Skip to content

cdk8s-plus-30 (Java)

Constructs

AbstractPod

Initializers

import org.cdk8s.plus30.AbstractPod;

AbstractPod.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .automountServiceAccountToken(java.lang.Boolean)
//  .containers(java.util.List<ContainerProps>)
//  .dns(PodDnsProps)
//  .dockerRegistryAuth(ISecret)
//  .hostAliases(java.util.List<HostAlias>)
//  .hostNetwork(java.lang.Boolean)
//  .initContainers(java.util.List<ContainerProps>)
//  .isolate(java.lang.Boolean)
//  .restartPolicy(RestartPolicy)
//  .securityContext(PodSecurityContextProps)
//  .serviceAccount(IServiceAccount)
//  .terminationGracePeriod(Duration)
//  .volumes(java.util.List<Volume>)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


automountServiceAccountTokenOptional
  • Type: java.lang.Boolean
  • Default: false

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


dockerRegistryAuthOptional

A secret containing docker credentials for authenticating to a registry.


hostAliasesOptional

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


hostNetworkOptional
  • Type: java.lang.Boolean
  • Default: false

Host network for the pod.


initContainersOptional

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


isolateOptional
  • Type: java.lang.Boolean
  • Default: false

Isolates the pod.

This will prevent any ingress or egress connections to / from this pod. You can however allow explicit connections post instantiation by using the .connections property.


restartPolicyOptional

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


securityContextOptional

SecurityContext holds pod-level security attributes and common container settings.


serviceAccountOptional

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


terminationGracePeriodOptional

Grace period until the pod is terminated.


volumesOptional

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


Methods

addContainer
public addContainer(ContainerProps cont)
contRequired

addHostAlias
public addHostAlias(HostAlias hostAlias)
hostAliasRequired

addInitContainer
public addInitContainer(ContainerProps cont)
contRequired

addVolume
public addVolume(Volume vol)
volRequired

attachContainer
public attachContainer(Container cont)
contRequired

toNetworkPolicyPeerConfig
public toNetworkPolicyPeerConfig()
toPodSelector
public toPodSelector()
toPodSelectorConfig
public toPodSelectorConfig()
toSubjectConfiguration
public toSubjectConfiguration()

Properties

automountServiceAccountTokenRequired
public java.lang.Boolean getAutomountServiceAccountToken();
  • Type: java.lang.Boolean

containersRequired
public java.util.List<Container> getContainers();

dnsRequired
public PodDns getDns();

hostAliasesRequired
public java.util.List<HostAlias> getHostAliases();

initContainersRequired
public java.util.List<Container> getInitContainers();

podMetadataRequired
public ApiObjectMetadataDefinition getPodMetadata();

securityContextRequired
public PodSecurityContext getSecurityContext();

volumesRequired
public java.util.List<Volume> getVolumes();

dockerRegistryAuthOptional
public ISecret getDockerRegistryAuth();

hostNetworkOptional
public java.lang.Boolean getHostNetwork();
  • Type: java.lang.Boolean

restartPolicyOptional
public RestartPolicy getRestartPolicy();

serviceAccountOptional
public IServiceAccount getServiceAccount();

terminationGracePeriodOptional
public Duration getTerminationGracePeriod();

AwsElasticBlockStorePersistentVolume

Represents an AWS Disk resource that is attached to a kubelet’s host machine and then exposed to the pod.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

Initializers

import org.cdk8s.plus30.AwsElasticBlockStorePersistentVolume;

AwsElasticBlockStorePersistentVolume.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .accessModes(java.util.List<PersistentVolumeAccessMode>)
//  .claim(IPersistentVolumeClaim)
//  .mountOptions(java.util.List<java.lang.String>)
//  .reclaimPolicy(PersistentVolumeReclaimPolicy)
//  .storage(Size)
//  .storageClassName(java.lang.String)
//  .volumeMode(PersistentVolumeMode)
    .volumeId(java.lang.String)
//  .fsType(java.lang.String)
//  .partition(java.lang.Number)
//  .readOnly(java.lang.Boolean)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


accessModesOptional

Contains all ways the volume can be mounted.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes


claimOptional

Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.

Expected to be non-nil when bound.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding


mountOptionsOptional
  • Type: java.util.List<java.lang.String>
  • Default: No options.

