Skip to content

cdk8s-plus-22 (Python)

Constructs

AbstractPod

Initializers

import cdk8s_plus_22

cdk8s_plus_22.AbstractPod(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  automount_service_account_token: bool = None,
  containers: typing.List[ContainerProps] = None,
  dns: PodDnsProps = None,
  docker_registry_auth: DockerConfigSecret = None,
  host_aliases: typing.List[HostAlias] = None,
  init_containers: typing.List[ContainerProps] = None,
  restart_policy: RestartPolicy = None,
  security_context: PodSecurityContextProps = None,
  service_account: IServiceAccount = None,
  volumes: typing.List[Volume] = None
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


automount_service_account_tokenOptional
  • Type: bool
  • Default: true

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


docker_registry_authOptional

A secret containing docker credentials for authenticating to a registry.


host_aliasesOptional

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


init_containersOptional

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


restart_policyOptional

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


security_contextOptional

SecurityContext holds pod-level security attributes and common container settings.


service_accountOptional

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


volumesOptional

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


Methods

add_container
def add_container(
  image: str,
  args: typing.List[str] = None,
  command: typing.List[str] = None,
  env_from: typing.List[EnvFrom] = None,
  env_variables: typing.Mapping[EnvValue] = None,
  image_pull_policy: ImagePullPolicy = None,
  lifecycle: ContainerLifecycle = None,
  liveness: Probe = None,
  name: str = None,
  port: typing.Union[int, float] = None,
  readiness: Probe = None,
  resources: ContainerResources = None,
  security_context: ContainerSecurityContextProps = None,
  startup: Probe = None,
  volume_mounts: typing.List[VolumeMount] = None,
  working_dir: str = None
)
imageRequired
  • Type: str

Docker image name.


argsOptional
  • Type: typing.List[str]
  • Default: []

Arguments to the entrypoint. The docker image’s CMD is used if command is not provided.

Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not.

Cannot be updated.

https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell


commandOptional
  • Type: typing.List[str]
  • Default: The docker image’s ENTRYPOINT.

Entrypoint array.

Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell


env_fromOptional

List of sources to populate environment variables in the container.

When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by the envVariables property with a duplicate key will take precedence.


env_variablesOptional

Environment variables to set in the container.


image_pull_policyOptional

Image pull policy for this container.


lifecycleOptional

Describes actions that the management system should take in response to container lifecycle events.


livenessOptional

Periodic probe of container liveness.

Container will be restarted if the probe fails.


nameOptional
  • Type: str
  • Default: ‘main’

Name of the container specified as a DNS_LABEL.

Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.


portOptional
  • Type: typing.Union[int, float]
  • Default: No port is exposed.

Number of port to expose on the pod’s IP address.

This must be a valid port number, 0 < x < 65536.


readinessOptional

Determines when the container is ready to serve traffic.


resourcesOptional

Compute resources (CPU and memory requests and limits) required by the container.

https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/


security_contextOptional

SecurityContext defines the security options the container should be run with.

If set, the fields override equivalent fields of the pod’s security context.

https://kubernetes.io/docs/tasks/configure-pod-container/security-context/


startupOptional

StartupProbe indicates that the Pod has successfully initialized.

If specified, no other probes are executed until this completes successfully


volume_mountsOptional

Pod volumes to mount into the container’s filesystem.

Cannot be updated.


working_dirOptional
  • Type: str
  • Default: The container runtime’s default.

Container’s working directory.

If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.


add_host_alias
def add_host_alias(
  hostnames: typing.List[str],
  ip: str
)
hostnamesRequired
  • Type: typing.List[str]

Hostnames for the chosen IP address.


ipRequired
  • Type: str

IP address of the host file entry.


add_init_container
def add_init_container(
  image: str,
  args: typing.List[str] = None,
  command: typing.List[str] = None,
  env_from: typing.List[EnvFrom] = None,
  env_variables: typing.Mapping[EnvValue] = None,
  image_pull_policy: ImagePullPolicy = None,
  lifecycle: ContainerLifecycle = None,
  liveness: Probe = None,
  name: str = None,
  port: typing.Union[int, float] = None,
  readiness: Probe = None,
  resources: ContainerResources = None,
  security_context: ContainerSecurityContextProps = None,
  startup: Probe = None,
  volume_mounts: typing.List[VolumeMount] = None,
  working_dir: str = None
)
imageRequired
  • Type: str

Docker image name.


argsOptional
  • Type: typing.List[str]
  • Default: []

Arguments to the entrypoint. The docker image’s CMD is used if command is not provided.

Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not.

Cannot be updated.

https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell


commandOptional
  • Type: typing.List[str]
  • Default: The docker image’s ENTRYPOINT.

Entrypoint array.

Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell


env_fromOptional

List of sources to populate environment variables in the container.

When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by the envVariables property with a duplicate key will take precedence.


env_variablesOptional

Environment variables to set in the container.


image_pull_policyOptional

Image pull policy for this container.


lifecycleOptional

Describes actions that the management system should take in response to container lifecycle events.


livenessOptional

Periodic probe of container liveness.

Container will be restarted if the probe fails.


nameOptional
  • Type: str
  • Default: ‘main’

Name of the container specified as a DNS_LABEL.

Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.


portOptional
  • Type: typing.Union[int, float]
  • Default: No port is exposed.

Number of port to expose on the pod’s IP address.

This must be a valid port number, 0 < x < 65536.


readinessOptional

Determines when the container is ready to serve traffic.


resourcesOptional

Compute resources (CPU and memory requests and limits) required by the container.

https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/


security_contextOptional

SecurityContext defines the security options the container should be run with.

If set, the fields override equivalent fields of the pod’s security context.

https://kubernetes.io/docs/tasks/configure-pod-container/security-context/


startupOptional

StartupProbe indicates that the Pod has successfully initialized.

If specified, no other probes are executed until this completes successfully


volume_mountsOptional

Pod volumes to mount into the container’s filesystem.

Cannot be updated.


working_dirOptional
  • Type: str
  • Default: The container runtime’s default.

Container’s working directory.

If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.


add_volume
def add_volume(
  vol: Volume
)
volRequired

to_network_policy_peer_config
def to_network_policy_peer_config()
to_pod_selector
def to_pod_selector()
to_pod_selector_config
def to_pod_selector_config()
to_subject_configuration
def to_subject_configuration()

Properties

automount_service_account_tokenRequired
automount_service_account_token: bool
  • Type: bool

containersRequired
containers: typing.List[Container]

dnsRequired
dns: PodDns

host_aliasesRequired
host_aliases: typing.List[HostAlias]

init_containersRequired
init_containers: typing.List[Container]

pod_metadataRequired
pod_metadata: ApiObjectMetadataDefinition

security_contextRequired
security_context: PodSecurityContext

volumesRequired
volumes: typing.List[Volume]

docker_registry_authOptional
docker_registry_auth: DockerConfigSecret

restart_policyOptional
restart_policy: RestartPolicy

service_accountOptional
service_account: IServiceAccount

AwsElasticBlockStorePersistentVolume

Represents an AWS Disk resource that is attached to a kubelet’s host machine and then exposed to the pod.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

Initializers

import cdk8s_plus_22

cdk8s_plus_22.AwsElasticBlockStorePersistentVolume(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  access_modes: typing.List[PersistentVolumeAccessMode] = None,
  claim: IPersistentVolumeClaim = None,
  mount_options: typing.List[str] = None,
  reclaim_policy: PersistentVolumeReclaimPolicy = None,
  storage: Size = None,
  storage_class_name: str = None,
  volume_mode: PersistentVolumeMode = None,
  volume_id: str,
  fs_type: str = None,
  partition: typing.Union[int, float] = None,
  read_only: bool = None
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


access_modesOptional

Contains all ways the volume can be mounted.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes


claimOptional

Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.

Expected to be non-nil when bound.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding


mount_optionsOptional
  • Type: typing.List[str]
  • Default: No options.

A list of mount options, e.g. [“ro”, “soft”]. Not validated - mount will simply fail if one is invalid.

https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options


reclaim_policyOptional

When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource.

The reclaim policy tells the cluster what to do with the volume after it has been released of its claim.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming


storageOptional

What is the storage capacity of this volume.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources


storage_class_nameOptional
  • Type: str
  • Default: Volume does not belong to any storage class.

Name of StorageClass to which this persistent volume belongs.


volume_modeOptional

Defines what type of volume is required by the claim.


volume_idRequired
  • Type: str

Unique ID of the persistent disk resource in AWS (Amazon EBS volume).

More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


fs_typeOptional
  • Type: str
  • Default: ‘ext4’

Filesystem type of the volume that you want to mount.

Tip: Ensure that the filesystem type is supported by the host operating system.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


partitionOptional
  • Type: typing.Union[int, float]
  • Default: No partition.

The partition in the volume that you want to mount.

If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as “1”. Similarly, the volume partition for /dev/sda is “0” (or you can leave the property empty).


read_onlyOptional
  • Type: bool
  • Default: false

Specify “true” to force and set the ReadOnly property in VolumeMounts to “true”.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


Properties

fs_typeRequired
fs_type: str
  • Type: str

File system type of this volume.


read_onlyRequired
read_only: bool
  • Type: bool

Whether or not it is mounted as a read-only volume.


volume_idRequired
volume_id: str
  • Type: str

Volume id of this volume.


partitionOptional
partition: typing.Union[int, float]
  • Type: typing.Union[int, float]

Partition of this volume.


AzureDiskPersistentVolume

AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.

Initializers

import cdk8s_plus_22

cdk8s_plus_22.AzureDiskPersistentVolume(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  access_modes: typing.List[PersistentVolumeAccessMode] = None,
  claim: IPersistentVolumeClaim = None,
  mount_options: typing.List[str] = None,
  reclaim_policy: PersistentVolumeReclaimPolicy = None,
  storage: Size = None,
  storage_class_name: str = None,
  volume_mode: PersistentVolumeMode = None,
  disk_name: str,
  disk_uri: str,
  caching_mode: AzureDiskPersistentVolumeCachingMode = None,
  fs_type: str = None,
  kind: AzureDiskPersistentVolumeKind = None,
  read_only: bool = None
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


access_modesOptional

Contains all ways the volume can be mounted.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes


claimOptional

Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.

Expected to be non-nil when bound.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding


mount_optionsOptional
  • Type: typing.List[str]
  • Default: No options.

A list of mount options, e.g. [“ro”, “soft”]. Not validated - mount will simply fail if one is invalid.

https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options


reclaim_policyOptional

When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource.

The reclaim policy tells the cluster what to do with the volume after it has been released of its claim.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming


storageOptional

What is the storage capacity of this volume.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources


storage_class_nameOptional
  • Type: str
  • Default: Volume does not belong to any storage class.

Name of StorageClass to which this persistent volume belongs.


volume_modeOptional

Defines what type of volume is required by the claim.


disk_nameRequired
  • Type: str

The Name of the data disk in the blob storage.


disk_uriRequired
  • Type: str

The URI the data disk in the blob storage.


caching_modeOptional

Host Caching mode.


fs_typeOptional
  • Type: str
  • Default: ‘ext4’

Filesystem type to mount.

Must be a filesystem type supported by the host operating system.


kindOptional

Kind of disk.


read_onlyOptional
  • Type: bool
  • Default: false

Force the ReadOnly setting in VolumeMounts.


Properties

azure_kindRequired
azure_kind: AzureDiskPersistentVolumeKind

Azure kind of this volume.


caching_modeRequired
caching_mode: AzureDiskPersistentVolumeCachingMode

Caching mode of this volume.


disk_nameRequired
disk_name: str
  • Type: str

Disk name of this volume.


disk_uriRequired
disk_uri: str
  • Type: str

Disk URI of this volume.


fs_typeRequired
fs_type: str
  • Type: str

File system type of this volume.


read_onlyRequired
read_only: bool
  • Type: bool

Whether or not it is mounted as a read-only volume.


BasicAuthSecret

Create a secret for basic authentication.

https://kubernetes.io/docs/concepts/configuration/secret/#basic-authentication-secret

Initializers

import cdk8s_plus_22

cdk8s_plus_22.BasicAuthSecret(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  immutable: bool = None,
  password: str,
  username: str
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
  • Type: bool
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


passwordRequired
  • Type: str

The password or token for authentication.


usernameRequired
  • Type: str

The user name for authentication.


ClusterRole

ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.

Initializers

import cdk8s_plus_22

cdk8s_plus_22.ClusterRole(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  aggregation_labels: typing.Mapping[str] = None,
  rules: typing.List[ClusterRolePolicyRule] = None
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


aggregation_labelsOptional
  • Type: typing.Mapping[str]

Specify labels that should be used to locate ClusterRoles, whose rules will be automatically filled into this ClusterRole’s rules.


rulesOptional

A list of rules the role should allow.


Methods

aggregate
def aggregate(
  key: str,
  value: str
)
keyRequired
  • Type: str

valueRequired
  • Type: str

allow
def allow(
  verbs: typing.List[str],
  endpoints: IApiEndpoint
)
verbsRequired
  • Type: typing.List[str]

endpointsRequired

The endpoints(s) to apply to.


allow_create
def allow_create(
  endpoints: IApiEndpoint
)
endpointsRequired

The resource(s) to apply to.


allow_delete
def allow_delete(
  endpoints: IApiEndpoint
)
endpointsRequired

The resource(s) to apply to.


allow_delete_collection
def allow_delete_collection(
  endpoints: IApiEndpoint
)
endpointsRequired

The resource(s) to apply to.


allow_get
def allow_get(
  endpoints: IApiEndpoint
)
endpointsRequired

The resource(s) to apply to.


allow_list
def allow_list(
  endpoints: IApiEndpoint
)
endpointsRequired

The resource(s) to apply to.


allow_patch
def allow_patch(
  endpoints: IApiEndpoint
)
endpointsRequired

The resource(s) to apply to.


allow_read
def allow_read(
  endpoints: IApiEndpoint
)
endpointsRequired

The resource(s) to apply to.


allow_read_write
def allow_read_write(
  endpoints: IApiEndpoint
)
endpointsRequired

The resource(s) to apply to.


allow_update
def allow_update(
  endpoints: IApiEndpoint
)
endpointsRequired

The resource(s) to apply to.


allow_watch
def allow_watch(
  endpoints: IApiEndpoint
)
endpointsRequired

The resource(s) to apply to.


bind
def bind(
  subjects: ISubject
)
subjectsRequired

a list of subjects to bind to.


bind_in_namespace
def bind_in_namespace(
  namespace: str,
  subjects: ISubject
)
namespaceRequired
  • Type: str

the namespace to limit permissions to.


subjectsRequired

a list of subjects to bind to.


combine
def combine(
  rol: ClusterRole
)
rolRequired

Static Functions

from_cluster_role_name
import cdk8s_plus_22

cdk8s_plus_22.ClusterRole.from_cluster_role_name(
  scope: Construct,
  id: str,
  name: str
)
scopeRequired

idRequired
  • Type: str

nameRequired
  • Type: str

Properties

resource_typeRequired
resource_type: str
  • Type: str

The name of a resource type as it appears in the relevant API endpoint.


rulesRequired
rules: typing.List[ClusterRolePolicyRule]

Rules associaated with this Role.

Returns a copy, use allow to add rules.


ClusterRoleBinding

A ClusterRoleBinding grants permissions cluster-wide to a user or set of users.

Initializers

import cdk8s_plus_22

cdk8s_plus_22.ClusterRoleBinding(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  role: IClusterRole
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


roleRequired

The role to bind to.


Methods

add_subjects
def add_subjects(
  subjects: ISubject
)
subjectsRequired

The subjects to add.


Properties

resource_typeRequired
resource_type: str
  • Type: str

The name of a resource type as it appears in the relevant API endpoint.


roleRequired
role: IClusterRole

subjectsRequired
subjects: typing.List[ISubject]

ConfigMap

ConfigMap holds configuration data for pods to consume.

Initializers

import cdk8s_plus_22

cdk8s_plus_22.ConfigMap(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  binary_data: typing.Mapping[str] = None,
  data: typing.Mapping[str] = None,
  immutable: bool = None
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


binary_dataOptional
  • Type: typing.Mapping[str]

BinaryData contains the binary data.

Each key must consist of alphanumeric characters, ‘-‘, ‘_’ or ‘.’. BinaryData can contain byte sequences that are not in the UTF-8 range. The keys stored in BinaryData must not overlap with the ones in the Data field, this is enforced during validation process.

You can also add binary data using configMap.addBinaryData().


dataOptional
  • Type: typing.Mapping[str]

Data contains the configuration data.

Each key must consist of alphanumeric characters, ‘-‘, ‘_’ or ‘.’. Values with non-UTF-8 byte sequences must use the BinaryData field. The keys stored in Data must not overlap with the keys in the BinaryData field, this is enforced during validation process.

You can also add data using configMap.addData().


immutableOptional
  • Type: bool
  • Default: false

If set to true, ensures that data stored in the ConfigMap cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


Methods

add_binary_data
def add_binary_data(
  key: str,
  value: str
)
keyRequired
  • Type: str

The key.


valueRequired
  • Type: str

The value.


add_data
def add_data(
  key: str,
  value: str
)
keyRequired
  • Type: str

The key.


valueRequired
  • Type: str

The value.


add_directory
def add_directory(
  local_dir: str,
  exclude: typing.List[str] = None,
  key_prefix: str = None
)
local_dirRequired
  • Type: str

A path to a local directory.


excludeOptional
  • Type: typing.List[str]
  • Default: include all files

Glob patterns to exclude when adding files.


key_prefixOptional
  • Type: str
  • Default: “”

A prefix to add to all keys in the config map.


add_file
def add_file(
  local_file: str,
  key: str = None
)
local_fileRequired
  • Type: str

The path to the local file.


keyOptional
  • Type: str

The ConfigMap key (default to the file name).


Static Functions

from_config_map_name
import cdk8s_plus_22

cdk8s_plus_22.ConfigMap.from_config_map_name(
  scope: Construct,
  id: str,
  name: str
)
scopeRequired

idRequired
  • Type: str

nameRequired
  • Type: str

Properties

binary_dataRequired
binary_data: typing.Mapping[str]
  • Type: typing.Mapping[str]

The binary data associated with this config map.

Returns a copy. To add data records, use addBinaryData() or addData().


dataRequired
data: typing.Mapping[str]
  • Type: typing.Mapping[str]

The data associated with this config map.

Returns an copy. To add data records, use addData() or addBinaryData().


immutableRequired
immutable: bool
  • Type: bool

Whether or not this config map is immutable.


resource_typeRequired
resource_type: str
  • Type: str

The name of a resource type as it appears in the relevant API endpoint.


DaemonSet

A DaemonSet ensures that all (or some) Nodes run a copy of a Pod.

As nodes are added to the cluster, Pods are added to them. As nodes are removed from the cluster, those Pods are garbage collected. Deleting a DaemonSet will clean up the Pods it created.

Some typical uses of a DaemonSet are:

  • running a cluster storage daemon on every node
  • running a logs collection daemon on every node
  • running a node monitoring daemon on every node

In a simple case, one DaemonSet, covering all nodes, would be used for each type of daemon. A more complex setup might use multiple DaemonSets for a single type of daemon, but with different flags and/or different memory and cpu requests for different hardware types.

