| Field | Description |
|---|---|
apiVersionstring | audit.k8s.io/v1 |
kindstring | Event |
level [Required]+ Level
+ |
++ AuditLevel at which event was generated | +
auditID [Required]+ k8s.io/apimachinery/pkg/types.UID
+ |
++ Unique audit ID, generated for each request. | +
stage [Required]+ Stage
+ |
++ Stage of the request handling when this event instance was generated. | +
requestURI [Required]+ string
+ |
++ RequestURI is the request URI as sent by the client to a server. | +
verb [Required]+ string
+ |
++ Verb is the kubernetes verb associated with the request. +For non-resource requests, this is the lower-cased HTTP method. | +
user [Required]+ authentication/v1.UserInfo
+ |
++ Authenticated user information. | +
impersonatedUser+ authentication/v1.UserInfo
+ |
++ Impersonated user information. | +
sourceIPs+ []string
+ |
++ Source IPs, from where the request originated and intermediate proxies. | +
userAgent+ string
+ |
++ UserAgent records the user agent string reported by the client. +Note that the UserAgent is provided by the client, and must not be trusted. | +
objectRef+ ObjectReference
+ |
++ Object reference this request is targeted at. +Does not apply for List-type requests, or non-resource requests. | +
responseStatus+ meta/v1.Status
+ |
++ The response status, populated even when the ResponseObject is not a Status type. +For successful responses, this will only include the Code and StatusSuccess. +For non-status type error responses, this will be auto-populated with the error Message. | +
requestObject+ k8s.io/apimachinery/pkg/runtime.Unknown
+ |
++ API object from the request, in JSON format. The RequestObject is recorded as-is in the request +(possibly re-encoded as JSON), prior to version conversion, defaulting, admission or +merging. It is an external versioned object type, and may not be a valid object on its own. +Omitted for non-resource requests. Only logged at Request Level and higher. | +
responseObject+ k8s.io/apimachinery/pkg/runtime.Unknown
+ |
++ API object returned in the response, in JSON. The ResponseObject is recorded after conversion +to the external type, and serialized as JSON. Omitted for non-resource requests. Only logged +at Response Level. | +
requestReceivedTimestamp+ meta/v1.MicroTime
+ |
++ Time the request reached the apiserver. | +
stageTimestamp+ meta/v1.MicroTime
+ |
++ Time the request reached current audit stage. | +
annotations+ map[string]string
+ |
++ Annotations is an unstructured key value map stored with an audit event that may be set by +plugins invoked in the request serving chain, including authentication, authorization and +admission plugins. Note that these annotations are for the audit event, and do not correspond +to the metadata.annotations of the submitted object. Keys should uniquely identify the informing +component to avoid name collisions (e.g. podsecuritypolicy.admission.k8s.io/policy). Values +should be short. Annotations are included in the Metadata level. | +
| Field | Description |
|---|---|
apiVersionstring | audit.k8s.io/v1 |
kindstring | EventList |
metadata+ meta/v1.ListMeta
+ |
++ No description provided. + | +
items [Required]+ []Event
+ |
++ No description provided. + | +
| Field | Description |
|---|---|
apiVersionstring | audit.k8s.io/v1 |
kindstring | Policy |
metadata+ meta/v1.ObjectMeta
+ |
+
+ ObjectMeta is included for interoperability with API infrastructure.Refer to the Kubernetes API documentation for the fields of the metadata field. |
+
rules [Required]+ []PolicyRule
+ |
++ Rules specify the audit Level a request should be recorded at. +A request may match multiple rules, in which case the FIRST matching rule is used. +The default audit level is None, but can be overridden by a catch-all rule at the end of the list. +PolicyRules are strictly ordered. | +
omitStages+ []Stage
+ |
++ OmitStages is a list of stages for which no events are created. Note that this can also +be specified per rule in which case the union of both are omitted. | +
| Field | Description |
|---|---|
apiVersionstring | audit.k8s.io/v1 |
kindstring | PolicyList |
metadata+ meta/v1.ListMeta
+ |
++ No description provided. + | +
items [Required]+ []Policy
+ |
++ No description provided. + | +
| Field | Description |
|---|---|
group+ string
+ |
++ Group is the name of the API group that contains the resources. +The empty string represents the core API group. | +
resources+ []string
+ |
++ Resources is a list of resources this rule applies to. + +For example: +'pods' matches pods. +'pods/log' matches the log subresource of pods. +'∗' matches all resources and their subresources. +'pods/∗' matches all subresources of pods. +'∗/scale' matches all scale subresources. + +If wildcard is present, the validation rule will ensure resources do not +overlap with each other. + +An empty list implies all resources and subresources in this API groups apply. | +