A list of mount options, e.g. [“ro”, “soft”]. Not validated - mount will simply fail if one is invalid.

https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options


reclaimPolicyOptional

When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource.

The reclaim policy tells the cluster what to do with the volume after it has been released of its claim.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming


storageOptional

What is the storage capacity of this volume.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources


storageClassNameOptional
  • Type: java.lang.String
  • Default: Volume does not belong to any storage class.

Name of StorageClass to which this persistent volume belongs.


volumeModeOptional

Defines what type of volume is required by the claim.


volumeIdRequired
  • Type: java.lang.String

Unique ID of the persistent disk resource in AWS (Amazon EBS volume).

More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


fsTypeOptional
  • Type: java.lang.String
  • Default: ‘ext4’

Filesystem type of the volume that you want to mount.

Tip: Ensure that the filesystem type is supported by the host operating system.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


partitionOptional
  • Type: java.lang.Number
  • Default: No partition.

The partition in the volume that you want to mount.

If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as “1”. Similarly, the volume partition for /dev/sda is “0” (or you can leave the property empty).


readOnlyOptional
  • Type: java.lang.Boolean
  • Default: false

Specify “true” to force and set the ReadOnly property in VolumeMounts to “true”.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


Properties

fsTypeRequired
public java.lang.String getFsType();
  • Type: java.lang.String

File system type of this volume.


readOnlyRequired
public java.lang.Boolean getReadOnly();
  • Type: java.lang.Boolean

Whether or not it is mounted as a read-only volume.


volumeIdRequired
public java.lang.String getVolumeId();
  • Type: java.lang.String

Volume id of this volume.


partitionOptional
public java.lang.Number getPartition();
  • Type: java.lang.Number

Partition of this volume.


AzureDiskPersistentVolume

AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.

Initializers

import org.cdk8s.plus30.AzureDiskPersistentVolume;

AzureDiskPersistentVolume.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .accessModes(java.util.List<PersistentVolumeAccessMode>)
//  .claim(IPersistentVolumeClaim)
//  .mountOptions(java.util.List<java.lang.String>)
//  .reclaimPolicy(PersistentVolumeReclaimPolicy)
//  .storage(Size)
//  .storageClassName(java.lang.String)
//  .volumeMode(PersistentVolumeMode)
    .diskName(java.lang.String)
    .diskUri(java.lang.String)
//  .cachingMode(AzureDiskPersistentVolumeCachingMode)
//  .fsType(java.lang.String)
//  .kind(AzureDiskPersistentVolumeKind)
//  .readOnly(java.lang.Boolean)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


accessModesOptional

Contains all ways the volume can be mounted.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes


claimOptional

Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.

Expected to be non-nil when bound.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding


mountOptionsOptional
  • Type: java.util.List<java.lang.String>
  • Default: No options.

A list of mount options, e.g. [“ro”, “soft”]. Not validated - mount will simply fail if one is invalid.

https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options


reclaimPolicyOptional

When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource.

The reclaim policy tells the cluster what to do with the volume after it has been released of its claim.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming


storageOptional

What is the storage capacity of this volume.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources


storageClassNameOptional
  • Type: java.lang.String
  • Default: Volume does not belong to any storage class.

Name of StorageClass to which this persistent volume belongs.


volumeModeOptional

Defines what type of volume is required by the claim.


diskNameRequired
  • Type: java.lang.String

The Name of the data disk in the blob storage.


diskUriRequired
  • Type: java.lang.String

The URI the data disk in the blob storage.


cachingModeOptional

Host Caching mode.


fsTypeOptional
  • Type: java.lang.String
  • Default: ‘ext4’

Filesystem type to mount.

Must be a filesystem type supported by the host operating system.


kindOptional

Kind of disk.


readOnlyOptional
  • Type: java.lang.Boolean
  • Default: false

Force the ReadOnly setting in VolumeMounts.


Properties

azureKindRequired
public AzureDiskPersistentVolumeKind getAzureKind();

Azure kind of this volume.


cachingModeRequired
public AzureDiskPersistentVolumeCachingMode getCachingMode();

Caching mode of this volume.


diskNameRequired
public java.lang.String getDiskName();
  • Type: java.lang.String

Disk name of this volume.


diskUriRequired
public java.lang.String getDiskUri();
  • Type: java.lang.String

Disk URI of this volume.


fsTypeRequired
public java.lang.String getFsType();
  • Type: java.lang.String

File system type of this volume.


readOnlyRequired
public java.lang.Boolean getReadOnly();
  • Type: java.lang.Boolean

Whether or not it is mounted as a read-only volume.