Initializers

import cdk8s_plus_22

cdk8s_plus_22.DaemonSet(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  automount_service_account_token: bool = None,
  containers: typing.List[ContainerProps] = None,
  dns: PodDnsProps = None,
  docker_registry_auth: DockerConfigSecret = None,
  host_aliases: typing.List[HostAlias] = None,
  init_containers: typing.List[ContainerProps] = None,
  restart_policy: RestartPolicy = None,
  security_context: PodSecurityContextProps = None,
  service_account: IServiceAccount = None,
  volumes: typing.List[Volume] = None,
  pod_metadata: ApiObjectMetadata = None,
  select: bool = None,
  min_ready_seconds: typing.Union[int, float] = None
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


automount_service_account_tokenOptional
  • Type: bool
  • Default: true

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


docker_registry_authOptional

A secret containing docker credentials for authenticating to a registry.


host_aliasesOptional

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


init_containersOptional

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


restart_policyOptional

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


security_contextOptional

SecurityContext holds pod-level security attributes and common container settings.


service_accountOptional

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


volumesOptional

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


pod_metadataOptional

The pod metadata of this workload.


selectOptional
  • Type: bool
  • Default: true

Automatically allocates a pod label selector for this workload and add it to the pod metadata.

This ensures this workload manages pods created by its pod template.


min_ready_secondsOptional
  • Type: typing.Union[int, float]
  • Default: 0

Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available.


Properties

min_ready_secondsRequired
min_ready_seconds: typing.Union[int, float]
  • Type: typing.Union[int, float]

resource_typeRequired
resource_type: str
  • Type: str

The name of a resource type as it appears in the relevant API endpoint.


Deployment

A Deployment provides declarative updates for Pods and ReplicaSets.

You describe a desired state in a Deployment, and the Deployment Controller changes the actual state to the desired state at a controlled rate. You can define Deployments to create new ReplicaSets, or to remove existing Deployments and adopt all their resources with new Deployments.

Note: Do not manage ReplicaSets owned by a Deployment. Consider opening an issue in the main Kubernetes repository if your use case is not covered below.

Use Case

The following are typical use cases for Deployments:

  • Create a Deployment to rollout a ReplicaSet. The ReplicaSet creates Pods in the background. Check the status of the rollout to see if it succeeds or not.
  • Declare the new state of the Pods by updating the PodTemplateSpec of the Deployment. A new ReplicaSet is created and the Deployment manages moving the Pods from the old ReplicaSet to the new one at a controlled rate. Each new ReplicaSet updates the revision of the Deployment.
  • Rollback to an earlier Deployment revision if the current state of the Deployment is not stable. Each rollback updates the revision of the Deployment.
  • Scale up the Deployment to facilitate more load.
  • Pause the Deployment to apply multiple fixes to its PodTemplateSpec and then resume it to start a new rollout.
  • Use the status of the Deployment as an indicator that a rollout has stuck.
  • Clean up older ReplicaSets that you don’t need anymore.

Initializers

import cdk8s_plus_22

cdk8s_plus_22.Deployment(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  automount_service_account_token: bool = None,
  containers: typing.List[ContainerProps] = None,
  dns: PodDnsProps = None,
  docker_registry_auth: DockerConfigSecret = None,
  host_aliases: typing.List[HostAlias] = None,
  init_containers: typing.List[ContainerProps] = None,
  restart_policy: RestartPolicy = None,
  security_context: PodSecurityContextProps = None,
  service_account: IServiceAccount = None,
  volumes: typing.List[Volume] = None,
  pod_metadata: ApiObjectMetadata = None,
  select: bool = None,
  min_ready: Duration = None,
  progress_deadline: Duration = None,
  replicas: typing.Union[int, float] = None,
  strategy: DeploymentStrategy = None
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


automount_service_account_tokenOptional
  • Type: bool
  • Default: true

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


docker_registry_authOptional

A secret containing docker credentials for authenticating to a registry.


host_aliasesOptional

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


init_containersOptional

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


restart_policyOptional

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


security_contextOptional

SecurityContext holds pod-level security attributes and common container settings.


service_accountOptional

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


volumesOptional

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


pod_metadataOptional

The pod metadata of this workload.


selectOptional
  • Type: bool
  • Default: true

Automatically allocates a pod label selector for this workload and add it to the pod metadata.

This ensures this workload manages pods created by its pod template.


min_readyOptional

Minimum duration for which a newly created pod should be ready without any of its container crashing, for it to be considered available.

Zero means the pod will be considered available as soon as it is ready.

https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#min-ready-seconds


progress_deadlineOptional

The maximum duration for a deployment to make progress before it is considered to be failed.

The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status.

Note that progress will not be estimated during the time a deployment is paused.

https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#progress-deadline-seconds


replicasOptional
  • Type: typing.Union[int, float]
  • Default: 1

Number of desired pods.


strategyOptional

Specifies the strategy used to replace old Pods by new ones.


Methods

expose_via_ingress
def expose_via_ingress(
  path: str,
  name: str = None,
  ports: typing.List[ServicePort] = None,
  service_type: ServiceType = None,
  ingress: Ingress = None,
  path_type: HttpIngressPathType = None
)
pathRequired
  • Type: str

The ingress path to register under.


nameOptional
  • Type: str
  • Default: auto generated.

The name of the service to expose.

If you’d like to expose the deployment multiple times, you must explicitly set a name starting from the second expose call.


portsOptional

The ports that the service should bind to.


service_typeOptional

The type of the exposed service.


ingressOptional

The ingress to add rules to.


path_typeOptional

The type of the path.


expose_via_service
def expose_via_service(
  name: str = None,
  ports: typing.List[ServicePort] = None,
  service_type: ServiceType = None
)
nameOptional
  • Type: str
  • Default: auto generated.

The name of the service to expose.

If you’d like to expose the deployment multiple times, you must explicitly set a name starting from the second expose call.


portsOptional

The ports that the service should bind to.


service_typeOptional

The type of the exposed service.


Properties

min_readyRequired
min_ready: Duration

Minimum duration for which a newly created pod should be ready without any of its container crashing, for it to be considered available.


progress_deadlineRequired
progress_deadline: Duration

The maximum duration for a deployment to make progress before it is considered to be failed.


replicasRequired
replicas: typing.Union[int, float]
  • Type: typing.Union[int, float]

Number of desired pods.


resource_typeRequired
resource_type: str
  • Type: str

The name of a resource type as it appears in the relevant API endpoint.


strategyRequired
strategy: DeploymentStrategy

DockerConfigSecret

Create a secret for storing credentials for accessing a container image registry.

https://kubernetes.io/docs/concepts/configuration/secret/#docker-config-secrets

Initializers

import cdk8s_plus_22

cdk8s_plus_22.DockerConfigSecret(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  immutable: bool = None,
  data: typing.Mapping[typing.Any]
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
  • Type: bool
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


dataRequired
  • Type: typing.Mapping[typing.Any]

JSON content to provide for the ~/.docker/config.json file. This will be stringified and inserted as stringData.

https://docs.docker.com/engine/reference/commandline/cli/#sample-configuration-file


GCEPersistentDiskPersistentVolume

GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet’s host machine and then exposed to the pod.

Provisioned by an admin.

https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

Initializers

import cdk8s_plus_22

cdk8s_plus_22.GCEPersistentDiskPersistentVolume(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  access_modes: typing.List[PersistentVolumeAccessMode] = None,
  claim: IPersistentVolumeClaim = None,
  mount_options: typing.List[str] = None,
  reclaim_policy: PersistentVolumeReclaimPolicy = None,
  storage: Size = None,
  storage_class_name: str = None,
  volume_mode: PersistentVolumeMode = None,
  pd_name: str,
  fs_type: str = None,
  partition: typing.Union[int, float] = None,
  read_only: bool = None
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


access_modesOptional

Contains all ways the volume can be mounted.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes


claimOptional

Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.

Expected to be non-nil when bound.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding


mount_optionsOptional
  • Type: typing.List[str]
  • Default: No options.

A list of mount options, e.g. [“ro”, “soft”]. Not validated - mount will simply fail if one is invalid.

https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options


reclaim_policyOptional

When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource.

The reclaim policy tells the cluster what to do with the volume after it has been released of its claim.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming


storageOptional

What is the storage capacity of this volume.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources


storage_class_nameOptional
  • Type: str
  • Default: Volume does not belong to any storage class.

Name of StorageClass to which this persistent volume belongs.


volume_modeOptional

Defines what type of volume is required by the claim.


pd_nameRequired
  • Type: str

Unique name of the PD resource in GCE.

Used to identify the disk in GCE.

https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk


fs_typeOptional
  • Type: str
  • Default: ‘ext4’

Filesystem type of the volume that you want to mount.

Tip: Ensure that the filesystem type is supported by the host operating system.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


partitionOptional
  • Type: typing.Union[int, float]
  • Default: No partition.

The partition in the volume that you want to mount.

If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as “1”. Similarly, the volume partition for /dev/sda is “0” (or you can leave the property empty).


read_onlyOptional
  • Type: bool
  • Default: false

Specify “true” to force and set the ReadOnly property in VolumeMounts to “true”.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


Properties

fs_typeRequired
fs_type: str
  • Type: str

File system type of this volume.


pd_nameRequired
pd_name: str
  • Type: str

PD resource in GCE of this volume.


read_onlyRequired
read_only: bool
  • Type: bool

Whether or not it is mounted as a read-only volume.


partitionOptional
partition: typing.Union[int, float]
  • Type: typing.Union[int, float]

Partition of this volume.


Group

Represents a group.

Methods

to_subject_configuration
def to_subject_configuration()

Static Functions

from_name
import cdk8s_plus_22

cdk8s_plus_22.Group.from_name(
  scope: Construct,
  id: str,
  name: str
)
scopeRequired

idRequired
  • Type: str

nameRequired
  • Type: str

Properties

kindRequired
kind: str
  • Type: str

nameRequired
name: str
  • Type: str

api_groupOptional
api_group: str
  • Type: str

Ingress

Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend.

An Ingress can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc.

Initializers

import cdk8s_plus_22

cdk8s_plus_22.Ingress(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  default_backend: IngressBackend = None,
  rules: typing.List[IngressRule] = None,
  tls: typing.List[IngressTls] = None
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


default_backendOptional

The default backend services requests that do not match any rule.

Using this option or the addDefaultBackend() method is equivalent to adding a rule with both path and host undefined.


rulesOptional

Routing rules for this ingress.

Each rule must define an IngressBackend that will receive the requests that match this rule. If both host and path are not specifiec, this backend will be used as the default backend of the ingress.

You can also add rules later using addRule(), addHostRule(), addDefaultBackend() and addHostDefaultBackend().


tlsOptional

TLS settings for this ingress.

Using this option tells the ingress controller to expose a TLS endpoint. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.


Methods

add_default_backend
def add_default_backend(
  backend: IngressBackend
)
backendRequired

The backend to use for requests that do not match any rule.


add_host_default_backend
def add_host_default_backend(
  host: str,
  backend: IngressBackend
)
hostRequired
  • Type: str

The host name to match.


backendRequired

The backend to route to.


add_host_rule
def add_host_rule(
  host: str,
  path: str,
  backend: IngressBackend,
  path_type: HttpIngressPathType = None
)
hostRequired
  • Type: str

The host name.


pathRequired
  • Type: str

The HTTP path.


backendRequired

The backend to route requests to.


path_typeOptional

How the path is matched against request paths.


add_rule
def add_rule(
  path: str,
  backend: IngressBackend,
  path_type: HttpIngressPathType = None
)
pathRequired
  • Type: str

The HTTP path.


backendRequired

The backend to route requests to.


path_typeOptional

How the path is matched against request paths.


add_rules
def add_rules(
  backend: IngressBackend,
  host: str = None,
  path: str = None,
  path_type: HttpIngressPathType = None
)
backendRequired

Backend defines the referenced service endpoint to which the traffic will be forwarded to.


hostOptional
  • Type: str
  • Default: If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue.

Host is the fully qualified domain name of a network host, as defined by RFC 3986.

Note the following deviations from the “host” part of the URI as defined in the RFC: 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the IP in the Spec of the parent Ingress. 2. The : delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. Incoming requests are matched against the host before the IngressRuleValue.


pathOptional
  • Type: str
  • Default: If unspecified, the path defaults to a catch all sending traffic to the backend.

Path is an extended POSIX regex as defined by IEEE Std 1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax) matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional “path” part of a URL as defined by RFC 3986. Paths must begin with a ‘/’.


path_typeOptional

Specify how the path is matched against request paths.

By default, path types will be matched by prefix.

https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types


add_tls
def add_tls(
  tls: typing.List[IngressTls]
)
tlsRequired

Properties

resource_typeRequired
resource_type: str
  • Type: str

The name of a resource type as it appears in the relevant API endpoint.


Job

A Job creates one or more Pods and ensures that a specified number of them successfully terminate.

As pods successfully complete, the Job tracks the successful completions. When a specified number of successful completions is reached, the task (ie, Job) is complete. Deleting a Job will clean up the Pods it created. A simple case is to create one Job object in order to reliably run one Pod to completion. The Job object will start a new Pod if the first Pod fails or is deleted (for example due to a node hardware failure or a node reboot). You can also use a Job to run multiple Pods in parallel.

Initializers

import cdk8s_plus_22

cdk8s_plus_22.Job(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  automount_service_account_token: bool = None,
  containers: typing.List[ContainerProps] = None,
  dns: PodDnsProps = None,
  docker_registry_auth: DockerConfigSecret = None,
  host_aliases: typing.List[HostAlias] = None,
  init_containers: typing.List[ContainerProps] = None,
  restart_policy: RestartPolicy = None,
  security_context: PodSecurityContextProps = None,
  service_account: IServiceAccount = None,
  volumes: typing.List[Volume] = None,
  pod_metadata: ApiObjectMetadata = None,
  select: bool = None,
  active_deadline: Duration = None,
  backoff_limit: typing.Union[int, float] = None,
  ttl_after_finished: Duration = None
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


automount_service_account_tokenOptional
  • Type: bool
  • Default: true

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


docker_registry_authOptional

A secret containing docker credentials for authenticating to a registry.


host_aliasesOptional

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


init_containersOptional

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


restart_policyOptional

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


security_contextOptional

SecurityContext holds pod-level security attributes and common container settings.


service_accountOptional

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


volumesOptional

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


pod_metadataOptional

The pod metadata of this workload.


selectOptional
  • Type: bool
  • Default: true

Automatically allocates a pod label selector for this workload and add it to the pod metadata.

This ensures this workload manages pods created by its pod template.


active_deadlineOptional

Specifies the duration the job may be active before the system tries to terminate it.


backoff_limitOptional
  • Type: typing.Union[int, float]
  • Default: If not set, system defaults to 6.

Specifies the number of retries before marking this job failed.


ttl_after_finishedOptional
  • Type: cdk8s.Duration
  • Default: If this field is unset, the Job won’t be automatically deleted.

Limits the lifetime of a Job that has finished execution (either Complete or Failed).

If this field is set, after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes. This field is alpha-level and is only honored by servers that enable the TTLAfterFinished feature.


Properties

resource_typeRequired
resource_type: str
  • Type: str

The name of a resource type as it appears in the relevant API endpoint.


active_deadlineOptional
active_deadline: Duration

Duration before job is terminated.

If undefined, there is no deadline.


backoff_limitOptional
backoff_limit: typing.Union[int, float]
  • Type: typing.Union[int, float]

Number of retries before marking failed.


ttl_after_finishedOptional
ttl_after_finished: Duration

TTL before the job is deleted after it is finished.


Namespace

In Kubernetes, namespaces provides a mechanism for isolating groups of resources within a single cluster.

Names of resources need to be unique within a namespace, but not across namespaces. Namespace-based scoping is applicable only for namespaced objects (e.g. Deployments, Services, etc) and not for cluster-wide objects (e.g. StorageClass, Nodes, PersistentVolumes, etc).

Initializers

import cdk8s_plus_22

cdk8s_plus_22.Namespace(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


Methods

to_namespace_selector_config
def to_namespace_selector_config()
to_network_policy_peer_config
def to_network_policy_peer_config()
to_pod_selector
def to_pod_selector()

Properties

resource_typeRequired
resource_type: str
  • Type: str

The name of a resource type as it appears in the relevant API endpoint.


Constants

NAME_LABEL
  • Type: str

https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/#automatic-labelling


Namespaces

Represents a group of namespaces.

Initializers

import cdk8s_plus_22

cdk8s_plus_22.Namespaces(
  scope: Construct,
  id: str,
  expressions: typing.List[LabelExpression] = None,
  names: typing.List[str] = None,
  labels: typing.Mapping[str] = None
)
scopeRequired

idRequired
  • Type: str

expressionsOptional

namesOptional
  • Type: typing.List[str]

labelsOptional
  • Type: typing.Mapping[str]

Methods

to_namespace_selector_config
def to_namespace_selector_config()
to_network_policy_peer_config
def to_network_policy_peer_config()
to_pod_selector
def to_pod_selector()

Static Functions

all
import cdk8s_plus_22

cdk8s_plus_22.Namespaces.all(
  scope: Construct,
  id: str
)
scopeRequired

idRequired
  • Type: str

select
import cdk8s_plus_22

cdk8s_plus_22.Namespaces.select(
  scope: Construct,
  id: str,
  expressions: typing.List[LabelExpression] = None,
  labels: typing.Mapping[str] = None,
  names: typing.List[str] = None
)
scopeRequired

idRequired
  • Type: str

expressionsOptional

Namespaces must satisfy these selectors.

The selectors query labels, just like the labels property, but they provide a more advanced matching mechanism.


labelsOptional
  • Type: typing.Mapping[str]
  • Default: no strict labels requirements.

Labels the namespaces must have.

This is equivalent to using an ‘Is’ selector.


namesOptional
  • Type: typing.List[str]
  • Default: no name requirements.

Namespaces names must be one of these.


NetworkPolicy

Control traffic flow at the IP address or port level (OSI layer 3 or 4), network policies are an application-centric construct which allow you to specify how a pod is allowed to communicate with various network peers.

  • Outgoing traffic is allowed if there are no network policies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the network policies that select the pod.
  • Incoming traffic is allowed to a pod if there are no network policies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod’s local node, OR if the traffic matches at least one ingress rule across all of the network policies that select the pod.

Network policies do not conflict; they are additive. If any policy or policies apply to a given pod for a given direction, the connections allowed in that direction from that pod is the union of what the applicable policies allow. Thus, order of evaluation does not affect the policy result.

For a connection from a source pod to a destination pod to be allowed, both the egress policy on the source pod and the ingress policy on the destination pod need to allow the connection. If either side does not allow the connection, it will not happen.

https://kubernetes.io/docs/concepts/services-networking/network-policies/#networkpolicy-resource

Initializers

import cdk8s_plus_22

cdk8s_plus_22.NetworkPolicy(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  egress: NetworkPolicyTraffic = None,
  ingress: NetworkPolicyTraffic = None,
  selector: IPodSelector = None
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


egressOptional

Egress traffic configuration.


ingressOptional

Ingress traffic configuration.


selectorOptional

Which pods does this policy object applies to.

This can either be a single pod / workload, or a grouping of pods selected via the Pods.select function. Rules is applied to any pods selected by this property. Multiple network policies can select the same set of pods. In this case, the rules for each are combined additively.

Note that


Methods

add_egress_rule
def add_egress_rule(
  peer: INetworkPolicyPeer,
  ports: typing.List[NetworkPolicyPort] = None
)
peerRequired

portsOptional

add_ingress_rule
def add_ingress_rule(
  peer: INetworkPolicyPeer,
  ports: typing.List[NetworkPolicyPort] = None
)
peerRequired

portsOptional

Properties

resource_typeRequired
resource_type: str
  • Type: str

The name of a resource type as it appears in the relevant API endpoint.


NetworkPolicyIpBlock

Describes a particular CIDR (Ex.