resourceNames+ []string
+ |
++ ResourceNames is a list of resource instance names that the policy matches. +Using this field requires Resources to be specified. +An empty list implies that every instance of the resource is matched. | +
| Field | Description |
|---|---|
resource+ string
+ |
++ No description provided. + | +
namespace+ string
+ |
++ No description provided. + | +
name+ string
+ |
++ No description provided. + | +
uid+ k8s.io/apimachinery/pkg/types.UID
+ |
++ No description provided. + | +
apiGroup+ string
+ |
++ APIGroup is the name of the API group that contains the referred object. +The empty string represents the core API group. | +
apiVersion+ string
+ |
++ APIVersion is the version of the API group that contains the referred object. | +
resourceVersion+ string
+ |
++ No description provided. + | +
subresource+ string
+ |
++ No description provided. + | +
| Field | Description |
|---|---|
level [Required]+ Level
+ |
++ The Level that requests matching this rule are recorded at. | +
users+ []string
+ |
++ The users (by authenticated user name) this rule applies to. +An empty list implies every user. | +
userGroups+ []string
+ |
++ The user groups this rule applies to. A user is considered matching +if it is a member of any of the UserGroups. +An empty list implies every user group. | +
verbs+ []string
+ |
++ The verbs that match this rule. +An empty list implies every verb. | +
resources+ []GroupResources
+ |
++ Resources that this rule matches. An empty list implies all kinds in all API groups. | +
namespaces+ []string
+ |
++ Namespaces that this rule matches. +The empty string "" matches non-namespaced resources. +An empty list implies every namespace. | +
nonResourceURLs+ []string
+ |
++ NonResourceURLs is a set of URL paths that should be audited. +∗s are allowed, but only as the full, final step in the path. +Examples: + "/metrics" - Log requests for apiserver metrics + "/healthz∗" - Log all health checks | +
omitStages+ []Stage
+ |
++ OmitStages is a list of stages for which no events are created. Note that this can also +be specified policy wide in which case the union of both are omitted. +An empty list means no restrictions will apply. | +
| Field | Description |
|---|---|
apiVersionstring | apiserver.config.k8s.io/v1 |
kindstring | WebhookAdmission |
kubeConfigFile [Required]+ string
+ |
++ KubeConfigFile is the path to the kubeconfig file. | +
| Field | Description |
|---|---|
apiVersionstring | client.authentication.k8s.io/v1beta1 |
kindstring | ExecCredential |
spec [Required]+ ExecCredentialSpec
+ |
++ Spec holds information passed to the plugin by the transport. | +
status+ ExecCredentialStatus
+ |
++ Status is filled in by the plugin and holds the credentials that the transport +should use to contact the API. | +
| Field | Description |
|---|---|
server [Required]+ string
+ |
++ Server is the address of the kubernetes cluster (https://hostname:port). | +
tls-server-name+ string
+ |
++ TLSServerName is passed to the server for SNI and is used in the client to +check server certificates against. If ServerName is empty, the hostname +used to contact the server is used. | +
insecure-skip-tls-verify+ bool
+ |
++ InsecureSkipTLSVerify skips the validity check for the server's certificate. +This will make your HTTPS connections insecure. | +
certificate-authority-data+ []byte
+ |
++ CAData contains PEM-encoded certificate authority certificates. +If empty, system roots should be used. | +
proxy-url+ string
+ |
++ ProxyURL is the URL to the proxy to be used for all requests to this +cluster. | +
config+ k8s.io/apimachinery/pkg/runtime.RawExtension
+ |
++ Config holds additional config data that is specific to the exec +plugin with regards to the cluster being authenticated to. + +This data is sourced from the clientcmd Cluster object's +extensions[client.authentication.k8s.io/exec] field: + +clusters: +- name: my-cluster + cluster: + ... + extensions: + - name: client.authentication.k8s.io/exec # reserved extension name for per cluster exec config + extension: + audience: 06e3fbd18de8 # arbitrary config + +In some environments, the user config may be exactly the same across many clusters +(i.e. call this exec plugin) minus some details that are specific to each cluster +such as the audience. This field allows the per cluster config to be directly +specified with the cluster info. Using this field to store secret data is not +recommended as one of the prime benefits of exec plugins is that no secrets need +to be stored directly in the kubeconfig. | +
| Field | Description |
|---|---|
cluster+ Cluster
+ |
++ Cluster contains information to allow an exec plugin to communicate with the +kubernetes cluster being authenticated to. Note that Cluster is non-nil only +when provideClusterInfo is set to true in the exec provider config (i.e., +ExecConfig.ProvideClusterInfo). | +