BasicAuthSecret

Create a secret for basic authentication.

https://kubernetes.io/docs/concepts/configuration/secret/#basic-authentication-secret

Initializers

import org.cdk8s.plus30.BasicAuthSecret;

BasicAuthSecret.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .immutable(java.lang.Boolean)
    .password(java.lang.String)
    .username(java.lang.String)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
  • Type: java.lang.Boolean
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


passwordRequired
  • Type: java.lang.String

The password or token for authentication.


usernameRequired
  • Type: java.lang.String

The user name for authentication.


ClusterRole

ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.

Initializers

import org.cdk8s.plus30.ClusterRole;

ClusterRole.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .aggregationLabels(java.util.Map<java.lang.String, java.lang.String>)
//  .rules(java.util.List<ClusterRolePolicyRule>)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


aggregationLabelsOptional
  • Type: java.util.Mapjava.lang.String>

Specify labels that should be used to locate ClusterRoles, whose rules will be automatically filled into this ClusterRole’s rules.


rulesOptional

A list of rules the role should allow.


Methods

aggregate
public aggregate(java.lang.String key, java.lang.String value)
keyRequired
  • Type: java.lang.String

valueRequired
  • Type: java.lang.String

allow
public allow(java.util.List<java.lang.String> verbs, IApiEndpoint endpoints)
verbsRequired
  • Type: java.util.List<java.lang.String>

endpointsRequired

The endpoints(s) to apply to.


allowCreate
public allowCreate(IApiEndpoint endpoints)
endpointsRequired

The resource(s) to apply to.


allowDelete
public allowDelete(IApiEndpoint endpoints)
endpointsRequired

The resource(s) to apply to.


allowDeleteCollection
public allowDeleteCollection(IApiEndpoint endpoints)
endpointsRequired

The resource(s) to apply to.


allowGet
public allowGet(IApiEndpoint endpoints)
endpointsRequired

The resource(s) to apply to.


allowList
public allowList(IApiEndpoint endpoints)
endpointsRequired

The resource(s) to apply to.


allowPatch
public allowPatch(IApiEndpoint endpoints)
endpointsRequired

The resource(s) to apply to.


allowRead
public allowRead(IApiEndpoint endpoints)
endpointsRequired

The resource(s) to apply to.


allowReadWrite
public allowReadWrite(IApiEndpoint endpoints)
endpointsRequired

The resource(s) to apply to.


allowUpdate
public allowUpdate(IApiEndpoint endpoints)
endpointsRequired

The resource(s) to apply to.


allowWatch
public allowWatch(IApiEndpoint endpoints)
endpointsRequired

The resource(s) to apply to.


bind
public bind(ISubject subjects)
subjectsRequired

a list of subjects to bind to.


bindInNamespace
public bindInNamespace(java.lang.String namespace, ISubject subjects)
namespaceRequired
  • Type: java.lang.String

the namespace to limit permissions to.


subjectsRequired

a list of subjects to bind to.


combine
public combine(ClusterRole rol)
rolRequired

Static Functions

fromClusterRoleName
import org.cdk8s.plus30.ClusterRole;

ClusterRole.fromClusterRoleName(Construct scope, java.lang.String id, java.lang.String name)
scopeRequired

idRequired
  • Type: java.lang.String

nameRequired
  • Type: java.lang.String

Properties

resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.


rulesRequired
public java.util.List<ClusterRolePolicyRule> getRules();

Rules associaated with this Role.

Returns a copy, use allow to add rules.


ClusterRoleBinding

A ClusterRoleBinding grants permissions cluster-wide to a user or set of users.

Initializers

import org.cdk8s.plus30.ClusterRoleBinding;

ClusterRoleBinding.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
    .role(IClusterRole)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


roleRequired

The role to bind to.


Methods

addSubjects
public addSubjects(ISubject subjects)
subjectsRequired

The subjects to add.


Properties

resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.


roleRequired
public IClusterRole getRole();

subjectsRequired
public java.util.List<ISubject> getSubjects();

ConfigMap

ConfigMap holds configuration data for pods to consume.