“192.168.1.1/24”,”2001:db9::/64”) that is allowed to the pods matched by a network policy selector. The except entry describes CIDRs that should not be included within this rule.

Methods

to_network_policy_peer_config
def to_network_policy_peer_config()
to_pod_selector
def to_pod_selector()

Static Functions

any_ipv4
import cdk8s_plus_22

cdk8s_plus_22.NetworkPolicyIpBlock.any_ipv4(
  scope: Construct,
  id: str
)
scopeRequired

idRequired
  • Type: str

any_ipv6
import cdk8s_plus_22

cdk8s_plus_22.NetworkPolicyIpBlock.any_ipv6(
  scope: Construct,
  id: str
)
scopeRequired

idRequired
  • Type: str

ipv4
import cdk8s_plus_22

cdk8s_plus_22.NetworkPolicyIpBlock.ipv4(
  scope: Construct,
  id: str,
  cidr_ip: str,
  except: typing.List[str] = None
)
scopeRequired

idRequired
  • Type: str

cidr_ipRequired
  • Type: str

exceptOptional
  • Type: typing.List[str]

ipv6
import cdk8s_plus_22

cdk8s_plus_22.NetworkPolicyIpBlock.ipv6(
  scope: Construct,
  id: str,
  cidr_ip: str,
  except: typing.List[str] = None
)
scopeRequired

idRequired
  • Type: str

cidr_ipRequired
  • Type: str

exceptOptional
  • Type: typing.List[str]

Properties

cidrRequired
cidr: str
  • Type: str

A string representing the IP Block Valid examples are “192.168.1.1/24” or “2001:db9::/64”.


exceptOptional
except: typing.List[str]
  • Type: typing.List[str]

A slice of CIDRs that should not be included within an IP Block Valid examples are “192.168.1.1/24” or “2001:db9::/64”. Except values will be rejected if they are outside the CIDR range.


PersistentVolume

A PersistentVolume (PV) is a piece of storage in the cluster that has been provisioned by an administrator or dynamically provisioned using Storage Classes.

It is a resource in the cluster just like a node is a cluster resource. PVs are volume plugins like Volumes, but have a lifecycle independent of any individual Pod that uses the PV. This API object captures the details of the implementation of the storage, be that NFS, iSCSI, or a cloud-provider-specific storage system.

Initializers

import cdk8s_plus_22

cdk8s_plus_22.PersistentVolume(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  access_modes: typing.List[PersistentVolumeAccessMode] = None,
  claim: IPersistentVolumeClaim = None,
  mount_options: typing.List[str] = None,
  reclaim_policy: PersistentVolumeReclaimPolicy = None,
  storage: Size = None,
  storage_class_name: str = None,
  volume_mode: PersistentVolumeMode = None
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


access_modesOptional

Contains all ways the volume can be mounted.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes


claimOptional

Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.

Expected to be non-nil when bound.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding


mount_optionsOptional
  • Type: typing.List[str]
  • Default: No options.

A list of mount options, e.g. [“ro”, “soft”]. Not validated - mount will simply fail if one is invalid.

https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options


reclaim_policyOptional

When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource.

The reclaim policy tells the cluster what to do with the volume after it has been released of its claim.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming


storageOptional

What is the storage capacity of this volume.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources


storage_class_nameOptional
  • Type: str
  • Default: Volume does not belong to any storage class.

Name of StorageClass to which this persistent volume belongs.


volume_modeOptional

Defines what type of volume is required by the claim.


Methods

as_volume
def as_volume()
bind
def bind(
  claim: IPersistentVolumeClaim
)
claimRequired

The PVC to bind to.


reserve
def reserve()

Static Functions

from_persistent_volume_name
import cdk8s_plus_22

cdk8s_plus_22.PersistentVolume.from_persistent_volume_name(
  scope: Construct,
  id: str,
  volume_name: str
)
scopeRequired

idRequired
  • Type: str

volume_nameRequired
  • Type: str

Properties

modeRequired
mode: PersistentVolumeMode

Volume mode of this volume.


reclaim_policyRequired
reclaim_policy: PersistentVolumeReclaimPolicy

Reclaim policy of this volume.


resource_typeRequired
resource_type: str
  • Type: str

The name of a resource type as it appears in the relevant API endpoint.


access_modesOptional
access_modes: typing.List[PersistentVolumeAccessMode]

Access modes requirement of this claim.


claimOptional
claim: IPersistentVolumeClaim

PVC this volume is bound to.

Undefined means this volume is not yet claimed by any PVC.


mount_optionsOptional
mount_options: typing.List[str]
  • Type: typing.List[str]

Mount options of this volume.


storageOptional
storage: Size

Storage size of this volume.


storage_class_nameOptional
storage_class_name: str
  • Type: str

Storage class this volume belongs to.


PersistentVolumeClaim

A PersistentVolumeClaim (PVC) is a request for storage by a user.

It is similar to a Pod. Pods consume node resources and PVCs consume PV resources. Pods can request specific levels of resources (CPU and Memory). Claims can request specific size and access modes

Initializers

import cdk8s_plus_22

cdk8s_plus_22.PersistentVolumeClaim(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  access_modes: typing.List[PersistentVolumeAccessMode] = None,
  storage: Size = None,
  storage_class_name: str = None,
  volume: IPersistentVolume = None,
  volume_mode: PersistentVolumeMode = None
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


access_modesOptional

Contains the access modes the volume should support.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1


storageOptional
  • Type: cdk8s.Size
  • Default: No storage requirement.

Minimum storage size the volume should have.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources


storage_class_nameOptional
  • Type: str
  • Default: Not set.

Name of the StorageClass required by the claim. When this property is not set, the behavior is as follows:.

  • If the admission plugin is turned on, the storage class marked as default will be used.
  • If the admission plugin is turned off, the pvc can only be bound to volumes without a storage class.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1


volumeOptional

The PersistentVolume backing this claim.

The control plane still checks that storage class, access modes, and requested storage size on the volume are valid.

Note that in order to guarantee a proper binding, the volume should also define a claimRef referring to this claim. Otherwise, the volume may be claimed be other pvc’s before it gets a chance to bind to this one.

If the volume is managed (i.e not imported), you can use pv.claim() to easily create a bi-directional bounded claim.

https://kubernetes.io/docs/concepts/storage/persistent-volumes/#binding.


volume_modeOptional

Defines what type of volume is required by the claim.


Methods

bind
def bind(
  vol: IPersistentVolume
)
volRequired

The PV to bind to.


Static Functions

from_claim_name
import cdk8s_plus_22

cdk8s_plus_22.PersistentVolumeClaim.from_claim_name(
  scope: Construct,
  id: str,
  claim_name: str
)
scopeRequired

idRequired
  • Type: str

claim_nameRequired
  • Type: str

Properties

resource_typeRequired
resource_type: str
  • Type: str

The name of a resource type as it appears in the relevant API endpoint.


volume_modeRequired
volume_mode: PersistentVolumeMode

Volume mode requirement of this claim.


access_modesOptional
access_modes: typing.List[PersistentVolumeAccessMode]

Access modes requirement of this claim.


storageOptional
storage: Size

Storage requirement of this claim.


storage_class_nameOptional
storage_class_name: str
  • Type: str

Storage class requirment of this claim.


volumeOptional
volume: IPersistentVolume

PV this claim is bound to.

Undefined means the claim is not bound to any specific volume.


Pod

Pod is a collection of containers that can run on a host.

This resource is created by clients and scheduled onto hosts.

Initializers

import cdk8s_plus_22

cdk8s_plus_22.Pod(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  automount_service_account_token: bool = None,
  containers: typing.List[ContainerProps] = None,
  dns: PodDnsProps = None,
  docker_registry_auth: DockerConfigSecret = None,
  host_aliases: typing.List[HostAlias] = None,
  init_containers: typing.List[ContainerProps] = None,
  restart_policy: RestartPolicy = None,
  security_context: PodSecurityContextProps = None,
  service_account: IServiceAccount = None,
  volumes: typing.List[Volume] = None
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


automount_service_account_tokenOptional
  • Type: bool
  • Default: true

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


docker_registry_authOptional

A secret containing docker credentials for authenticating to a registry.


host_aliasesOptional

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


init_containersOptional

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


restart_policyOptional

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


security_contextOptional

SecurityContext holds pod-level security attributes and common container settings.


service_accountOptional

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


volumesOptional

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


Properties

connectionsRequired
connections: PodConnections

pod_metadataRequired
pod_metadata: ApiObjectMetadataDefinition

resource_typeRequired
resource_type: str
  • Type: str

The name of a resource type as it appears in the relevant API endpoint.


schedulingRequired
scheduling: PodScheduling

Constants

ADDRESS_LABEL
  • Type: str

This label is autoamtically added by cdk8s to any pod.

It provides a unique and stable identifier for the pod.


Pods

Represents a group of pods.

Initializers

import cdk8s_plus_22

cdk8s_plus_22.Pods(
  scope: Construct,
  id: str,
  expressions: typing.List[LabelExpression] = None,
  labels: typing.Mapping[str] = None,
  namespaces: INamespaceSelector = None
)
scopeRequired

idRequired
  • Type: str

expressionsOptional

labelsOptional
  • Type: typing.Mapping[str]

namespacesOptional

Methods

to_network_policy_peer_config
def to_network_policy_peer_config()
to_pod_selector
def to_pod_selector()
to_pod_selector_config
def to_pod_selector_config()

Static Functions

all
import cdk8s_plus_22

cdk8s_plus_22.Pods.all(
  scope: Construct,
  id: str,
  namespaces: Namespaces = None
)
scopeRequired

idRequired
  • Type: str

namespacesOptional

Namespaces the pods are allowed to be in.

Use Namespaces.all() to allow all namespaces.


select
import cdk8s_plus_22

cdk8s_plus_22.Pods.select(
  scope: Construct,
  id: str,
  expressions: typing.List[LabelExpression] = None,
  labels: typing.Mapping[str] = None,
  namespaces: Namespaces = None
)
scopeRequired

idRequired
  • Type: str

expressionsOptional

Expressions the pods must satisify.


labelsOptional
  • Type: typing.Mapping[str]
  • Default: no strict labels requirements.

Labels the pods must have.


namespacesOptional

Namespaces the pods are allowed to be in.

Use Namespaces.all() to allow all namespaces.


Resource

Base class for all Kubernetes objects in stdk8s.

Represents a single resource.

Initializers

import cdk8s_plus_22

cdk8s_plus_22.Resource(
  scope: Construct,
  id: str
)
scopeRequired

idRequired
  • Type: str

Methods

as_api_resource
def as_api_resource()
as_non_api_resource
def as_non_api_resource()

Properties

api_groupRequired
api_group: str
  • Type: str

The group portion of the API version (e.g. “authorization.k8s.io”).


api_versionRequired
api_version: str
  • Type: str

The object’s API version (e.g. “authorization.k8s.io/v1”).


kindRequired
kind: str
  • Type: str

The object kind (e.g. “Deployment”).


metadataRequired
metadata: ApiObjectMetadataDefinition

nameRequired
name: str
  • Type: str

The name of this API object.


permissionsRequired
permissions: ResourcePermissions

resource_typeRequired
resource_type: str
  • Type: str

The name of a resource type as it appears in the relevant API endpoint.


resource_nameOptional
resource_name: str
  • Type: str

The unique, namespace-global, name of an object inside the Kubernetes cluster.

If this is omitted, the ApiResource should represent all objects of the given type.


Role

Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.

Initializers

import cdk8s_plus_22

cdk8s_plus_22.Role(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  rules: typing.List[RolePolicyRule] = None
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


rulesOptional

A list of rules the role should allow.


Methods

allow
def allow(
  verbs: typing.List[str],
  resources: IApiResource
)
verbsRequired
  • Type: typing.List[str]

resourcesRequired

The resource(s) to apply to.


allow_create
def allow_create(
  resources: IApiResource
)
resourcesRequired

The resource(s) to apply to.


allow_delete
def allow_delete(
  resources: IApiResource
)
resourcesRequired

The resource(s) to apply to.


allow_delete_collection
def allow_delete_collection(
  resources: IApiResource
)
resourcesRequired

The resource(s) to apply to.


allow_get
def allow_get(
  resources: IApiResource
)
resourcesRequired

The resource(s) to apply to.


allow_list
def allow_list(
  resources: IApiResource
)
resourcesRequired

The resource(s) to apply to.


allow_patch
def allow_patch(
  resources: IApiResource
)
resourcesRequired

The resource(s) to apply to.


allow_read
def allow_read(
  resources: IApiResource
)
resourcesRequired

The resource(s) to apply to.


allow_read_write
def allow_read_write(
  resources: IApiResource
)
resourcesRequired

The resource(s) to apply to.


allow_update
def allow_update(
  resources: IApiResource
)
resourcesRequired

The resource(s) to apply to.


allow_watch
def allow_watch(
  resources: IApiResource
)
resourcesRequired

The resource(s) to apply to.


bind
def bind(
  subjects: ISubject
)
subjectsRequired

a list of subjects to bind to.


Static Functions

from_role_name
import cdk8s_plus_22

cdk8s_plus_22.Role.from_role_name(
  scope: Construct,
  id: str,
  name: str
)
scopeRequired

idRequired
  • Type: str

nameRequired
  • Type: str

Properties

resource_typeRequired
resource_type: str
  • Type: str

The name of a resource type as it appears in the relevant API endpoint.


rulesRequired
rules: typing.List[RolePolicyRule]

Rules associaated with this Role.

Returns a copy, use allow to add rules.


RoleBinding

A RoleBinding grants permissions within a specific namespace to a user or set of users.

Initializers

import cdk8s_plus_22

cdk8s_plus_22.RoleBinding(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  role: IRole
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


roleRequired

The role to bind to.

A RoleBinding can reference a Role or a ClusterRole.


Methods

add_subjects
def add_subjects(
  subjects: ISubject
)
subjectsRequired

The subjects to add.


Properties

resource_typeRequired
resource_type: str
  • Type: str

The name of a resource type as it appears in the relevant API endpoint.


roleRequired
role: IRole

subjectsRequired
subjects: typing.List[ISubject]

Secret

Kubernetes Secrets let you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys.

Storing confidential information in a Secret is safer and more flexible than putting it verbatim in a Pod definition or in a container image.

https://kubernetes.io/docs/concepts/configuration/secret

Initializers

import cdk8s_plus_22

cdk8s_plus_22.Secret(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  immutable: bool = None,
  string_data: typing.Mapping[str] = None,
  type: str = None
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
  • Type: bool
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


string_dataOptional
  • Type: typing.Mapping[str]

stringData allows specifying non-binary secret data in string form.

It is provided as a write-only convenience method. All keys and values are merged into the data field on write, overwriting any existing values. It is never output when reading from the API.


typeOptional
  • Type: str
  • Default: undefined - Don’t set a type.

Optional type associated with the secret.

Used to facilitate programmatic handling of secret data by various controllers.


Methods

add_string_data
def add_string_data(
  key: str,
  value: str
)
keyRequired
  • Type: str

Key.


valueRequired
  • Type: str

Value.


get_string_data
def get_string_data(
  key: str
)
keyRequired
  • Type: str

Key.


Static Functions

from_secret_name
import cdk8s_plus_22

cdk8s_plus_22.Secret.from_secret_name(
  scope: Construct,
  id: str,
  name: str
)
scopeRequired

idRequired
  • Type: str

nameRequired
  • Type: str

Properties

immutableRequired
immutable: bool
  • Type: bool

Whether or not the secret is immutable.


resource_typeRequired
resource_type: str
  • Type: str

The name of a resource type as it appears in the relevant API endpoint.


Service

An abstract way to expose an application running on a set of Pods as a network service.

With Kubernetes you don’t need to modify your application to use an unfamiliar service discovery mechanism. Kubernetes gives Pods their own IP addresses and a single DNS name for a set of Pods, and can load-balance across them.

For example, consider a stateless image-processing backend which is running with 3 replicas. Those replicas are fungible—frontends do not care which backend they use. While the actual Pods that compose the backend set may change, the frontend clients should not need to be aware of that, nor should they need to keep track of the set of backends themselves. The Service abstraction enables this decoupling.

If you’re able to use Kubernetes APIs for service discovery in your application, you can query the API server for Endpoints, that get updated whenever the set of Pods in a Service changes. For non-native applications, Kubernetes offers ways to place a network port or load balancer in between your application and the backend Pods.

Initializers

import cdk8s_plus_22

cdk8s_plus_22.Service(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  cluster_i_p: str = None,
  external_i_ps: typing.List[str] = None,
  external_name: str = None,
  load_balancer_source_ranges: typing.List[str] = None,
  ports: typing.List[ServicePort] = None,
  selector: IPodSelector = None,
  type: ServiceType = None
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


cluster_i_pOptional
  • Type: str
  • Default: Automatically assigned.

The IP address of the service and is usually assigned randomly by the master.

If an address is specified manually and is not in use by others, it will be allocated to the service; otherwise, creation of the service will fail. This field can not be changed through updates. Valid values are “None”, empty string (“”), or a valid IP address. “None” can be specified for headless services when proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName.

https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies


external_i_psOptional
  • Type: typing.List[str]
  • Default: No external IPs.

A list of IP addresses for which nodes in the cluster will also accept traffic for this service.

These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.


external_nameOptional
  • Type: str
  • Default: No external name.

The externalName to be used when ServiceType.EXTERNAL_NAME is set.


load_balancer_source_rangesOptional
  • Type: typing.List[str]

A list of CIDR IP addresses, if specified and supported by the platform, will restrict traffic through the cloud-provider load-balancer to the specified client IPs.

More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/


portsOptional

The ports this service binds to.

If the selector of the service is a managed pod / workload, its ports will are automatically extracted and used as the default value. Otherwise, no ports are bound.


selectorOptional
  • Type: cdk8s_plus_22.IPodSelector
  • Default: unset, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify.

Which pods should the service select and route to.

You can pass one of the following:

  • An instance of Pod or any workload resource (e.g Deployment, StatefulSet, …)
  • Pods selected by the Pods.select function. Note that in this case only labels can be specified.

typeOptional

Determines how the Service is exposed.

More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types


Methods

bind
def bind(
  port: typing.Union[int, float],
  name: str = None,
  node_port: typing.Union[int, float] = None,
  protocol: Protocol = None,
  target_port: typing.Union[int, float] = None
)
portRequired
  • Type: typing.Union[int, float]

The port definition.


nameOptional
  • Type: str

The name of this port within the service.

This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. This maps to the ‘Name’ field in EndpointPort objects. Optional if only one ServicePort is defined on this service.


node_portOptional
  • Type: typing.Union[int, float]
  • Default: auto-allocate a port if the ServiceType of this Service requires one.

The port on each node on which this service is exposed when type=NodePort or LoadBalancer.

Usually assigned by the system. If specified, it will be allocated to the service if unused or else creation of the service will fail. Default is to auto-allocate a port if the ServiceType of this Service requires one.

https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport


protocolOptional

The IP protocol for this port.

Supports “TCP”, “UDP”, and “SCTP”. Default is TCP.


target_portOptional
  • Type: typing.Union[int, float]
  • Default: The value of port will be used.

The port number the service will redirect to.


expose_via_ingress
def expose_via_ingress(
  path: str,
  ingress: Ingress = None,
  path_type: HttpIngressPathType = None
)
pathRequired
  • Type: str

The path to expose the service under.


ingressOptional

The ingress to add rules to.


path_typeOptional

The type of the path.


select
def select(
  selector: IPodSelector
)
selectorRequired

select_label
def select_label(
  key: str,
  value: str
)
keyRequired
  • Type: str

valueRequired
  • Type: str

Properties

portsRequired
ports: typing.List[ServicePort]

Ports for this service.