| Field | Description |
|---|---|
expirationTimestamp+ meta/v1.Time
+ |
++ ExpirationTimestamp indicates a time when the provided credentials expire. | +
token [Required]+ string
+ |
++ Token is a bearer token used by the client for request authentication. | +
clientCertificateData [Required]+ string
+ |
++ PEM-encoded client TLS certificates (including intermediates, if any). | +
clientKeyData [Required]+ string
+ |
++ PEM-encoded private key for the above certificate. | +
| Field | Description |
|---|---|
apiVersionstring | kubescheduler.config.k8s.io/v1 |
kindstring | Policy |
predicates [Required]+ []PredicatePolicy
+ |
++ Holds the information to configure the fit predicate functions | +
priorities [Required]+ []PriorityPolicy
+ |
++ Holds the information to configure the priority functions | +
extenders [Required]+ []LegacyExtender
+ |
++ Holds the information to communicate with the extender(s) | +
hardPodAffinitySymmetricWeight [Required]+ int32
+ |
++ RequiredDuringScheduling affinity is not symmetric, but there is an implicit PreferredDuringScheduling affinity rule +corresponding to every RequiredDuringScheduling affinity rule. +HardPodAffinitySymmetricWeight represents the weight of implicit PreferredDuringScheduling affinity rule, in the range 1-100. | +
alwaysCheckAllPredicates [Required]+ bool
+ |
++ When AlwaysCheckAllPredicates is set to true, scheduler checks all +the configured predicates even after one or more of them fails. +When the flag is set to false, scheduler skips checking the rest +of the predicates after it finds one predicate that failed. | +
| Field | Description |
|---|---|
name [Required]+ string
+ |
++ Name is the extended resource name. | +
ignoredByScheduler [Required]+ bool
+ |
++ IgnoredByScheduler indicates whether kube-scheduler should ignore this +resource when applying predicates. | +
| Field | Description |
|---|---|
insecure [Required]+ bool
+ |
++ Server should be accessed without verifying the TLS certificate. For testing only. | +
serverName [Required]+ string
+ |
++ ServerName is passed to the server for SNI and is used in the client to check server +certificates against. If ServerName is empty, the hostname used to contact the +server is used. | +
certFile [Required]+ string
+ |
++ Server requires TLS client certificate authentication | +
keyFile [Required]+ string
+ |
++ Server requires TLS client certificate authentication | +
caFile [Required]+ string
+ |
++ Trusted root certificates for server | +
certData [Required]+ []byte
+ |
++ CertData holds PEM-encoded bytes (typically read from a client certificate file). +CertData takes precedence over CertFile | +
keyData [Required]+ []byte
+ |
++ KeyData holds PEM-encoded bytes (typically read from a client certificate key file). +KeyData takes precedence over KeyFile | +
caData [Required]+ []byte
+ |
++ CAData holds PEM-encoded bytes (typically read from a root certificates bundle). +CAData takes precedence over CAFile | +
| Field | Description |
|---|---|
label [Required]+ string
+ |
++ Used to identify node "groups" | +
presence [Required]+ bool
+ |
++ This is a boolean flag +If true, higher priority is given to nodes that have the label +If false, higher priority is given to nodes that do not have the label | +
| Field | Description |
|---|---|
labels [Required]+ []string
+ |
++ The list of labels that identify node "groups" +All of the labels should be either present (or absent) for the node to be considered a fit for hosting the pod | +
presence [Required]+ bool
+ |
++ The boolean flag that indicates whether the labels should be present or absent from the node | +
| Field | Description |
|---|---|
urlPrefix [Required]+ string
+ |
++ URLPrefix at which the extender is available | +
filterVerb [Required]+ string
+ |
++ Verb for the filter call, empty if not supported. This verb is appended to the URLPrefix when issuing the filter call to extender. | +
preemptVerb [Required]+ string
+ |
++ Verb for the preempt call, empty if not supported. This verb is appended to the URLPrefix when issuing the preempt call to extender. | +
prioritizeVerb [Required]+ string
+ |
++ Verb for the prioritize call, empty if not supported. This verb is appended to the URLPrefix when issuing the prioritize call to extender. | +
weight [Required]+ int64
+ |
++ The numeric multiplier for the node scores that the prioritize call generates. +The weight should be a positive integer | +
bindVerb [Required]+ string
+ |
++ Verb for the bind call, empty if not supported. This verb is appended to the URLPrefix when issuing the bind call to extender. +If this method is implemented by the extender, it is the extender's responsibility to bind the pod to apiserver. Only one extender +can implement this function. | +
enableHttps [Required]+ bool
+ |