Initializers

import org.cdk8s.plus30.ConfigMap;

ConfigMap.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .binaryData(java.util.Map<java.lang.String, java.lang.String>)
//  .data(java.util.Map<java.lang.String, java.lang.String>)
//  .immutable(java.lang.Boolean)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


binaryDataOptional
  • Type: java.util.Mapjava.lang.String>

BinaryData contains the binary data.

Each key must consist of alphanumeric characters, ‘-‘, ‘_’ or ‘.’. BinaryData can contain byte sequences that are not in the UTF-8 range. The keys stored in BinaryData must not overlap with the ones in the Data field, this is enforced during validation process.

You can also add binary data using configMap.addBinaryData().


dataOptional
  • Type: java.util.Mapjava.lang.String>

Data contains the configuration data.

Each key must consist of alphanumeric characters, ‘-‘, ‘_’ or ‘.’. Values with non-UTF-8 byte sequences must use the BinaryData field. The keys stored in Data must not overlap with the keys in the BinaryData field, this is enforced during validation process.

You can also add data using configMap.addData().


immutableOptional
  • Type: java.lang.Boolean
  • Default: false

If set to true, ensures that data stored in the ConfigMap cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


Methods

addBinaryData
public addBinaryData(java.lang.String key, java.lang.String value)
keyRequired
  • Type: java.lang.String

The key.


valueRequired
  • Type: java.lang.String

The value.


addData
public addData(java.lang.String key, java.lang.String value)
keyRequired
  • Type: java.lang.String

The key.


valueRequired
  • Type: java.lang.String

The value.


addDirectory
public addDirectory(java.lang.String localDir)
public addDirectory(java.lang.String localDir, AddDirectoryOptions options)
localDirRequired
  • Type: java.lang.String

A path to a local directory.


optionsOptional

Options.


addFile
public addFile(java.lang.String localFile)
public addFile(java.lang.String localFile, java.lang.String key)
localFileRequired
  • Type: java.lang.String

The path to the local file.


keyOptional
  • Type: java.lang.String

The ConfigMap key (default to the file name).


Static Functions

fromConfigMapName
import org.cdk8s.plus30.ConfigMap;

ConfigMap.fromConfigMapName(Construct scope, java.lang.String id, java.lang.String name)
scopeRequired

idRequired
  • Type: java.lang.String

nameRequired
  • Type: java.lang.String

Properties

binaryDataRequired
public java.util.Map<java.lang.String, java.lang.String> getBinaryData();
  • Type: java.util.Mapjava.lang.String>

The binary data associated with this config map.

Returns a copy. To add data records, use addBinaryData() or addData().


dataRequired
public java.util.Map<java.lang.String, java.lang.String> getData();
  • Type: java.util.Mapjava.lang.String>

The data associated with this config map.

Returns an copy. To add data records, use addData() or addBinaryData().


immutableRequired
public java.lang.Boolean getImmutable();
  • Type: java.lang.Boolean

Whether or not this config map is immutable.


resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.


CronJob

A CronJob is responsible for creating a Job and scheduling it based on provided cron schedule.

This helps running Jobs in a recurring manner.

Initializers

import org.cdk8s.plus30.CronJob;

CronJob.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .automountServiceAccountToken(java.lang.Boolean)
//  .containers(java.util.List<ContainerProps>)
//  .dns(PodDnsProps)
//  .dockerRegistryAuth(ISecret)
//  .hostAliases(java.util.List<HostAlias>)
//  .hostNetwork(java.lang.Boolean)
//  .initContainers(java.util.List<ContainerProps>)
//  .isolate(java.lang.Boolean)
//  .restartPolicy(RestartPolicy)
//  .securityContext(PodSecurityContextProps)
//  .serviceAccount(IServiceAccount)
//  .terminationGracePeriod(Duration)
//  .volumes(java.util.List<Volume>)
//  .podMetadata(ApiObjectMetadata)
//  .select(java.lang.Boolean)
//  .spread(java.lang.Boolean)
//  .activeDeadline(Duration)
//  .backoffLimit(java.lang.Number)
//  .ttlAfterFinished(Duration)
    .schedule(Cron)
//  .concurrencyPolicy(ConcurrencyPolicy)
//  .failedJobsRetained(java.lang.Number)
//  .startingDeadline(Duration)
//  .successfulJobsRetained(java.lang.Number)
//  .suspend(java.lang.Boolean)
//  .timeZone(java.lang.String)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


automountServiceAccountTokenOptional
  • Type: java.lang.Boolean
  • Default: false