Use bind() to bind additional service ports.


resource_typeRequired
resource_type: str
  • Type: str

The name of a resource type as it appears in the relevant API endpoint.


typeRequired
type: ServiceType

Determines how the Service is exposed.


cluster_i_pOptional
cluster_i_p: str
  • Type: str

The IP address of the service and is usually assigned randomly by the master.


external_nameOptional
external_name: str
  • Type: str

The externalName to be used for EXTERNAL_NAME types.


ServiceAccount

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account

Initializers

import cdk8s_plus_22

cdk8s_plus_22.ServiceAccount(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  automount_token: bool = None,
  secrets: typing.List[ISecret] = None
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


automount_tokenOptional
  • Type: bool
  • Default: true

Indicates whether pods running as this service account should have an API token automatically mounted.

Can be overridden at the pod level.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


secretsOptional

List of secrets allowed to be used by pods running using this ServiceAccount.

https://kubernetes.io/docs/concepts/configuration/secret


Methods

add_secret
def add_secret(
  secr: ISecret
)
secrRequired

The secret.


to_subject_configuration
def to_subject_configuration()

Static Functions

from_service_account_name
import cdk8s_plus_22

cdk8s_plus_22.ServiceAccount.from_service_account_name(
  scope: Construct,
  id: str,
  name: str
)
scopeRequired

idRequired
  • Type: str

nameRequired
  • Type: str

The name of the service account resource.


Properties

automount_tokenRequired
automount_token: bool
  • Type: bool

Whether or not a token is automatically mounted for this service account.


resource_typeRequired
resource_type: str
  • Type: str

The name of a resource type as it appears in the relevant API endpoint.


secretsRequired
secrets: typing.List[ISecret]

List of secrets allowed to be used by pods running using this service account.

Returns a copy. To add a secret, use addSecret().


ServiceAccountTokenSecret

Create a secret for a service account token.

https://kubernetes.io/docs/concepts/configuration/secret/#service-account-token-secrets

Initializers

import cdk8s_plus_22

cdk8s_plus_22.ServiceAccountTokenSecret(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  immutable: bool = None,
  service_account: IServiceAccount
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
  • Type: bool
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


service_accountRequired

The service account to store a secret for.


SshAuthSecret

Create a secret for ssh authentication.

https://kubernetes.io/docs/concepts/configuration/secret/#ssh-authentication-secrets

Initializers

import cdk8s_plus_22

cdk8s_plus_22.SshAuthSecret(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  immutable: bool = None,
  ssh_private_key: str
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
  • Type: bool
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


ssh_private_keyRequired
  • Type: str

The SSH private key to use.


StatefulSet

StatefulSet is the workload API object used to manage stateful applications.

Manages the deployment and scaling of a set of Pods, and provides guarantees about the ordering and uniqueness of these Pods.

Like a Deployment, a StatefulSet manages Pods that are based on an identical container spec. Unlike a Deployment, a StatefulSet maintains a sticky identity for each of their Pods. These pods are created from the same spec, but are not interchangeable: each has a persistent identifier that it maintains across any rescheduling.

If you want to use storage volumes to provide persistence for your workload, you can use a StatefulSet as part of the solution. Although individual Pods in a StatefulSet are susceptible to failure, the persistent Pod identifiers make it easier to match existing volumes to the new Pods that replace any that have failed.

Using StatefulSets

StatefulSets are valuable for applications that require one or more of the following.

  • Stable, unique network identifiers.
  • Stable, persistent storage.
  • Ordered, graceful deployment and scaling.
  • Ordered, automated rolling updates.

Initializers

import cdk8s_plus_22

cdk8s_plus_22.StatefulSet(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  automount_service_account_token: bool = None,
  containers: typing.List[ContainerProps] = None,
  dns: PodDnsProps = None,
  docker_registry_auth: DockerConfigSecret = None,
  host_aliases: typing.List[HostAlias] = None,
  init_containers: typing.List[ContainerProps] = None,
  restart_policy: RestartPolicy = None,
  security_context: PodSecurityContextProps = None,
  service_account: IServiceAccount = None,
  volumes: typing.List[Volume] = None,
  pod_metadata: ApiObjectMetadata = None,
  select: bool = None,
  service: Service,
  min_ready: Duration = None,
  pod_management_policy: PodManagementPolicy = None,
  replicas: typing.Union[int, float] = None,
  strategy: StatefulSetUpdateStrategy = None
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


automount_service_account_tokenOptional
  • Type: bool
  • Default: true

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


docker_registry_authOptional

A secret containing docker credentials for authenticating to a registry.


host_aliasesOptional

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


init_containersOptional

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


restart_policyOptional

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


security_contextOptional

SecurityContext holds pod-level security attributes and common container settings.


service_accountOptional

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


volumesOptional

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


pod_metadataOptional

The pod metadata of this workload.


selectOptional
  • Type: bool
  • Default: true

Automatically allocates a pod label selector for this workload and add it to the pod metadata.

This ensures this workload manages pods created by its pod template.


serviceRequired

Service to associate with the statefulset.


min_readyOptional

Minimum duration for which a newly created pod should be ready without any of its container crashing, for it to be considered available.

Zero means the pod will be considered available as soon as it is ready.

This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate.

https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#min-ready-seconds


pod_management_policyOptional

Pod management policy to use for this statefulset.


replicasOptional
  • Type: typing.Union[int, float]
  • Default: 1

Number of desired pods.


strategyOptional

Indicates the StatefulSetUpdateStrategy that will be employed to update Pods in the StatefulSet when a revision is made to Template.


Properties

min_readyRequired
min_ready: Duration

Minimum duration for which a newly created pod should be ready without any of its container crashing, for it to be considered available.


pod_management_policyRequired
pod_management_policy: PodManagementPolicy

Management policy to use for the set.


replicasRequired
replicas: typing.Union[int, float]
  • Type: typing.Union[int, float]

Number of desired pods.


resource_typeRequired
resource_type: str
  • Type: str

The name of a resource type as it appears in the relevant API endpoint.


strategyRequired
strategy: StatefulSetUpdateStrategy

The update startegy of this stateful set.


TlsSecret

Create a secret for storing a TLS certificate and its associated key.

https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets

Initializers

import cdk8s_plus_22

cdk8s_plus_22.TlsSecret(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  immutable: bool = None,
  tls_cert: str,
  tls_key: str
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
  • Type: bool
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


tls_certRequired
  • Type: str

The TLS cert.


tls_keyRequired
  • Type: str

The TLS key.


User

Represents a user.

Methods

to_subject_configuration
def to_subject_configuration()

Static Functions

from_name
import cdk8s_plus_22

cdk8s_plus_22.User.from_name(
  scope: Construct,
  id: str,
  name: str
)
scopeRequired

idRequired
  • Type: str

nameRequired
  • Type: str

Properties

kindRequired
kind: str
  • Type: str

nameRequired
name: str
  • Type: str

api_groupOptional
api_group: str
  • Type: str

Volume

Volume represents a named volume in a pod that may be accessed by any container in the pod.

Docker also has a concept of volumes, though it is somewhat looser and less managed. In Docker, a volume is simply a directory on disk or in another Container. Lifetimes are not managed and until very recently there were only local-disk-backed volumes. Docker now provides volume drivers, but the functionality is very limited for now (e.g. as of Docker 1.7 only one volume driver is allowed per Container and there is no way to pass parameters to volumes).

A Kubernetes volume, on the other hand, has an explicit lifetime - the same as the Pod that encloses it. Consequently, a volume outlives any Containers that run within the Pod, and data is preserved across Container restarts. Of course, when a Pod ceases to exist, the volume will cease to exist, too. Perhaps more importantly than this, Kubernetes supports many types of volumes, and a Pod can use any number of them simultaneously.

At its core, a volume is just a directory, possibly with some data in it, which is accessible to the Containers in a Pod. How that directory comes to be, the medium that backs it, and the contents of it are determined by the particular volume type used.

To use a volume, a Pod specifies what volumes to provide for the Pod (the .spec.volumes field) and where to mount those into Containers (the .spec.containers[*].volumeMounts field).

A process in a container sees a filesystem view composed from their Docker image and volumes. The Docker image is at the root of the filesystem hierarchy, and any volumes are mounted at the specified paths within the image. Volumes can not mount onto other volumes

Methods

as_volume
def as_volume()

Static Functions

from_aws_elastic_block_store
import cdk8s_plus_22

cdk8s_plus_22.Volume.from_aws_elastic_block_store(
  scope: Construct,
  id: str,
  volume_id: str,
  fs_type: str = None,
  name: str = None,
  partition: typing.Union[int, float] = None,
  read_only: bool = None
)
scopeRequired

idRequired
  • Type: str

volume_idRequired
  • Type: str

fs_typeOptional
  • Type: str
  • Default: ‘ext4’

Filesystem type of the volume that you want to mount.

Tip: Ensure that the filesystem type is supported by the host operating system.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


nameOptional
  • Type: str
  • Default: auto-generated

The volume name.


partitionOptional
  • Type: typing.Union[int, float]
  • Default: No partition.

The partition in the volume that you want to mount.

If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as “1”. Similarly, the volume partition for /dev/sda is “0” (or you can leave the property empty).


read_onlyOptional
  • Type: bool
  • Default: false

Specify “true” to force and set the ReadOnly property in VolumeMounts to “true”.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


from_azure_disk
import cdk8s_plus_22

cdk8s_plus_22.Volume.from_azure_disk(
  scope: Construct,
  id: str,
  disk_name: str,
  disk_uri: str,
  caching_mode: AzureDiskPersistentVolumeCachingMode = None,
  fs_type: str = None,
  kind: AzureDiskPersistentVolumeKind = None,
  name: str = None,
  read_only: bool = None
)
scopeRequired

idRequired
  • Type: str

disk_nameRequired
  • Type: str

disk_uriRequired
  • Type: str

caching_modeOptional

Host Caching mode.


fs_typeOptional
  • Type: str
  • Default: ‘ext4’

Filesystem type to mount.

Must be a filesystem type supported by the host operating system.


kindOptional

Kind of disk.


nameOptional
  • Type: str
  • Default: auto-generated

The volume name.


read_onlyOptional
  • Type: bool
  • Default: false

Force the ReadOnly setting in VolumeMounts.


from_config_map
import cdk8s_plus_22

cdk8s_plus_22.Volume.from_config_map(
  scope: Construct,
  id: str,
  config_map: IConfigMap,
  default_mode: typing.Union[int, float] = None,
  items: typing.Mapping[PathMapping] = None,
  name: str = None,
  optional: bool = None
)
scopeRequired

idRequired
  • Type: str

config_mapRequired

The config map to use to populate the volume.


default_modeOptional
  • Type: typing.Union[int, float]
  • Default: 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Mode bits to use on created files by default.

Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.


itemsOptional

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value.

If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the ‘..’ path or start with ‘..’.


nameOptional
  • Type: str
  • Default: auto-generated

The volume name.


optionalOptional
  • Type: bool
  • Default: undocumented

Specify whether the ConfigMap or its keys must be defined.


from_empty_dir
import cdk8s_plus_22

cdk8s_plus_22.Volume.from_empty_dir(
  scope: Construct,
  id: str,
  name: str,
  medium: EmptyDirMedium = None,
  size_limit: Size = None
)
scopeRequired

idRequired
  • Type: str

nameRequired
  • Type: str

mediumOptional

By default, emptyDir volumes are stored on whatever medium is backing the node - that might be disk or SSD or network storage, depending on your environment.

However, you can set the emptyDir.medium field to EmptyDirMedium.MEMORY to tell Kubernetes to mount a tmpfs (RAM-backed filesystem) for you instead. While tmpfs is very fast, be aware that unlike disks, tmpfs is cleared on node reboot and any files you write will count against your Container’s memory limit.


size_limitOptional

Total amount of local storage required for this EmptyDir volume.

The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod.


from_gce_persistent_disk
import cdk8s_plus_22

cdk8s_plus_22.Volume.from_gce_persistent_disk(
  scope: Construct,
  id: str,
  pd_name: str,
  fs_type: str = None,
  name: str = None,
  partition: typing.Union[int, float] = None,
  read_only: bool = None
)
scopeRequired

idRequired
  • Type: str

pd_nameRequired
  • Type: str

fs_typeOptional
  • Type: str
  • Default: ‘ext4’

Filesystem type of the volume that you want to mount.

Tip: Ensure that the filesystem type is supported by the host operating system.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


nameOptional
  • Type: str
  • Default: auto-generated

The volume name.


partitionOptional
  • Type: typing.Union[int, float]
  • Default: No partition.

The partition in the volume that you want to mount.

If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as “1”. Similarly, the volume partition for /dev/sda is “0” (or you can leave the property empty).


read_onlyOptional
  • Type: bool
  • Default: false

Specify “true” to force and set the ReadOnly property in VolumeMounts to “true”.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


from_host_path
import cdk8s_plus_22

cdk8s_plus_22.Volume.from_host_path(
  scope: Construct,
  id: str,
  name: str,
  path: str,
  type: HostPathVolumeType = None
)
scopeRequired

idRequired
  • Type: str

nameRequired
  • Type: str

pathRequired
  • Type: str

The path of the directory on the host.


typeOptional

The expected type of the path found on the host.


from_persistent_volume_claim
import cdk8s_plus_22

cdk8s_plus_22.Volume.from_persistent_volume_claim(
  scope: Construct,
  id: str,
  claim: IPersistentVolumeClaim,
  name: str = None,
  read_only: bool = None
)
scopeRequired

idRequired
  • Type: str

claimRequired

nameOptional
  • Type: str
  • Default: Derived from the PVC name.

The volume name.


read_onlyOptional
  • Type: bool
  • Default: false

Will force the ReadOnly setting in VolumeMounts.


from_secret
import cdk8s_plus_22

cdk8s_plus_22.Volume.from_secret(
  scope: Construct,
  id: str,
  secr: ISecret,
  default_mode: typing.Union[int, float] = None,
  items: typing.Mapping[PathMapping] = None,
  name: str = None,
  optional: bool = None
)
scopeRequired

idRequired
  • Type: str

secrRequired

The secret to use to populate the volume.


default_modeOptional
  • Type: typing.Union[int, float]
  • Default: 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Mode bits to use on created files by default.

Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.


itemsOptional

If unspecified, each key-value pair in the Data field of the referenced secret will be projected into the volume as a file whose name is the key and content is the value.

If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the ‘..’ path or start with ‘..’.


nameOptional
  • Type: str
  • Default: auto-generated

The volume name.


optionalOptional
  • Type: bool
  • Default: undocumented

Specify whether the secret or its keys must be defined.


Properties

nameRequired
name: str
  • Type: str

Workload

A workload is an application running on Kubernetes.

Whether your workload is a single component or several that work together, on Kubernetes you run it inside a set of pods. In Kubernetes, a Pod represents a set of running containers on your cluster.

Initializers

import cdk8s_plus_22

cdk8s_plus_22.Workload(
  scope: Construct,
  id: str,
  metadata: ApiObjectMetadata = None,
  automount_service_account_token: bool = None,
  containers: typing.List[ContainerProps] = None,
  dns: PodDnsProps = None,
  docker_registry_auth: DockerConfigSecret = None,
  host_aliases: typing.List[HostAlias] = None,
  init_containers: typing.List[ContainerProps] = None,
  restart_policy: RestartPolicy = None,
  security_context: PodSecurityContextProps = None,
  service_account: IServiceAccount = None,
  volumes: typing.List[Volume] = None,
  pod_metadata: ApiObjectMetadata = None,
  select: bool = None
)
scopeRequired

idRequired
  • Type: str

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


automount_service_account_tokenOptional
  • Type: bool
  • Default: true

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


docker_registry_authOptional

A secret containing docker credentials for authenticating to a registry.


host_aliasesOptional

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


init_containersOptional

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


restart_policyOptional

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


security_contextOptional

SecurityContext holds pod-level security attributes and common container settings.


service_accountOptional

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


volumesOptional

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


pod_metadataOptional

The pod metadata of this workload.


selectOptional
  • Type: bool
  • Default: true

Automatically allocates a pod label selector for this workload and add it to the pod metadata.

This ensures this workload manages pods created by its pod template.


Methods

select
def select(
  selectors: LabelSelector
)
selectorsRequired

Properties

connectionsRequired
connections: PodConnections

match_expressionsRequired
match_expressions: typing.List[LabelSelectorRequirement]

The expression matchers this workload will use in order to select pods.

Returns a a copy. Use select() to add expression matchers.


match_labelsRequired
match_labels: typing.Mapping[str]
  • Type: typing.Mapping[str]

The label matchers this workload will use in order to select pods.

Returns a a copy. Use select() to add label matchers.


pod_metadataRequired
pod_metadata: ApiObjectMetadataDefinition

The metadata of pods in this workload.


schedulingRequired
scheduling: WorkloadScheduling

Structs

AbstractPodProps

Properties for AbstractPod.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.AbstractPodProps(
  metadata: ApiObjectMetadata = None,
  automount_service_account_token: bool = None,
  containers: typing.List[ContainerProps] = None,
  dns: PodDnsProps = None,
  docker_registry_auth: DockerConfigSecret = None,
  host_aliases: typing.List[HostAlias] = None,
  init_containers: typing.List[ContainerProps] = None,
  restart_policy: RestartPolicy = None,
  security_context: PodSecurityContextProps = None,
  service_account: IServiceAccount = None,
  volumes: typing.List[Volume] = None
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


automount_service_account_tokenOptional
automount_service_account_token: bool
  • Type: bool
  • Default: true

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional
containers: typing.List[ContainerProps]

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional
dns: PodDnsProps

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


docker_registry_authOptional
docker_registry_auth: DockerConfigSecret

A secret containing docker credentials for authenticating to a registry.


host_aliasesOptional
host_aliases: typing.List[HostAlias]

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


init_containersOptional
init_containers: typing.List[ContainerProps]

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


restart_policyOptional
restart_policy: RestartPolicy

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


security_contextOptional
security_context: PodSecurityContextProps

SecurityContext holds pod-level security attributes and common container settings.


service_accountOptional
service_account: IServiceAccount

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


volumesOptional
volumes: typing.List[Volume]

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


AddDeploymentOptions

Options to add a deployment to a service.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.AddDeploymentOptions(
  name: str = None,
  node_port: typing.Union[int, float] = None,
  protocol: Protocol = None,
  target_port: typing.Union[int, float] = None,
  port: typing.Union[int, float] = None
)
nameOptional
name: str
  • Type: str

The name of this port within the service.

This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. This maps to the ‘Name’ field in EndpointPort objects. Optional if only one ServicePort is defined on this service.


node_portOptional
node_port: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: auto-allocate a port if the ServiceType of this Service requires one.

The port on each node on which this service is exposed when type=NodePort or LoadBalancer.

Usually assigned by the system. If specified, it will be allocated to the service if unused or else creation of the service will fail. Default is to auto-allocate a port if the ServiceType of this Service requires one.

https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport


protocolOptional
protocol: Protocol

The IP protocol for this port.

Supports “TCP”, “UDP”, and “SCTP”. Default is TCP.


target_portOptional
target_port: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: The value of port will be used.

The port number the service will redirect to.


portOptional
port: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: Copied from the first container of the deployment.

The port number the service will bind to.


AddDirectoryOptions

Options for configmap.addDirectory().

Initializer

import cdk8s_plus_22

cdk8s_plus_22.AddDirectoryOptions(
  exclude: typing.List[str] = None,
  key_prefix: str = None
)
excludeOptional
exclude: typing.List[str]
  • Type: typing.List[str]
  • Default: include all files

Glob patterns to exclude when adding files.


key_prefixOptional
key_prefix: str
  • Type: str
  • Default: “”

A prefix to add to all keys in the config map.