++ EnableHTTPS specifies whether https should be used to communicate with the extender | +
tlsConfig [Required]+ ExtenderTLSConfig
+ |
++ TLSConfig specifies the transport layer security config | +
httpTimeout [Required]+ time.Duration
+ |
++ HTTPTimeout specifies the timeout duration for a call to the extender. Filter timeout fails the scheduling of the pod. Prioritize +timeout is ignored, k8s/other extenders priorities are used to select the node. | +
nodeCacheCapable [Required]+ bool
+ |
++ NodeCacheCapable specifies that the extender is capable of caching node information, +so the scheduler should only send minimal information about the eligible nodes +assuming that the extender already cached full details of all nodes in the cluster | +
managedResources+ []ExtenderManagedResource
+ |
++ ManagedResources is a list of extended resources that are managed by +this extender. +- A pod will be sent to the extender on the Filter, Prioritize and Bind + (if the extender is the binder) phases iff the pod requests at least + one of the extended resources in this list. If empty or unspecified, + all pods will be sent to this extender. +- If IgnoredByScheduler is set to true for a resource, kube-scheduler + will skip checking the resource in predicates. | +
ignorable [Required]+ bool
+ |
++ Ignorable specifies if the extender is ignorable, i.e. scheduling should not +fail when the extender returns an error or is not reachable. | +
| Field | Description |
|---|---|
serviceAffinity [Required]+ ServiceAffinity
+ |
++ The predicate that provides affinity for pods belonging to a service +It uses a label to identify nodes that belong to the same "group" | +
labelsPresence [Required]+ LabelsPresence
+ |
++ The predicate that checks whether a particular node has a certain label +defined or not, regardless of value | +
| Field | Description |
|---|---|
name [Required]+ string
+ |
++ Identifier of the predicate policy +For a custom predicate, the name can be user-defined +For the Kubernetes provided predicates, the name is the identifier of the pre-defined predicate | +
argument [Required]+ PredicateArgument
+ |
++ Holds the parameters to configure the given predicate | +
| Field | Description |
|---|---|
serviceAntiAffinity [Required]+ ServiceAntiAffinity
+ |
++ The priority function that ensures a good spread (anti-affinity) for pods belonging to a service +It uses a label to identify nodes that belong to the same "group" | +
labelPreference [Required]+ LabelPreference
+ |
++ The priority function that checks whether a particular node has a certain label +defined or not, regardless of value | +
requestedToCapacityRatioArguments [Required]+ RequestedToCapacityRatioArguments
+ |
++ The RequestedToCapacityRatio priority function is parametrized with function shape. | +
| Field | Description |
|---|---|
name [Required]+ string
+ |
++ Identifier of the priority policy +For a custom priority, the name can be user-defined +For the Kubernetes provided priority functions, the name is the identifier of the pre-defined priority function | +
weight [Required]+ int64
+ |
++ The numeric multiplier for the node scores that the priority function generates +The weight should be non-zero and can be a positive or a negative integer | +
argument [Required]+ PriorityArgument
+ |
++ Holds the parameters to configure the given priority function | +
| Field | Description |
|---|---|
shape [Required]+ []UtilizationShapePoint
+ |
++ Array of point defining priority function shape. | +
resources [Required]+ []ResourceSpec
+ |
++ No description provided. + | +
| Field | Description |
|---|---|
name [Required]+ string
+ |
++ Name of the resource to be managed by RequestedToCapacityRatio function. | +
weight [Required]+ int64
+ |
++ Weight of the resource. | +
| Field | Description |
|---|---|
labels [Required]+ []string
+ |
++ The list of labels that identify node "groups" +All of the labels should match for the node to be considered a fit for hosting the pod | +
| Field | Description |
|---|---|
label [Required]+ string
+ |
++ Used to identify node "groups" | +
| Field | Description |
|---|---|
utilization [Required]+ int32
+ |
++ Utilization (x axis). Valid values are 0 to 100. Fully utilized node maps to 100. | +
score [Required]+ int32
+ |
++ Score assigned to given utilization (y axis). Valid values are 0 to 10. | +
| Field | Description |
|---|---|
kubeconfig [Required]+ string
+ |
++ kubeconfig is the path to a KubeConfig file. | +
acceptContentTypes [Required]+ string
+ |
++ acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the +default value of 'application/json'. This field will control all connections to the server used by a particular +client. | +
contentType [Required]+ string
+ |
++ contentType is the content type used when sending data to the server from this client. | +
qps [Required]+ float32
+ |