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


dockerRegistryAuthOptional

A secret containing docker credentials for authenticating to a registry.


hostAliasesOptional

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


hostNetworkOptional
  • Type: java.lang.Boolean
  • Default: false

Host network for the pod.


initContainersOptional

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


isolateOptional
  • Type: java.lang.Boolean
  • Default: false

Isolates the pod.

This will prevent any ingress or egress connections to / from this pod. You can however allow explicit connections post instantiation by using the .connections property.


restartPolicyOptional

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


securityContextOptional

SecurityContext holds pod-level security attributes and common container settings.


serviceAccountOptional

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


terminationGracePeriodOptional

Grace period until the pod is terminated.


volumesOptional

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


podMetadataOptional

The pod metadata of this workload.


selectOptional
  • Type: java.lang.Boolean
  • Default: true

Automatically allocates a pod label selector for this workload and add it to the pod metadata.

This ensures this workload manages pods created by its pod template.


spreadOptional
  • Type: java.lang.Boolean
  • Default: false

Automatically spread pods across hostname and zones.

https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#internal-default-constraints


activeDeadlineOptional

Specifies the duration the job may be active before the system tries to terminate it.


backoffLimitOptional
  • Type: java.lang.Number
  • Default: If not set, system defaults to 6.

Specifies the number of retries before marking this job failed.


ttlAfterFinishedOptional
  • Type: org.cdk8s.Duration
  • Default: If this field is unset, the Job won’t be automatically deleted.

Limits the lifetime of a Job that has finished execution (either Complete or Failed).

If this field is set, after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes. This field is alpha-level and is only honored by servers that enable the TTLAfterFinished feature.


scheduleRequired

Specifies the time in which the job would run again.

This is defined as a cron expression in the CronJob resource.


concurrencyPolicyOptional

Specifies the concurrency policy for the job.


failedJobsRetainedOptional
  • Type: java.lang.Number
  • Default: 1

Specifies the number of failed jobs history retained.

This would retain the Job and the associated Pod resource and can be useful for debugging.


startingDeadlineOptional

Kubernetes attempts to start cron jobs at its schedule time, but this is not guaranteed.

This deadline specifies how much time can pass after a schedule point, for which kubernetes can still start the job. For example, if this is set to 100 seconds, kubernetes is allowed to start the job at a maximum 100 seconds after the scheduled time.

Note that the Kubernetes CronJobController checks for things every 10 seconds, for this reason, a deadline below 10 seconds is not allowed, as it may cause your job to never be scheduled.

In addition, kubernetes will stop scheduling jobs if more than 100 schedules were missed (for any reason). This property also controls what time interval should kubernetes consider when counting for missed schedules.

For example, suppose a CronJob is set to schedule a new Job every one minute beginning at 08:30:00, and its startingDeadline field is not set. If the CronJob controller happens to be down from 08:29:00 to 10:21:00, the job will not start as the number of missed jobs which missed their schedule is greater than 100. However, if startingDeadline is set to 200 seconds, kubernetes will only count 3 missed schedules, and thus start a new execution at 10:22:00.


successfulJobsRetainedOptional
  • Type: java.lang.Number
  • Default: 3

Specifies the number of successful jobs history retained.

This would retain the Job and the associated Pod resource and can be useful for debugging.


suspendOptional
  • Type: java.lang.Boolean
  • Default: false

Specifies if the cron job should be suspended.

Only applies to future executions, current ones are remained untouched.


timeZoneOptional
  • Type: java.lang.String
  • Default: Timezone of kube-controller-manager process.

Specifies the timezone for the job.

This helps aligining the schedule to follow the specified timezone.

{@link https://en.wikipedia.org/wiki/List_of_tz_database_time_zones} for list of valid timezone values.


