode`](#cdk8s_plus_21.PersistentVolumeAccessMode)] - *Default:* No access modes requirement. Contains the access modes the volume should support. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 --- ##### `storage`^Optional ```python storage: Size ``` - *Type:* [`cdk8s.Size`](#cdk8s.Size) - *Default:* No storage requirement. Minimum storage size the volume should have. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources --- ##### `storage_class_name`^Optional ```python storage_class_name: str ``` - *Type:* `str` - *Default:* Not set. Name of the StorageClass required by the claim. When this property is not set, the behavior is as follows:. * If the admission plugin is turned on, the storage class marked as default will be used. * If the admission plugin is turned off, the pvc can only be bound to volumes without a storage class. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 --- ##### `volume`^Optional ```python volume: IPersistentVolume ``` - *Type:* [`cdk8s_plus_21.IPersistentVolume`](#cdk8s_plus_21.IPersistentVolume) - *Default:* No specific volume binding. The PersistentVolume backing this claim. The control plane still checks that storage class, access modes, and requested storage size on the volume are valid. Note that in order to guarantee a proper binding, the volume should also define a `claimRef` referring to this claim. Otherwise, the volume may be claimed be other pvc's before it gets a chance to bind to this one. If the volume is managed (i.e not imported), you can use `pv.claim()` to easily create a bi-directional bounded claim. > https://kubernetes.io/docs/concepts/storage/persistent-volumes/#binding. --- ##### `volume_mode`^Optional ```python volume_mode: PersistentVolumeMode ``` - *Type:* [`cdk8s_plus_21.PersistentVolumeMode`](#cdk8s_plus_21.PersistentVolumeMode) - *Default:* VolumeMode.FILE_SYSTEM Defines what type of volume is required by the claim. --- ### PersistentVolumeClaimVolumeOptions Options for a PersistentVolumeClaim-based volume. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.PersistentVolumeClaimVolumeOptions( name: str = None, read_only: bool = None ) ``` ##### `name`^Optional ```python name: str ``` - *Type:* `str` - *Default:* Derived from the PVC name. The volume name. --- ##### `read_only`^Optional ```python read_only: bool ``` - *Type:* `bool` - *Default:* false Will force the ReadOnly setting in VolumeMounts. --- ### PersistentVolumeProps Properties for `PersistentVolume`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.PersistentVolumeProps( metadata: ApiObjectMetadata = None, access_modes: typing.List[PersistentVolumeAccessMode] = None, claim: IPersistentVolumeClaim = None, mount_options: typing.List[str] = None, reclaim_policy: PersistentVolumeReclaimPolicy = None, storage: Size = None, storage_class_name: str = None, volume_mode: PersistentVolumeMode = None ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `access_modes`^Optional ```python access_modes: typing.List[PersistentVolumeAccessMode] ``` - *Type:* typing.List[[`cdk8s_plus_21.PersistentVolumeAccessMode`](#cdk8s_plus_21.PersistentVolumeAccessMode)] - *Default:* No access modes. Contains all ways the volume can be mounted. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes --- ##### `claim`^Optional ```python claim: IPersistentVolumeClaim ``` - *Type:* [`cdk8s_plus_21.IPersistentVolumeClaim`](#cdk8s_plus_21.IPersistentVolumeClaim) - *Default:* Not bound to a specific claim. Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding --- ##### `mount_options`^Optional ```python mount_options: typing.List[str] ``` - *Type:* typing.List[`str`] - *Default:* No options. A list of mount options, e.g. ["ro", "soft"]. Not validated - mount will simply fail if one is invalid. > https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options --- ##### `reclaim_policy`^Optional ```python reclaim_policy: PersistentVolumeReclaimPolicy ``` - *Type:* [`cdk8s_plus_21.PersistentVolumeReclaimPolicy`](#cdk8s_plus_21.PersistentVolumeReclaimPolicy) - *Default:* PersistentVolumeReclaimPolicy.RETAIN When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource. The reclaim policy tells the cluster what to do with the volume after it has been released of its claim. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming --- ##### `storage`^Optional ```python storage: Size ``` - *Type:* [`cdk8s.Size`](#cdk8s.Size) - *Default:* No specified. What is the storage capacity of this volume. > https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources --- ##### `storage_class_name`^Optional ```python storage_class_name: str ``` - *Type:* `str` - *Default:* Volume does not belong to any storage class. Name of StorageClass to which this persistent volume belongs. --- ##### `volume_mode`^Optional ```python volume_mode: PersistentVolumeMode ``` - *Type:* [`cdk8s_plus_21.PersistentVolumeMode`](#cdk8s_plus_21.PersistentVolumeMode) - *Default:* VolumeMode.FILE_SYSTEM Defines what type of volume is required by the claim. --- ### PodDnsProps Properties for `PodDns`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.PodDnsProps( hostname: str = None, hostname_as_fqd_n: bool = None, nameservers: typing.List[str] = None, options: typing.List[DnsOption] = None, policy: DnsPolicy = None, searches: typing.List[str] = None, subdomain: str = None ) ``` ##### `hostname`^Optional ```python hostname: str ``` - *Type:* `str` - *Default:* Set to a system-defined value. Specifies the hostname of the Pod. --- ##### `hostname_as_fqd_n`^Optional ```python hostname_as_fqd_n: bool ``` - *Type:* `bool` - *Default:* false If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to FQDN. If a pod does not have FQDN, this has no effect. --- ##### `nameservers`^Optional ```python nameservers: typing.List[str] ``` - *Type:* typing.List[`str`] A list of IP addresses that will be used as DNS servers for the Pod. There can be at most 3 IP addresses specified. When the policy is set to "NONE", the list must contain at least one IP address, otherwise this property is optional. The servers listed will be combined to the base nameservers generated from the specified DNS policy with duplicate addresses removed. --- ##### `options`^Optional ```python options: typing.List[DnsOption] ``` - *Type:* typing.List[[`cdk8s_plus_21.DnsOption`](#cdk8s_plus_21.DnsOption)] List of objects where each object may have a name property (required) and a value property (optional). The contents in this property will be merged to the options generated from the specified DNS policy. Duplicate entries are removed. --- ##### `policy`^Optional ```python policy: DnsPolicy ``` - *Type:* [`cdk8s_plus_21.DnsPolicy`](#cdk8s_plus_21.DnsPolicy) - *Default:* DnsPolicy.CLUSTER_FIRST Set DNS policy for the pod. If policy is set to `None`, other configuration must be supplied. --- ##### `searches`^Optional ```python searches: typing.List[str] ``` - *Type:* typing.List[`str`] A list of DNS search domains for hostname lookup in the Pod. When specified, the provided list will be merged into the base search domain names generated from the chosen DNS policy. Duplicate domain names are removed. Kubernetes allows for at most 6 search domains. --- ##### `subdomain`^Optional ```python subdomain: str ``` - *Type:* `str` - *Default:* No subdomain. If specified, the fully qualified Pod hostname will be "...svc.". --- ### PodProps Properties for `Pod`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.PodProps( metadata: ApiObjectMetadata = None, automount_service_account_token: bool = None, containers: typing.List[ContainerProps] = None, dns: PodDnsProps = None, docker_registry_auth: DockerConfigSecret = None, host_aliases: typing.List[HostAlias] = None, init_containers: typing.List[ContainerProps] = None, restart_policy: RestartPolicy = None, security_context: PodSecurityContextProps = None, service_account: IServiceAccount = None, volumes: typing.List[Volume] = None ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `automount_service_account_token`^Optional ```python automount_service_account_token: bool ``` - *Type:* `bool` - *Default:* true Indicates whether a service account token should be automatically mounted. > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server --- ##### `containers`^Optional ```python containers: typing.List[ContainerProps] ``` - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No containers. Note that a pod spec must include at least one container. List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. You can add additionnal containers using `podSpec.addContainer()` --- ##### `dns`^Optional ```python dns: PodDnsProps ``` - *Type:* [`cdk8s_plus_21.PodDnsProps`](#cdk8s_plus_21.PodDnsProps) - *Default:* policy: DnsPolicy.CLUSTER_FIRST hostnameAsFQDN: false DNS settings for the pod. > https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ --- ##### `docker_registry_auth`^Optional ```python docker_registry_auth: DockerConfigSecret ``` - *Type:* [`cdk8s_plus_21.DockerConfigSecret`](#cdk8s_plus_21.DockerConfigSecret) - *Default:* No auth. Images are assumed to be publicly available. A secret containing docker credentials for authenticating to a registry. --- ##### `host_aliases`^Optional ```python host_aliases: typing.List[HostAlias] ``` - *Type:* typing.List[[`cdk8s_plus_21.HostAlias`](#cdk8s_plus_21.HostAlias)] HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. --- ##### `init_containers`^Optional ```python init_containers: typing.List[ContainerProps] ``` - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No init containers. List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added ,removed or updated. > https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ --- ##### `restart_policy`^Optional ```python restart_policy: RestartPolicy ``` - *Type:* [`cdk8s_plus_21.RestartPolicy`](#cdk8s_plus_21.RestartPolicy) - *Default:* RestartPolicy.ALWAYS Restart policy for all containers within the pod. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy --- ##### `security_context`^Optional ```python security_context: PodSecurityContextProps ``` - *Type:* [`cdk8s_plus_21.PodSecurityContextProps`](#cdk8s_plus_21.PodSecurityContextProps) - *Default:* fsGroupChangePolicy: FsGroupChangePolicy.FsGroupChangePolicy.ALWAYS ensureNonRoot: false SecurityContext holds pod-level security attributes and common container settings. --- ##### `service_account`^Optional ```python service_account: IServiceAccount ``` - *Type:* [`cdk8s_plus_21.IServiceAccount`](#cdk8s_plus_21.IServiceAccount) - *Default:* No service account. A service account provides an identity for processes that run in a Pod. When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default). > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ --- ##### `volumes`^Optional ```python volumes: typing.List[Volume] ``` - *Type:* typing.List[[`cdk8s_plus_21.Volume`](#cdk8s_plus_21.Volume)] - *Default:* No volumes. List of volumes that can be mounted by containers belonging to the pod. You can also add volumes later using `podSpec.addVolume()` > https://kubernetes.io/docs/concepts/storage/volumes --- ### PodSchedulingAttractOptions Options for `PodScheduling.attract`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.PodSchedulingAttractOptions( weight: typing.Union[int, float] = None ) ``` ##### `weight`^Optional ```python weight: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* no weight. assignment is assumed to be required (hard). Indicates the attraction is optional (soft), with this weight score. --- ### PodSchedulingColocateOptions Options for `PodScheduling.colocate`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.PodSchedulingColocateOptions( topology: Topology = None, weight: typing.Union[int, float] = None ) ``` ##### `topology`^Optional ```python topology: Topology ``` - *Type:* [`cdk8s_plus_21.Topology`](#cdk8s_plus_21.Topology) - *Default:* Topology.HOSTNAME Which topology to coloate on. --- ##### `weight`^Optional ```python weight: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* no weight. co-location is assumed to be required (hard). Indicates the co-location is optional (soft), with this weight score. --- ### PodSchedulingSeparateOptions Options for `PodScheduling.separate`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.PodSchedulingSeparateOptions( topology: Topology = None, weight: typing.Union[int, float] = None ) ``` ##### `topology`^Optional ```python topology: Topology ``` - *Type:* [`cdk8s_plus_21.Topology`](#cdk8s_plus_21.Topology) - *Default:* Topology.HOSTNAME Which topology to separate on. --- ##### `weight`^Optional ```python weight: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* no weight. separation is assumed to be required (hard). Indicates the separation is optional (soft), with this weight score. --- ### PodSecurityContextProps Properties for `PodSecurityContext`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.PodSecurityContextProps( ensure_non_root: bool = None, fs_group: typing.Union[int, float] = None, fs_group_change_policy: FsGroupChangePolicy = None, group: typing.Union[int, float] = None, sysctls: typing.List[Sysctl] = None, user: typing.Union[int, float] = None ) ``` ##### `ensure_non_root`^Optional ```python ensure_non_root: bool ``` - *Type:* `bool` - *Default:* false Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. --- ##### `fs_group`^Optional ```python fs_group: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* Volume ownership is not changed. Modify the ownership and permissions of pod volumes to this GID. --- ##### `fs_group_change_policy`^Optional ```python fs_group_change_policy: FsGroupChangePolicy ``` - *Type:* [`cdk8s_plus_21.FsGroupChangePolicy`](#cdk8s_plus_21.FsGroupChangePolicy) - *Default:* FsGroupChangePolicy.ALWAYS Defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. --- ##### `group`^Optional ```python group: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* Group configured by container runtime The GID to run the entrypoint of the container process. --- ##### `sysctls`^Optional ```python sysctls: typing.List[Sysctl] ``` - *Type:* typing.List[[`cdk8s_plus_21.Sysctl`](#cdk8s_plus_21.Sysctl)] - *Default:* No sysctls Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. --- ##### `user`^Optional ```python user: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* User specified in image metadata The UID to run the entrypoint of the container process. --- ### PodSelectOptions Options for `Pods.select`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.PodSelectOptions( expressions: typing.List[LabelExpression] = None, labels: typing.Mapping[str] = None, namespaces: Namespaces = None ) ``` ##### `expressions`^Optional ```python expressions: typing.List[LabelExpression] ``` - *Type:* typing.List[[`cdk8s_plus_21.LabelExpression`](#cdk8s_plus_21.LabelExpression)] - *Default:* no expressions requirements. Expressions the pods must satisify. --- ##### `labels`^Optional ```python labels: typing.Mapping[str] ``` - *Type:* typing.Mapping[`str`] - *Default:* no strict labels requirements. Labels the pods must have. --- ##### `namespaces`^Optional ```python namespaces: Namespaces ``` - *Type:* [`cdk8s_plus_21.Namespaces`](#cdk8s_plus_21.Namespaces) - *Default:* unset, implies the namespace of the resource this selection is used in. Namespaces the pods are allowed to be in. Use `Namespaces.all()` to allow all namespaces. --- ### PodSelectorConfig Configuration for selecting pods, optionally in particular namespaces. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.PodSelectorConfig( label_selector: LabelSelector, namespaces: NamespaceSelectorConfig = None ) ``` ##### `label_selector`^Required ```python label_selector: LabelSelector ``` - *Type:* [`cdk8s_plus_21.LabelSelector`](#cdk8s_plus_21.LabelSelector) A selector to select pods by labels. --- ##### `namespaces`^Optional ```python namespaces: NamespaceSelectorConfig ``` - *Type:* [`cdk8s_plus_21.NamespaceSelectorConfig`](#cdk8s_plus_21.NamespaceSelectorConfig) Configuration for selecting which namepsaces are the pods allowed to be in. --- ### ProbeOptions Probe options. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.ProbeOptions( failure_threshold: typing.Union[int, float] = None, initial_delay_seconds: Duration = None, period_seconds: Duration = None, success_threshold: typing.Union[int, float] = None, timeout_seconds: Duration = None ) ``` ##### `failure_threshold`^Optional ```python failure_threshold: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* 3 Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. --- ##### `initial_delay_seconds`^Optional ```python initial_delay_seconds: Duration ``` - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* immediate Number of seconds after the container has started before liveness probes are initiated. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes --- ##### `period_seconds`^Optional ```python period_seconds: Duration ``` - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* Duration.seconds(10) Minimum value is 1. How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. --- ##### `success_threshold`^Optional ```python success_threshold: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* 1 Must be 1 for liveness and startup. Minimum value is 1. Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. --- ##### `timeout_seconds`^Optional ```python timeout_seconds: Duration ``` - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* Duration.seconds(1) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes --- ### ResourceProps Initialization properties for resources. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.ResourceProps( metadata: ApiObjectMetadata = None ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ### RoleBindingProps Properties for `RoleBinding`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.RoleBindingProps( metadata: ApiObjectMetadata = None, role: IRole ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `role`^Required ```python role: IRole ``` - *Type:* [`cdk8s_plus_21.IRole`](#cdk8s_plus_21.IRole) The role to bind to. A RoleBinding can reference a Role or a ClusterRole. --- ### RolePolicyRule Policy rule of a `Role. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.RolePolicyRule( resources: typing.List[IApiResource], verbs: typing.List[str] ) ``` ##### `resources`^Required ```python resources: typing.List[IApiResource] ``` - *Type:* typing.List[[`cdk8s_plus_21.IApiResource`](#cdk8s_plus_21.IApiResource)] Resources this rule applies to. --- ##### `verbs`^Required ```python verbs: typing.List[str] ``` - *Type:* typing.List[`str`] Verbs to allow. (e.g ['get', 'watch']) --- ### RoleProps Properties for `Role`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.RoleProps( metadata: ApiObjectMetadata = None, rules: typing.List[RolePolicyRule] = None ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `rules`^Optional ```python rules: typing.List[RolePolicyRule] ``` - *Type:* typing.List[[`cdk8s_plus_21.RolePolicyRule`](#cdk8s_plus_21.RolePolicyRule)] - *Default:* [] A list of rules the role should allow. --- ### SecretProps Options for `Secret`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.SecretProps( metadata: ApiObjectMetadata = None, immutable: bool = None, string_data: typing.Mapping[str] = None, type: str = None ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `immutable`^Optional ```python immutable: bool ``` - *Type:* `bool` - *Default:* false If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. --- ##### `string_data`^Optional ```python string_data: typing.Mapping[str] ``` - *Type:* typing.Mapping[`str`] stringData allows specifying non-binary secret data in string form. It is provided as a write-only convenience method. All keys and values are merged into the data field on write, overwriting any existing values. It is never output when reading from the API. --- ##### `type`^Optional ```python type: str ``` - *Type:* `str` - *Default:* undefined - Don't set a type. Optional type associated with the secret. Used to facilitate programmatic handling of secret data by various controllers. --- ### SecretValue Represents a specific value in JSON secret. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.SecretValue( key: str, secret: ISecret ) ``` ##### `key`^Required ```python key: str ``` - *Type:* `str` The JSON key. --- ##### `secret`^Required ```python secret: ISecret ``` - *Type:* [`cdk8s_plus_21.ISecret`](#cdk8s_plus_21.ISecret) The secret. --- ### SecretVolumeOptions Options for the Secret-based volume. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.SecretVolumeOptions( default_mode: typing.Union[int, float] = None, items: typing.Mapping[PathMapping] = None, name: str = None, optional: bool = None ) ``` ##### `default_mode`^Optional ```python default_mode: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. Mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. --- ##### `items`^Optional ```python items: typing.Mapping[PathMapping] ``` - *Type:* typing.Mapping[[`cdk8s_plus_21.PathMapping`](#cdk8s_plus_21.PathMapping)] - *Default:* no mapping If unspecified, each key-value pair in the Data field of the referenced secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. --- ##### `name`^Optional ```python name: str ``` - *Type:* `str` - *Default:* auto-generated The volume name. --- ##### `optional`^Optional ```python optional: bool ``` - *Type:* `bool` - *Default:* undocumented Specify whether the secret or its keys must be defined. --- ### ServiceAccountProps Properties for initialization of `ServiceAccount`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.ServiceAccountProps( metadata: ApiObjectMetadata = None, automount_token: bool = None, secrets: typing.List[ISecret] = None ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `automount_token`^Optional ```python automount_token: bool ``` - *Type:* `bool` - *Default:* true Indicates whether pods running as this service account should have an API token automatically mounted. Can be overridden at the pod level. > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server --- ##### `secrets`^Optional ```python secrets: typing.List[ISecret] ``` - *Type:* typing.List[[`cdk8s_plus_21.ISecret`](#cdk8s_plus_21.ISecret)] List of secrets allowed to be used by pods running using this ServiceAccount. > https://kubernetes.io/docs/concepts/configuration/secret --- ### ServiceAccountTokenSecretProps Options for `ServiceAccountTokenSecret`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.ServiceAccountTokenSecretProps( metadata: ApiObjectMetadata = None, immutable: bool = None, service_account: IServiceAccount ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `immutable`^Optional ```python immutable: bool ``` - *Type:* `bool` - *Default:* false If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. --- ##### `service_account`^Required ```python service_account: IServiceAccount ``` - *Type:* [`cdk8s_plus_21.IServiceAccount`](#cdk8s_plus_21.IServiceAccount) The service account to store a secret for. --- ### ServiceIngressV1BetaBackendOptions Options for setting up backends for ingress rules. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.ServiceIngressV1BetaBackendOptions( port: typing.Union[int, float] = None ) ``` ##### `port`^Optional ```python port: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* if the service exposes a single port, this port will be used. The port to use to access the service. * This option will fail if the service does not expose any ports. * If the service exposes multiple ports, this option must be specified. * If the service exposes a single port, this option is optional and if specified, it must be the same port exposed by the service. --- ### ServicePort Definition of a service port. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.ServicePort( name: str = None, node_port: typing.Union[int, float] = None, protocol: Protocol = None, target_port: typing.Union[int, float] = None, port: typing.Union[int, float] ) ``` ##### `name`^Optional ```python name: str ``` - *Type:* `str` The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. This maps to the 'Name' field in EndpointPort objects. Optional if only one ServicePort is defined on this service. --- ##### `node_port`^Optional ```python node_port: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* auto-allocate a port if the ServiceType of this Service requires one. The port on each node on which this service is exposed when type=NodePort or LoadBalancer. Usually assigned by the system. If specified, it will be allocated to the service if unused or else creation of the service will fail. Default is to auto-allocate a port if the ServiceType of this Service requires one. > https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport --- ##### `protocol`^Optional ```python protocol: Protocol ``` - *Type:* [`cdk8s_plus_21.Protocol`](#cdk8s_plus_21.Protocol) - *Default:* Protocol.TCP The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. --- ##### `target_port`^Optional ```python target_port: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* The value of `port` will be used. The port number the service will redirect to. --- ##### `port`^Required ```python port: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` The port number the service will bind to. --- ### ServicePortOptions #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.ServicePortOptions( name: str = None, node_port: typing.Union[int, float] = None, protocol: Protocol = None, target_port: typing.Union[int, float] = None ) ``` ##### `name`^Optional ```python name: str ``` - *Type:* `str` The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. This maps to the 'Name' field in EndpointPort objects. Optional if only one ServicePort is defined on this service. --- ##### `node_port`^Optional ```python node_port: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* auto-allocate a port if the ServiceType of this Service requires one. The port on each node on which this service is exposed when type=NodePort or LoadBalancer. Usually assigned by the system. If specified, it will be allocated to the service if unused or else creation of the service will fail. Default is to auto-allocate a port if the ServiceType of this Service requires one. > https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport --- ##### `protocol`^Optional ```python protocol: Protocol ``` - *Type:* [`cdk8s_plus_21.Protocol`](#cdk8s_plus_21.Protocol) - *Default:* Protocol.TCP The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. --- ##### `target_port`^Optional ```python target_port: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* The value of `port` will be used. The port number the service will redirect to. --- ### ServiceProps Properties for initialization of `Service`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.ServiceProps( metadata: ApiObjectMetadata = None, cluster_i_p: str = None, external_i_ps: typing.List[str] = None, external_name: str = None, load_balancer_source_ranges: typing.List[str] = None, ports: typing.List[ServicePort] = None, type: ServiceType = None ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `cluster_i_p`^Optional ```python cluster_i_p: str ``` - *Type:* `str` - *Default:* Automatically assigned. The IP address of the service and is usually assigned randomly by the master. If an address is specified manually and is not in use by others, it will be allocated to the service; otherwise, creation of the service will fail. This field can not be changed through updates. Valid values are "None", empty string (""), or a valid IP address. "None" can be specified for headless services when proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. > https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies --- ##### `external_i_ps`^Optional ```python external_i_ps: typing.List[str] ``` - *Type:* typing.List[`str`] - *Default:* No external IPs. A list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system. --- ##### `external_name`^Optional ```python external_name: str ``` - *Type:* `str` - *Default:* No external name. The externalName to be used when ServiceType.EXTERNAL_NAME is set. --- ##### `load_balancer_source_ranges`^Optional ```python load_balancer_source_ranges: typing.List[str] ``` - *Type:* typing.List[`str`] A list of CIDR IP addresses, if specified and supported by the platform, will restrict traffic through the cloud-provider load-balancer to the specified client IPs. More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ --- ##### `ports`^Optional ```python ports: typing.List[ServicePort] ``` - *Type:* typing.List[[`cdk8s_plus_21.ServicePort`](#cdk8s_plus_21.ServicePort)] The port exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies --- ##### `type`^Optional ```python type: ServiceType ``` - *Type:* [`cdk8s_plus_21.ServiceType`](#cdk8s_plus_21.ServiceType) - *Default:* ServiceType.ClusterIP Determines how the Service is exposed. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types --- ### SshAuthSecretProps Options for `SshAuthSecret`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.SshAuthSecretProps( metadata: ApiObjectMetadata = None, immutable: bool = None, ssh_private_key: str ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `immutable`^Optional ```python immutable: bool ``` - *Type:* `bool` - *Default:* false If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. --- ##### `ssh_private_key`^Required ```python ssh_private_key: str ``` - *Type:* `str` The SSH private key to use. --- ### StatefulSetProps Properties for initialization of `StatefulSet`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.StatefulSetProps( metadata: ApiObjectMetadata = None, automount_service_account_token: bool = None, containers: typing.List[ContainerProps] = None, dns: PodDnsProps = None, docker_registry_auth: DockerConfigSecret = None, host_aliases: typing.List[HostAlias] = None, init_containers: typing.List[ContainerProps] = None, restart_policy: RestartPolicy = None, security_context: PodSecurityContextProps = None, service_account: IServiceAccount = None, volumes: typing.List[Volume] = None, pod_metadata: ApiObjectMetadata = None, select: bool = None, service: Service, pod_management_policy: PodManagementPolicy = None, replicas: typing.Union[int, float] = None, strategy: StatefulSetUpdateStrategy = None ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `automount_service_account_token`^Optional ```python automount_service_account_token: bool ``` - *Type:* `bool` - *Default:* true Indicates whether a service account token should be automatically mounted. > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server --- ##### `containers`^Optional ```python containers: typing.List[ContainerProps] ``` - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No containers. Note that a pod spec must include at least one container. List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. You can add additionnal containers using `podSpec.addContainer()` --- ##### `dns`^Optional ```python dns: PodDnsProps ``` - *Type:* [`cdk8s_plus_21.PodDnsProps`](#cdk8s_plus_21.PodDnsProps) - *Default:* policy: DnsPolicy.CLUSTER_FIRST hostnameAsFQDN: false DNS settings for the pod. > https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ --- ##### `docker_registry_auth`^Optional ```python docker_registry_auth: DockerConfigSecret ``` - *Type:* [`cdk8s_plus_21.DockerConfigSecret`](#cdk8s_plus_21.DockerConfigSecret) - *Default:* No auth. Images are assumed to be publicly available. A secret containing docker credentials for authenticating to a registry. --- ##### `host_aliases`^Optional ```python host_aliases: typing.List[HostAlias] ``` - *Type:* typing.List[[`cdk8s_plus_21.HostAlias`](#cdk8s_plus_21.HostAlias)] HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. --- ##### `init_containers`^Optional ```python init_containers: typing.List[ContainerProps] ``` - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No init containers. List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added ,removed or updated. > https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ --- ##### `restart_policy`^Optional ```python restart_policy: RestartPolicy ``` - *Type:* [`cdk8s_plus_21.RestartPolicy`](#cdk8s_plus_21.RestartPolicy) - *Default:* RestartPolicy.ALWAYS Restart policy for all containers within the pod. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy --- ##### `security_context`^Optional ```python security_context: PodSecurityContextProps ``` - *Type:* [`cdk8s_plus_21.PodSecurityContextProps`](#cdk8s_plus_21.PodSecurityContextProps) - *Default:* fsGroupChangePolicy: FsGroupChangePolicy.FsGroupChangePolicy.ALWAYS ensureNonRoot: false SecurityContext holds pod-level security attributes and common container settings. --- ##### `service_account`^Optional ```python service_account: IServiceAccount ``` - *Type:* [`cdk8s_plus_21.IServiceAccount`](#cdk8s_plus_21.IServiceAccount) - *Default:* No service account. A service account provides an identity for processes that run in a Pod. When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default). > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ --- ##### `volumes`^Optional ```python volumes: typing.List[Volume] ``` - *Type:* typing.List[[`cdk8s_plus_21.Volume`](#cdk8s_plus_21.Volume)] - *Default:* No volumes. List of volumes that can be mounted by containers belonging to the pod. You can also add volumes later using `podSpec.addVolume()` > https://kubernetes.io/docs/concepts/storage/volumes --- ##### `pod_metadata`^Optional ```python pod_metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) The pod metadata of this workload. --- ##### `select`^Optional ```python select: bool ``` - *Type:* `bool` - *Default:* true Automatically allocates a pod label selector for this workload and add it to the pod metadata. This ensures this workload manages pods created by its pod template. --- ##### `service`^Required ```python service: Service ``` - *Type:* [`cdk8s_plus_21.Service`](#cdk8s_plus_21.Service) Service to associate with the statefulset. --- ##### `pod_management_policy`^Optional ```python pod_management_policy: PodManagementPolicy ``` - *Type:* [`cdk8s_plus_21.PodManagementPolicy`](#cdk8s_plus_21.PodManagementPolicy) - *Default:* PodManagementPolicy.ORDERED_READY Pod management policy to use for this statefulset. --- ##### `replicas`^Optional ```python replicas: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* 1 Number of desired pods. --- ##### `strategy`^Optional ```python strategy: StatefulSetUpdateStrategy ``` - *Type:* [`cdk8s_plus_21.StatefulSetUpdateStrategy`](#cdk8s_plus_21.StatefulSetUpdateStrategy) - *Default:* RollingUpdate with partition set to 0 Indicates the StatefulSetUpdateStrategy that will be employed to update Pods in the StatefulSet when a revision is made to Template. --- ### StatefulSetUpdateStrategyRollingUpdateOptions Options for `StatefulSetUpdateStrategy.rollingUpdate`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.StatefulSetUpdateStrategyRollingUpdateOptions( partition: typing.Union[int, float] = None ) ``` ##### `partition`^Optional ```python partition: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* 0 If specified, all Pods with an ordinal that is greater than or equal to the partition will be updated when the StatefulSet's .spec.template is updated. All Pods with an ordinal that is less than the partition will not be updated, and, even if they are deleted, they will be recreated at the previous version. If the partition is greater than replicas, updates to the pod template will not be propagated to Pods. In most cases you will not need to use a partition, but they are useful if you want to stage an update, roll out a canary, or perform a phased roll out. > https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions --- ### Sysctl Sysctl defines a kernel parameter to be set. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.Sysctl( name: str, value: str ) ``` ##### `name`^Required ```python name: str ``` - *Type:* `str` Name of a property to set. --- ##### `value`^Required ```python value: str ``` - *Type:* `str` Value of a property to set. --- ### TcpSocketProbeOptions Options for `Probe.fromTcpSocket()`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.TcpSocketProbeOptions( failure_threshold: typing.Union[int, float] = None, initial_delay_seconds: Duration = None, period_seconds: Duration = None, success_threshold: typing.Union[int, float] = None, timeout_seconds: Duration = None, host: str = None, port: typing.Union[int, float] = None ) ``` ##### `failure_threshold`^Optional ```python failure_threshold: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* 3 Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. --- ##### `initial_delay_seconds`^Optional ```python initial_delay_seconds: Duration ``` - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* immediate Number of seconds after the container has started before liveness probes are initiated. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes --- ##### `period_seconds`^Optional ```python period_seconds: Duration ``` - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* Duration.seconds(10) Minimum value is 1. How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. --- ##### `success_threshold`^Optional ```python success_threshold: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* 1 Must be 1 for liveness and startup. Minimum value is 1. Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. --- ##### `timeout_seconds`^Optional ```python timeout_seconds: Duration ``` - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* Duration.seconds(1) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes --- ##### `host`^Optional ```python host: str ``` - *Type:* `str` - *Default:* defaults to the pod IP The host name to connect to on the container. --- ##### `port`^Optional ```python port: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* defaults to `container.port`. The TCP port to connect to on the container. --- ### TlsSecretProps Options for `TlsSecret`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.TlsSecretProps( metadata: ApiObjectMetadata = None, immutable: bool = None, tls_cert: str, tls_key: str ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `immutable`^Optional ```python immutable: bool ``` - *Type:* `bool` - *Default:* false If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. --- ##### `tls_cert`^Required ```python tls_cert: str ``` - *Type:* `str` The TLS cert. --- ##### `tls_key`^Required ```python tls_key: str ``` - *Type:* `str` The TLS key. --- ### UserProps Properties for `User`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.UserProps( name: str ) ``` ##### `name`^Required ```python name: str ``` - *Type:* `str` The name of the user. --- ### VolumeMount Mount a volume from the pod to the container. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.VolumeMount( propagation: MountPropagation = None, read_only: bool = None, sub_path: str = None, sub_path_expr: str = None, path: str, volume: Volume ) ``` ##### `propagation`^Optional ```python propagation: MountPropagation ``` - *Type:* [`cdk8s_plus_21.MountPropagation`](#cdk8s_plus_21.MountPropagation) - *Default:* MountPropagation.NONE Determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. Mount propagation allows for sharing volumes mounted by a Container to other Containers in the same Pod, or even to other Pods on the same node. --- ##### `read_only`^Optional ```python read_only: bool ``` - *Type:* `bool` - *Default:* false Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. --- ##### `sub_path`^Optional ```python sub_path: str ``` - *Type:* `str` - *Default:* "" the volume's root Path within the volume from which the container's volume should be mounted.). --- ##### `sub_path_expr`^Optional ```python sub_path_expr: str ``` - *Type:* `str` - *Default:* "" volume's root. Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). `subPathExpr` and `subPath` are mutually exclusive. --- ##### `path`^Required ```python path: str ``` - *Type:* `str` Path within the container at which the volume should be mounted. Must not contain ':'. --- ##### `volume`^Required ```python volume: Volume ``` - *Type:* [`cdk8s_plus_21.Volume`](#cdk8s_plus_21.Volume) The volume to mount. --- ### WorkloadProps Properties for `Workload`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.WorkloadProps( metadata: ApiObjectMetadata = None, automount_service_account_token: bool = None, containers: typing.List[ContainerProps] = None, dns: PodDnsProps = None, docker_registry_auth: DockerConfigSecret = None, host_aliases: typing.List[HostAlias] = None, init_containers: typing.List[ContainerProps] = None, restart_policy: RestartPolicy = None, security_context: PodSecurityContextProps = None, service_account: IServiceAccount = None, volumes: typing.List[Volume] = None, pod_metadata: ApiObjectMetadata = None, select: bool = None ) ``` ##### `metadata`^Optional ```python metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) Metadata that all persisted resources must have, which includes all objects users must create. --- ##### `automount_service_account_token`^Optional ```python automount_service_account_token: bool ``` - *Type:* `bool` - *Default:* true Indicates whether a service account token should be automatically mounted. > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server --- ##### `containers`^Optional ```python containers: typing.List[ContainerProps] ``` - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No containers. Note that a pod spec must include at least one container. List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. You can add additionnal containers using `podSpec.addContainer()` --- ##### `dns`^Optional ```python dns: PodDnsProps ``` - *Type:* [`cdk8s_plus_21.PodDnsProps`](#cdk8s_plus_21.PodDnsProps) - *Default:* policy: DnsPolicy.CLUSTER_FIRST hostnameAsFQDN: false DNS settings for the pod. > https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ --- ##### `docker_registry_auth`^Optional ```python docker_registry_auth: DockerConfigSecret ``` - *Type:* [`cdk8s_plus_21.DockerConfigSecret`](#cdk8s_plus_21.DockerConfigSecret) - *Default:* No auth. Images are assumed to be publicly available. A secret containing docker credentials for authenticating to a registry. --- ##### `host_aliases`^Optional ```python host_aliases: typing.List[HostAlias] ``` - *Type:* typing.List[[`cdk8s_plus_21.HostAlias`](#cdk8s_plus_21.HostAlias)] HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. --- ##### `init_containers`^Optional ```python init_containers: typing.List[ContainerProps] ``` - *Type:* typing.List[[`cdk8s_plus_21.ContainerProps`](#cdk8s_plus_21.ContainerProps)] - *Default:* No init containers. List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added ,removed or updated. > https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ --- ##### `restart_policy`^Optional ```python restart_policy: RestartPolicy ``` - *Type:* [`cdk8s_plus_21.RestartPolicy`](#cdk8s_plus_21.RestartPolicy) - *Default:* RestartPolicy.ALWAYS Restart policy for all containers within the pod. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy --- ##### `security_context`^Optional ```python security_context: PodSecurityContextProps ``` - *Type:* [`cdk8s_plus_21.PodSecurityContextProps`](#cdk8s_plus_21.PodSecurityContextProps) - *Default:* fsGroupChangePolicy: FsGroupChangePolicy.FsGroupChangePolicy.ALWAYS ensureNonRoot: false SecurityContext holds pod-level security attributes and common container settings. --- ##### `service_account`^Optional ```python service_account: IServiceAccount ``` - *Type:* [`cdk8s_plus_21.IServiceAccount`](#cdk8s_plus_21.IServiceAccount) - *Default:* No service account. A service account provides an identity for processes that run in a Pod. When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default). > https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ --- ##### `volumes`^Optional ```python volumes: typing.List[Volume] ``` - *Type:* typing.List[[`cdk8s_plus_21.Volume`](#cdk8s_plus_21.Volume)] - *Default:* No volumes. List of volumes that can be mounted by containers belonging to the pod. You can also add volumes later using `podSpec.addVolume()` > https://kubernetes.io/docs/concepts/storage/volumes --- ##### `pod_metadata`^Optional ```python pod_metadata: ApiObjectMetadata ``` - *Type:* [`cdk8s.ApiObjectMetadata`](#cdk8s.ApiObjectMetadata) The pod metadata of this workload. --- ##### `select`^Optional ```python select: bool ``` - *Type:* `bool` - *Default:* true Automatically allocates a pod label selector for this workload and add it to the pod metadata. This ensures this workload manages pods created by its pod template. --- ### WorkloadSchedulingSpreadOptions Options for `WorkloadScheduling.spread`. #### Initializer ```python import cdk8s_plus_21 cdk8s_plus_21.WorkloadSchedulingSpreadOptions( topology: Topology = None, weight: typing.Union[int, float] = None ) ``` ##### `topology`^Optional ```python topology: Topology ``` - *Type:* [`cdk8s_plus_21.Topology`](#cdk8s_plus_21.Topology) - *Default:* Topology.HOSTNAME Which topology to spread on. --- ##### `weight`^Optional ```python weight: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` - *Default:* no weight. spread is assumed to be required. Indicates the spread is optional, with this weight score. --- ## Classes ### ApiResource - *Implements:* [`cdk8s_plus_21.IApiResource`](#cdk8s_plus_21.IApiResource), [`cdk8s_plus_21.IApiEndpoint`](#cdk8s_plus_21.IApiEndpoint) Represents information about an API resource type. #### Methods ##### `as_api_resource` ```python def as_api_resource() ``` ##### `as_non_api_resource` ```python def as_non_api_resource() ``` #### Static Functions ##### `custom` ```python import cdk8s_plus_21 cdk8s_plus_21.ApiResource.custom( api_group: str, resource_type: str ) ``` ###### `api_group`^Required - *Type:* `str` The group portion of the API version (e.g. `authorization.k8s.io`). --- ###### `resource_type`^Required - *Type:* `str` The name of the resource type as it appears in the relevant API endpoint. > https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources --- #### Properties ##### `api_group`^Required ```python api_group: str ``` - *Type:* `str` The group portion of the API version (e.g. `authorization.k8s.io`). --- ##### `resource_type`^Required ```python resource_type: str ``` - *Type:* `str` The name of the resource type as it appears in the relevant API endpoint. > https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources --- #### Constants ##### `API_SERVICES` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for APIService. --- ##### `BINDINGS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for Binding. --- ##### `CERTIFICATE_SIGNING_REQUESTS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for CertificateSigningRequest. --- ##### `CLUSTER_ROLE_BINDINGS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for ClusterRoleBinding. --- ##### `CLUSTER_ROLES` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for ClusterRole. --- ##### `COMPONENT_STATUSES` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for ComponentStatus. --- ##### `CONFIG_MAPS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for ConfigMap. --- ##### `CONTROLLER_REVISIONS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for ControllerRevision. --- ##### `CRON_JOBS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for CronJob. --- ##### `CSI_DRIVERS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for CSIDriver. --- ##### `CSI_NODES` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for CSINode. --- ##### `CSI_STORAGE_CAPACITIES` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for CSIStorageCapacity. --- ##### `CUSTOM_RESOURCE_DEFINITIONS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for CustomResourceDefinition. --- ##### `DAEMON_SETS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for DaemonSet. --- ##### `DEPLOYMENTS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for Deployment. --- ##### `ENDPOINT_SLICES` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for EndpointSlice. --- ##### `ENDPOINTS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for Endpoints. --- ##### `EVENTS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for Event. --- ##### `FLOW_SCHEMAS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for FlowSchema. --- ##### `HORIZONTAL_POD_AUTOSCALERS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for HorizontalPodAutoscaler. --- ##### `INGRESS_CLASSES` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for IngressClass. --- ##### `INGRESSES` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for Ingress. --- ##### `JOBS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for Job. --- ##### `LEASES` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for Lease. --- ##### `LIMIT_RANGES` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for LimitRange. --- ##### `LOCAL_SUBJECT_ACCESS_REVIEWS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for LocalSubjectAccessReview. --- ##### `MUTATING_WEBHOOK_CONFIGURATIONS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for MutatingWebhookConfiguration. --- ##### `NAMESPACES` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for Namespace. --- ##### `NETWORK_POLICIES` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for NetworkPolicy. --- ##### `NODES` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for Node. --- ##### `PERSISTENT_VOLUME_CLAIMS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for PersistentVolumeClaim. --- ##### `PERSISTENT_VOLUMES` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for PersistentVolume. --- ##### `POD_DISRUPTION_BUDGETS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for PodDisruptionBudget. --- ##### `POD_SECURITY_POLICIES` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for PodSecurityPolicy. --- ##### `POD_TEMPLATES` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for PodTemplate. --- ##### `PODS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for Pod. --- ##### `PRIORITY_CLASSES` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for PriorityClass. --- ##### `PRIORITY_LEVEL_CONFIGURATIONS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for PriorityLevelConfiguration. --- ##### `REPLICA_SETS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for ReplicaSet. --- ##### `REPLICATION_CONTROLLERS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for ReplicationController. --- ##### `RESOURCE_QUOTAS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for ResourceQuota. --- ##### `ROLE_BINDINGS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for RoleBinding. --- ##### `ROLES` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for Role. --- ##### `RUNTIME_CLASSES` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for RuntimeClass. --- ##### `SECRETS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for Secret. --- ##### `SELF_SUBJECT_ACCESS_REVIEWS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for SelfSubjectAccessReview. --- ##### `SELF_SUBJECT_RULES_REVIEWS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for SelfSubjectRulesReview. --- ##### `SERVICE_ACCOUNTS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for ServiceAccount. --- ##### `SERVICES` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for Service. --- ##### `STATEFUL_SETS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for StatefulSet. --- ##### `STORAGE_CLASSES` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for StorageClass. --- ##### `SUBJECT_ACCESS_REVIEWS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for SubjectAccessReview. --- ##### `TOKEN_REVIEWS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for TokenReview. --- ##### `VALIDATING_WEBHOOK_CONFIGURATIONS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for ValidatingWebhookConfiguration. --- ##### `VOLUME_ATTACHMENTS` - *Type:* [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource) API resource information for VolumeAttachment. --- ### Container A single application container that you want to run within a pod. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.Container( image: str, args: typing.List[str] = None, command: typing.List[str] = None, env_from: typing.List[EnvFrom] = None, env_variables: typing.Mapping[EnvValue] = None, image_pull_policy: ImagePullPolicy = None, lifecycle: ContainerLifecycle = None, liveness: Probe = None, name: str = None, port: typing.Union[int, float] = None, readiness: Probe = None, resources: ContainerResources = None, security_context: ContainerSecurityContextProps = None, startup: Probe = None, volume_mounts: typing.List[VolumeMount] = None, working_dir: str = None ) ``` ##### `image`^Required - *Type:* `str` Docker image name. --- ##### `args`^Optional - *Type:* typing.List[`str`] - *Default:* [] Arguments to the entrypoint. The docker image's CMD is used if `command` is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. > https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell --- ##### `command`^Optional - *Type:* typing.List[`str`] - *Default:* The docker image's ENTRYPOINT. Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell --- ##### `env_from`^Optional - *Type:* typing.List[[`cdk8s_plus_21.EnvFrom`](#cdk8s_plus_21.EnvFrom)] - *Default:* No sources. List of sources to populate environment variables in the container. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by the `envVariables` property with a duplicate key will take precedence. --- ##### `env_variables`^Optional - *Type:* typing.Mapping[[`cdk8s_plus_21.EnvValue`](#cdk8s_plus_21.EnvValue)] - *Default:* No environment variables. Environment variables to set in the container. --- ##### `image_pull_policy`^Optional - *Type:* [`cdk8s_plus_21.ImagePullPolicy`](#cdk8s_plus_21.ImagePullPolicy) - *Default:* ImagePullPolicy.ALWAYS Image pull policy for this container. --- ##### `lifecycle`^Optional - *Type:* [`cdk8s_plus_21.ContainerLifecycle`](#cdk8s_plus_21.ContainerLifecycle) Describes actions that the management system should take in response to container lifecycle events. --- ##### `liveness`^Optional - *Type:* [`cdk8s_plus_21.Probe`](#cdk8s_plus_21.Probe) - *Default:* no liveness probe is defined Periodic probe of container liveness. Container will be restarted if the probe fails. --- ##### `name`^Optional - *Type:* `str` - *Default:* 'main' Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. --- ##### `port`^Optional - *Type:* `typing.Union[int, float]` - *Default:* No port is exposed. Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. --- ##### `readiness`^Optional - *Type:* [`cdk8s_plus_21.Probe`](#cdk8s_plus_21.Probe) - *Default:* no readiness probe is defined Determines when the container is ready to serve traffic. --- ##### `resources`^Optional - *Type:* [`cdk8s_plus_21.ContainerResources`](#cdk8s_plus_21.ContainerResources) Compute resources (CPU and memory requests and limits) required by the container. > https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ --- ##### `security_context`^Optional - *Type:* [`cdk8s_plus_21.ContainerSecurityContextProps`](#cdk8s_plus_21.ContainerSecurityContextProps) - *Default:* ensureNonRoot: false privileged: false readOnlyRootFilesystem: false SecurityContext defines the security options the container should be run with. If set, the fields override equivalent fields of the pod's security context. > https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ --- ##### `startup`^Optional - *Type:* [`cdk8s_plus_21.Probe`](#cdk8s_plus_21.Probe) - *Default:* no startup probe is defined. StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully --- ##### `volume_mounts`^Optional - *Type:* typing.List[[`cdk8s_plus_21.VolumeMount`](#cdk8s_plus_21.VolumeMount)] Pod volumes to mount into the container's filesystem. Cannot be updated. --- ##### `working_dir`^Optional - *Type:* `str` - *Default:* The container runtime's default. Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. --- #### Methods ##### `mount` ```python def mount( path: str, storage: IStorage, propagation: MountPropagation = None, read_only: bool = None, sub_path: str = None, sub_path_expr: str = None ) ``` ###### `path`^Required - *Type:* `str` The desired path in the container. --- ###### `storage`^Required - *Type:* [`cdk8s_plus_21.IStorage`](#cdk8s_plus_21.IStorage) The storage to mount. --- ###### `propagation`^Optional - *Type:* [`cdk8s_plus_21.MountPropagation`](#cdk8s_plus_21.MountPropagation) - *Default:* MountPropagation.NONE Determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. Mount propagation allows for sharing volumes mounted by a Container to other Containers in the same Pod, or even to other Pods on the same node. --- ###### `read_only`^Optional - *Type:* `bool` - *Default:* false Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. --- ###### `sub_path`^Optional - *Type:* `str` - *Default:* "" the volume's root Path within the volume from which the container's volume should be mounted.). --- ###### `sub_path_expr`^Optional - *Type:* `str` - *Default:* "" volume's root. Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). `subPathExpr` and `subPath` are mutually exclusive. --- #### Properties ##### `env`^Required ```python env: Env ``` - *Type:* [`cdk8s_plus_21.Env`](#cdk8s_plus_21.Env) The environment of the container. --- ##### `image`^Required ```python image: str ``` - *Type:* `str` The container image. --- ##### `image_pull_policy`^Required ```python image_pull_policy: ImagePullPolicy ``` - *Type:* [`cdk8s_plus_21.ImagePullPolicy`](#cdk8s_plus_21.ImagePullPolicy) Image pull policy for this container. --- ##### `mounts`^Required ```python mounts: typing.List[VolumeMount] ``` - *Type:* typing.List[[`cdk8s_plus_21.VolumeMount`](#cdk8s_plus_21.VolumeMount)] Volume mounts configured for this container. --- ##### `name`^Required ```python name: str ``` - *Type:* `str` The name of the container. --- ##### `security_context`^Required ```python security_context: ContainerSecurityContext ``` - *Type:* [`cdk8s_plus_21.ContainerSecurityContext`](#cdk8s_plus_21.ContainerSecurityContext) The security context of the container. --- ##### `args`^Optional ```python args: typing.List[str] ``` - *Type:* typing.List[`str`] Arguments to the entrypoint. --- ##### `command`^Optional ```python command: typing.List[str] ``` - *Type:* typing.List[`str`] Entrypoint array (the command to execute when the container starts). --- ##### `port`^Optional ```python port: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` The port this container exposes. --- ##### `resources`^Optional ```python resources: ContainerResources ``` - *Type:* [`cdk8s_plus_21.ContainerResources`](#cdk8s_plus_21.ContainerResources) Compute resources (CPU and memory requests and limits) required by the container. > https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ --- ##### `working_dir`^Optional ```python working_dir: str ``` - *Type:* `str` The working directory inside the container. --- ### ContainerSecurityContext Container security attributes and settings. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.ContainerSecurityContext( ensure_non_root: bool = None, group: typing.Union[int, float] = None, privileged: bool = None, read_only_root_filesystem: bool = None, user: typing.Union[int, float] = None ) ``` ##### `ensure_non_root`^Optional - *Type:* `bool` - *Default:* false Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. --- ##### `group`^Optional - *Type:* `typing.Union[int, float]` - *Default:* Group configured by container runtime The GID to run the entrypoint of the container process. --- ##### `privileged`^Optional - *Type:* `bool` - *Default:* false Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. --- ##### `read_only_root_filesystem`^Optional - *Type:* `bool` - *Default:* false Whether this container has a read-only root filesystem. --- ##### `user`^Optional - *Type:* `typing.Union[int, float]` - *Default:* User specified in image metadata The UID to run the entrypoint of the container process. --- #### Properties ##### `ensure_non_root`^Required ```python ensure_non_root: bool ``` - *Type:* `bool` --- ##### `privileged`^Required ```python privileged: bool ``` - *Type:* `bool` --- ##### `read_only_root_filesystem`^Required ```python read_only_root_filesystem: bool ``` - *Type:* `bool` --- ##### `group`^Optional ```python group: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` --- ##### `user`^Optional ```python user: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` --- ### Cpu Represents the amount of CPU. The amount can be passed as millis or units. #### Static Functions ##### `millis` ```python import cdk8s_plus_21 cdk8s_plus_21.Cpu.millis( amount: typing.Union[int, float] ) ``` ###### `amount`^Required - *Type:* `typing.Union[int, float]` --- ##### `units` ```python import cdk8s_plus_21 cdk8s_plus_21.Cpu.units( amount: typing.Union[int, float] ) ``` ###### `amount`^Required - *Type:* `typing.Union[int, float]` --- #### Properties ##### `amount`^Required ```python amount: str ``` - *Type:* `str` --- ### DeploymentStrategy Deployment strategies. #### Static Functions ##### `recreate` ```python import cdk8s_plus_21 cdk8s_plus_21.DeploymentStrategy.recreate() ``` ##### `rolling_update` ```python import cdk8s_plus_21 cdk8s_plus_21.DeploymentStrategy.rolling_update( max_surge: PercentOrAbsolute = None, max_unavailable: PercentOrAbsolute = None ) ``` ###### `max_surge`^Optional - *Type:* [`cdk8s_plus_21.PercentOrAbsolute`](#cdk8s_plus_21.PercentOrAbsolute) - *Default:* '25%' The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding up. This can not be 0 if `maxUnavailable` is 0. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods. --- ###### `max_unavailable`^Optional - *Type:* [`cdk8s_plus_21.PercentOrAbsolute`](#cdk8s_plus_21.PercentOrAbsolute) - *Default:* '25%' The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if `maxSurge` is 0. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods. --- ### Env Container environment variables. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.Env( sources: typing.List[EnvFrom], variables: typing.Mapping[EnvValue] ) ``` ##### `sources`^Required - *Type:* typing.List[[`cdk8s_plus_21.EnvFrom`](#cdk8s_plus_21.EnvFrom)] --- ##### `variables`^Required - *Type:* typing.Mapping[[`cdk8s_plus_21.EnvValue`](#cdk8s_plus_21.EnvValue)] --- #### Methods ##### `add_variable` ```python def add_variable( name: str, value: EnvValue ) ``` ###### `name`^Required - *Type:* `str` --- ###### `value`^Required - *Type:* [`cdk8s_plus_21.EnvValue`](#cdk8s_plus_21.EnvValue) --- ##### `copy_from` ```python def copy_from( from: EnvFrom ) ``` ###### `from`^Required - *Type:* [`cdk8s_plus_21.EnvFrom`](#cdk8s_plus_21.EnvFrom) --- #### Static Functions ##### `from_config_map` ```python import cdk8s_plus_21 cdk8s_plus_21.Env.from_config_map( config_map: IConfigMap, prefix: str = None ) ``` ###### `config_map`^Required - *Type:* [`cdk8s_plus_21.IConfigMap`](#cdk8s_plus_21.IConfigMap) --- ###### `prefix`^Optional - *Type:* `str` --- ##### `from_secret` ```python import cdk8s_plus_21 cdk8s_plus_21.Env.from_secret( secr: ISecret ) ``` ###### `secr`^Required - *Type:* [`cdk8s_plus_21.ISecret`](#cdk8s_plus_21.ISecret) --- #### Properties ##### `sources`^Required ```python sources: typing.List[EnvFrom] ``` - *Type:* typing.List[[`cdk8s_plus_21.EnvFrom`](#cdk8s_plus_21.EnvFrom)] The list of sources used to populate the container environment, in addition to the `variables`. Returns a copy. To add a source use `container.env.copyFrom()`. --- ##### `variables`^Required ```python variables: typing.Mapping[EnvValue] ``` - *Type:* typing.Mapping[[`cdk8s_plus_21.EnvValue`](#cdk8s_plus_21.EnvValue)] The environment variables for this container. Returns a copy. To add environment variables use `container.env.addVariable()`. --- ### EnvFrom A collection of env variables defined in other resources. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.EnvFrom( config_map: IConfigMap = None, prefix: str = None, sec: ISecret = None ) ``` ##### `config_map`^Optional - *Type:* [`cdk8s_plus_21.IConfigMap`](#cdk8s_plus_21.IConfigMap) --- ##### `prefix`^Optional - *Type:* `str` --- ##### `sec`^Optional - *Type:* [`cdk8s_plus_21.ISecret`](#cdk8s_plus_21.ISecret) --- ### EnvValue Utility class for creating reading env values from various sources. #### Static Functions ##### `from_config_map` ```python import cdk8s_plus_21 cdk8s_plus_21.EnvValue.from_config_map( config_map: IConfigMap, key: str, optional: bool = None ) ``` ###### `config_map`^Required - *Type:* [`cdk8s_plus_21.IConfigMap`](#cdk8s_plus_21.IConfigMap) The config map. --- ###### `key`^Required - *Type:* `str` The key to extract the value from. --- ###### `optional`^Optional - *Type:* `bool` - *Default:* false Specify whether the ConfigMap or its key must be defined. --- ##### `from_field_ref` ```python import cdk8s_plus_21 cdk8s_plus_21.EnvValue.from_field_ref( field_path: EnvFieldPaths, api_version: str = None, key: str = None ) ``` ###### `field_path`^Required - *Type:* [`cdk8s_plus_21.EnvFieldPaths`](#cdk8s_plus_21.EnvFieldPaths) : The field reference. --- ###### `api_version`^Optional - *Type:* `str` Version of the schema the FieldPath is written in terms of. --- ###### `key`^Optional - *Type:* `str` The key to select the pod label or annotation. --- ##### `from_process` ```python import cdk8s_plus_21 cdk8s_plus_21.EnvValue.from_process( key: str, required: bool = None ) ``` ###### `key`^Required - *Type:* `str` The key to read. --- ###### `required`^Optional - *Type:* `bool` - *Default:* false Specify whether the key must exist in the environment. If this is set to true, and the key does not exist, an error will thrown. --- ##### `from_resource` ```python import cdk8s_plus_21 cdk8s_plus_21.EnvValue.from_resource( resource: ResourceFieldPaths, container: Container = None, divisor: str = None ) ``` ###### `resource`^Required - *Type:* [`cdk8s_plus_21.ResourceFieldPaths`](#cdk8s_plus_21.ResourceFieldPaths) : Resource to select the value from. --- ###### `container`^Optional - *Type:* [`cdk8s_plus_21.Container`](#cdk8s_plus_21.Container) The container to select the value from. --- ###### `divisor`^Optional - *Type:* `str` The output format of the exposed resource. --- ##### `from_secret_value` ```python import cdk8s_plus_21 cdk8s_plus_21.EnvValue.from_secret_value( key: str, secret: ISecret, optional: bool = None ) ``` ###### `key`^Required - *Type:* `str` The JSON key. --- ###### `secret`^Required - *Type:* [`cdk8s_plus_21.ISecret`](#cdk8s_plus_21.ISecret) The secret. --- ###### `optional`^Optional - *Type:* `bool` - *Default:* false Specify whether the Secret or its key must be defined. --- ##### `from_value` ```python import cdk8s_plus_21 cdk8s_plus_21.EnvValue.from_value( value: str ) ``` ###### `value`^Required - *Type:* `str` The value. --- #### Properties ##### `value`^Optional ```python value: typing.Any ``` - *Type:* `typing.Any` --- ##### `value_from`^Optional ```python value_from: typing.Any ``` - *Type:* `typing.Any` --- ### Group - *Implements:* [`cdk8s_plus_21.ISubject`](#cdk8s_plus_21.ISubject) Represents a group. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.Group( name: str ) ``` ##### `name`^Required - *Type:* `str` The name of the group. --- #### Properties ##### `kind`^Required ```python kind: str ``` - *Type:* `str` Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. --- ##### `name`^Required ```python name: str ``` - *Type:* `str` Name of the object being referenced. --- ##### `api_group`^Optional ```python api_group: str ``` - *Type:* `str` APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. --- ### Handler Defines a specific action that should be taken. #### Static Functions ##### `from_command` ```python import cdk8s_plus_21 cdk8s_plus_21.Handler.from_command( command: typing.List[str] ) ``` ###### `command`^Required - *Type:* typing.List[`str`] The command to execute. --- ##### `from_http_get` ```python import cdk8s_plus_21 cdk8s_plus_21.Handler.from_http_get( path: str, port: typing.Union[int, float] = None ) ``` ###### `path`^Required - *Type:* `str` The URL path to hit. --- ###### `port`^Optional - *Type:* `typing.Union[int, float]` - *Default:* defaults to `container.port`. The TCP port to use when sending the GET request. --- ##### `from_tcp_socket` ```python import cdk8s_plus_21 cdk8s_plus_21.Handler.from_tcp_socket( host: str = None, port: typing.Union[int, float] = None ) ``` ###### `host`^Optional - *Type:* `str` - *Default:* defaults to the pod IP The host name to connect to on the container. --- ###### `port`^Optional - *Type:* `typing.Union[int, float]` - *Default:* defaults to `container.port`. The TCP port to connect to on the container. --- ### IngressV1Beta1Backend The backend for an ingress path. #### Static Functions ##### `from_resource` ```python import cdk8s_plus_21 cdk8s_plus_21.IngressV1Beta1Backend.from_resource( resource: IResource ) ``` ###### `resource`^Required - *Type:* [`cdk8s_plus_21.IResource`](#cdk8s_plus_21.IResource) --- ##### `from_service` ```python import cdk8s_plus_21 cdk8s_plus_21.IngressV1Beta1Backend.from_service( serv: Service, port: typing.Union[int, float] = None ) ``` ###### `serv`^Required - *Type:* [`cdk8s_plus_21.Service`](#cdk8s_plus_21.Service) The service object. --- ###### `port`^Optional - *Type:* `typing.Union[int, float]` - *Default:* if the service exposes a single port, this port will be used. The port to use to access the service. * This option will fail if the service does not expose any ports. * If the service exposes multiple ports, this option must be specified. * If the service exposes a single port, this option is optional and if specified, it must be the same port exposed by the service. --- ### LabeledNode A node that is matched by label selectors. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.LabeledNode( label_selector: typing.List[NodeLabelQuery] ) ``` ##### `label_selector`^Required - *Type:* typing.List[[`cdk8s_plus_21.NodeLabelQuery`](#cdk8s_plus_21.NodeLabelQuery)] --- #### Properties ##### `label_selector`^Required ```python label_selector: typing.List[NodeLabelQuery] ``` - *Type:* typing.List[[`cdk8s_plus_21.NodeLabelQuery`](#cdk8s_plus_21.NodeLabelQuery)] --- ### LabelExpression Represents a query that can be performed against resources with labels. #### Static Functions ##### `does_not_exist` ```python import cdk8s_plus_21 cdk8s_plus_21.LabelExpression.does_not_exist( key: str ) ``` ###### `key`^Required - *Type:* `str` --- ##### `exists` ```python import cdk8s_plus_21 cdk8s_plus_21.LabelExpression.exists( key: str ) ``` ###### `key`^Required - *Type:* `str` --- ##### `in` ```python import cdk8s_plus_21 cdk8s_plus_21.LabelExpression.in( key: str, values: typing.List[str] ) ``` ###### `key`^Required - *Type:* `str` --- ###### `values`^Required - *Type:* typing.List[`str`] --- ##### `not_in` ```python import cdk8s_plus_21 cdk8s_plus_21.LabelExpression.not_in( key: str, values: typing.List[str] ) ``` ###### `key`^Required - *Type:* `str` --- ###### `values`^Required - *Type:* typing.List[`str`] --- #### Properties ##### `key`^Required ```python key: str ``` - *Type:* `str` --- ##### `operator`^Required ```python operator: str ``` - *Type:* `str` --- ##### `values`^Optional ```python values: typing.List[str] ``` - *Type:* typing.List[`str`] --- ### LabelSelector Match a resource by labels. #### Static Functions ##### `of` ```python import cdk8s_plus_21 cdk8s_plus_21.LabelSelector.of( options: LabelSelectorOptions = None ) ``` ###### `options`^Optional - *Type:* [`cdk8s_plus_21.LabelSelectorOptions`](#cdk8s_plus_21.LabelSelectorOptions) --- ### LabelSelectorOptions Options for `LabelSelector.of`. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.LabelSelectorOptions() ``` #### Properties ##### `expressions`^Optional ```python expressions: typing.List[LabelExpression] ``` - *Type:* typing.List[[`cdk8s_plus_21.LabelExpression`](#cdk8s_plus_21.LabelExpression)] Expression based label matchers. --- ##### `labels`^Optional ```python labels: typing.Mapping[str] ``` - *Type:* typing.Mapping[`str`] Strict label matchers. --- ### NamedNode A node that is matched by its name. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.NamedNode( name: str ) ``` ##### `name`^Required - *Type:* `str` --- #### Properties ##### `name`^Required ```python name: str ``` - *Type:* `str` --- ### Namespaces - *Implements:* [`cdk8s_plus_21.INamespaceSelector`](#cdk8s_plus_21.INamespaceSelector) Represents a group of namespaces. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.Namespaces( expressions: typing.List[LabelExpression] = None, names: typing.List[str] = None, labels: typing.Mapping[str] = None ) ``` ##### `expressions`^Optional - *Type:* typing.List[[`cdk8s_plus_21.LabelExpression`](#cdk8s_plus_21.LabelExpression)] --- ##### `names`^Optional - *Type:* typing.List[`str`] --- ##### `labels`^Optional - *Type:* typing.Mapping[`str`] --- #### Methods ##### `to_namespace_selector_config` ```python def to_namespace_selector_config() ``` #### Static Functions ##### `all` ```python import cdk8s_plus_21 cdk8s_plus_21.Namespaces.all() ``` ##### `select` ```python import cdk8s_plus_21 cdk8s_plus_21.Namespaces.select( expressions: typing.List[LabelExpression] = None, labels: typing.Mapping[str] = None, names: typing.List[str] = None ) ``` ###### `expressions`^Optional - *Type:* typing.List[[`cdk8s_plus_21.LabelExpression`](#cdk8s_plus_21.LabelExpression)] - *Default:* no selector requirements. Namespaces must satisfy these selectors. The selectors query labels, just like the `labels` property, but they provide a more advanced matching mechanism. --- ###### `labels`^Optional - *Type:* typing.Mapping[`str`] - *Default:* no strict labels requirements. Labels the namespaces must have. This is equivalent to using an 'Is' selector. --- ###### `names`^Optional - *Type:* typing.List[`str`] - *Default:* no name requirements. Namespaces names must be one of these. --- ### Node Represents a node in the cluster. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.Node() ``` #### Static Functions ##### `labeled` ```python import cdk8s_plus_21 cdk8s_plus_21.Node.labeled( label_selector: NodeLabelQuery ) ``` ###### `label_selector`^Required - *Type:* [`cdk8s_plus_21.NodeLabelQuery`](#cdk8s_plus_21.NodeLabelQuery) --- ##### `named` ```python import cdk8s_plus_21 cdk8s_plus_21.Node.named( node_name: str ) ``` ###### `node_name`^Required - *Type:* `str` --- ##### `tainted` ```python import cdk8s_plus_21 cdk8s_plus_21.Node.tainted( taint_selector: NodeTaintQuery ) ``` ###### `taint_selector`^Required - *Type:* [`cdk8s_plus_21.NodeTaintQuery`](#cdk8s_plus_21.NodeTaintQuery) --- ### NodeLabelQuery Represents a query that can be performed against nodes with labels. #### Static Functions ##### `does_not_exist` ```python import cdk8s_plus_21 cdk8s_plus_21.NodeLabelQuery.does_not_exist( key: str ) ``` ###### `key`^Required - *Type:* `str` --- ##### `exists` ```python import cdk8s_plus_21 cdk8s_plus_21.NodeLabelQuery.exists( key: str ) ``` ###### `key`^Required - *Type:* `str` --- ##### `gt` ```python import cdk8s_plus_21 cdk8s_plus_21.NodeLabelQuery.gt( key: str, values: typing.List[str] ) ``` ###### `key`^Required - *Type:* `str` --- ###### `values`^Required - *Type:* typing.List[`str`] --- ##### `in` ```python import cdk8s_plus_21 cdk8s_plus_21.NodeLabelQuery.in( key: str, values: typing.List[str] ) ``` ###### `key`^Required - *Type:* `str` --- ###### `values`^Required - *Type:* typing.List[`str`] --- ##### `is` ```python import cdk8s_plus_21 cdk8s_plus_21.NodeLabelQuery.is( key: str, value: str ) ``` ###### `key`^Required - *Type:* `str` --- ###### `value`^Required - *Type:* `str` --- ##### `lt` ```python import cdk8s_plus_21 cdk8s_plus_21.NodeLabelQuery.lt( key: str, values: typing.List[str] ) ``` ###### `key`^Required - *Type:* `str` --- ###### `values`^Required - *Type:* typing.List[`str`] --- ##### `not_in` ```python import cdk8s_plus_21 cdk8s_plus_21.NodeLabelQuery.not_in( key: str, values: typing.List[str] ) ``` ###### `key`^Required - *Type:* `str` --- ###### `values`^Required - *Type:* typing.List[`str`] --- #### Properties ##### `key`^Required ```python key: str ``` - *Type:* `str` --- ##### `operator`^Required ```python operator: str ``` - *Type:* `str` --- ##### `values`^Optional ```python values: typing.List[str] ``` - *Type:* typing.List[`str`] --- ### NodeTaintQuery Taint queries that can be perfomed against nodes. #### Static Functions ##### `any` ```python import cdk8s_plus_21 cdk8s_plus_21.NodeTaintQuery.any() ``` ##### `exists` ```python import cdk8s_plus_21 cdk8s_plus_21.NodeTaintQuery.exists( key: str, effect: TaintEffect = None, evict_after: Duration = None ) ``` ###### `key`^Required - *Type:* `str` --- ###### `effect`^Optional - *Type:* [`cdk8s_plus_21.TaintEffect`](#cdk8s_plus_21.TaintEffect) - *Default:* all effects are matched. The taint effect to match. --- ###### `evict_after`^Optional - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* bound forever. How much time should a pod that tolerates the `NO_EXECUTE` effect be bound to the node. Only applies for the `NO_EXECUTE` effect. --- ##### `is` ```python import cdk8s_plus_21 cdk8s_plus_21.NodeTaintQuery.is( key: str, value: str, effect: TaintEffect = None, evict_after: Duration = None ) ``` ###### `key`^Required - *Type:* `str` --- ###### `value`^Required - *Type:* `str` --- ###### `effect`^Optional - *Type:* [`cdk8s_plus_21.TaintEffect`](#cdk8s_plus_21.TaintEffect) - *Default:* all effects are matched. The taint effect to match. --- ###### `evict_after`^Optional - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* bound forever. How much time should a pod that tolerates the `NO_EXECUTE` effect be bound to the node. Only applies for the `NO_EXECUTE` effect. --- #### Properties ##### `operator`^Required ```python operator: str ``` - *Type:* `str` --- ##### `effect`^Optional ```python effect: str ``` - *Type:* `str` --- ##### `evict_after`^Optional ```python evict_after: Duration ``` - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) --- ##### `key`^Optional ```python key: str ``` - *Type:* `str` --- ##### `value`^Optional ```python value: str ``` - *Type:* `str` --- ### NonApiResource - *Implements:* [`cdk8s_plus_21.IApiEndpoint`](#cdk8s_plus_21.IApiEndpoint) Factory for creating non api resources. #### Methods ##### `as_api_resource` ```python def as_api_resource() ``` ##### `as_non_api_resource` ```python def as_non_api_resource() ``` #### Static Functions ##### `of` ```python import cdk8s_plus_21 cdk8s_plus_21.NonApiResource.of( url: str ) ``` ###### `url`^Required - *Type:* `str` --- ### PercentOrAbsolute Union like class repsenting either a ration in percents or an absolute number. #### Methods ##### `is_zero` ```python def is_zero() ``` #### Static Functions ##### `absolute` ```python import cdk8s_plus_21 cdk8s_plus_21.PercentOrAbsolute.absolute( num: typing.Union[int, float] ) ``` ###### `num`^Required - *Type:* `typing.Union[int, float]` --- ##### `percent` ```python import cdk8s_plus_21 cdk8s_plus_21.PercentOrAbsolute.percent( percent: typing.Union[int, float] ) ``` ###### `percent`^Required - *Type:* `typing.Union[int, float]` --- #### Properties ##### `value`^Required ```python value: typing.Any ``` - *Type:* `typing.Any` --- ### PodDns Holds dns settings of the pod. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.PodDns( hostname: str = None, hostname_as_fqd_n: bool = None, nameservers: typing.List[str] = None, options: typing.List[DnsOption] = None, policy: DnsPolicy = None, searches: typing.List[str] = None, subdomain: str = None ) ``` ##### `hostname`^Optional - *Type:* `str` - *Default:* Set to a system-defined value. Specifies the hostname of the Pod. --- ##### `hostname_as_fqd_n`^Optional - *Type:* `bool` - *Default:* false If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to FQDN. If a pod does not have FQDN, this has no effect. --- ##### `nameservers`^Optional - *Type:* typing.List[`str`] A list of IP addresses that will be used as DNS servers for the Pod. There can be at most 3 IP addresses specified. When the policy is set to "NONE", the list must contain at least one IP address, otherwise this property is optional. The servers listed will be combined to the base nameservers generated from the specified DNS policy with duplicate addresses removed. --- ##### `options`^Optional - *Type:* typing.List[[`cdk8s_plus_21.DnsOption`](#cdk8s_plus_21.DnsOption)] List of objects where each object may have a name property (required) and a value property (optional). The contents in this property will be merged to the options generated from the specified DNS policy. Duplicate entries are removed. --- ##### `policy`^Optional - *Type:* [`cdk8s_plus_21.DnsPolicy`](#cdk8s_plus_21.DnsPolicy) - *Default:* DnsPolicy.CLUSTER_FIRST Set DNS policy for the pod. If policy is set to `None`, other configuration must be supplied. --- ##### `searches`^Optional - *Type:* typing.List[`str`] A list of DNS search domains for hostname lookup in the Pod. When specified, the provided list will be merged into the base search domain names generated from the chosen DNS policy. Duplicate domain names are removed. Kubernetes allows for at most 6 search domains. --- ##### `subdomain`^Optional - *Type:* `str` - *Default:* No subdomain. If specified, the fully qualified Pod hostname will be "...svc.". --- #### Methods ##### `add_nameserver` ```python def add_nameserver( nameservers: str ) ``` ###### `nameservers`^Required - *Type:* `str` --- ##### `add_option` ```python def add_option( name: str, value: str = None ) ``` ###### `name`^Required - *Type:* `str` Option name. --- ###### `value`^Optional - *Type:* `str` - *Default:* No value. Option value. --- ##### `add_search` ```python def add_search( searches: str ) ``` ###### `searches`^Required - *Type:* `str` --- #### Properties ##### `hostname_as_fqd_n`^Required ```python hostname_as_fqd_n: bool ``` - *Type:* `bool` Whether or not the pods hostname is set to its FQDN. --- ##### `nameservers`^Required ```python nameservers: typing.List[str] ``` - *Type:* typing.List[`str`] Nameservers defined for this pod. --- ##### `options`^Required ```python options: typing.List[DnsOption] ``` - *Type:* typing.List[[`cdk8s_plus_21.DnsOption`](#cdk8s_plus_21.DnsOption)] Custom dns options defined for this pod. --- ##### `policy`^Required ```python policy: DnsPolicy ``` - *Type:* [`cdk8s_plus_21.DnsPolicy`](#cdk8s_plus_21.DnsPolicy) The DNS policy of this pod. --- ##### `searches`^Required ```python searches: typing.List[str] ``` - *Type:* typing.List[`str`] Search domains defined for this pod. --- ##### `hostname`^Optional ```python hostname: str ``` - *Type:* `str` The configured hostname of the pod. Undefined means its set to a system-defined value. --- ##### `subdomain`^Optional ```python subdomain: str ``` - *Type:* `str` The configured subdomain of the pod. --- ### Pods - *Implements:* [`cdk8s_plus_21.IPodSelector`](#cdk8s_plus_21.IPodSelector) Represents a group of pods. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.Pods( expressions: typing.List[LabelExpression] = None, labels: typing.Mapping[str] = None, namespaces: INamespaceSelector = None ) ``` ##### `expressions`^Optional - *Type:* typing.List[[`cdk8s_plus_21.LabelExpression`](#cdk8s_plus_21.LabelExpression)] --- ##### `labels`^Optional - *Type:* typing.Mapping[`str`] --- ##### `namespaces`^Optional - *Type:* [`cdk8s_plus_21.INamespaceSelector`](#cdk8s_plus_21.INamespaceSelector) --- #### Methods ##### `to_pod_selector_config` ```python def to_pod_selector_config() ``` #### Static Functions ##### `select` ```python import cdk8s_plus_21 cdk8s_plus_21.Pods.select( expressions: typing.List[LabelExpression] = None, labels: typing.Mapping[str] = None, namespaces: Namespaces = None ) ``` ###### `expressions`^Optional - *Type:* typing.List[[`cdk8s_plus_21.LabelExpression`](#cdk8s_plus_21.LabelExpression)] - *Default:* no expressions requirements. Expressions the pods must satisify. --- ###### `labels`^Optional - *Type:* typing.Mapping[`str`] - *Default:* no strict labels requirements. Labels the pods must have. --- ###### `namespaces`^Optional - *Type:* [`cdk8s_plus_21.Namespaces`](#cdk8s_plus_21.Namespaces) - *Default:* unset, implies the namespace of the resource this selection is used in. Namespaces the pods are allowed to be in. Use `Namespaces.all()` to allow all namespaces. --- ### PodScheduling Controls the pod scheduling strategy. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.PodScheduling( instance: AbstractPod ) ``` ##### `instance`^Required - *Type:* [`cdk8s_plus_21.AbstractPod`](#cdk8s_plus_21.AbstractPod) --- #### Methods ##### `assign` ```python def assign( node: NamedNode ) ``` ###### `node`^Required - *Type:* [`cdk8s_plus_21.NamedNode`](#cdk8s_plus_21.NamedNode) --- ##### `attract` ```python def attract( node: LabeledNode, weight: typing.Union[int, float] = None ) ``` ###### `node`^Required - *Type:* [`cdk8s_plus_21.LabeledNode`](#cdk8s_plus_21.LabeledNode) --- ###### `weight`^Optional - *Type:* `typing.Union[int, float]` - *Default:* no weight. assignment is assumed to be required (hard). Indicates the attraction is optional (soft), with this weight score. --- ##### `colocate` ```python def colocate( selector: IPodSelector, topology: Topology = None, weight: typing.Union[int, float] = None ) ``` ###### `selector`^Required - *Type:* [`cdk8s_plus_21.IPodSelector`](#cdk8s_plus_21.IPodSelector) --- ###### `topology`^Optional - *Type:* [`cdk8s_plus_21.Topology`](#cdk8s_plus_21.Topology) - *Default:* Topology.HOSTNAME Which topology to coloate on. --- ###### `weight`^Optional - *Type:* `typing.Union[int, float]` - *Default:* no weight. co-location is assumed to be required (hard). Indicates the co-location is optional (soft), with this weight score. --- ##### `separate` ```python def separate( selector: IPodSelector, topology: Topology = None, weight: typing.Union[int, float] = None ) ``` ###### `selector`^Required - *Type:* [`cdk8s_plus_21.IPodSelector`](#cdk8s_plus_21.IPodSelector) --- ###### `topology`^Optional - *Type:* [`cdk8s_plus_21.Topology`](#cdk8s_plus_21.Topology) - *Default:* Topology.HOSTNAME Which topology to separate on. --- ###### `weight`^Optional - *Type:* `typing.Union[int, float]` - *Default:* no weight. separation is assumed to be required (hard). Indicates the separation is optional (soft), with this weight score. --- ##### `tolerate` ```python def tolerate( node: TaintedNode ) ``` ###### `node`^Required - *Type:* [`cdk8s_plus_21.TaintedNode`](#cdk8s_plus_21.TaintedNode) --- ### PodSecurityContext Holds pod-level security attributes and common container settings. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.PodSecurityContext( ensure_non_root: bool = None, fs_group: typing.Union[int, float] = None, fs_group_change_policy: FsGroupChangePolicy = None, group: typing.Union[int, float] = None, sysctls: typing.List[Sysctl] = None, user: typing.Union[int, float] = None ) ``` ##### `ensure_non_root`^Optional - *Type:* `bool` - *Default:* false Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. --- ##### `fs_group`^Optional - *Type:* `typing.Union[int, float]` - *Default:* Volume ownership is not changed. Modify the ownership and permissions of pod volumes to this GID. --- ##### `fs_group_change_policy`^Optional - *Type:* [`cdk8s_plus_21.FsGroupChangePolicy`](#cdk8s_plus_21.FsGroupChangePolicy) - *Default:* FsGroupChangePolicy.ALWAYS Defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. --- ##### `group`^Optional - *Type:* `typing.Union[int, float]` - *Default:* Group configured by container runtime The GID to run the entrypoint of the container process. --- ##### `sysctls`^Optional - *Type:* typing.List[[`cdk8s_plus_21.Sysctl`](#cdk8s_plus_21.Sysctl)] - *Default:* No sysctls Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. --- ##### `user`^Optional - *Type:* `typing.Union[int, float]` - *Default:* User specified in image metadata The UID to run the entrypoint of the container process. --- #### Properties ##### `ensure_non_root`^Required ```python ensure_non_root: bool ``` - *Type:* `bool` --- ##### `fs_group_change_policy`^Required ```python fs_group_change_policy: FsGroupChangePolicy ``` - *Type:* [`cdk8s_plus_21.FsGroupChangePolicy`](#cdk8s_plus_21.FsGroupChangePolicy) --- ##### `sysctls`^Required ```python sysctls: typing.List[Sysctl] ``` - *Type:* typing.List[[`cdk8s_plus_21.Sysctl`](#cdk8s_plus_21.Sysctl)] --- ##### `fs_group`^Optional ```python fs_group: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` --- ##### `group`^Optional ```python group: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` --- ##### `user`^Optional ```python user: typing.Union[int, float] ``` - *Type:* `typing.Union[int, float]` --- ### Probe Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. #### Static Functions ##### `from_command` ```python import cdk8s_plus_21 cdk8s_plus_21.Probe.from_command( command: typing.List[str], failure_threshold: typing.Union[int, float] = None, initial_delay_seconds: Duration = None, period_seconds: Duration = None, success_threshold: typing.Union[int, float] = None, timeout_seconds: Duration = None ) ``` ###### `command`^Required - *Type:* typing.List[`str`] The command to execute. --- ###### `failure_threshold`^Optional - *Type:* `typing.Union[int, float]` - *Default:* 3 Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. --- ###### `initial_delay_seconds`^Optional - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* immediate Number of seconds after the container has started before liveness probes are initiated. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes --- ###### `period_seconds`^Optional - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* Duration.seconds(10) Minimum value is 1. How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. --- ###### `success_threshold`^Optional - *Type:* `typing.Union[int, float]` - *Default:* 1 Must be 1 for liveness and startup. Minimum value is 1. Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. --- ###### `timeout_seconds`^Optional - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* Duration.seconds(1) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes --- ##### `from_http_get` ```python import cdk8s_plus_21 cdk8s_plus_21.Probe.from_http_get( path: str, failure_threshold: typing.Union[int, float] = None, initial_delay_seconds: Duration = None, period_seconds: Duration = None, success_threshold: typing.Union[int, float] = None, timeout_seconds: Duration = None, port: typing.Union[int, float] = None ) ``` ###### `path`^Required - *Type:* `str` The URL path to hit. --- ###### `failure_threshold`^Optional - *Type:* `typing.Union[int, float]` - *Default:* 3 Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. --- ###### `initial_delay_seconds`^Optional - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* immediate Number of seconds after the container has started before liveness probes are initiated. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes --- ###### `period_seconds`^Optional - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* Duration.seconds(10) Minimum value is 1. How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. --- ###### `success_threshold`^Optional - *Type:* `typing.Union[int, float]` - *Default:* 1 Must be 1 for liveness and startup. Minimum value is 1. Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. --- ###### `timeout_seconds`^Optional - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* Duration.seconds(1) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes --- ###### `port`^Optional - *Type:* `typing.Union[int, float]` - *Default:* defaults to `container.port`. The TCP port to use when sending the GET request. --- ##### `from_tcp_socket` ```python import cdk8s_plus_21 cdk8s_plus_21.Probe.from_tcp_socket( failure_threshold: typing.Union[int, float] = None, initial_delay_seconds: Duration = None, period_seconds: Duration = None, success_threshold: typing.Union[int, float] = None, timeout_seconds: Duration = None, host: str = None, port: typing.Union[int, float] = None ) ``` ###### `failure_threshold`^Optional - *Type:* `typing.Union[int, float]` - *Default:* 3 Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. --- ###### `initial_delay_seconds`^Optional - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* immediate Number of seconds after the container has started before liveness probes are initiated. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes --- ###### `period_seconds`^Optional - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* Duration.seconds(10) Minimum value is 1. How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. --- ###### `success_threshold`^Optional - *Type:* `typing.Union[int, float]` - *Default:* 1 Must be 1 for liveness and startup. Minimum value is 1. Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. --- ###### `timeout_seconds`^Optional - *Type:* [`cdk8s.Duration`](#cdk8s.Duration) - *Default:* Duration.seconds(1) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. > https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes --- ###### `host`^Optional - *Type:* `str` - *Default:* defaults to the pod IP The host name to connect to on the container. --- ###### `port`^Optional - *Type:* `typing.Union[int, float]` - *Default:* defaults to `container.port`. The TCP port to connect to on the container. --- ### StatefulSetUpdateStrategy StatefulSet update strategies. #### Static Functions ##### `on_delete` ```python import cdk8s_plus_21 cdk8s_plus_21.StatefulSetUpdateStrategy.on_delete() ``` ##### `rolling_update` ```python import cdk8s_plus_21 cdk8s_plus_21.StatefulSetUpdateStrategy.rolling_update( partition: typing.Union[int, float] = None ) ``` ###### `partition`^Optional - *Type:* `typing.Union[int, float]` - *Default:* 0 If specified, all Pods with an ordinal that is greater than or equal to the partition will be updated when the StatefulSet's .spec.template is updated. All Pods with an ordinal that is less than the partition will not be updated, and, even if they are deleted, they will be recreated at the previous version. If the partition is greater than replicas, updates to the pod template will not be propagated to Pods. In most cases you will not need to use a partition, but they are useful if you want to stage an update, roll out a canary, or perform a phased roll out. > https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions --- ### TaintedNode A node that is matched by taint selectors. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.TaintedNode( taint_selector: typing.List[NodeTaintQuery] ) ``` ##### `taint_selector`^Required - *Type:* typing.List[[`cdk8s_plus_21.NodeTaintQuery`](#cdk8s_plus_21.NodeTaintQuery)] --- #### Properties ##### `taint_selector`^Required ```python taint_selector: typing.List[NodeTaintQuery] ``` - *Type:* typing.List[[`cdk8s_plus_21.NodeTaintQuery`](#cdk8s_plus_21.NodeTaintQuery)] --- ### Topology Available topology domains. #### Static Functions ##### `custom` ```python import cdk8s_plus_21 cdk8s_plus_21.Topology.custom( key: str ) ``` ###### `key`^Required - *Type:* `str` --- #### Properties ##### `key`^Required ```python key: str ``` - *Type:* `str` --- #### Constants ##### `HOSTNAME` - *Type:* [`cdk8s_plus_21.Topology`](#cdk8s_plus_21.Topology) A hostname represents a single node in the cluster. > https://kubernetes.io/docs/reference/labels-annotations-taints/#kubernetesiohostname --- ##### `REGION` - *Type:* [`cdk8s_plus_21.Topology`](#cdk8s_plus_21.Topology) A region represents a larger domain, made up of one or more zones. It is uncommon for Kubernetes clusters to span multiple regions. While the exact definition of a zone or region is left to infrastructure implementations, common properties of a region include higher network latency between them than within them, non-zero cost for network traffic between them, and failure independence from other zones or regions. For example, nodes within a region might share power infrastructure (e.g. a UPS or generator), but nodes in different regions typically would not. > https://kubernetes.io/docs/reference/labels-annotations-taints/#topologykubernetesioregion --- ##### `ZONE` - *Type:* [`cdk8s_plus_21.Topology`](#cdk8s_plus_21.Topology) A zone represents a logical failure domain. It is common for Kubernetes clusters to span multiple zones for increased availability. While the exact definition of a zone is left to infrastructure implementations, common properties of a zone include very low network latency within a zone, no-cost network traffic within a zone, and failure independence from other zones. For example, nodes within a zone might share a network switch, but nodes in different zones should not. > https://kubernetes.io/docs/reference/labels-annotations-taints/#topologykubernetesiozone --- ### User - *Implements:* [`cdk8s_plus_21.ISubject`](#cdk8s_plus_21.ISubject) Represents a user. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.User( name: str ) ``` ##### `name`^Required - *Type:* `str` The name of the user. --- #### Properties ##### `kind`^Required ```python kind: str ``` - *Type:* `str` Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. --- ##### `name`^Required ```python name: str ``` - *Type:* `str` Name of the object being referenced. --- ##### `api_group`^Optional ```python api_group: str ``` - *Type:* `str` APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. --- ### Volume - *Implements:* [`cdk8s_plus_21.IStorage`](#cdk8s_plus_21.IStorage) Volume represents a named volume in a pod that may be accessed by any container in the pod. Docker also has a concept of volumes, though it is somewhat looser and less managed. In Docker, a volume is simply a directory on disk or in another Container. Lifetimes are not managed and until very recently there were only local-disk-backed volumes. Docker now provides volume drivers, but the functionality is very limited for now (e.g. as of Docker 1.7 only one volume driver is allowed per Container and there is no way to pass parameters to volumes). A Kubernetes volume, on the other hand, has an explicit lifetime - the same as the Pod that encloses it. Consequently, a volume outlives any Containers that run within the Pod, and data is preserved across Container restarts. Of course, when a Pod ceases to exist, the volume will cease to exist, too. Perhaps more importantly than this, Kubernetes supports many types of volumes, and a Pod can use any number of them simultaneously. At its core, a volume is just a directory, possibly with some data in it, which is accessible to the Containers in a Pod. How that directory comes to be, the medium that backs it, and the contents of it are determined by the particular volume type used. To use a volume, a Pod specifies what volumes to provide for the Pod (the .spec.volumes field) and where to mount those into Containers (the .spec.containers[*].volumeMounts field). A process in a container sees a filesystem view composed from their Docker image and volumes. The Docker image is at the root of the filesystem hierarchy, and any volumes are mounted at the specified paths within the image. Volumes can not mount onto other volumes #### Methods ##### `as_volume` ```python def as_volume() ``` #### Static Functions ##### `from_aws_elastic_block_store` ```python import cdk8s_plus_21 cdk8s_plus_21.Volume.from_aws_elastic_block_store( volume_id: str, fs_type: str = None, name: str = None, partition: typing.Union[int, float] = None, read_only: bool = None ) ``` ###### `volume_id`^Required - *Type:* `str` --- ###### `fs_type`^Optional - *Type:* `str` - *Default:* 'ext4' Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. > https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore --- ###### `name`^Optional - *Type:* `str` - *Default:* auto-generated The volume name. --- ###### `partition`^Optional - *Type:* `typing.Union[int, float]` - *Default:* No partition. The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). --- ###### `read_only`^Optional - *Type:* `bool` - *Default:* false Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". > https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore --- ##### `from_azure_disk` ```python import cdk8s_plus_21 cdk8s_plus_21.Volume.from_azure_disk( disk_name: str, disk_uri: str, caching_mode: AzureDiskPersistentVolumeCachingMode = None, fs_type: str = None, kind: AzureDiskPersistentVolumeKind = None, name: str = None, read_only: bool = None ) ``` ###### `disk_name`^Required - *Type:* `str` --- ###### `disk_uri`^Required - *Type:* `str` --- ###### `caching_mode`^Optional - *Type:* [`cdk8s_plus_21.AzureDiskPersistentVolumeCachingMode`](#cdk8s_plus_21.AzureDiskPersistentVolumeCachingMode) - *Default:* AzureDiskPersistentVolumeCachingMode.NONE. Host Caching mode. --- ###### `fs_type`^Optional - *Type:* `str` - *Default:* 'ext4' Filesystem type to mount. Must be a filesystem type supported by the host operating system. --- ###### `kind`^Optional - *Type:* [`cdk8s_plus_21.AzureDiskPersistentVolumeKind`](#cdk8s_plus_21.AzureDiskPersistentVolumeKind) - *Default:* AzureDiskPersistentVolumeKind.SHARED Kind of disk. --- ###### `name`^Optional - *Type:* `str` - *Default:* auto-generated The volume name. --- ###### `read_only`^Optional - *Type:* `bool` - *Default:* false Force the ReadOnly setting in VolumeMounts. --- ##### `from_config_map` ```python import cdk8s_plus_21 cdk8s_plus_21.Volume.from_config_map( config_map: IConfigMap, default_mode: typing.Union[int, float] = None, items: typing.Mapping[PathMapping] = None, name: str = None, optional: bool = None ) ``` ###### `config_map`^Required - *Type:* [`cdk8s_plus_21.IConfigMap`](#cdk8s_plus_21.IConfigMap) The config map to use to populate the volume. --- ###### `default_mode`^Optional - *Type:* `typing.Union[int, float]` - *Default:* 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. Mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. --- ###### `items`^Optional - *Type:* typing.Mapping[[`cdk8s_plus_21.PathMapping`](#cdk8s_plus_21.PathMapping)] - *Default:* no mapping If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. --- ###### `name`^Optional - *Type:* `str` - *Default:* auto-generated The volume name. --- ###### `optional`^Optional - *Type:* `bool` - *Default:* undocumented Specify whether the ConfigMap or its keys must be defined. --- ##### `from_empty_dir` ```python import cdk8s_plus_21 cdk8s_plus_21.Volume.from_empty_dir( name: str, medium: EmptyDirMedium = None, size_limit: Size = None ) ``` ###### `name`^Required - *Type:* `str` --- ###### `medium`^Optional - *Type:* [`cdk8s_plus_21.EmptyDirMedium`](#cdk8s_plus_21.EmptyDirMedium) - *Default:* EmptyDirMedium.DEFAULT By default, emptyDir volumes are stored on whatever medium is backing the node - that might be disk or SSD or network storage, depending on your environment. However, you can set the emptyDir.medium field to `EmptyDirMedium.MEMORY` to tell Kubernetes to mount a tmpfs (RAM-backed filesystem) for you instead. While tmpfs is very fast, be aware that unlike disks, tmpfs is cleared on node reboot and any files you write will count against your Container's memory limit. --- ###### `size_limit`^Optional - *Type:* [`cdk8s.Size`](#cdk8s.Size) - *Default:* limit is undefined Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. --- ##### `from_gce_persistent_disk` ```python import cdk8s_plus_21 cdk8s_plus_21.Volume.from_gce_persistent_disk( pd_name: str, fs_type: str = None, name: str = None, partition: typing.Union[int, float] = None, read_only: bool = None ) ``` ###### `pd_name`^Required - *Type:* `str` --- ###### `fs_type`^Optional - *Type:* `str` - *Default:* 'ext4' Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. > https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore --- ###### `name`^Optional - *Type:* `str` - *Default:* auto-generated The volume name. --- ###### `partition`^Optional - *Type:* `typing.Union[int, float]` - *Default:* No partition. The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). --- ###### `read_only`^Optional - *Type:* `bool` - *Default:* false Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". > https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore --- ##### `from_persistent_volume_claim` ```python import cdk8s_plus_21 cdk8s_plus_21.Volume.from_persistent_volume_claim( claim: IPersistentVolumeClaim, name: str = None, read_only: bool = None ) ``` ###### `claim`^Required - *Type:* [`cdk8s_plus_21.IPersistentVolumeClaim`](#cdk8s_plus_21.IPersistentVolumeClaim) --- ###### `name`^Optional - *Type:* `str` - *Default:* Derived from the PVC name. The volume name. --- ###### `read_only`^Optional - *Type:* `bool` - *Default:* false Will force the ReadOnly setting in VolumeMounts. --- ##### `from_secret` ```python import cdk8s_plus_21 cdk8s_plus_21.Volume.from_secret( secr: ISecret, default_mode: typing.Union[int, float] = None, items: typing.Mapping[PathMapping] = None, name: str = None, optional: bool = None ) ``` ###### `secr`^Required - *Type:* [`cdk8s_plus_21.ISecret`](#cdk8s_plus_21.ISecret) The secret to use to populate the volume. --- ###### `default_mode`^Optional - *Type:* `typing.Union[int, float]` - *Default:* 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. Mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. --- ###### `items`^Optional - *Type:* typing.Mapping[[`cdk8s_plus_21.PathMapping`](#cdk8s_plus_21.PathMapping)] - *Default:* no mapping If unspecified, each key-value pair in the Data field of the referenced secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. --- ###### `name`^Optional - *Type:* `str` - *Default:* auto-generated The volume name. --- ###### `optional`^Optional - *Type:* `bool` - *Default:* undocumented Specify whether the secret or its keys must be defined. --- #### Properties ##### `name`^Required ```python name: str ``` - *Type:* `str` --- ### WorkloadScheduling Controls the pod scheduling strategy of this workload. It offers some additional API's on top of the core pod scheduling. #### Initializers ```python import cdk8s_plus_21 cdk8s_plus_21.WorkloadScheduling( instance: AbstractPod ) ``` ##### `instance`^Required - *Type:* [`cdk8s_plus_21.AbstractPod`](#cdk8s_plus_21.AbstractPod) --- #### Methods ##### `spread` ```python def spread( topology: Topology = None, weight: typing.Union[int, float] = None ) ``` ###### `topology`^Optional - *Type:* [`cdk8s_plus_21.Topology`](#cdk8s_plus_21.Topology) - *Default:* Topology.HOSTNAME Which topology to spread on. --- ###### `weight`^Optional - *Type:* `typing.Union[int, float]` - *Default:* no weight. spread is assumed to be required. Indicates the spread is optional, with this weight score. --- ## Protocols ### IApiEndpoint - *Implemented By:* [`cdk8s_plus_21.AbstractPod`](#cdk8s_plus_21.AbstractPod), [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource), [`cdk8s_plus_21.AwsElasticBlockStorePersistentVolume`](#cdk8s_plus_21.AwsElasticBlockStorePersistentVolume), [`cdk8s_plus_21.AzureDiskPersistentVolume`](#cdk8s_plus_21.AzureDiskPersistentVolume), [`cdk8s_plus_21.BasicAuthSecret`](#cdk8s_plus_21.BasicAuthSecret), [`cdk8s_plus_21.ClusterRole`](#cdk8s_plus_21.ClusterRole), [`cdk8s_plus_21.ClusterRoleBinding`](#cdk8s_plus_21.ClusterRoleBinding), [`cdk8s_plus_21.ConfigMap`](#cdk8s_plus_21.ConfigMap), [`cdk8s_plus_21.DaemonSet`](#cdk8s_plus_21.DaemonSet), [`cdk8s_plus_21.Deployment`](#cdk8s_plus_21.Deployment), [`cdk8s_plus_21.DockerConfigSecret`](#cdk8s_plus_21.DockerConfigSecret), [`cdk8s_plus_21.GCEPersistentDiskPersistentVolume`](#cdk8s_plus_21.GCEPersistentDiskPersistentVolume), [`cdk8s_plus_21.IngressV1Beta1`](#cdk8s_plus_21.IngressV1Beta1), [`cdk8s_plus_21.Job`](#cdk8s_plus_21.Job), [`cdk8s_plus_21.Namespace`](#cdk8s_plus_21.Namespace), [`cdk8s_plus_21.NonApiResource`](#cdk8s_plus_21.NonApiResource), [`cdk8s_plus_21.PersistentVolume`](#cdk8s_plus_21.PersistentVolume), [`cdk8s_plus_21.PersistentVolumeClaim`](#cdk8s_plus_21.PersistentVolumeClaim), [`cdk8s_plus_21.Pod`](#cdk8s_plus_21.Pod), [`cdk8s_plus_21.Resource`](#cdk8s_plus_21.Resource), [`cdk8s_plus_21.Role`](#cdk8s_plus_21.Role), [`cdk8s_plus_21.RoleBinding`](#cdk8s_plus_21.RoleBinding), [`cdk8s_plus_21.Secret`](#cdk8s_plus_21.Secret), [`cdk8s_plus_21.Service`](#cdk8s_plus_21.Service), [`cdk8s_plus_21.ServiceAccount`](#cdk8s_plus_21.ServiceAccount), [`cdk8s_plus_21.ServiceAccountTokenSecret`](#cdk8s_plus_21.ServiceAccountTokenSecret), [`cdk8s_plus_21.SshAuthSecret`](#cdk8s_plus_21.SshAuthSecret), [`cdk8s_plus_21.StatefulSet`](#cdk8s_plus_21.StatefulSet), [`cdk8s_plus_21.TlsSecret`](#cdk8s_plus_21.TlsSecret), [`cdk8s_plus_21.Workload`](#cdk8s_plus_21.Workload), [`cdk8s_plus_21.IApiEndpoint`](#cdk8s_plus_21.IApiEndpoint) An API Endpoint can either be a resource descriptor (e.g /pods) or a non resource url (e.g /healthz). It must be one or the other, and not both. #### Methods ##### `as_api_resource` ```python def as_api_resource() ``` ##### `as_non_api_resource` ```python def as_non_api_resource() ``` ### IApiResource - *Implemented By:* [`cdk8s_plus_21.AbstractPod`](#cdk8s_plus_21.AbstractPod), [`cdk8s_plus_21.ApiResource`](#cdk8s_plus_21.ApiResource), [`cdk8s_plus_21.AwsElasticBlockStorePersistentVolume`](#cdk8s_plus_21.AwsElasticBlockStorePersistentVolume), [`cdk8s_plus_21.AzureDiskPersistentVolume`](#cdk8s_plus_21.AzureDiskPersistentVolume), [`cdk8s_plus_21.BasicAuthSecret`](#cdk8s_plus_21.BasicAuthSecret), [`cdk8s_plus_21.ClusterRole`](#cdk8s_plus_21.ClusterRole), [`cdk8s_plus_21.ClusterRoleBinding`](#cdk8s_plus_21.ClusterRoleBinding), [`cdk8s_plus_21.ConfigMap`](#cdk8s_plus_21.ConfigMap), [`cdk8s_plus_21.DaemonSet`](#cdk8s_plus_21.DaemonSet), [`cdk8s_plus_21.Deployment`](#cdk8s_plus_21.Deployment), [`cdk8s_plus_21.DockerConfigSecret`](#cdk8s_plus_21.DockerConfigSecret), [`cdk8s_plus_21.GCEPersistentDiskPersistentVolume`](#cdk8s_plus_21.GCEPersistentDiskPersistentVolume), [`cdk8s_plus_21.IngressV1Beta1`](#cdk8s_plus_21.IngressV1Beta1), [`cdk8s_plus_21.Job`](#cdk8s_plus_21.Job), [`cdk8s_plus_21.Namespace`](#cdk8s_plus_21.Namespace), [`cdk8s_plus_21.PersistentVolume`](#cdk8s_plus_21.PersistentVolume), [`cdk8s_plus_21.PersistentVolumeClaim`](#cdk8s_plus_21.PersistentVolumeClaim), [`cdk8s_plus_21.Pod`](#cdk8s_plus_21.Pod), [`cdk8s_plus_21.Resource`](#cdk8s_plus_21.Resource), [`cdk8s_plus_21.Role`](#cdk8s_plus_21.Role), [`cdk8s_plus_21.RoleBinding`](#cdk8s_plus_21.RoleBinding), [`cdk8s_plus_21.Secret`](#cdk8s_plus_21.Secret), [`cdk8s_plus_21.Service`](#cdk8s_plus_21.Service), [`cdk8s_plus_21.ServiceAccount`](#cdk8s_plus_21.ServiceAccount), [`cdk8s_plus_21.ServiceAccountTokenSecret`](#cdk8s_plus_21.ServiceAccountTokenSecret), [`cdk8s_plus_21.SshAuthSecret`](#cdk8s_plus_21.SshAuthSecret), [`cdk8s_plus_21.StatefulSet`](#cdk8s_plus_21.StatefulSet), [`cdk8s_plus_21.TlsSecret`](#cdk8s_plus_21.TlsSecret), [`cdk8s_plus_21.Workload`](#cdk8s_plus_21.Workload), [`cdk8s_plus_21.IApiResource`](#cdk8s_plus_21.IApiResource) Represents a resource or collection of resources. #### Properties ##### `api_group`^Required ```python api_group: str ``` - *Type:* `str` The group portion of the API version (e.g. `authorization.k8s.io`). --- ##### `resource_type`^Required ```python resource_type: str ``` - *Type:* `str` The name of a resource type as it appears in the relevant API endpoint. > https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources --- ##### `resource_name`^Optional ```python resource_name: str ``` - *Type:* `str` The unique, namespace-global, name of an object inside the Kubernetes cluster. If this is omitted, the ApiResource should represent all objects of the given type. --- ### IClusterRole - *Extends:* [`cdk8s_plus_21.IResource`](#cdk8s_plus_21.IResource) - *Implemented By:* [`cdk8s_plus_21.ClusterRole`](#cdk8s_plus_21.ClusterRole), [`cdk8s_plus_21.IClusterRole`](#cdk8s_plus_21.IClusterRole) Represents a cluster-level role. #### Properties ##### `api_group`^Required ```python api_group: str ``` - *Type:* `str` The group portion of the API version (e.g. "authorization.k8s.io"). --- ##### `api_version`^Required ```python api_version: str ``` - *Type:* `str` The object's API version (e.g. "authorization.k8s.io/v1"). --- ##### `kind`^Required ```python kind: str ``` - *Type:* `str` The object kind (e.g. "Deployment"). --- ##### `name`^Required ```python name: str ``` - *Type:* `str` The Kubernetes name of this resource. --- ### IConfigMap - *Extends:* [`cdk8s_plus_21.IResource`](#cdk8s_plus_21.IResource) - *Implemented By:* [`cdk8s_plus_21.ConfigMap`](#cdk8s_plus_21.ConfigMap), [`cdk8s_plus_21.IConfigMap`](#cdk8s_plus_21.IConfigMap) Represents a config map. #### Properties ##### `api_group`^Required ```python api_group: str ``` - *Type:* `str` The group portion of the API version (e.g. "authorization.k8s.io"). --- ##### `api_version`^Required ```python api_version: str ``` - *Type:* `str` The object's API version (e.g. "authorization.k8s.io/v1"). --- ##### `kind`^Required ```python kind: str ``` - *Type:* `str` The object kind (e.g. "Deployment"). --- ##### `name`^Required ```python name: str ``` - *Type:* `str` The Kubernetes name of this resource. --- ### INamespaceSelector - *Implemented By:* [`cdk8s_plus_21.Namespace`](#cdk8s_plus_21.Namespace), [`cdk8s_plus_21.Namespaces`](#cdk8s_plus_21.Namespaces), [`cdk8s_plus_21.INamespaceSelector`](#cdk8s_plus_21.INamespaceSelector) Represents an object that can select namespaces. #### Methods ##### `to_namespace_selector_config` ```python def to_namespace_selector_config() ``` ### IPersistentVolume - *Extends:* [`cdk8s_plus_21.IResource`](#cdk8s_plus_21.IResource) - *Implemented By:* [`cdk8s_plus_21.AwsElasticBlockStorePersistentVolume`](#cdk8s_plus_21.AwsElasticBlockStorePersistentVolume), [`cdk8s_plus_21.AzureDiskPersistentVolume`](#cdk8s_plus_21.AzureDiskPersistentVolume), [`cdk8s_plus_21.GCEPersistentDiskPersistentVolume`](#cdk8s_plus_21.GCEPersistentDiskPersistentVolume), [`cdk8s_plus_21.PersistentVolume`](#cdk8s_plus_21.PersistentVolume), [`cdk8s_plus_21.IPersistentVolume`](#cdk8s_plus_21.IPersistentVolume) Contract of a `PersistentVolumeClaim`. #### Properties ##### `api_group`^Required ```python api_group: str ``` - *Type:* `str` The group portion of the API version (e.g. "authorization.k8s.io"). --- ##### `api_version`^Required ```python api_version: str ``` - *Type:* `str` The object's API version (e.g. "authorization.k8s.io/v1"). --- ##### `kind`^Required ```python kind: str ``` - *Type:* `str` The object kind (e.g. "Deployment"). --- ##### `name`^Required ```python name: str ``` - *Type:* `str` The Kubernetes name of this resource. --- ### IPersistentVolumeClaim - *Extends:* [`cdk8s_plus_21.IResource`](#cdk8s_plus_21.IResource) - *Implemented By:* [`cdk8s_plus_21.PersistentVolumeClaim`](#cdk8s_plus_21.PersistentVolumeClaim), [`cdk8s_plus_21.IPersistentVolumeClaim`](#cdk8s_plus_21.IPersistentVolumeClaim) Contract of a `PersistentVolumeClaim`. #### Properties ##### `api_group`^Required ```python api_group: str ``` - *Type:* `str` The group portion of the API version (e.g. "authorization.k8s.io"). --- ##### `api_version`^Required ```python api_version: str ``` - *Type:* `str` The object's API version (e.g. "authorization.k8s.io/v1"). --- ##### `kind`^Required ```python kind: str ``` - *Type:* `str` The object kind (e.g. "Deployment"). --- ##### `name`^Required ```python name: str ``` - *Type:* `str` The Kubernetes name of this resource. --- ### IPodSelector - *Implemented By:* [`cdk8s_plus_21.AbstractPod`](#cdk8s_plus_21.AbstractPod), [`cdk8s_plus_21.DaemonSet`](#cdk8s_plus_21.DaemonSet), [`cdk8s_plus_21.Deployment`](#cdk8s_plus_21.Deployment), [`cdk8s_plus_21.Job`](#cdk8s_plus_21.Job), [`cdk8s_plus_21.Pod`](#cdk8s_plus_21.Pod), [`cdk8s_plus_21.Pods`](#cdk8s_plus_21.Pods), [`cdk8s_plus_21.StatefulSet`](#cdk8s_plus_21.StatefulSet), [`cdk8s_plus_21.Workload`](#cdk8s_plus_21.Workload), [`cdk8s_plus_21.IPodSelector`](#cdk8s_plus_21.IPodSelector) Represents an object that can select pods. #### Methods ##### `to_pod_selector_config` ```python def to_pod_selector_config() ``` ### IResource - *Implemented