++ qps controls the number of queries per second allowed for this connection. | +
burst [Required]+ int32
+ |
++ burst allows extra queries to accumulate when a client is exceeding its rate. | +
| Field | Description |
|---|---|
enableProfiling [Required]+ bool
+ |
++ enableProfiling enables profiling via web interface host:port/debug/pprof/ | +
enableContentionProfiling [Required]+ bool
+ |
++ enableContentionProfiling enables lock contention profiling, if +enableProfiling is true. | +
| Field | Description |
|---|---|
leaderElect [Required]+ bool
+ |
++ leaderElect enables a leader election client to gain leadership +before executing the main loop. Enable this when running replicated +components for high availability. | +
leaseDuration [Required]+ meta/v1.Duration
+ |
++ leaseDuration is the duration that non-leader candidates will wait +after observing a leadership renewal until attempting to acquire +leadership of a led but unrenewed leader slot. This is effectively the +maximum duration that a leader can be stopped before it is replaced +by another candidate. This is only applicable if leader election is +enabled. | +
renewDeadline [Required]+ meta/v1.Duration
+ |
++ renewDeadline is the interval between attempts by the acting master to +renew a leadership slot before it stops leading. This must be less +than or equal to the lease duration. This is only applicable if leader +election is enabled. | +
retryPeriod [Required]+ meta/v1.Duration
+ |
++ retryPeriod is the duration the clients should wait between attempting +acquisition and renewal of a leadership. This is only applicable if +leader election is enabled. | +
resourceLock [Required]+ string
+ |
++ resourceLock indicates the resource object type that will be used to lock +during leader election cycles. | +
resourceName [Required]+ string
+ |
++ resourceName indicates the name of resource object that will be used to lock +during leader election cycles. | +
resourceNamespace [Required]+ string
+ |
++ resourceName indicates the namespace of resource object that will be used to lock +during leader election cycles. | +
| Field | Description |
|---|---|
format [Required]+ string
+ |
++ Format Flag specifies the structure of log messages. +default value of format is `text` | +
sanitization [Required]+ bool
+ |
++ [Experimental] When enabled prevents logging of fields tagged as sensitive (passwords, keys, tokens). +Runtime log sanitization may introduce significant computation overhead and therefore should not be enabled in production.`) | +
| Field | Description |
|---|---|
apiVersionstring | kubescheduler.config.k8s.io/v1beta1 |
kindstring | DefaultPreemptionArgs |
minCandidateNodesPercentage [Required]+ int32
+ |
++ MinCandidateNodesPercentage is the minimum number of candidates to +shortlist when dry running preemption as a percentage of number of nodes. +Must be in the range [0, 100]. Defaults to 10% of the cluster size if +unspecified. | +
minCandidateNodesAbsolute [Required]+ int32
+ |
++ MinCandidateNodesAbsolute is the absolute minimum number of candidates to +shortlist. The likely number of candidates enumerated for dry running +preemption is given by the formula: +numCandidates = max(numNodes ∗ minCandidateNodesPercentage, minCandidateNodesAbsolute) +We say "likely" because there are other factors such as PDB violations +that play a role in the number of candidates shortlisted. Must be at least +0 nodes. Defaults to 100 nodes if unspecified. | +
| Field | Description |
|---|---|
apiVersionstring | kubescheduler.config.k8s.io/v1beta1 |
kindstring | InterPodAffinityArgs |
hardPodAffinityWeight [Required]+ int32
+ |
++ HardPodAffinityWeight is the scoring weight for existing pods with a +matching hard affinity to the incoming pod. | +
| Field | Description |
|---|---|
apiVersionstring | kubescheduler.config.k8s.io/v1beta1 |
kindstring | KubeSchedulerConfiguration |
parallelism [Required]+ int32
+ |
++ Parallelism defines the amount of parallelism in algorithms for scheduling a Pods. Must be greater than 0. Defaults to 16 | +
leaderElection [Required]+ LeaderElectionConfiguration
+ |
++ LeaderElection defines the configuration of leader election client. | +
clientConnection [Required]+ ClientConnectionConfiguration
+ |
++ ClientConnection specifies the kubeconfig file and client connection +settings for the proxy server to use when communicating with the apiserver. | +
healthzBindAddress [Required]+ string
+ |
++ HealthzBindAddress is the IP address and port for the health check server to serve on, +defaulting to 0.0.0.0:10251 | +
metricsBindAddress [Required]+ string
+ |
++ MetricsBindAddress is the IP address and port for the metrics server to +serve on, defaulting to 0.0.0.0:10251. | +
DebuggingConfiguration [Required]+ DebuggingConfiguration
+ |
+(Members of DebuggingConfiguration are embedded into this type.)