Properties

concurrencyPolicyRequired
public java.lang.String getConcurrencyPolicy();
  • Type: java.lang.String

The policy used by this cron job to determine the concurrency mode in which to schedule jobs.


failedJobsRetainedRequired
public java.lang.Number getFailedJobsRetained();
  • Type: java.lang.Number

The number of failed jobs retained by this cron job.


resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

Represents the resource type.


scheduleRequired
public Cron getSchedule();

The schedule this cron job is scheduled to run in.


startingDeadlineRequired
public Duration getStartingDeadline();

The time by which the running cron job needs to schedule the next job execution.

The job is considered as failed if it misses this deadline.


successfulJobsRetainedRequired
public java.lang.Number getSuccessfulJobsRetained();
  • Type: java.lang.Number

The number of successful jobs retained by this cron job.


suspendRequired
public java.lang.Boolean getSuspend();
  • Type: java.lang.Boolean

Whether or not the cron job is currently suspended or not.


timeZoneOptional
public java.lang.String getTimeZone();
  • Type: java.lang.String

The timezone which this cron job would follow to schedule jobs.


DaemonSet

A DaemonSet ensures that all (or some) Nodes run a copy of a Pod.

As nodes are added to the cluster, Pods are added to them. As nodes are removed from the cluster, those Pods are garbage collected. Deleting a DaemonSet will clean up the Pods it created.

Some typical uses of a DaemonSet are:

  • running a cluster storage daemon on every node
  • running a logs collection daemon on every node
  • running a node monitoring daemon on every node

In a simple case, one DaemonSet, covering all nodes, would be used for each type of daemon. A more complex setup might use multiple DaemonSets for a single type of daemon, but with different flags and/or different memory and cpu requests for different hardware types.

Initializers

import org.cdk8s.plus30.DaemonSet;

DaemonSet.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .automountServiceAccountToken(java.lang.Boolean)
//  .containers(java.util.List<ContainerProps>)
//  .dns(PodDnsProps)
//  .dockerRegistryAuth(ISecret)
//  .hostAliases(java.util.List<HostAlias>)
//  .hostNetwork(java.lang.Boolean)
//  .initContainers(java.util.List<ContainerProps>)
//  .isolate(java.lang.Boolean)
//  .restartPolicy(RestartPolicy)
//  .securityContext(PodSecurityContextProps)
//  .serviceAccount(IServiceAccount)
//  .terminationGracePeriod(Duration)
//  .volumes(java.util.List<Volume>)
//  .podMetadata(ApiObjectMetadata)
//  .select(java.lang.Boolean)
//  .spread(java.lang.Boolean)
//  .minReadySeconds(java.lang.Number)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


automountServiceAccountTokenOptional
  • Type: java.lang.Boolean
  • Default: false

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


dockerRegistryAuthOptional

A secret containing docker credentials for authenticating to a registry.


hostAliasesOptional

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


hostNetworkOptional
  • Type: java.lang.Boolean
  • Default: false

Host network for the pod.


initContainersOptional

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


isolateOptional
  • Type: java.lang.Boolean
  • Default: false

Isolates the pod.

This will prevent any ingress or egress connections to / from this pod. You can however allow explicit connections post instantiation by using the .connections property.


restartPolicyOptional

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


securityContextOptional

SecurityContext holds pod-level security attributes and common container settings.


serviceAccountOptional

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


terminationGracePeriodOptional

Grace period until the pod is terminated.


volumesOptional

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


podMetadataOptional

The pod metadata of this workload.


selectOptional
  • Type: java.lang.Boolean
  • Default: true

Automatically allocates a pod label selector for this workload and add it to the pod metadata.

This ensures this workload manages pods created by its pod template.


spreadOptional
  • Type: java.lang.Boolean
  • Default: false

Automatically spread pods across hostname and zones.

https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#internal-default-constraints


minReadySecondsOptional
  • Type: java.lang.Number
  • Default: 0

Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available.


Properties

minReadySecondsRequired
public java.lang.Number getMinReadySeconds();
  • Type: java.lang.Number

resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.


Deployment

A Deployment provides declarative updates for Pods and ReplicaSets.

You describe a desired state in a Deployment, and the Deployment Controller changes the actual state to the desired state at a controlled rate. You can define Deployments to create new ReplicaSets, or to remove existing Deployments and adopt all their resources with new Deployments.

Note: Do not manage ReplicaSets owned by a Deployment. Consider opening an issue in the main Kubernetes repository if your use case is not covered below.