ApiResourceOptions

Options for ApiResource.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.ApiResourceOptions(
  api_group: str,
  resource_type: str
)
api_groupRequired
api_group: str
  • Type: str

The group portion of the API version (e.g. authorization.k8s.io).


resource_typeRequired
resource_type: str
  • Type: str

The name of the resource type as it appears in the relevant API endpoint.

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources


AwsElasticBlockStorePersistentVolumeProps

Properties for AwsElasticBlockStorePersistentVolume.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.AwsElasticBlockStorePersistentVolumeProps(
  metadata: ApiObjectMetadata = None,
  access_modes: typing.List[PersistentVolumeAccessMode] = None,
  claim: IPersistentVolumeClaim = None,
  mount_options: typing.List[str] = None,
  reclaim_policy: PersistentVolumeReclaimPolicy = None,
  storage: Size = None,
  storage_class_name: str = None,
  volume_mode: PersistentVolumeMode = None,
  volume_id: str,
  fs_type: str = None,
  partition: typing.Union[int, float] = None,
  read_only: bool = None
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


access_modesOptional
access_modes: typing.List[PersistentVolumeAccessMode]

Contains all ways the volume can be mounted.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes


claimOptional
claim: IPersistentVolumeClaim

Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.

Expected to be non-nil when bound.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding


mount_optionsOptional
mount_options: typing.List[str]
  • Type: typing.List[str]
  • Default: No options.

A list of mount options, e.g. [“ro”, “soft”]. Not validated - mount will simply fail if one is invalid.

https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options


reclaim_policyOptional
reclaim_policy: PersistentVolumeReclaimPolicy

When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource.

The reclaim policy tells the cluster what to do with the volume after it has been released of its claim.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming


storageOptional
storage: Size

What is the storage capacity of this volume.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources


storage_class_nameOptional
storage_class_name: str
  • Type: str
  • Default: Volume does not belong to any storage class.

Name of StorageClass to which this persistent volume belongs.


volume_modeOptional
volume_mode: PersistentVolumeMode

Defines what type of volume is required by the claim.


volume_idRequired
volume_id: str
  • Type: str

Unique ID of the persistent disk resource in AWS (Amazon EBS volume).

More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


fs_typeOptional
fs_type: str
  • Type: str
  • Default: ‘ext4’

Filesystem type of the volume that you want to mount.

Tip: Ensure that the filesystem type is supported by the host operating system.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


partitionOptional
partition: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: No partition.

The partition in the volume that you want to mount.

If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as “1”. Similarly, the volume partition for /dev/sda is “0” (or you can leave the property empty).


read_onlyOptional
read_only: bool
  • Type: bool
  • Default: false

Specify “true” to force and set the ReadOnly property in VolumeMounts to “true”.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


AwsElasticBlockStoreVolumeOptions

Options of Volume.fromAwsElasticBlockStore.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.AwsElasticBlockStoreVolumeOptions(
  fs_type: str = None,
  name: str = None,
  partition: typing.Union[int, float] = None,
  read_only: bool = None
)
fs_typeOptional
fs_type: str
  • Type: str
  • Default: ‘ext4’

Filesystem type of the volume that you want to mount.

Tip: Ensure that the filesystem type is supported by the host operating system.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


nameOptional
name: str
  • Type: str
  • Default: auto-generated

The volume name.


partitionOptional
partition: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: No partition.

The partition in the volume that you want to mount.

If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as “1”. Similarly, the volume partition for /dev/sda is “0” (or you can leave the property empty).


read_onlyOptional
read_only: bool
  • Type: bool
  • Default: false

Specify “true” to force and set the ReadOnly property in VolumeMounts to “true”.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


AzureDiskPersistentVolumeProps

Properties for AzureDiskPersistentVolume.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.AzureDiskPersistentVolumeProps(
  metadata: ApiObjectMetadata = None,
  access_modes: typing.List[PersistentVolumeAccessMode] = None,
  claim: IPersistentVolumeClaim = None,
  mount_options: typing.List[str] = None,
  reclaim_policy: PersistentVolumeReclaimPolicy = None,
  storage: Size = None,
  storage_class_name: str = None,
  volume_mode: PersistentVolumeMode = None,
  disk_name: str,
  disk_uri: str,
  caching_mode: AzureDiskPersistentVolumeCachingMode = None,
  fs_type: str = None,
  kind: AzureDiskPersistentVolumeKind = None,
  read_only: bool = None
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


access_modesOptional
access_modes: typing.List[PersistentVolumeAccessMode]

Contains all ways the volume can be mounted.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes


claimOptional
claim: IPersistentVolumeClaim

Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.

Expected to be non-nil when bound.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding


mount_optionsOptional
mount_options: typing.List[str]
  • Type: typing.List[str]
  • Default: No options.

A list of mount options, e.g. [“ro”, “soft”]. Not validated - mount will simply fail if one is invalid.

https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options


reclaim_policyOptional
reclaim_policy: PersistentVolumeReclaimPolicy

When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource.

The reclaim policy tells the cluster what to do with the volume after it has been released of its claim.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming


storageOptional
storage: Size

What is the storage capacity of this volume.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources


storage_class_nameOptional
storage_class_name: str
  • Type: str
  • Default: Volume does not belong to any storage class.

Name of StorageClass to which this persistent volume belongs.


volume_modeOptional
volume_mode: PersistentVolumeMode

Defines what type of volume is required by the claim.


disk_nameRequired
disk_name: str
  • Type: str

The Name of the data disk in the blob storage.


disk_uriRequired
disk_uri: str
  • Type: str

The URI the data disk in the blob storage.


caching_modeOptional
caching_mode: AzureDiskPersistentVolumeCachingMode

Host Caching mode.


fs_typeOptional
fs_type: str
  • Type: str
  • Default: ‘ext4’

Filesystem type to mount.

Must be a filesystem type supported by the host operating system.


kindOptional
kind: AzureDiskPersistentVolumeKind

Kind of disk.


read_onlyOptional
read_only: bool
  • Type: bool
  • Default: false

Force the ReadOnly setting in VolumeMounts.


AzureDiskVolumeOptions

Options of Volume.fromAzureDisk.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.AzureDiskVolumeOptions(
  caching_mode: AzureDiskPersistentVolumeCachingMode = None,
  fs_type: str = None,
  kind: AzureDiskPersistentVolumeKind = None,
  name: str = None,
  read_only: bool = None
)
caching_modeOptional
caching_mode: AzureDiskPersistentVolumeCachingMode

Host Caching mode.


fs_typeOptional
fs_type: str
  • Type: str
  • Default: ‘ext4’

Filesystem type to mount.

Must be a filesystem type supported by the host operating system.


kindOptional
kind: AzureDiskPersistentVolumeKind

Kind of disk.


nameOptional
name: str
  • Type: str
  • Default: auto-generated

The volume name.


read_onlyOptional
read_only: bool
  • Type: bool
  • Default: false

Force the ReadOnly setting in VolumeMounts.


BasicAuthSecretProps

Options for BasicAuthSecret.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.BasicAuthSecretProps(
  metadata: ApiObjectMetadata = None,
  immutable: bool = None,
  password: str,
  username: str
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
immutable: bool
  • Type: bool
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


passwordRequired
password: str
  • Type: str

The password or token for authentication.


usernameRequired
username: str
  • Type: str

The user name for authentication.


ClusterRoleBindingProps

Properties for ClusterRoleBinding.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.ClusterRoleBindingProps(
  metadata: ApiObjectMetadata = None,
  role: IClusterRole
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


roleRequired
role: IClusterRole

The role to bind to.


ClusterRolePolicyRule

Policy rule of a `ClusterRole.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.ClusterRolePolicyRule(
  endpoints: typing.List[IApiEndpoint],
  verbs: typing.List[str]
)
endpointsRequired
endpoints: typing.List[IApiEndpoint]

Endpoints this rule applies to.

Can be either api resources or non api resources.


verbsRequired
verbs: typing.List[str]
  • Type: typing.List[str]

Verbs to allow.

(e.g [‘get’, ‘watch’])


ClusterRoleProps

Properties for ClusterRole.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.ClusterRoleProps(
  metadata: ApiObjectMetadata = None,
  aggregation_labels: typing.Mapping[str] = None,
  rules: typing.List[ClusterRolePolicyRule] = None
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


aggregation_labelsOptional
aggregation_labels: typing.Mapping[str]
  • Type: typing.Mapping[str]

Specify labels that should be used to locate ClusterRoles, whose rules will be automatically filled into this ClusterRole’s rules.


rulesOptional
rules: typing.List[ClusterRolePolicyRule]

A list of rules the role should allow.


CommandProbeOptions

Options for Probe.fromCommand().

Initializer

import cdk8s_plus_22

cdk8s_plus_22.CommandProbeOptions(
  failure_threshold: typing.Union[int, float] = None,
  initial_delay_seconds: Duration = None,
  period_seconds: Duration = None,
  success_threshold: typing.Union[int, float] = None,
  timeout_seconds: Duration = None
)
failure_thresholdOptional
failure_threshold: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: 3

Minimum consecutive failures for the probe to be considered failed after having succeeded.

Defaults to 3. Minimum value is 1.


initial_delay_secondsOptional
initial_delay_seconds: Duration

Number of seconds after the container has started before liveness probes are initiated.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes


period_secondsOptional
period_seconds: Duration
  • Type: cdk8s.Duration
  • Default: Duration.seconds(10) Minimum value is 1.

How often (in seconds) to perform the probe.

Default to 10 seconds. Minimum value is 1.


success_thresholdOptional
success_threshold: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: 1 Must be 1 for liveness and startup. Minimum value is 1.

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1.

Must be 1 for liveness and startup. Minimum value is 1.


timeout_secondsOptional
timeout_seconds: Duration

Number of seconds after which the probe times out.

Defaults to 1 second. Minimum value is 1.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes


CommonSecretProps

Common properties for Secret.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.CommonSecretProps(
  metadata: ApiObjectMetadata = None,
  immutable: bool = None
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
immutable: bool
  • Type: bool
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


ConfigMapProps

Properties for initialization of ConfigMap.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.ConfigMapProps(
  metadata: ApiObjectMetadata = None,
  binary_data: typing.Mapping[str] = None,
  data: typing.Mapping[str] = None,
  immutable: bool = None
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


binary_dataOptional
binary_data: typing.Mapping[str]
  • Type: typing.Mapping[str]

BinaryData contains the binary data.

Each key must consist of alphanumeric characters, ‘-‘, ‘_’ or ‘.’. BinaryData can contain byte sequences that are not in the UTF-8 range. The keys stored in BinaryData must not overlap with the ones in the Data field, this is enforced during validation process.

You can also add binary data using configMap.addBinaryData().


dataOptional
data: typing.Mapping[str]
  • Type: typing.Mapping[str]

Data contains the configuration data.

Each key must consist of alphanumeric characters, ‘-‘, ‘_’ or ‘.’. Values with non-UTF-8 byte sequences must use the BinaryData field. The keys stored in Data must not overlap with the keys in the BinaryData field, this is enforced during validation process.

You can also add data using configMap.addData().


immutableOptional
immutable: bool
  • Type: bool
  • Default: false

If set to true, ensures that data stored in the ConfigMap cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


ConfigMapVolumeOptions

Options for the ConfigMap-based volume.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.ConfigMapVolumeOptions(
  default_mode: typing.Union[int, float] = None,
  items: typing.Mapping[PathMapping] = None,
  name: str = None,
  optional: bool = None
)
default_modeOptional
default_mode: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Mode bits to use on created files by default.

Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.


itemsOptional
items: typing.Mapping[PathMapping]

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value.

If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the ‘..’ path or start with ‘..’.


nameOptional
name: str
  • Type: str
  • Default: auto-generated

The volume name.


optionalOptional
optional: bool
  • Type: bool
  • Default: undocumented

Specify whether the ConfigMap or its keys must be defined.


ContainerLifecycle

Container lifecycle properties.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.ContainerLifecycle(
  post_start: Handler = None,
  pre_stop: Handler = None
)
post_startOptional
post_start: Handler

This hook is executed immediately after a container is created.

However, there is no guarantee that the hook will execute before the container ENTRYPOINT.


pre_stopOptional
pre_stop: Handler

This hook is called immediately before a container is terminated due to an API request or management event such as a liveness/startup probe failure, preemption, resource contention and others.

A call to the PreStop hook fails if the container is already in a terminated or completed state and the hook must complete before the TERM signal to stop the container can be sent. The Pod’s termination grace period countdown begins before the PreStop hook is executed, so regardless of the outcome of the handler, the container will eventually terminate within the Pod’s termination grace period. No parameters are passed to the handler.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination


ContainerProps

Properties for creating a container.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.ContainerProps(
  image: str,
  args: typing.List[str] = None,
  command: typing.List[str] = None,
  env_from: typing.List[EnvFrom] = None,
  env_variables: typing.Mapping[EnvValue] = None,
  image_pull_policy: ImagePullPolicy = None,
  lifecycle: ContainerLifecycle = None,
  liveness: Probe = None,
  name: str = None,
  port: typing.Union[int, float] = None,
  readiness: Probe = None,
  resources: ContainerResources = None,
  security_context: ContainerSecurityContextProps = None,
  startup: Probe = None,
  volume_mounts: typing.List[VolumeMount] = None,
  working_dir: str = None
)
imageRequired
image: str
  • Type: str

Docker image name.


argsOptional
args: typing.List[str]
  • Type: typing.List[str]
  • Default: []

Arguments to the entrypoint. The docker image’s CMD is used if command is not provided.

Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not.

Cannot be updated.

https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell


commandOptional
command: typing.List[str]
  • Type: typing.List[str]
  • Default: The docker image’s ENTRYPOINT.

Entrypoint array.

Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell


env_fromOptional
env_from: typing.List[EnvFrom]

List of sources to populate environment variables in the container.

When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by the envVariables property with a duplicate key will take precedence.


env_variablesOptional
env_variables: typing.Mapping[EnvValue]

Environment variables to set in the container.


image_pull_policyOptional
image_pull_policy: ImagePullPolicy

Image pull policy for this container.


lifecycleOptional
lifecycle: ContainerLifecycle

Describes actions that the management system should take in response to container lifecycle events.


livenessOptional
liveness: Probe

Periodic probe of container liveness.

Container will be restarted if the probe fails.


nameOptional
name: str
  • Type: str
  • Default: ‘main’

Name of the container specified as a DNS_LABEL.

Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.


portOptional
port: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: No port is exposed.

Number of port to expose on the pod’s IP address.

This must be a valid port number, 0 < x < 65536.


readinessOptional
readiness: Probe

Determines when the container is ready to serve traffic.


resourcesOptional
resources: ContainerResources

Compute resources (CPU and memory requests and limits) required by the container.

https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/


security_contextOptional
security_context: ContainerSecurityContextProps

SecurityContext defines the security options the container should be run with.

If set, the fields override equivalent fields of the pod’s security context.

https://kubernetes.io/docs/tasks/configure-pod-container/security-context/


startupOptional
startup: Probe

StartupProbe indicates that the Pod has successfully initialized.

If specified, no other probes are executed until this completes successfully


volume_mountsOptional
volume_mounts: typing.List[VolumeMount]

Pod volumes to mount into the container’s filesystem.

Cannot be updated.


working_dirOptional
working_dir: str
  • Type: str
  • Default: The container runtime’s default.

Container’s working directory.

If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.


ContainerResources

CPU and memory compute resources.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.ContainerResources(
  cpu: CpuResources = None,
  memory: MemoryResources = None
)
cpuOptional
cpu: CpuResources

memoryOptional
memory: MemoryResources

ContainerSecurityContextProps

Properties for ContainerSecurityContext.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.ContainerSecurityContextProps(
  ensure_non_root: bool = None,
  group: typing.Union[int, float] = None,
  privileged: bool = None,
  read_only_root_filesystem: bool = None,
  user: typing.Union[int, float] = None
)
ensure_non_rootOptional
ensure_non_root: bool
  • Type: bool
  • Default: false

Indicates that the container must run as a non-root user.

If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does.


groupOptional
group: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: Group configured by container runtime

The GID to run the entrypoint of the container process.


privilegedOptional
privileged: bool
  • Type: bool
  • Default: false

Run container in privileged mode.

Processes in privileged containers are essentially equivalent to root on the host.


read_only_root_filesystemOptional
read_only_root_filesystem: bool
  • Type: bool
  • Default: false

Whether this container has a read-only root filesystem.


userOptional
user: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: User specified in image metadata

The UID to run the entrypoint of the container process.


CpuResources

CPU request and limit.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.CpuResources(
  limit: Cpu = None,
  request: Cpu = None
)
limitOptional
limit: Cpu

requestOptional
request: Cpu

DaemonSetProps

Properties for DaemonSet.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.DaemonSetProps(
  metadata: ApiObjectMetadata = None,
  automount_service_account_token: bool = None,
  containers: typing.List[ContainerProps] = None,
  dns: PodDnsProps = None,
  docker_registry_auth: DockerConfigSecret = None,
  host_aliases: typing.List[HostAlias] = None,
  init_containers: typing.List[ContainerProps] = None,
  restart_policy: RestartPolicy = None,
  security_context: PodSecurityContextProps = None,
  service_account: IServiceAccount = None,
  volumes: typing.List[Volume] = None,
  pod_metadata: ApiObjectMetadata = None,
  select: bool = None,
  min_ready_seconds: typing.Union[int, float] = None
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


automount_service_account_tokenOptional
automount_service_account_token: bool
  • Type: bool
  • Default: true

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional
containers: typing.List[ContainerProps]

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional
dns: PodDnsProps

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


docker_registry_authOptional
docker_registry_auth: DockerConfigSecret

A secret containing docker credentials for authenticating to a registry.


host_aliasesOptional
host_aliases: typing.List[HostAlias]

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


init_containersOptional
init_containers: typing.List[ContainerProps]

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


restart_policyOptional
restart_policy: RestartPolicy

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


security_contextOptional
security_context: PodSecurityContextProps

SecurityContext holds pod-level security attributes and common container settings.


service_accountOptional
service_account: IServiceAccount

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


volumesOptional
volumes: typing.List[Volume]

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


pod_metadataOptional
pod_metadata: ApiObjectMetadata

The pod metadata of this workload.


selectOptional
select: bool
  • Type: bool
  • Default: true

Automatically allocates a pod label selector for this workload and add it to the pod metadata.

This ensures this workload manages pods created by its pod template.


min_ready_secondsOptional
min_ready_seconds: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: 0

Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available.


DeploymentExposeViaServiceOptions

Options for Deployment.exposeViaService.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.DeploymentExposeViaServiceOptions(
  name: str = None,
  ports: typing.List[ServicePort] = None,
  service_type: ServiceType = None
)
nameOptional
name: str
  • Type: str
  • Default: auto generated.

The name of the service to expose.

If you’d like to expose the deployment multiple times, you must explicitly set a name starting from the second expose call.


portsOptional
ports: typing.List[ServicePort]

The ports that the service should bind to.


service_typeOptional
service_type: ServiceType

The type of the exposed service.