+ DebuggingConfiguration holds configuration for Debugging related features
+TODO: We might wanna make this a substruct like Debugging componentbaseconfigv1alpha1.DebuggingConfiguration |
+
percentageOfNodesToScore [Required]+ int32
+ |
++ PercentageOfNodesToScore is the percentage of all nodes that once found feasible +for running a pod, the scheduler stops its search for more feasible nodes in +the cluster. This helps improve scheduler's performance. Scheduler always tries to find +at least "minFeasibleNodesToFind" feasible nodes no matter what the value of this flag is. +Example: if the cluster size is 500 nodes and the value of this flag is 30, +then scheduler stops finding further feasible nodes once it finds 150 feasible ones. +When the value is 0, default percentage (5%--50% based on the size of the cluster) of the +nodes will be scored. | +
podInitialBackoffSeconds [Required]+ int64
+ |
++ PodInitialBackoffSeconds is the initial backoff for unschedulable pods. +If specified, it must be greater than 0. If this value is null, the default value (1s) +will be used. | +
podMaxBackoffSeconds [Required]+ int64
+ |
++ PodMaxBackoffSeconds is the max backoff for unschedulable pods. +If specified, it must be greater than podInitialBackoffSeconds. If this value is null, +the default value (10s) will be used. | +
profiles [Required]+ []KubeSchedulerProfile
+ |
++ Profiles are scheduling profiles that kube-scheduler supports. Pods can +choose to be scheduled under a particular profile by setting its associated +scheduler name. Pods that don't specify any scheduler name are scheduled +with the "default-scheduler" profile, if present here. | +
extenders [Required]+ []Extender
+ |
++ Extenders are the list of scheduler extenders, each holding the values of how to communicate +with the extender. These extenders are shared by all scheduler profiles. | +
| Field | Description |
|---|---|
apiVersionstring | kubescheduler.config.k8s.io/v1beta1 |
kindstring | NodeAffinityArgs |
addedAffinity+ core/v1.NodeAffinity
+ |
++ AddedAffinity is applied to all Pods additionally to the NodeAffinity +specified in the PodSpec. That is, Nodes need to satisfy AddedAffinity +AND .spec.NodeAffinity. AddedAffinity is empty by default (all Nodes +match). +When AddedAffinity is used, some Pods with affinity requirements that match +a specific Node (such as Daemonset Pods) might remain unschedulable. | +
| Field | Description |
|---|---|
apiVersionstring | kubescheduler.config.k8s.io/v1beta1 |
kindstring | NodeLabelArgs |
presentLabels [Required]+ []string
+ |
++ PresentLabels should be present for the node to be considered a fit for hosting the pod | +
absentLabels [Required]+ []string
+ |
++ AbsentLabels should be absent for the node to be considered a fit for hosting the pod | +
presentLabelsPreference [Required]+ []string
+ |
++ Nodes that have labels in the list will get a higher score. | +
absentLabelsPreference [Required]+ []string
+ |
++ Nodes that don't have labels in the list will get a higher score. | +
| Field | Description |
|---|---|
apiVersionstring | kubescheduler.config.k8s.io/v1beta1 |
kindstring | NodeResourcesFitArgs |
ignoredResources [Required]+ []string
+ |
++ IgnoredResources is the list of resources that NodeResources fit filter +should ignore. | +
ignoredResourceGroups [Required]+ []string
+ |
++ IgnoredResourceGroups defines the list of resource groups that NodeResources fit filter should ignore. +e.g. if group is ["example.com"], it will ignore all resource names that begin +with "example.com", such as "example.com/aaa" and "example.com/bbb". +A resource group name can't contain '/'. | +
| Field | Description |
|---|---|
apiVersionstring | kubescheduler.config.k8s.io/v1beta1 |
kindstring | NodeResourcesLeastAllocatedArgs |
resources [Required]+ []ResourceSpec
+ |
++ Resources to be managed, if no resource is provided, default resource set with both +the weight of "cpu" and "memory" set to "1" will be applied. +Resource with "0" weight will not accountable for the final score. | +
| Field | Description |
|---|---|
apiVersionstring | kubescheduler.config.k8s.io/v1beta1 |
kindstring | NodeResourcesMostAllocatedArgs |
resources [Required]+ []ResourceSpec
+ |
++ Resources to be managed, if no resource is provided, default resource set with both +the weight of "cpu" and "memory" set to "1" will be applied. +Resource with "0" weight will not accountable for the final score. | +
| Field | Description |