Use Case

The following are typical use cases for Deployments:

  • Create a Deployment to rollout a ReplicaSet. The ReplicaSet creates Pods in the background. Check the status of the rollout to see if it succeeds or not.
  • Declare the new state of the Pods by updating the PodTemplateSpec of the Deployment. A new ReplicaSet is created and the Deployment manages moving the Pods from the old ReplicaSet to the new one at a controlled rate. Each new ReplicaSet updates the revision of the Deployment.
  • Rollback to an earlier Deployment revision if the current state of the Deployment is not stable. Each rollback updates the revision of the Deployment.
  • Scale up the Deployment to facilitate more load.
  • Pause the Deployment to apply multiple fixes to its PodTemplateSpec and then resume it to start a new rollout.
  • Use the status of the Deployment as an indicator that a rollout has stuck.
  • Clean up older ReplicaSets that you don’t need anymore.

Initializers

import org.cdk8s.plus30.Deployment;

Deployment.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .automountServiceAccountToken(java.lang.Boolean)
//  .containers(java.util.List<ContainerProps>)
//  .dns(PodDnsProps)
//  .dockerRegistryAuth(ISecret)
//  .hostAliases(java.util.List<HostAlias>)
//  .hostNetwork(java.lang.Boolean)
//  .initContainers(java.util.List<ContainerProps>)
//  .isolate(java.lang.Boolean)
//  .restartPolicy(RestartPolicy)
//  .securityContext(PodSecurityContextProps)
//  .serviceAccount(IServiceAccount)
//  .terminationGracePeriod(Duration)
//  .volumes(java.util.List<Volume>)
//  .podMetadata(ApiObjectMetadata)
//  .select(java.lang.Boolean)
//  .spread(java.lang.Boolean)
//  .minReady(Duration)
//  .progressDeadline(Duration)
//  .replicas(java.lang.Number)
//  .strategy(DeploymentStrategy)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


automountServiceAccountTokenOptional
  • Type: java.lang.Boolean
  • Default: false

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


dockerRegistryAuthOptional

A secret containing docker credentials for authenticating to a registry.


hostAliasesOptional

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


hostNetworkOptional
  • Type: java.lang.Boolean
  • Default: false

Host network for the pod.


initContainersOptional

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


isolateOptional
  • Type: java.lang.Boolean
  • Default: false

Isolates the pod.

This will prevent any ingress or egress connections to / from this pod. You can however allow explicit connections post instantiation by using the .connections property.


restartPolicyOptional

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


securityContextOptional

SecurityContext holds pod-level security attributes and common container settings.


serviceAccountOptional

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


terminationGracePeriodOptional

Grace period until the pod is terminated.


volumesOptional

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


podMetadataOptional

The pod metadata of this workload.


selectOptional
  • Type: java.lang.Boolean
  • Default: true

Automatically allocates a pod label selector for this workload and add it to the pod metadata.

This ensures this workload manages pods created by its pod template.


spreadOptional
  • Type: java.lang.Boolean
  • Default: false

Automatically spread pods across hostname and zones.

https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#internal-default-constraints


minReadyOptional

Minimum duration for which a newly created pod should be ready without any of its container crashing, for it to be considered available.

Zero means the pod will be considered available as soon as it is ready.

https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#min-ready-seconds


progressDeadlineOptional

The maximum duration for a deployment to make progress before it is considered to be failed.

The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status.

Note that progress will not be estimated during the time a deployment is paused.

https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#progress-deadline-seconds


replicasOptional
  • Type: java.lang.Number
  • Default: 2

Number of desired pods.


strategyOptional

Specifies the strategy used to replace old Pods by new ones.


Methods

exposeViaIngress
public exposeViaIngress(java.lang.String path)
public exposeViaIngress(java.lang.String path, ExposeDeploymentViaIngressOptions options)
pathRequired
  • Type: java.lang.String

The ingress path to register under.


optionsOptional

Additional options.


exposeViaService
public exposeViaService()
public exposeViaService(DeploymentExposeViaServiceOptions options)
optionsOptional

Options to determine details of the service and port exposed.


markHasAutoscaler
public markHasAutoscaler()
toScalingTarget
public toScalingTarget()

Properties

minReadyRequired
public Duration getMinReady();

Minimum duration for which a newly created pod should be ready without any of its container crashing, for it to be considered available.


progressDeadlineRequired
public Duration getProgressDeadline();

The maximum duration for a deployment to make progress before it is considered to be failed.


resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.


strategyRequired
public DeploymentStrategy getStrategy();

replicasOptional
public java.lang.Number getReplicas();
  • Type: java.lang.Number

Number of desired pods.


hasAutoscalerRequired
public java.lang.Boolean getHasAutoscaler();
  • Type: java.lang.Boolean

If this is a target of an autoscaler.