DeploymentProps

Properties for Deployment.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.DeploymentProps(
  metadata: ApiObjectMetadata = None,
  automount_service_account_token: bool = None,
  containers: typing.List[ContainerProps] = None,
  dns: PodDnsProps = None,
  docker_registry_auth: DockerConfigSecret = None,
  host_aliases: typing.List[HostAlias] = None,
  init_containers: typing.List[ContainerProps] = None,
  restart_policy: RestartPolicy = None,
  security_context: PodSecurityContextProps = None,
  service_account: IServiceAccount = None,
  volumes: typing.List[Volume] = None,
  pod_metadata: ApiObjectMetadata = None,
  select: bool = None,
  min_ready: Duration = None,
  progress_deadline: Duration = None,
  replicas: typing.Union[int, float] = None,
  strategy: DeploymentStrategy = None
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


automount_service_account_tokenOptional
automount_service_account_token: bool
  • Type: bool
  • Default: true

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional
containers: typing.List[ContainerProps]

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional
dns: PodDnsProps

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


docker_registry_authOptional
docker_registry_auth: DockerConfigSecret

A secret containing docker credentials for authenticating to a registry.


host_aliasesOptional
host_aliases: typing.List[HostAlias]

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


init_containersOptional
init_containers: typing.List[ContainerProps]

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


restart_policyOptional
restart_policy: RestartPolicy

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


security_contextOptional
security_context: PodSecurityContextProps

SecurityContext holds pod-level security attributes and common container settings.


service_accountOptional
service_account: IServiceAccount

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


volumesOptional
volumes: typing.List[Volume]

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


pod_metadataOptional
pod_metadata: ApiObjectMetadata

The pod metadata of this workload.


selectOptional
select: bool
  • Type: bool
  • Default: true

Automatically allocates a pod label selector for this workload and add it to the pod metadata.

This ensures this workload manages pods created by its pod template.


min_readyOptional
min_ready: Duration

Minimum duration for which a newly created pod should be ready without any of its container crashing, for it to be considered available.

Zero means the pod will be considered available as soon as it is ready.

https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#min-ready-seconds


progress_deadlineOptional
progress_deadline: Duration

The maximum duration for a deployment to make progress before it is considered to be failed.

The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status.

Note that progress will not be estimated during the time a deployment is paused.

https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#progress-deadline-seconds


replicasOptional
replicas: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: 1

Number of desired pods.


strategyOptional
strategy: DeploymentStrategy

Specifies the strategy used to replace old Pods by new ones.


DeploymentStrategyRollingUpdateOptions

Options for DeploymentStrategy.rollingUpdate.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.DeploymentStrategyRollingUpdateOptions(
  max_surge: PercentOrAbsolute = None,
  max_unavailable: PercentOrAbsolute = None
)
max_surgeOptional
max_surge: PercentOrAbsolute

The maximum number of pods that can be scheduled above the desired number of pods.

Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding up. This can not be 0 if maxUnavailable is 0.

Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods.


max_unavailableOptional
max_unavailable: PercentOrAbsolute

The maximum number of pods that can be unavailable during the update.

Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if maxSurge is 0.

Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.


DnsOption

Custom DNS option.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.DnsOption(
  name: str,
  value: str = None
)
nameRequired
name: str
  • Type: str

Option name.


valueOptional
value: str
  • Type: str
  • Default: No value.

Option value.


DockerConfigSecretProps

Options for DockerConfigSecret.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.DockerConfigSecretProps(
  metadata: ApiObjectMetadata = None,
  immutable: bool = None,
  data: typing.Mapping[typing.Any]
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
immutable: bool
  • Type: bool
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


dataRequired
data: typing.Mapping[typing.Any]
  • Type: typing.Mapping[typing.Any]

JSON content to provide for the ~/.docker/config.json file. This will be stringified and inserted as stringData.

https://docs.docker.com/engine/reference/commandline/cli/#sample-configuration-file


EmptyDirVolumeOptions

Options for volumes populated with an empty directory.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.EmptyDirVolumeOptions(
  medium: EmptyDirMedium = None,
  size_limit: Size = None
)
mediumOptional
medium: EmptyDirMedium

By default, emptyDir volumes are stored on whatever medium is backing the node - that might be disk or SSD or network storage, depending on your environment.

However, you can set the emptyDir.medium field to EmptyDirMedium.MEMORY to tell Kubernetes to mount a tmpfs (RAM-backed filesystem) for you instead. While tmpfs is very fast, be aware that unlike disks, tmpfs is cleared on node reboot and any files you write will count against your Container’s memory limit.


size_limitOptional
size_limit: Size

Total amount of local storage required for this EmptyDir volume.

The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod.


EnvValueFromConfigMapOptions

Options to specify an envionment variable value from a ConfigMap key.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.EnvValueFromConfigMapOptions(
  optional: bool = None
)
optionalOptional
optional: bool
  • Type: bool
  • Default: false

Specify whether the ConfigMap or its key must be defined.


EnvValueFromFieldRefOptions

Options to specify an environment variable value from a field reference.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.EnvValueFromFieldRefOptions(
  api_version: str = None,
  key: str = None
)
api_versionOptional
api_version: str
  • Type: str

Version of the schema the FieldPath is written in terms of.


keyOptional
key: str
  • Type: str

The key to select the pod label or annotation.


EnvValueFromProcessOptions

Options to specify an environment variable value from the process environment.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.EnvValueFromProcessOptions(
  required: bool = None
)
requiredOptional
required: bool
  • Type: bool
  • Default: false

Specify whether the key must exist in the environment.

If this is set to true, and the key does not exist, an error will thrown.


EnvValueFromResourceOptions

Options to specify an environment variable value from a resource.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.EnvValueFromResourceOptions(
  container: Container = None,
  divisor: str = None
)
containerOptional
container: Container

The container to select the value from.


divisorOptional
divisor: str
  • Type: str

The output format of the exposed resource.


EnvValueFromSecretOptions

Options to specify an environment variable value from a Secret.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.EnvValueFromSecretOptions(
  optional: bool = None
)
optionalOptional
optional: bool
  • Type: bool
  • Default: false

Specify whether the Secret or its key must be defined.


ExposeDeploymentViaIngressOptions

Options for exposing a deployment via an ingress.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.ExposeDeploymentViaIngressOptions(
  name: str = None,
  ports: typing.List[ServicePort] = None,
  service_type: ServiceType = None,
  ingress: Ingress = None,
  path_type: HttpIngressPathType = None
)
nameOptional
name: str
  • Type: str
  • Default: auto generated.

The name of the service to expose.

If you’d like to expose the deployment multiple times, you must explicitly set a name starting from the second expose call.


portsOptional
ports: typing.List[ServicePort]

The ports that the service should bind to.


service_typeOptional
service_type: ServiceType

The type of the exposed service.


ingressOptional
ingress: Ingress

The ingress to add rules to.


path_typeOptional
path_type: HttpIngressPathType

The type of the path.


ExposeServiceViaIngressOptions

Options for exposing a service using an ingress.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.ExposeServiceViaIngressOptions(
  ingress: Ingress = None,
  path_type: HttpIngressPathType = None
)
ingressOptional
ingress: Ingress

The ingress to add rules to.


path_typeOptional
path_type: HttpIngressPathType

The type of the path.


GCEPersistentDiskPersistentVolumeProps

Properties for GCEPersistentDiskPersistentVolume.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.GCEPersistentDiskPersistentVolumeProps(
  metadata: ApiObjectMetadata = None,
  access_modes: typing.List[PersistentVolumeAccessMode] = None,
  claim: IPersistentVolumeClaim = None,
  mount_options: typing.List[str] = None,
  reclaim_policy: PersistentVolumeReclaimPolicy = None,
  storage: Size = None,
  storage_class_name: str = None,
  volume_mode: PersistentVolumeMode = None,
  pd_name: str,
  fs_type: str = None,
  partition: typing.Union[int, float] = None,
  read_only: bool = None
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


access_modesOptional
access_modes: typing.List[PersistentVolumeAccessMode]

Contains all ways the volume can be mounted.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes


claimOptional
claim: IPersistentVolumeClaim

Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.

Expected to be non-nil when bound.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding


mount_optionsOptional
mount_options: typing.List[str]
  • Type: typing.List[str]
  • Default: No options.

A list of mount options, e.g. [“ro”, “soft”]. Not validated - mount will simply fail if one is invalid.

https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options


reclaim_policyOptional
reclaim_policy: PersistentVolumeReclaimPolicy

When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource.

The reclaim policy tells the cluster what to do with the volume after it has been released of its claim.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming


storageOptional
storage: Size

What is the storage capacity of this volume.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources


storage_class_nameOptional
storage_class_name: str
  • Type: str
  • Default: Volume does not belong to any storage class.

Name of StorageClass to which this persistent volume belongs.


volume_modeOptional
volume_mode: PersistentVolumeMode

Defines what type of volume is required by the claim.


pd_nameRequired
pd_name: str
  • Type: str

Unique name of the PD resource in GCE.

Used to identify the disk in GCE.

https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk


fs_typeOptional
fs_type: str
  • Type: str
  • Default: ‘ext4’

Filesystem type of the volume that you want to mount.

Tip: Ensure that the filesystem type is supported by the host operating system.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


partitionOptional
partition: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: No partition.

The partition in the volume that you want to mount.

If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as “1”. Similarly, the volume partition for /dev/sda is “0” (or you can leave the property empty).


read_onlyOptional
read_only: bool
  • Type: bool
  • Default: false

Specify “true” to force and set the ReadOnly property in VolumeMounts to “true”.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


GCEPersistentDiskVolumeOptions

Options of Volume.fromGcePersistentDisk.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.GCEPersistentDiskVolumeOptions(
  fs_type: str = None,
  name: str = None,
  partition: typing.Union[int, float] = None,
  read_only: bool = None
)
fs_typeOptional
fs_type: str
  • Type: str
  • Default: ‘ext4’

Filesystem type of the volume that you want to mount.

Tip: Ensure that the filesystem type is supported by the host operating system.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


nameOptional
name: str
  • Type: str
  • Default: auto-generated

The volume name.


partitionOptional
partition: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: No partition.

The partition in the volume that you want to mount.

If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as “1”. Similarly, the volume partition for /dev/sda is “0” (or you can leave the property empty).


read_onlyOptional
read_only: bool
  • Type: bool
  • Default: false

Specify “true” to force and set the ReadOnly property in VolumeMounts to “true”.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


HandlerFromHttpGetOptions

Options for Handler.fromHttpGet.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.HandlerFromHttpGetOptions(
  port: typing.Union[int, float] = None
)
portOptional
port: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: defaults to container.port.

The TCP port to use when sending the GET request.


HandlerFromTcpSocketOptions

Options for Handler.fromTcpSocket.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.HandlerFromTcpSocketOptions(
  host: str = None,
  port: typing.Union[int, float] = None
)
hostOptional
host: str
  • Type: str
  • Default: defaults to the pod IP

The host name to connect to on the container.


portOptional
port: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: defaults to container.port.

The TCP port to connect to on the container.


HostAlias

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s /etc/hosts file.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.HostAlias(
  hostnames: typing.List[str],
  ip: str
)
hostnamesRequired
hostnames: typing.List[str]
  • Type: typing.List[str]

Hostnames for the chosen IP address.


ipRequired
ip: str
  • Type: str

IP address of the host file entry.


HostPathVolumeOptions

Options for a HostPathVolume-based volume.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.HostPathVolumeOptions(
  path: str,
  type: HostPathVolumeType = None
)
pathRequired
path: str
  • Type: str

The path of the directory on the host.


typeOptional
type: HostPathVolumeType

The expected type of the path found on the host.


HttpGetProbeOptions

Options for Probe.fromHttpGet().

Initializer

import cdk8s_plus_22

cdk8s_plus_22.HttpGetProbeOptions(
  failure_threshold: typing.Union[int, float] = None,
  initial_delay_seconds: Duration = None,
  period_seconds: Duration = None,
  success_threshold: typing.Union[int, float] = None,
  timeout_seconds: Duration = None,
  port: typing.Union[int, float] = None
)
failure_thresholdOptional
failure_threshold: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: 3

Minimum consecutive failures for the probe to be considered failed after having succeeded.

Defaults to 3. Minimum value is 1.


initial_delay_secondsOptional
initial_delay_seconds: Duration

Number of seconds after the container has started before liveness probes are initiated.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes


period_secondsOptional
period_seconds: Duration
  • Type: cdk8s.Duration
  • Default: Duration.seconds(10) Minimum value is 1.

How often (in seconds) to perform the probe.

Default to 10 seconds. Minimum value is 1.


success_thresholdOptional
success_threshold: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: 1 Must be 1 for liveness and startup. Minimum value is 1.

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1.

Must be 1 for liveness and startup. Minimum value is 1.


timeout_secondsOptional
timeout_seconds: Duration

Number of seconds after which the probe times out.

Defaults to 1 second. Minimum value is 1.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes


portOptional
port: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: defaults to container.port.

The TCP port to use when sending the GET request.


IngressProps

Properties for Ingress.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.IngressProps(
  metadata: ApiObjectMetadata = None,
  default_backend: IngressBackend = None,
  rules: typing.List[IngressRule] = None,
  tls: typing.List[IngressTls] = None
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


default_backendOptional
default_backend: IngressBackend

The default backend services requests that do not match any rule.

Using this option or the addDefaultBackend() method is equivalent to adding a rule with both path and host undefined.


rulesOptional
rules: typing.List[IngressRule]

Routing rules for this ingress.

Each rule must define an IngressBackend that will receive the requests that match this rule. If both host and path are not specifiec, this backend will be used as the default backend of the ingress.

You can also add rules later using addRule(), addHostRule(), addDefaultBackend() and addHostDefaultBackend().


tlsOptional
tls: typing.List[IngressTls]

TLS settings for this ingress.

Using this option tells the ingress controller to expose a TLS endpoint. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.


IngressRule

Represents the rules mapping the paths under a specified host to the related backend services.

Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching path.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.IngressRule(
  backend: IngressBackend,
  host: str = None,
  path: str = None,
  path_type: HttpIngressPathType = None
)
backendRequired
backend: IngressBackend

Backend defines the referenced service endpoint to which the traffic will be forwarded to.


hostOptional
host: str
  • Type: str
  • Default: If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue.

Host is the fully qualified domain name of a network host, as defined by RFC 3986.

Note the following deviations from the “host” part of the URI as defined in the RFC: 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the IP in the Spec of the parent Ingress. 2. The : delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. Incoming requests are matched against the host before the IngressRuleValue.


pathOptional
path: str
  • Type: str
  • Default: If unspecified, the path defaults to a catch all sending traffic to the backend.

Path is an extended POSIX regex as defined by IEEE Std 1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax) matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional “path” part of a URL as defined by RFC 3986. Paths must begin with a ‘/’.


path_typeOptional
path_type: HttpIngressPathType

Specify how the path is matched against request paths.

By default, path types will be matched by prefix.

https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types


IngressTls

Represents the TLS configuration mapping that is passed to the ingress controller for SSL termination.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.IngressTls(
  hosts: typing.List[str] = None,
  secret: ISecret = None
)
hostsOptional
hosts: typing.List[str]
  • Type: typing.List[str]
  • Default: If unspecified, it defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress.

Hosts are a list of hosts included in the TLS certificate.

The values in this list must match the name/s used in the TLS Secret.


secretOptional
secret: ISecret

Secret is the secret that contains the certificate and key used to terminate SSL traffic on 443.

If the SNI host in a listener conflicts with the “Host” header field used by an IngressRule, the SNI host is used for termination and value of the Host header is used for routing.


JobProps

Properties for Job.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.JobProps(
  metadata: ApiObjectMetadata = None,
  automount_service_account_token: bool = None,
  containers: typing.List[ContainerProps] = None,
  dns: PodDnsProps = None,
  docker_registry_auth: DockerConfigSecret = None,
  host_aliases: typing.List[HostAlias] = None,
  init_containers: typing.List[ContainerProps] = None,
  restart_policy: RestartPolicy = None,
  security_context: PodSecurityContextProps = None,
  service_account: IServiceAccount = None,
  volumes: typing.List[Volume] = None,
  pod_metadata: ApiObjectMetadata = None,
  select: bool = None,
  active_deadline: Duration = None,
  backoff_limit: typing.Union[int, float] = None,
  ttl_after_finished: Duration = None
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


automount_service_account_tokenOptional
automount_service_account_token: bool
  • Type: bool
  • Default: true

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional
containers: typing.List[ContainerProps]

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional
dns: PodDnsProps

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


docker_registry_authOptional
docker_registry_auth: DockerConfigSecret

A secret containing docker credentials for authenticating to a registry.


host_aliasesOptional
host_aliases: typing.List[HostAlias]

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


init_containersOptional
init_containers: typing.List[ContainerProps]

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


restart_policyOptional
restart_policy: RestartPolicy

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


security_contextOptional
security_context: PodSecurityContextProps

SecurityContext holds pod-level security attributes and common container settings.


service_accountOptional
service_account: IServiceAccount

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


volumesOptional
volumes: typing.List[Volume]

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


pod_metadataOptional
pod_metadata: ApiObjectMetadata

The pod metadata of this workload.


selectOptional
select: bool
  • Type: bool
  • Default: true

Automatically allocates a pod label selector for this workload and add it to the pod metadata.

This ensures this workload manages pods created by its pod template.


active_deadlineOptional
active_deadline: Duration

Specifies the duration the job may be active before the system tries to terminate it.


backoff_limitOptional
backoff_limit: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: If not set, system defaults to 6.

Specifies the number of retries before marking this job failed.


ttl_after_finishedOptional
ttl_after_finished: Duration
  • Type: cdk8s.Duration
  • Default: If this field is unset, the Job won’t be automatically deleted.

Limits the lifetime of a Job that has finished execution (either Complete or Failed).

If this field is set, after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes. This field is alpha-level and is only honored by servers that enable the TTLAfterFinished feature.


LabelSelectorRequirement

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.LabelSelectorRequirement(
  key: str,
  operator: str,
  values: typing.List[str] = None
)
keyRequired
key: str
  • Type: str

The label key that the selector applies to.


operatorRequired
operator: str
  • Type: str

Represents a key’s relationship to a set of values.


valuesOptional
values: typing.List[str]
  • Type: typing.List[str]

An array of string values.

If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.


MemoryResources

Memory request and limit.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.MemoryResources(
  limit: Size = None,
  request: Size = None
)
limitOptional
limit: Size

requestOptional
request: Size

MountOptions

Options for mounts.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.MountOptions(
  propagation: MountPropagation = None,
  read_only: bool = None,
  sub_path: str = None,
  sub_path_expr: str = None
)
propagationOptional
propagation: MountPropagation

Determines how mounts are propagated from the host to container and the other way around.

When not set, MountPropagationNone is used.

Mount propagation allows for sharing volumes mounted by a Container to other Containers in the same Pod, or even to other Pods on the same node.


read_onlyOptional
read_only: bool
  • Type: bool
  • Default: false

Mounted read-only if true, read-write otherwise (false or unspecified).

Defaults to false.


sub_pathOptional
sub_path: str
  • Type: str
  • Default: “” the volume’s root

Path within the volume from which the container’s volume should be mounted.).


sub_path_exprOptional
sub_path_expr: str
  • Type: str
  • Default: “” volume’s root.

Expanded path within the volume from which the container’s volume should be mounted.

Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment. Defaults to “” (volume’s root).

subPathExpr and subPath are mutually exclusive.


NamespaceProps

Properties for Namespace.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.NamespaceProps(
  metadata: ApiObjectMetadata = None
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


NamespaceSelectorConfig

Configuration for selecting namespaces.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.NamespaceSelectorConfig(
  label_selector: LabelSelector = None,
  names: typing.List[str] = None
)
label_selectorOptional
label_selector: LabelSelector

A selector to select namespaces by labels.


namesOptional
names: typing.List[str]
  • Type: typing.List[str]

A list of names to select namespaces by names.