|---|---|
apiVersionstring | kubescheduler.config.k8s.io/v1beta1 |
kindstring | PodTopologySpreadArgs |
defaultConstraints+ []core/v1.TopologySpreadConstraint
+ |
++ DefaultConstraints defines topology spread constraints to be applied to +Pods that don't define any in `pod.spec.topologySpreadConstraints`. +`.defaultConstraints[∗].labelSelectors` must be empty, as they are +deduced from the Pod's membership to Services, ReplicationControllers, +ReplicaSets or StatefulSets. +When not empty, .defaultingType must be "List". | +
defaultingType+ PodTopologySpreadConstraintsDefaulting
+ |
++ DefaultingType determines how .defaultConstraints are deduced. Can be one +of "System" or "List". + +- "System": Use kubernetes defined constraints that spread Pods among + Nodes and Zones. +- "List": Use constraints defined in .defaultConstraints. + +Defaults to "List" if feature gate DefaultPodTopologySpread is disabled +and to "System" if enabled. | +
| Field | Description |
|---|---|
apiVersionstring | kubescheduler.config.k8s.io/v1beta1 |
kindstring | RequestedToCapacityRatioArgs |
shape [Required]+ []UtilizationShapePoint
+ |
++ Points defining priority function shape | +
resources [Required]+ []ResourceSpec
+ |
++ Resources to be managed | +
| Field | Description |
|---|---|
apiVersionstring | kubescheduler.config.k8s.io/v1beta1 |
kindstring | ServiceAffinityArgs |
affinityLabels [Required]+ []string
+ |
++ AffinityLabels are homogeneous for pods that are scheduled to a node. +(i.e. it returns true IFF this pod can be added to this node such that all other pods in +the same service are running on nodes with the exact same values for Labels). | +
antiAffinityLabelsPreference [Required]+ []string
+ |
++ AntiAffinityLabelsPreference are the labels to consider for service anti affinity scoring. | +
| Field | Description |
|---|---|
apiVersionstring | kubescheduler.config.k8s.io/v1beta1 |
kindstring | VolumeBindingArgs |
bindTimeoutSeconds [Required]+ int64
+ |
++ BindTimeoutSeconds is the timeout in seconds in volume binding operation. +Value must be non-negative integer. The value zero indicates no waiting. +If this value is nil, the default value (600) will be used. | +
| Field | Description |
|---|---|
urlPrefix [Required]+ string
+ |
++ URLPrefix at which the extender is available | +
filterVerb [Required]+ string
+ |
++ Verb for the filter call, empty if not supported. This verb is appended to the URLPrefix when issuing the filter call to extender. | +
preemptVerb [Required]+ string
+ |
++ Verb for the preempt call, empty if not supported. This verb is appended to the URLPrefix when issuing the preempt call to extender. | +
prioritizeVerb [Required]+ string
+ |
++ Verb for the prioritize call, empty if not supported. This verb is appended to the URLPrefix when issuing the prioritize call to extender. | +
weight [Required]+ int64
+ |
++ The numeric multiplier for the node scores that the prioritize call generates. +The weight should be a positive integer | +
bindVerb [Required]+ string
+ |
++ Verb for the bind call, empty if not supported. This verb is appended to the URLPrefix when issuing the bind call to extender. +If this method is implemented by the extender, it is the extender's responsibility to bind the pod to apiserver. Only one extender +can implement this function. | +
enableHTTPS [Required]+ bool
+ |
++ EnableHTTPS specifies whether https should be used to communicate with the extender | +
tlsConfig [Required]+ ExtenderTLSConfig
+ |
++ TLSConfig specifies the transport layer security config | +
httpTimeout [Required]+ meta/v1.Duration
+ |
++ HTTPTimeout specifies the timeout duration for a call to the extender. Filter timeout fails the scheduling of the pod. Prioritize +timeout is ignored, k8s/other extenders priorities are used to select the node. | +
nodeCacheCapable [Required]+ bool
+ |
++ NodeCacheCapable specifies that the extender is capable of caching node information, +so the scheduler should only send minimal information about the eligible nodes +assuming that the extender already cached full details of all nodes in the cluster | +
managedResources+ []ExtenderManagedResource
+ |
++ ManagedResources is a list of extended resources that are managed by +this extender. +- A pod will be sent to the extender on the Filter, Prioritize and Bind + (if the extender is the binder) phases iff the pod requests at least + one of the extended resources in this list. If empty or unspecified, + all pods will be sent to this extender. +- If IgnoredByScheduler is set to true for a resource, kube-scheduler + will skip checking the resource in predicates. | +