By:* [`cdk8s_plus_21.AbstractPod`](#cdk8s_plus_21.AbstractPod), [`cdk8s_plus_21.AwsElasticBlockStorePersistentVolume`](#cdk8s_plus_21.AwsElasticBlockStorePersistentVolume), [`cdk8s_plus_21.AzureDiskPersistentVolume`](#cdk8s_plus_21.AzureDiskPersistentVolume), [`cdk8s_plus_21.BasicAuthSecret`](#cdk8s_plus_21.BasicAuthSecret), [`cdk8s_plus_21.ClusterRole`](#cdk8s_plus_21.ClusterRole), [`cdk8s_plus_21.ClusterRoleBinding`](#cdk8s_plus_21.ClusterRoleBinding), [`cdk8s_plus_21.ConfigMap`](#cdk8s_plus_21.ConfigMap), [`cdk8s_plus_21.DaemonSet`](#cdk8s_plus_21.DaemonSet), [`cdk8s_plus_21.Deployment`](#cdk8s_plus_21.Deployment), [`cdk8s_plus_21.DockerConfigSecret`](#cdk8s_plus_21.DockerConfigSecret), [`cdk8s_plus_21.GCEPersistentDiskPersistentVolume`](#cdk8s_plus_21.GCEPersistentDiskPersistentVolume), [`cdk8s_plus_21.IngressV1Beta1`](#cdk8s_plus_21.IngressV1Beta1), [`cdk8s_plus_21.Job`](#cdk8s_plus_21.Job), [`cdk8s_plus_21.Namespace`](#cdk8s_plus_21.Namespace), [`cdk8s_plus_21.PersistentVolume`](#cdk8s_plus_21.PersistentVolume), [`cdk8s_plus_21.PersistentVolumeClaim`](#cdk8s_plus_21.PersistentVolumeClaim), [`cdk8s_plus_21.Pod`](#cdk8s_plus_21.Pod), [`cdk8s_plus_21.Resource`](#cdk8s_plus_21.Resource), [`cdk8s_plus_21.Role`](#cdk8s_plus_21.Role), [`cdk8s_plus_21.RoleBinding`](#cdk8s_plus_21.RoleBinding), [`cdk8s_plus_21.Secret`](#cdk8s_plus_21.Secret), [`cdk8s_plus_21.Service`](#cdk8s_plus_21.Service), [`cdk8s_plus_21.ServiceAccount`](#cdk8s_plus_21.ServiceAccount), [`cdk8s_plus_21.ServiceAccountTokenSecret`](#cdk8s_plus_21.ServiceAccountTokenSecret), [`cdk8s_plus_21.SshAuthSecret`](#cdk8s_plus_21.SshAuthSecret), [`cdk8s_plus_21.StatefulSet`](#cdk8s_plus_21.StatefulSet), [`cdk8s_plus_21.TlsSecret`](#cdk8s_plus_21.TlsSecret), [`cdk8s_plus_21.Workload`](#cdk8s_plus_21.Workload), [`cdk8s_plus_21.IClusterRole`](#cdk8s_plus_21.IClusterRole), [`cdk8s_plus_21.IConfigMap`](#cdk8s_plus_21.IConfigMap), [`cdk8s_plus_21.IPersistentVolume`](#cdk8s_plus_21.IPersistentVolume), [`cdk8s_plus_21.IPersistentVolumeClaim`](#cdk8s_plus_21.IPersistentVolumeClaim), [`cdk8s_plus_21.IResource`](#cdk8s_plus_21.IResource), [`cdk8s_plus_21.IRole`](#cdk8s_plus_21.IRole), [`cdk8s_plus_21.ISecret`](#cdk8s_plus_21.ISecret), [`cdk8s_plus_21.IServiceAccount`](#cdk8s_plus_21.IServiceAccount) Represents a resource. #### Properties ##### `api_group`^Required ```python api_group: str ``` - *Type:* `str` The group portion of the API version (e.g. "authorization.k8s.io"). --- ##### `api_version`^Required ```python api_version: str ``` - *Type:* `str` The object's API version (e.g. "authorization.k8s.io/v1"). --- ##### `kind`^Required ```python kind: str ``` - *Type:* `str` The object kind (e.g. "Deployment"). --- ##### `name`^Required ```python name: str ``` - *Type:* `str` The Kubernetes name of this resource. --- ### IRole - *Extends:* [`cdk8s_plus_21.IResource`](#cdk8s_plus_21.IResource) - *Implemented By:* [`cdk8s_plus_21.ClusterRole`](#cdk8s_plus_21.ClusterRole), [`cdk8s_plus_21.Role`](#cdk8s_plus_21.Role), [`cdk8s_plus_21.IRole`](#cdk8s_plus_21.IRole) A reference to any Role or ClusterRole. #### Properties ##### `api_group`^Required ```python api_group: str ``` - *Type:* `str` The group portion of the API version (e.g. "authorization.k8s.io"). --- ##### `api_version`^Required ```python api_version: str ``` - *Type:* `str` The object's API version (e.g. "authorization.k8s.io/v1"). --- ##### `kind`^Required ```python kind: str ``` - *Type:* `str` The object kind (e.g. "Deployment"). --- ##### `name`^Required ```python name: str ``` - *Type:* `str` The Kubernetes name of this resource. --- ### ISecret - *Extends:* [`cdk8s_plus_21.IResource`](#cdk8s_plus_21.IResource) - *Implemented By:* [`cdk8s_plus_21.BasicAuthSecret`](#cdk8s_plus_21.BasicAuthSecret), [`cdk8s_plus_21.DockerConfigSecret`](#cdk8s_plus_21.DockerConfigSecret), [`cdk8s_plus_21.Secret`](#cdk8s_plus_21.Secret), [`cdk8s_plus_21.ServiceAccountTokenSecret`](#cdk8s_plus_21.ServiceAccountTokenSecret), [`cdk8s_plus_21.SshAuthSecret`](#cdk8s_plus_21.SshAuthSecret), [`cdk8s_plus_21.TlsSecret`](#cdk8s_plus_21.TlsSecret), [`cdk8s_plus_21.ISecret`](#cdk8s_plus_21.ISecret) #### Properties ##### `api_group`^Required ```python api_group: str ``` - *Type:* `str` The group portion of the API version (e.g. "authorization.k8s.io"). --- ##### `api_version`^Required ```python api_version: str ``` - *Type:* `str` The object's API version (e.g. "authorization.k8s.io/v1"). --- ##### `kind`^Required ```python kind: str ``` - *Type:* `str` The object kind (e.g. "Deployment"). --- ##### `name`^Required ```python name: str ``` - *Type:* `str` The Kubernetes name of this resource. --- ### IServiceAccount - *Extends:* [`cdk8s_plus_21.IResource`](#cdk8s_plus_21.IResource) - *Implemented By:* [`cdk8s_plus_21.ServiceAccount`](#cdk8s_plus_21.ServiceAccount), [`cdk8s_plus_21.IServiceAccount`](#cdk8s_plus_21.IServiceAccount) #### Properties ##### `api_group`^Required ```python api_group: str ``` - *Type:* `str` The group portion of the API version (e.g. "authorization.k8s.io"). --- ##### `api_version`^Required ```python api_version: str ``` - *Type:* `str` The object's API version (e.g. "authorization.k8s.io/v1"). --- ##### `kind`^Required ```python kind: str ``` - *Type:* `str` The object kind (e.g. "Deployment"). --- ##### `name`^Required ```python name: str ``` - *Type:* `str` The Kubernetes name of this resource. --- ### IStorage - *Implemented By:* [`cdk8s_plus_21.AwsElasticBlockStorePersistentVolume`](#cdk8s_plus_21.AwsElasticBlockStorePersistentVolume), [`cdk8s_plus_21.AzureDiskPersistentVolume`](#cdk8s_plus_21.AzureDiskPersistentVolume), [`cdk8s_plus_21.GCEPersistentDiskPersistentVolume`](#cdk8s_plus_21.GCEPersistentDiskPersistentVolume), [`cdk8s_plus_21.PersistentVolume`](#cdk8s_plus_21.PersistentVolume), [`cdk8s_plus_21.Volume`](#cdk8s_plus_21.Volume), [`cdk8s_plus_21.IStorage`](#cdk8s_plus_21.IStorage) Represents a piece of storage in the cluster. #### Methods ##### `as_volume` ```python def as_volume() ``` ### ISubject - *Implemented By:* [`cdk8s_plus_21.Group`](#cdk8s_plus_21.Group), [`cdk8s_plus_21.ServiceAccount`](#cdk8s_plus_21.ServiceAccount), [`cdk8s_plus_21.User`](#cdk8s_plus_21.User), [`cdk8s_plus_21.ISubject`](#cdk8s_plus_21.ISubject) Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names. #### Properties ##### `kind`^Required ```python kind: str ``` - *Type:* `str` Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. --- ##### `name`^Required ```python name: str ``` - *Type:* `str` Name of the object being referenced. --- ##### `api_group`^Optional ```python api_group: str ``` - *Type:* `str` APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. --- ##### `namespace`^Optional ```python namespace: str ``` - *Type:* `str` Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. --- ## Enums ### AzureDiskPersistentVolumeCachingMode Azure disk caching modes. #### `NONE` None. --- #### `READ_ONLY` ReadOnly. --- #### `READ_WRITE` ReadWrite. --- ### AzureDiskPersistentVolumeKind Azure Disk kinds. #### `SHARED` Multiple blob disks per storage account. --- #### `DEDICATED` Single blob disk per storage account. --- #### `MANAGED` Azure managed data disk. --- ### DnsPolicy Pod DNS policies. #### `CLUSTER_FIRST` Any DNS query that does not match the configured cluster domain suffix, such as "www.kubernetes.io", is forwarded to the upstream nameserver inherited from the node. Cluster administrators may have extra stub-domain and upstream DNS servers configured. --- #### `CLUSTER_FIRST_WITH_HOST_NET` For Pods running with hostNetwork, you should explicitly set its DNS policy "ClusterFirstWithHostNet". --- #### `DEFAULT` The Pod inherits the name resolution configuration from the node that the pods run on. --- #### `NONE` It allows a Pod to ignore DNS settings from the Kubernetes environment. All DNS settings are supposed to be provided using the dnsConfig field in the Pod Spec. --- ### EmptyDirMedium The medium on which to store the volume. #### `DEFAULT` The default volume of the backing node. --- #### `MEMORY` Mount a tmpfs (RAM-backed filesystem) for you instead. While tmpfs is very fast, be aware that unlike disks, tmpfs is cleared on node reboot and any files you write will count against your Container's memory limit. --- ### EnvFieldPaths #### `POD_NAME` The name of the pod. --- #### `POD_NAMESPACE` The namespace of the pod. --- #### `POD_UID` The uid of the pod. --- #### `POD_LABEL` The labels of the pod. --- #### `POD_ANNOTATION` The annotations of the pod. --- #### `POD_IP` The ipAddress of the pod. --- #### `SERVICE_ACCOUNT_NAME` The service account name of the pod. --- #### `NODE_NAME` The name of the node. --- #### `NODE_IP` The ipAddress of the node. --- #### `POD_IPS` The ipAddresess of the pod. --- ### FsGroupChangePolicy #### `ON_ROOT_MISMATCH` Only change permissions and ownership if permission and ownership of root directory does not match with expected permissions of the volume. This could help shorten the time it takes to change ownership and permission of a volume --- #### `ALWAYS` Always change permission and ownership of the volume when volume is mounted. --- ### ImagePullPolicy #### `ALWAYS` Every time the kubelet launches a container, the kubelet queries the container image registry to resolve the name to an image digest. If the kubelet has a container image with that exact digest cached locally, the kubelet uses its cached image; otherwise, the kubelet downloads (pulls) the image with the resolved digest, and uses that image to launch the container. Default is Always if ImagePullPolicy is omitted and either the image tag is :latest or the image tag is omitted. --- #### `IF_NOT_PRESENT` The image is pulled only if it is not already present locally. Default is IfNotPresent if ImagePullPolicy is omitted and the image tag is present but not :latest --- #### `NEVER` The image is assumed to exist locally. No attempt is made to pull the image. --- ### MountPropagation #### `NONE` This volume mount will not receive any subsequent mounts that are mounted to this volume or any of its subdirectories by the host. In similar fashion, no mounts created by the Container will be visible on the host. This is the default mode. This mode is equal to `private` mount propagation as described in the Linux kernel documentation --- #### `HOST_TO_CONTAINER` This volume mount will receive all subsequent mounts that are mounted to this volume or any of its subdirectories. In other words, if the host mounts anything inside the volume mount, the Container will see it mounted there. Similarly, if any Pod with Bidirectional mount propagation to the same volume mounts anything there, the Container with HostToContainer mount propagation will see it. This mode is equal to `rslave` mount propagation as described in the Linux kernel documentation --- #### `BIDIRECTIONAL` This volume mount behaves the same the HostToContainer mount. In addition, all volume mounts created by the Container will be propagated back to the host and to all Containers of all Pods that use the same volume A typical use case for this mode is a Pod with a FlexVolume or CSI driver or a Pod that needs to mount something on the host using a hostPath volume. This mode is equal to `rshared` mount propagation as described in the Linux kernel documentation Caution: Bidirectional mount propagation can be dangerous. It can damage the host operating system and therefore it is allowed only in privileged Containers. Familiarity with Linux kernel behavior is strongly recommended. In addition, any volume mounts created by Containers in Pods must be destroyed (unmounted) by the Containers on termination. --- ### PersistentVolumeAccessMode Access Modes. #### `READ_WRITE_ONCE` The volume can be mounted as read-write by a single node. ReadWriteOnce access mode still can allow multiple pods to access the volume when the pods are running on the same node. --- #### `READ_ONLY_MANY` The volume can be mounted as read-only by many nodes. --- #### `READ_WRITE_MANY` The volume can be mounted as read-write by many nodes. --- #### `READ_WRITE_ONCE_POD` The volume can be mounted as read-write by a single Pod. Use ReadWriteOncePod access mode if you want to ensure that only one pod across whole cluster can read that PVC or write to it. This is only supported for CSI volumes and Kubernetes version 1.22+. --- ### PersistentVolumeMode Volume Modes. #### `FILE_SYSTEM` Volume is ounted into Pods into a directory. If the volume is backed by a block device and the device is empty, Kubernetes creates a filesystem on the device before mounting it for the first time. --- #### `BLOCK` Use a volume as a raw block device. Such volume is presented into a Pod as a block device, without any filesystem on it. This mode is useful to provide a Pod the fastest possible way to access a volume, without any filesystem layer between the Pod and the volume. On the other hand, the application running in the Pod must know how to handle a raw block device --- ### PersistentVolumeReclaimPolicy Reclaim Policies. #### `RETAIN` The Retain reclaim policy allows for manual reclamation of the resource. When the PersistentVolumeClaim is deleted, the PersistentVolume still exists and the volume is considered "released". But it is not yet available for another claim because the previous claimant's data remains on the volume. An administrator can manually reclaim the volume with the following steps: 1. Delete the PersistentVolume. The associated storage asset in external infrastructure (such as an AWS EBS, GCE PD, Azure Disk, or Cinder volume) still exists after the PV is deleted. 2. Manually clean up the data on the associated storage asset accordingly. 3. Manually delete the associated storage asset. If you want to reuse the same storage asset, create a new PersistentVolume with the same storage asset definition. --- #### `DELETE` For volume plugins that support the Delete reclaim policy, deletion removes both the PersistentVolume object from Kubernetes, as well as the associated storage asset in the external infrastructure, such as an AWS EBS, GCE PD, Azure Disk, or Cinder volume. Volumes that were dynamically provisioned inherit the reclaim policy of their StorageClass, which defaults to Delete. The administrator should configure the StorageClass according to users' expectations; otherwise, the PV must be edited or patched after it is created --- ### PodManagementPolicy Controls how pods are created during initial scale up, when replacing pods on nodes, or when scaling down. The default policy is `OrderedReady`, where pods are created in increasing order (pod-0, then pod-1, etc) and the controller will wait until each pod is ready before continuing. When scaling down, the pods are removed in the opposite order. The alternative policy is `Parallel` which will create pods in parallel to match the desired scale without waiting, and on scale down will delete all pods at once. #### `ORDERED_READY` --- #### `PARALLEL` --- ### Protocol #### `TCP` --- #### `UDP` --- #### `SCTP` --- ### ResourceFieldPaths #### `CPU_LIMIT` CPU limit of the container. --- #### `MEMORY_LIMIT` Memory limit of the container. --- #### `CPU_REQUEST` CPU request of the container. --- #### `MEMORY_REQUEST` Memory request of the container. --- #### `STORAGE_LIMIT` Ephemeral storage limit of the container. --- #### `STORAGE_REQUEST` Ephemeral storage request of the container. --- ### RestartPolicy Restart policy for all containers within the pod. #### `ALWAYS` Always restart the pod after it exits. --- #### `ON_FAILURE` Only restart if the pod exits with a non-zero exit code. --- #### `NEVER` Never restart the pod. --- ### ServiceType For some parts of your application (for example, frontends) you may want to expose a Service onto an external IP address, that's outside of your cluster. Kubernetes ServiceTypes allow you to specify what kind of Service you want. The default is ClusterIP. #### `CLUSTER_IP` Exposes the Service on a cluster-internal IP. Choosing this value makes the Service only reachable from within the cluster. This is the default ServiceType --- #### `NODE_PORT` Exposes the Service on each Node's IP at a static port (the NodePort). A ClusterIP Service, to which the NodePort Service routes, is automatically created. You'll be able to contact the NodePort Service, from outside the cluster, by requesting :. --- #### `LOAD_BALANCER` Exposes the Service externally using a cloud provider's load balancer. NodePort and ClusterIP Services, to which the external load balancer routes, are automatically created. --- #### `EXTERNAL_NAME` Maps the Service to the contents of the externalName field (e.g. foo.bar.example.com), by returning a CNAME record with its value. No proxying of any kind is set up. > Note: You need either kube-dns version 1.7 or CoreDNS version 0.0.8 or higher to use the ExternalName type. --- ### TaintEffect Taint effects. #### `NO_SCHEDULE` This means that no pod will be able to schedule onto the node unless it has a matching toleration. --- #### `PREFER_NO_SCHEDULE` This is a "preference" or "soft" version of `NO_SCHEDULE` -- the system will try to avoid placing a pod that does not tolerate the taint on the node, but it is not required. --- #### `NO_EXECUTE` This affects pods that are already running on the node as follows:. * Pods that do not tolerate the taint are evicted immediately. * Pods that tolerate the taint without specifying `duration` remain bound forever. * Pods that tolerate the taint with a specified `duration` remain bound for the specified amount of time. ---