NamespacesSelectOptions

Options for Namespaces.select.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.NamespacesSelectOptions(
  expressions: typing.List[LabelExpression] = None,
  labels: typing.Mapping[str] = None,
  names: typing.List[str] = None
)
expressionsOptional
expressions: typing.List[LabelExpression]

Namespaces must satisfy these selectors.

The selectors query labels, just like the labels property, but they provide a more advanced matching mechanism.


labelsOptional
labels: typing.Mapping[str]
  • Type: typing.Mapping[str]
  • Default: no strict labels requirements.

Labels the namespaces must have.

This is equivalent to using an ‘Is’ selector.


namesOptional
names: typing.List[str]
  • Type: typing.List[str]
  • Default: no name requirements.

Namespaces names must be one of these.


NetworkPolicyAddEgressRuleOptions

Options for NetworkPolicy.addEgressRule.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.NetworkPolicyAddEgressRuleOptions(
  ports: typing.List[NetworkPolicyPort] = None
)
portsOptional
ports: typing.List[NetworkPolicyPort]

Ports the rule should allow outgoing traffic to.


NetworkPolicyPeerConfig

Configuration for network peers.

A peer can either by an ip block, or a selection of pods, not both.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.NetworkPolicyPeerConfig(
  ip_block: NetworkPolicyIpBlock = None,
  pod_selector: PodSelectorConfig = None
)
ip_blockOptional
ip_block: NetworkPolicyIpBlock

The ip block this peer represents.


pod_selectorOptional
pod_selector: PodSelectorConfig

The pod selector this peer represents.


NetworkPolicyPortProps

Properties for NetworkPolicyPort.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.NetworkPolicyPortProps(
  end_port: typing.Union[int, float] = None,
  port: typing.Union[int, float] = None,
  protocol: NetworkProtocol = None
)
end_portOptional
end_port: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: not a port range.

End port (relative to port).

Only applies if port is defined. Use this to specify a port range, rather that a specific one.


portOptional
port: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: all ports are allowed.

Specific port number.


protocolOptional
protocol: NetworkProtocol

Protocol.


NetworkPolicyProps

Properties for NetworkPolicy.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.NetworkPolicyProps(
  metadata: ApiObjectMetadata = None,
  egress: NetworkPolicyTraffic = None,
  ingress: NetworkPolicyTraffic = None,
  selector: IPodSelector = None
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


egressOptional
egress: NetworkPolicyTraffic

Egress traffic configuration.


ingressOptional
ingress: NetworkPolicyTraffic

Ingress traffic configuration.


selectorOptional
selector: IPodSelector

Which pods does this policy object applies to.

This can either be a single pod / workload, or a grouping of pods selected via the Pods.select function. Rules is applied to any pods selected by this property. Multiple network policies can select the same set of pods. In this case, the rules for each are combined additively.

Note that


NetworkPolicyRule

Describes a rule allowing traffic from / to pods matched by a network policy selector.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.NetworkPolicyRule(
  peer: INetworkPolicyPeer,
  ports: typing.List[NetworkPolicyPort] = None
)
peerRequired
peer: INetworkPolicyPeer

Peer this rule interacts with.


portsOptional
ports: typing.List[NetworkPolicyPort]

The ports of the rule.


NetworkPolicyTraffic

Describes how the network policy should configure egress / ingress traffic.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.NetworkPolicyTraffic(
  default: NetworkPolicyTrafficDefault = None,
  rules: typing.List[NetworkPolicyRule] = None
)
defaultOptional
default: NetworkPolicyTrafficDefault

Specifies the default behavior of the policy when no rules are defined.


rulesOptional
rules: typing.List[NetworkPolicyRule]

List of rules to be applied to the selected pods.

If empty, the behavior of the policy is dictated by the default property.


NodeTaintQueryOptions

Options for NodeTaintQuery.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.NodeTaintQueryOptions(
  effect: TaintEffect = None,
  evict_after: Duration = None
)
effectOptional
effect: TaintEffect

The taint effect to match.


evict_afterOptional
evict_after: Duration

How much time should a pod that tolerates the NO_EXECUTE effect be bound to the node.

Only applies for the NO_EXECUTE effect.


PathMapping

Maps a string key to a path within a volume.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.PathMapping(
  path: str,
  mode: typing.Union[int, float] = None
)
pathRequired
path: str
  • Type: str

The relative path of the file to map the key to.

May not be an absolute path. May not contain the path element ‘..’. May not start with the string ‘..’.


modeOptional
mode: typing.Union[int, float]
  • Type: typing.Union[int, float]

Optional: mode bits to use on this file, must be a value between 0 and 0777.

If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.


PersistentVolumeClaimProps

Properties for PersistentVolumeClaim.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.PersistentVolumeClaimProps(
  metadata: ApiObjectMetadata = None,
  access_modes: typing.List[PersistentVolumeAccessMode] = None,
  storage: Size = None,
  storage_class_name: str = None,
  volume: IPersistentVolume = None,
  volume_mode: PersistentVolumeMode = None
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


access_modesOptional
access_modes: typing.List[PersistentVolumeAccessMode]

Contains the access modes the volume should support.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1


storageOptional
storage: Size
  • Type: cdk8s.Size
  • Default: No storage requirement.

Minimum storage size the volume should have.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources


storage_class_nameOptional
storage_class_name: str
  • Type: str
  • Default: Not set.

Name of the StorageClass required by the claim. When this property is not set, the behavior is as follows:.

  • If the admission plugin is turned on, the storage class marked as default will be used.
  • If the admission plugin is turned off, the pvc can only be bound to volumes without a storage class.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1


volumeOptional
volume: IPersistentVolume

The PersistentVolume backing this claim.

The control plane still checks that storage class, access modes, and requested storage size on the volume are valid.

Note that in order to guarantee a proper binding, the volume should also define a claimRef referring to this claim. Otherwise, the volume may be claimed be other pvc’s before it gets a chance to bind to this one.

If the volume is managed (i.e not imported), you can use pv.claim() to easily create a bi-directional bounded claim.

https://kubernetes.io/docs/concepts/storage/persistent-volumes/#binding.


volume_modeOptional
volume_mode: PersistentVolumeMode

Defines what type of volume is required by the claim.


PersistentVolumeClaimVolumeOptions

Options for a PersistentVolumeClaim-based volume.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.PersistentVolumeClaimVolumeOptions(
  name: str = None,
  read_only: bool = None
)
nameOptional
name: str
  • Type: str
  • Default: Derived from the PVC name.

The volume name.


read_onlyOptional
read_only: bool
  • Type: bool
  • Default: false

Will force the ReadOnly setting in VolumeMounts.


PersistentVolumeProps

Properties for PersistentVolume.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.PersistentVolumeProps(
  metadata: ApiObjectMetadata = None,
  access_modes: typing.List[PersistentVolumeAccessMode] = None,
  claim: IPersistentVolumeClaim = None,
  mount_options: typing.List[str] = None,
  reclaim_policy: PersistentVolumeReclaimPolicy = None,
  storage: Size = None,
  storage_class_name: str = None,
  volume_mode: PersistentVolumeMode = None
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


access_modesOptional
access_modes: typing.List[PersistentVolumeAccessMode]

Contains all ways the volume can be mounted.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes


claimOptional
claim: IPersistentVolumeClaim

Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.

Expected to be non-nil when bound.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding


mount_optionsOptional
mount_options: typing.List[str]
  • Type: typing.List[str]
  • Default: No options.

A list of mount options, e.g. [“ro”, “soft”]. Not validated - mount will simply fail if one is invalid.

https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options


reclaim_policyOptional
reclaim_policy: PersistentVolumeReclaimPolicy

When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource.

The reclaim policy tells the cluster what to do with the volume after it has been released of its claim.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming


storageOptional
storage: Size

What is the storage capacity of this volume.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources


storage_class_nameOptional
storage_class_name: str
  • Type: str
  • Default: Volume does not belong to any storage class.

Name of StorageClass to which this persistent volume belongs.


volume_modeOptional
volume_mode: PersistentVolumeMode

Defines what type of volume is required by the claim.


PodConnectionsAllowFromOptions

Options for PodConnections.allowFrom.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.PodConnectionsAllowFromOptions(
  isolation: PodConnectionsIsolation = None,
  ports: typing.List[NetworkPolicyPort] = None
)
isolationOptional
isolation: PodConnectionsIsolation

Which isolation should be applied to establish the connection.


portsOptional
ports: typing.List[NetworkPolicyPort]

Ports to allow incoming traffic to.


PodConnectionsAllowToOptions

Options for PodConnections.allowTo.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.PodConnectionsAllowToOptions(
  isolation: PodConnectionsIsolation = None,
  ports: typing.List[NetworkPolicyPort] = None
)
isolationOptional
isolation: PodConnectionsIsolation

Which isolation should be applied to establish the connection.


portsOptional
ports: typing.List[NetworkPolicyPort]

Ports to allow outgoing traffic to.


PodDnsProps

Properties for PodDns.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.PodDnsProps(
  hostname: str = None,
  hostname_as_fqd_n: bool = None,
  nameservers: typing.List[str] = None,
  options: typing.List[DnsOption] = None,
  policy: DnsPolicy = None,
  searches: typing.List[str] = None,
  subdomain: str = None
)
hostnameOptional
hostname: str
  • Type: str
  • Default: Set to a system-defined value.

Specifies the hostname of the Pod.


hostname_as_fqd_nOptional
hostname_as_fqd_n: bool
  • Type: bool
  • Default: false

If true the pod’s hostname will be configured as the pod’s FQDN, rather than the leaf name (the default).

In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to FQDN. If a pod does not have FQDN, this has no effect.


nameserversOptional
nameservers: typing.List[str]
  • Type: typing.List[str]

A list of IP addresses that will be used as DNS servers for the Pod.

There can be at most 3 IP addresses specified. When the policy is set to “NONE”, the list must contain at least one IP address, otherwise this property is optional. The servers listed will be combined to the base nameservers generated from the specified DNS policy with duplicate addresses removed.


optionsOptional
options: typing.List[DnsOption]

List of objects where each object may have a name property (required) and a value property (optional).

The contents in this property will be merged to the options generated from the specified DNS policy. Duplicate entries are removed.


policyOptional
policy: DnsPolicy

Set DNS policy for the pod.

If policy is set to None, other configuration must be supplied.


searchesOptional
searches: typing.List[str]
  • Type: typing.List[str]

A list of DNS search domains for hostname lookup in the Pod.

When specified, the provided list will be merged into the base search domain names generated from the chosen DNS policy. Duplicate domain names are removed.

Kubernetes allows for at most 6 search domains.


subdomainOptional
subdomain: str
  • Type: str
  • Default: No subdomain.

If specified, the fully qualified Pod hostname will be “...svc.“.


PodProps

Properties for Pod.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.PodProps(
  metadata: ApiObjectMetadata = None,
  automount_service_account_token: bool = None,
  containers: typing.List[ContainerProps] = None,
  dns: PodDnsProps = None,
  docker_registry_auth: DockerConfigSecret = None,
  host_aliases: typing.List[HostAlias] = None,
  init_containers: typing.List[ContainerProps] = None,
  restart_policy: RestartPolicy = None,
  security_context: PodSecurityContextProps = None,
  service_account: IServiceAccount = None,
  volumes: typing.List[Volume] = None
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


automount_service_account_tokenOptional
automount_service_account_token: bool
  • Type: bool
  • Default: true

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional
containers: typing.List[ContainerProps]

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional
dns: PodDnsProps

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


docker_registry_authOptional
docker_registry_auth: DockerConfigSecret

A secret containing docker credentials for authenticating to a registry.


host_aliasesOptional
host_aliases: typing.List[HostAlias]

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


init_containersOptional
init_containers: typing.List[ContainerProps]

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


restart_policyOptional
restart_policy: RestartPolicy

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


security_contextOptional
security_context: PodSecurityContextProps

SecurityContext holds pod-level security attributes and common container settings.


service_accountOptional
service_account: IServiceAccount

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


volumesOptional
volumes: typing.List[Volume]

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


PodsAllOptions

Options for Pods.all.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.PodsAllOptions(
  namespaces: Namespaces = None
)
namespacesOptional
namespaces: Namespaces

Namespaces the pods are allowed to be in.

Use Namespaces.all() to allow all namespaces.


PodSchedulingAttractOptions

Options for PodScheduling.attract.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.PodSchedulingAttractOptions(
  weight: typing.Union[int, float] = None
)
weightOptional
weight: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: no weight. assignment is assumed to be required (hard).

Indicates the attraction is optional (soft), with this weight score.


PodSchedulingColocateOptions

Options for PodScheduling.colocate.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.PodSchedulingColocateOptions(
  topology: Topology = None,
  weight: typing.Union[int, float] = None
)
topologyOptional
topology: Topology

Which topology to coloate on.


weightOptional
weight: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: no weight. co-location is assumed to be required (hard).

Indicates the co-location is optional (soft), with this weight score.


PodSchedulingSeparateOptions

Options for PodScheduling.separate.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.PodSchedulingSeparateOptions(
  topology: Topology = None,
  weight: typing.Union[int, float] = None
)
topologyOptional
topology: Topology

Which topology to separate on.


weightOptional
weight: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: no weight. separation is assumed to be required (hard).

Indicates the separation is optional (soft), with this weight score.


PodSecurityContextProps

Properties for PodSecurityContext.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.PodSecurityContextProps(
  ensure_non_root: bool = None,
  fs_group: typing.Union[int, float] = None,
  fs_group_change_policy: FsGroupChangePolicy = None,
  group: typing.Union[int, float] = None,
  sysctls: typing.List[Sysctl] = None,
  user: typing.Union[int, float] = None
)
ensure_non_rootOptional
ensure_non_root: bool
  • Type: bool
  • Default: false

Indicates that the container must run as a non-root user.

If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does.


fs_groupOptional
fs_group: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: Volume ownership is not changed.

Modify the ownership and permissions of pod volumes to this GID.


fs_group_change_policyOptional
fs_group_change_policy: FsGroupChangePolicy

Defines behavior of changing ownership and permission of the volume before being exposed inside Pod.

This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir.


groupOptional
group: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: Group configured by container runtime

The GID to run the entrypoint of the container process.


sysctlsOptional
sysctls: typing.List[Sysctl]

Sysctls hold a list of namespaced sysctls used for the pod.

Pods with unsupported sysctls (by the container runtime) might fail to launch.


userOptional
user: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: User specified in image metadata

The UID to run the entrypoint of the container process.


PodSelectorConfig

Configuration for selecting pods, optionally in particular namespaces.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.PodSelectorConfig(
  label_selector: LabelSelector,
  namespaces: NamespaceSelectorConfig = None
)
label_selectorRequired
label_selector: LabelSelector

A selector to select pods by labels.


namespacesOptional
namespaces: NamespaceSelectorConfig

Configuration for selecting which namepsaces are the pods allowed to be in.


PodsSelectOptions

Options for Pods.select.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.PodsSelectOptions(
  expressions: typing.List[LabelExpression] = None,
  labels: typing.Mapping[str] = None,
  namespaces: Namespaces = None
)
expressionsOptional
expressions: typing.List[LabelExpression]

Expressions the pods must satisify.


labelsOptional
labels: typing.Mapping[str]
  • Type: typing.Mapping[str]
  • Default: no strict labels requirements.

Labels the pods must have.


namespacesOptional
namespaces: Namespaces

Namespaces the pods are allowed to be in.

Use Namespaces.all() to allow all namespaces.


ProbeOptions

Probe options.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.ProbeOptions(
  failure_threshold: typing.Union[int, float] = None,
  initial_delay_seconds: Duration = None,
  period_seconds: Duration = None,
  success_threshold: typing.Union[int, float] = None,
  timeout_seconds: Duration = None
)
failure_thresholdOptional
failure_threshold: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: 3

Minimum consecutive failures for the probe to be considered failed after having succeeded.

Defaults to 3. Minimum value is 1.


initial_delay_secondsOptional
initial_delay_seconds: Duration

Number of seconds after the container has started before liveness probes are initiated.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes


period_secondsOptional
period_seconds: Duration
  • Type: cdk8s.Duration
  • Default: Duration.seconds(10) Minimum value is 1.

How often (in seconds) to perform the probe.

Default to 10 seconds. Minimum value is 1.


success_thresholdOptional
success_threshold: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: 1 Must be 1 for liveness and startup. Minimum value is 1.

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1.

Must be 1 for liveness and startup. Minimum value is 1.


timeout_secondsOptional
timeout_seconds: Duration

Number of seconds after which the probe times out.

Defaults to 1 second. Minimum value is 1.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes


ResourceProps

Initialization properties for resources.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.ResourceProps(
  metadata: ApiObjectMetadata = None
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


RoleBindingProps

Properties for RoleBinding.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.RoleBindingProps(
  metadata: ApiObjectMetadata = None,
  role: IRole
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


roleRequired
role: IRole

The role to bind to.

A RoleBinding can reference a Role or a ClusterRole.


RolePolicyRule

Policy rule of a `Role.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.RolePolicyRule(
  resources: typing.List[IApiResource],
  verbs: typing.List[str]
)
resourcesRequired
resources: typing.List[IApiResource]

Resources this rule applies to.


verbsRequired
verbs: typing.List[str]
  • Type: typing.List[str]

Verbs to allow.

(e.g [‘get’, ‘watch’])


RoleProps

Properties for Role.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.RoleProps(
  metadata: ApiObjectMetadata = None,
  rules: typing.List[RolePolicyRule] = None
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


rulesOptional
rules: typing.List[RolePolicyRule]

A list of rules the role should allow.


SecretProps

Options for Secret.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.SecretProps(
  metadata: ApiObjectMetadata = None,
  immutable: bool = None,
  string_data: typing.Mapping[str] = None,
  type: str = None
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
immutable: bool
  • Type: bool
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


string_dataOptional
string_data: typing.Mapping[str]
  • Type: typing.Mapping[str]

stringData allows specifying non-binary secret data in string form.

It is provided as a write-only convenience method. All keys and values are merged into the data field on write, overwriting any existing values. It is never output when reading from the API.


typeOptional
type: str
  • Type: str
  • Default: undefined - Don’t set a type.

Optional type associated with the secret.

Used to facilitate programmatic handling of secret data by various controllers.


SecretValue

Represents a specific value in JSON secret.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.SecretValue(
  key: str,
  secret: ISecret
)
keyRequired
key: str
  • Type: str

The JSON key.


secretRequired
secret: ISecret

The secret.


SecretVolumeOptions

Options for the Secret-based volume.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.SecretVolumeOptions(
  default_mode: typing.Union[int, float] = None,
  items: typing.Mapping[PathMapping] = None,
  name: str = None,
  optional: bool = None
)
default_modeOptional
default_mode: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Mode bits to use on created files by default.

Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.


itemsOptional
items: typing.Mapping[PathMapping]

If unspecified, each key-value pair in the Data field of the referenced secret will be projected into the volume as a file whose name is the key and content is the value.

If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the ‘..’ path or start with ‘..’.


nameOptional
name: str
  • Type: str
  • Default: auto-generated

The volume name.


optionalOptional
optional: bool
  • Type: bool
  • Default: undocumented

Specify whether the secret or its keys must be defined.


ServiceAccountProps

Properties for initialization of ServiceAccount.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.ServiceAccountProps(
  metadata: ApiObjectMetadata = None,
  automount_token: bool = None,
  secrets: typing.List[ISecret] = None
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


automount_tokenOptional
automount_token: bool
  • Type: bool
  • Default: true

Indicates whether pods running as this service account should have an API token automatically mounted.