ignorable [Required]+ bool
+ |
++ Ignorable specifies if the extender is ignorable, i.e. scheduling should not +fail when the extender returns an error or is not reachable. | +
| Field | Description |
|---|---|
schedulerName [Required]+ string
+ |
++ SchedulerName is the name of the scheduler associated to this profile. +If SchedulerName matches with the pod's "spec.schedulerName", then the pod +is scheduled with this profile. | +
plugins [Required]+ Plugins
+ |
++ Plugins specify the set of plugins that should be enabled or disabled. +Enabled plugins are the ones that should be enabled in addition to the +default plugins. Disabled plugins are any of the default plugins that +should be disabled. +When no enabled or disabled plugin is specified for an extension point, +default plugins for that extension point will be used if there is any. +If a QueueSort plugin is specified, the same QueueSort Plugin and +PluginConfig must be specified for all profiles. | +
pluginConfig [Required]+ []PluginConfig
+ |
++ PluginConfig is an optional set of custom plugin arguments for each plugin. +Omitting config args for a plugin is equivalent to using the default config +for that plugin. | +
| Field | Description |
|---|---|
name [Required]+ string
+ |
++ Name defines the name of plugin | +
weight [Required]+ int32
+ |
++ Weight defines the weight of plugin, only used for Score plugins. | +
| Field | Description |
|---|---|
name [Required]+ string
+ |
++ Name defines the name of plugin being configured | +
args [Required]+ k8s.io/apimachinery/pkg/runtime.RawExtension
+ |
++ Args defines the arguments passed to the plugins at the time of initialization. Args can have arbitrary structure. | +
| Field | Description |
|---|---|
enabled [Required]+ []Plugin
+ |
++ Enabled specifies plugins that should be enabled in addition to default plugins. +These are called after default plugins and in the same order specified here. | +
disabled [Required]+ []Plugin
+ |
++ Disabled specifies default plugins that should be disabled. +When all default plugins need to be disabled, an array containing only one "∗" should be provided. | +
| Field | Description |
|---|---|
queueSort [Required]+ PluginSet
+ |
++ QueueSort is a list of plugins that should be invoked when sorting pods in the scheduling queue. | +
preFilter [Required]+ PluginSet
+ |
++ PreFilter is a list of plugins that should be invoked at "PreFilter" extension point of the scheduling framework. | +
filter [Required]+ PluginSet
+ |
++ Filter is a list of plugins that should be invoked when filtering out nodes that cannot run the Pod. | +
postFilter [Required]+ PluginSet
+ |
++ PostFilter is a list of plugins that are invoked after filtering phase, no matter whether filtering succeeds or not. | +
preScore [Required]+ PluginSet
+ |
++ PreScore is a list of plugins that are invoked before scoring. | +
score [Required]+ PluginSet
+ |
++ Score is a list of plugins that should be invoked when ranking nodes that have passed the filtering phase. | +
reserve [Required]+ PluginSet
+ |
++ Reserve is a list of plugins invoked when reserving/unreserving resources +after a node is assigned to run the pod. | +
permit [Required]+ PluginSet
+ |
++ Permit is a list of plugins that control binding of a Pod. These plugins can prevent or delay binding of a Pod. | +
preBind [Required]+ PluginSet
+ |
++ PreBind is a list of plugins that should be invoked before a pod is bound. | +
bind [Required]+ PluginSet
+ |
++ Bind is a list of plugins that should be invoked at "Bind" extension point of the scheduling framework. +The scheduler call these plugins in order. Scheduler skips the rest of these plugins as soon as one returns success. | +
postBind [Required]+ PluginSet
+ |
++ PostBind is a list of plugins that should be invoked after a pod is successfully bound. | +
| Field | Description |
|---|---|
name [Required]+ string
+ |
++ Name of the resource to be managed by RequestedToCapacityRatio function. | +
weight [Required]+ int64
+ |
++ Weight of the resource. | +
| Field | Description |
|---|---|
utilization [Required]+ int32
+ |
++ Utilization (x axis). Valid values are 0 to 100. Fully utilized node maps to 100. | +
score [Required]+ int32
+ |
++ Score assigned to given utilization (y axis). Valid values are 0 to 10. | +