Can be overridden at the pod level.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


secretsOptional
secrets: typing.List[ISecret]

List of secrets allowed to be used by pods running using this ServiceAccount.

https://kubernetes.io/docs/concepts/configuration/secret


ServiceAccountTokenSecretProps

Options for ServiceAccountTokenSecret.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.ServiceAccountTokenSecretProps(
  metadata: ApiObjectMetadata = None,
  immutable: bool = None,
  service_account: IServiceAccount
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
immutable: bool
  • Type: bool
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


service_accountRequired
service_account: IServiceAccount

The service account to store a secret for.


ServiceBindOptions

Options for Service.bind.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.ServiceBindOptions(
  name: str = None,
  node_port: typing.Union[int, float] = None,
  protocol: Protocol = None,
  target_port: typing.Union[int, float] = None
)
nameOptional
name: str
  • Type: str

The name of this port within the service.

This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. This maps to the ‘Name’ field in EndpointPort objects. Optional if only one ServicePort is defined on this service.


node_portOptional
node_port: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: auto-allocate a port if the ServiceType of this Service requires one.

The port on each node on which this service is exposed when type=NodePort or LoadBalancer.

Usually assigned by the system. If specified, it will be allocated to the service if unused or else creation of the service will fail. Default is to auto-allocate a port if the ServiceType of this Service requires one.

https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport


protocolOptional
protocol: Protocol

The IP protocol for this port.

Supports “TCP”, “UDP”, and “SCTP”. Default is TCP.


target_portOptional
target_port: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: The value of port will be used.

The port number the service will redirect to.


ServiceIngressBackendOptions

Options for setting up backends for ingress rules.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.ServiceIngressBackendOptions(
  port: typing.Union[int, float] = None
)
portOptional
port: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: if the service exposes a single port, this port will be used.

The port to use to access the service.

  • This option will fail if the service does not expose any ports.
  • If the service exposes multiple ports, this option must be specified.
  • If the service exposes a single port, this option is optional and if specified, it must be the same port exposed by the service.

ServicePort

Definition of a service port.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.ServicePort(
  name: str = None,
  node_port: typing.Union[int, float] = None,
  protocol: Protocol = None,
  target_port: typing.Union[int, float] = None,
  port: typing.Union[int, float]
)
nameOptional
name: str
  • Type: str

The name of this port within the service.

This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. This maps to the ‘Name’ field in EndpointPort objects. Optional if only one ServicePort is defined on this service.


node_portOptional
node_port: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: auto-allocate a port if the ServiceType of this Service requires one.

The port on each node on which this service is exposed when type=NodePort or LoadBalancer.

Usually assigned by the system. If specified, it will be allocated to the service if unused or else creation of the service will fail. Default is to auto-allocate a port if the ServiceType of this Service requires one.

https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport


protocolOptional
protocol: Protocol

The IP protocol for this port.

Supports “TCP”, “UDP”, and “SCTP”. Default is TCP.


target_portOptional
target_port: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: The value of port will be used.

The port number the service will redirect to.


portRequired
port: typing.Union[int, float]
  • Type: typing.Union[int, float]

The port number the service will bind to.


ServiceProps

Properties for Service.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.ServiceProps(
  metadata: ApiObjectMetadata = None,
  cluster_i_p: str = None,
  external_i_ps: typing.List[str] = None,
  external_name: str = None,
  load_balancer_source_ranges: typing.List[str] = None,
  ports: typing.List[ServicePort] = None,
  selector: IPodSelector = None,
  type: ServiceType = None
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


cluster_i_pOptional
cluster_i_p: str
  • Type: str
  • Default: Automatically assigned.

The IP address of the service and is usually assigned randomly by the master.

If an address is specified manually and is not in use by others, it will be allocated to the service; otherwise, creation of the service will fail. This field can not be changed through updates. Valid values are “None”, empty string (“”), or a valid IP address. “None” can be specified for headless services when proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName.

https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies


external_i_psOptional
external_i_ps: typing.List[str]
  • Type: typing.List[str]
  • Default: No external IPs.

A list of IP addresses for which nodes in the cluster will also accept traffic for this service.

These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.


external_nameOptional
external_name: str
  • Type: str
  • Default: No external name.

The externalName to be used when ServiceType.EXTERNAL_NAME is set.


load_balancer_source_rangesOptional
load_balancer_source_ranges: typing.List[str]
  • Type: typing.List[str]

A list of CIDR IP addresses, if specified and supported by the platform, will restrict traffic through the cloud-provider load-balancer to the specified client IPs.

More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/


portsOptional
ports: typing.List[ServicePort]

The ports this service binds to.

If the selector of the service is a managed pod / workload, its ports will are automatically extracted and used as the default value. Otherwise, no ports are bound.


selectorOptional
selector: IPodSelector
  • Type: cdk8s_plus_22.IPodSelector
  • Default: unset, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify.

Which pods should the service select and route to.

You can pass one of the following:

  • An instance of Pod or any workload resource (e.g Deployment, StatefulSet, …)
  • Pods selected by the Pods.select function. Note that in this case only labels can be specified.

typeOptional
type: ServiceType

Determines how the Service is exposed.

More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types


SshAuthSecretProps

Options for SshAuthSecret.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.SshAuthSecretProps(
  metadata: ApiObjectMetadata = None,
  immutable: bool = None,
  ssh_private_key: str
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
immutable: bool
  • Type: bool
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


ssh_private_keyRequired
ssh_private_key: str
  • Type: str

The SSH private key to use.


StatefulSetProps

Properties for initialization of StatefulSet.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.StatefulSetProps(
  metadata: ApiObjectMetadata = None,
  automount_service_account_token: bool = None,
  containers: typing.List[ContainerProps] = None,
  dns: PodDnsProps = None,
  docker_registry_auth: DockerConfigSecret = None,
  host_aliases: typing.List[HostAlias] = None,
  init_containers: typing.List[ContainerProps] = None,
  restart_policy: RestartPolicy = None,
  security_context: PodSecurityContextProps = None,
  service_account: IServiceAccount = None,
  volumes: typing.List[Volume] = None,
  pod_metadata: ApiObjectMetadata = None,
  select: bool = None,
  service: Service,
  min_ready: Duration = None,
  pod_management_policy: PodManagementPolicy = None,
  replicas: typing.Union[int, float] = None,
  strategy: StatefulSetUpdateStrategy = None
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


automount_service_account_tokenOptional
automount_service_account_token: bool
  • Type: bool
  • Default: true

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional
containers: typing.List[ContainerProps]

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional
dns: PodDnsProps

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


docker_registry_authOptional
docker_registry_auth: DockerConfigSecret

A secret containing docker credentials for authenticating to a registry.


host_aliasesOptional
host_aliases: typing.List[HostAlias]

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


init_containersOptional
init_containers: typing.List[ContainerProps]

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


restart_policyOptional
restart_policy: RestartPolicy

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


security_contextOptional
security_context: PodSecurityContextProps

SecurityContext holds pod-level security attributes and common container settings.


service_accountOptional
service_account: IServiceAccount

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


volumesOptional
volumes: typing.List[Volume]

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


pod_metadataOptional
pod_metadata: ApiObjectMetadata

The pod metadata of this workload.


selectOptional
select: bool
  • Type: bool
  • Default: true

Automatically allocates a pod label selector for this workload and add it to the pod metadata.

This ensures this workload manages pods created by its pod template.


serviceRequired
service: Service

Service to associate with the statefulset.


min_readyOptional
min_ready: Duration

Minimum duration for which a newly created pod should be ready without any of its container crashing, for it to be considered available.

Zero means the pod will be considered available as soon as it is ready.

This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate.

https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#min-ready-seconds


pod_management_policyOptional
pod_management_policy: PodManagementPolicy

Pod management policy to use for this statefulset.


replicasOptional
replicas: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: 1

Number of desired pods.


strategyOptional
strategy: StatefulSetUpdateStrategy

Indicates the StatefulSetUpdateStrategy that will be employed to update Pods in the StatefulSet when a revision is made to Template.


StatefulSetUpdateStrategyRollingUpdateOptions

Options for StatefulSetUpdateStrategy.rollingUpdate.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.StatefulSetUpdateStrategyRollingUpdateOptions(
  partition: typing.Union[int, float] = None
)
partitionOptional
partition: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: 0

If specified, all Pods with an ordinal that is greater than or equal to the partition will be updated when the StatefulSet’s .spec.template is updated. All Pods with an ordinal that is less than the partition will not be updated, and, even if they are deleted, they will be recreated at the previous version.

If the partition is greater than replicas, updates to the pod template will not be propagated to Pods. In most cases you will not need to use a partition, but they are useful if you want to stage an update, roll out a canary, or perform a phased roll out.

https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions


SubjectConfiguration

Subject contains a reference to the object or user identities a role binding applies to.

This can either hold a direct API object reference, or a value for non-objects such as user and group names.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.SubjectConfiguration(
  kind: str,
  name: str,
  api_group: str = None,
  namespace: str = None
)
kindRequired
kind: str
  • Type: str

Kind of object being referenced.

Values defined by this API group are “User”, “Group”, and “ServiceAccount”. If the Authorizer does not recognized the kind value, the Authorizer should report an error.


nameRequired
name: str
  • Type: str

Name of the object being referenced.


api_groupOptional
api_group: str
  • Type: str

APIGroup holds the API group of the referenced subject.

Defaults to “” for ServiceAccount subjects. Defaults to “rbac.authorization.k8s.io” for User and Group subjects.


namespaceOptional
namespace: str
  • Type: str

Namespace of the referenced object.

If the object kind is non-namespace, such as “User” or “Group”, and this value is not empty the Authorizer should report an error.


Sysctl

Sysctl defines a kernel parameter to be set.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.Sysctl(
  name: str,
  value: str
)
nameRequired
name: str
  • Type: str

Name of a property to set.


valueRequired
value: str
  • Type: str

Value of a property to set.


TcpSocketProbeOptions

Options for Probe.fromTcpSocket().

Initializer

import cdk8s_plus_22

cdk8s_plus_22.TcpSocketProbeOptions(
  failure_threshold: typing.Union[int, float] = None,
  initial_delay_seconds: Duration = None,
  period_seconds: Duration = None,
  success_threshold: typing.Union[int, float] = None,
  timeout_seconds: Duration = None,
  host: str = None,
  port: typing.Union[int, float] = None
)
failure_thresholdOptional
failure_threshold: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: 3

Minimum consecutive failures for the probe to be considered failed after having succeeded.

Defaults to 3. Minimum value is 1.


initial_delay_secondsOptional
initial_delay_seconds: Duration

Number of seconds after the container has started before liveness probes are initiated.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes


period_secondsOptional
period_seconds: Duration
  • Type: cdk8s.Duration
  • Default: Duration.seconds(10) Minimum value is 1.

How often (in seconds) to perform the probe.

Default to 10 seconds. Minimum value is 1.


success_thresholdOptional
success_threshold: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: 1 Must be 1 for liveness and startup. Minimum value is 1.

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1.

Must be 1 for liveness and startup. Minimum value is 1.


timeout_secondsOptional
timeout_seconds: Duration

Number of seconds after which the probe times out.

Defaults to 1 second. Minimum value is 1.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes


hostOptional
host: str
  • Type: str
  • Default: defaults to the pod IP

The host name to connect to on the container.


portOptional
port: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: defaults to container.port.

The TCP port to connect to on the container.


TlsSecretProps

Options for TlsSecret.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.TlsSecretProps(
  metadata: ApiObjectMetadata = None,
  immutable: bool = None,
  tls_cert: str,
  tls_key: str
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
immutable: bool
  • Type: bool
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


tls_certRequired
tls_cert: str
  • Type: str

The TLS cert.


tls_keyRequired
tls_key: str
  • Type: str

The TLS key.


VolumeMount

Mount a volume from the pod to the container.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.VolumeMount(
  propagation: MountPropagation = None,
  read_only: bool = None,
  sub_path: str = None,
  sub_path_expr: str = None,
  path: str,
  volume: Volume
)
propagationOptional
propagation: MountPropagation

Determines how mounts are propagated from the host to container and the other way around.

When not set, MountPropagationNone is used.

Mount propagation allows for sharing volumes mounted by a Container to other Containers in the same Pod, or even to other Pods on the same node.


read_onlyOptional
read_only: bool
  • Type: bool
  • Default: false

Mounted read-only if true, read-write otherwise (false or unspecified).

Defaults to false.


sub_pathOptional
sub_path: str
  • Type: str
  • Default: “” the volume’s root

Path within the volume from which the container’s volume should be mounted.).


sub_path_exprOptional
sub_path_expr: str
  • Type: str
  • Default: “” volume’s root.

Expanded path within the volume from which the container’s volume should be mounted.

Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment. Defaults to “” (volume’s root).

subPathExpr and subPath are mutually exclusive.


pathRequired
path: str
  • Type: str

Path within the container at which the volume should be mounted.

Must not contain ‘:’.


volumeRequired
volume: Volume

The volume to mount.


WorkloadProps

Properties for Workload.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.WorkloadProps(
  metadata: ApiObjectMetadata = None,
  automount_service_account_token: bool = None,
  containers: typing.List[ContainerProps] = None,
  dns: PodDnsProps = None,
  docker_registry_auth: DockerConfigSecret = None,
  host_aliases: typing.List[HostAlias] = None,
  init_containers: typing.List[ContainerProps] = None,
  restart_policy: RestartPolicy = None,
  security_context: PodSecurityContextProps = None,
  service_account: IServiceAccount = None,
  volumes: typing.List[Volume] = None,
  pod_metadata: ApiObjectMetadata = None,
  select: bool = None
)
metadataOptional
metadata: ApiObjectMetadata

Metadata that all persisted resources must have, which includes all objects users must create.


automount_service_account_tokenOptional
automount_service_account_token: bool
  • Type: bool
  • Default: true

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional
containers: typing.List[ContainerProps]

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional
dns: PodDnsProps

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


docker_registry_authOptional
docker_registry_auth: DockerConfigSecret

A secret containing docker credentials for authenticating to a registry.


host_aliasesOptional
host_aliases: typing.List[HostAlias]

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


init_containersOptional
init_containers: typing.List[ContainerProps]

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


restart_policyOptional
restart_policy: RestartPolicy

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


security_contextOptional
security_context: PodSecurityContextProps

SecurityContext holds pod-level security attributes and common container settings.


service_accountOptional
service_account: IServiceAccount

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


volumesOptional
volumes: typing.List[Volume]

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


pod_metadataOptional
pod_metadata: ApiObjectMetadata

The pod metadata of this workload.


selectOptional
select: bool
  • Type: bool
  • Default: true

Automatically allocates a pod label selector for this workload and add it to the pod metadata.

This ensures this workload manages pods created by its pod template.


WorkloadSchedulingSpreadOptions

Options for WorkloadScheduling.spread.

Initializer

import cdk8s_plus_22

cdk8s_plus_22.WorkloadSchedulingSpreadOptions(
  topology: Topology = None,
  weight: typing.Union[int, float] = None
)
topologyOptional
topology: Topology

Which topology to spread on.


weightOptional
weight: typing.Union[int, float]
  • Type: typing.Union[int, float]
  • Default: no weight. spread is assumed to be required.

Indicates the spread is optional, with this weight score.


Classes

ApiResource

Represents information about an API resource type.

Methods

as_api_resource
def as_api_resource()
as_non_api_resource
def as_non_api_resource()

Static Functions

custom
import cdk8s_plus_22

cdk8s_plus_22.ApiResource.custom(
  api_group: str,
  resource_type: str
)
api_groupRequired
  • Type: str

The group portion of the API version (e.g. authorization.k8s.io).


resource_typeRequired
  • Type: str

The name of the resource type as it appears in the relevant API endpoint.

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources


Properties

api_groupRequired
api_group: str
  • Type: str

The group portion of the API version (e.g. authorization.k8s.io).


resource_typeRequired
resource_type: str
  • Type: str

The name of the resource type as it appears in the relevant API endpoint.

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources


Constants

API_SERVICES

API resource information for APIService.


BINDINGS

API resource information for Binding.


CERTIFICATE_SIGNING_REQUESTS

API resource information for CertificateSigningRequest.


CLUSTER_ROLE_BINDINGS

API resource information for ClusterRoleBinding.


CLUSTER_ROLES

API resource information for ClusterRole.


COMPONENT_STATUSES

API resource information for ComponentStatus.


CONFIG_MAPS

API resource information for ConfigMap.


CONTROLLER_REVISIONS

API resource information for ControllerRevision.


CRON_JOBS

API resource information for CronJob.


CSI_DRIVERS

API resource information for CSIDriver.


CSI_NODES

API resource information for CSINode.


CSI_STORAGE_CAPACITIES

API resource information for CSIStorageCapacity.


CUSTOM_RESOURCE_DEFINITIONS

API resource information for CustomResourceDefinition.


DAEMON_SETS

API resource information for DaemonSet.


DEPLOYMENTS

API resource information for Deployment.


ENDPOINT_SLICES

API resource information for EndpointSlice.


ENDPOINTS

API resource information for Endpoints.


EVENTS

API resource information for Event.


FLOW_SCHEMAS

API resource information for FlowSchema.


HORIZONTAL_POD_AUTOSCALERS

API resource information for HorizontalPodAutoscaler.


INGRESS_CLASSES

API resource information for IngressClass.


INGRESSES

API resource information for Ingress.


JOBS

API resource information for Job.


LEASES

API resource information for Lease.


LIMIT_RANGES

API resource information for LimitRange.


LOCAL_SUBJECT_ACCESS_REVIEWS

API resource information for LocalSubjectAccessReview.


MUTATING_WEBHOOK_CONFIGURATIONS

API resource information for MutatingWebhookConfiguration.


NAMESPACES

API resource information for Namespace.


NETWORK_POLICIES

API resource information for NetworkPolicy.


NODES

API resource information for Node.


PERSISTENT_VOLUME_CLAIMS

API resource information for PersistentVolumeClaim.


PERSISTENT_VOLUMES

API resource information for PersistentVolume.


POD_DISRUPTION_BUDGETS

API resource information for PodDisruptionBudget.


POD_SECURITY_POLICIES

API resource information for PodSecurityPolicy.


POD_TEMPLATES

API resource information for PodTemplate.


PODS

API resource information for Pod.


PRIORITY_CLASSES

API resource information for PriorityClass.


PRIORITY_LEVEL_CONFIGURATIONS

API resource information for PriorityLevelConfiguration.


REPLICA_SETS

API resource information for ReplicaSet.


REPLICATION_CONTROLLERS

API resource information for ReplicationController.


RESOURCE_QUOTAS

API resource information for ResourceQuota.


ROLE_BINDINGS

API resource information for RoleBinding.


ROLES

API resource information for Role.


RUNTIME_CLASSES

API resource information for RuntimeClass.


SECRETS

API resource information for Secret.


SELF_SUBJECT_ACCESS_REVIEWS

API resource information for SelfSubjectAccessReview.


SELF_SUBJECT_RULES_REVIEWS

API resource information for SelfSubjectRulesReview.


SERVICE_ACCOUNTS

API resource information for ServiceAccount.


SERVICES

API resource information for Service.


STATEFUL_SETS

API resource information for StatefulSet.


STORAGE_CLASSES

API resource information for StorageClass.


SUBJECT_ACCESS_REVIEWS

API resource information for SubjectAccessReview.


TOKEN_REVIEWS

API resource information for TokenReview.


VALIDATING_WEBHOOK_CONFIGURATIONS

API resource information for ValidatingWebhookConfiguration.


VOLUME_ATTACHMENTS
  • Typ