DockerConfigSecret

Create a secret for storing credentials for accessing a container image registry.

https://kubernetes.io/docs/concepts/configuration/secret/#docker-config-secrets

Initializers

import org.cdk8s.plus30.DockerConfigSecret;

DockerConfigSecret.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .immutable(java.lang.Boolean)
    .data(java.util.Map<java.lang.String, java.lang.Object>)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
  • Type: java.lang.Boolean
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


dataRequired
  • Type: java.util.Mapjava.lang.Object>

JSON content to provide for the ~/.docker/config.json file. This will be stringified and inserted as stringData.

https://docs.docker.com/engine/reference/commandline/cli/#sample-configuration-file


GCEPersistentDiskPersistentVolume

GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet’s host machine and then exposed to the pod.

Provisioned by an admin.

https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

Initializers

import org.cdk8s.plus30.GCEPersistentDiskPersistentVolume;

GCEPersistentDiskPersistentVolume.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .accessModes(java.util.List<PersistentVolumeAccessMode>)
//  .claim(IPersistentVolumeClaim)
//  .mountOptions(java.util.List<java.lang.String>)
//  .reclaimPolicy(PersistentVolumeReclaimPolicy)
//  .storage(Size)
//  .storageClassName(java.lang.String)
//  .volumeMode(PersistentVolumeMode)
    .pdName(java.lang.String)
//  .fsType(java.lang.String)
//  .partition(java.lang.Number)
//  .readOnly(java.lang.Boolean)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


accessModesOptional

Contains all ways the volume can be mounted.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes


claimOptional

Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.

Expected to be non-nil when bound.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding


mountOptionsOptional
  • Type: java.util.List<java.lang.String>
  • Default: No options.

A list of mount options, e.g. [“ro”, “soft”]. Not validated - mount will simply fail if one is invalid.

https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options


reclaimPolicyOptional

When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource.

The reclaim policy tells the cluster what to do with the volume after it has been released of its claim.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming


storageOptional

What is the storage capacity of this volume.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources


storageClassNameOptional
  • Type: java.lang.String
  • Default: Volume does not belong to any storage class.

Name of StorageClass to which this persistent volume belongs.


volumeModeOptional

Defines what type of volume is required by the claim.


pdNameRequired
  • Type: java.lang.String

Unique name of the PD resource in GCE.

Used to identify the disk in GCE.

https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk


fsTypeOptional
  • Type: java.lang.String
  • Default: ‘ext4’

Filesystem type of the volume that you want to mount.

Tip: Ensure that the filesystem type is supported by the host operating system.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


partitionOptional
  • Type: java.lang.Number
  • Default: No partition.

The partition in the volume that you want to mount.

If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as “1”. Similarly, the volume partition for /dev/sda is “0” (or you can leave the property empty).


readOnlyOptional
  • Type: java.lang.Boolean
  • Default: false

Specify “true” to force and set the ReadOnly property in VolumeMounts to “true”.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


Properties

fsTypeRequired
public java.lang.String getFsType();
  • Type: java.lang.String

File system type of this volume.


pdNameRequired
public java.lang.String getPdName();
  • Type: java.lang.String

PD resource in GCE of this volume.


readOnlyRequired
public java.lang.Boolean getReadOnly();
  • Type: java.lang.Boolean

Whether or not it is mounted as a read-only volume.


partitionOptional
public java.lang.Number getPartition();
  • Type: java.lang.Number

Partition of this volume.


Group

Represents a group.

Methods

toSubjectConfiguration
public toSubjectConfiguration()

Static Functions

fromName
import org.cdk8s.plus30.Group;

Group.fromName(Construct scope, java.lang.String id, java.lang.String name)
scopeRequired

idRequired
  • Type: java.lang.String

nameRequired
  • Type: java.lang.String

Properties

kindRequired
public java.lang.String getKind();
  • Type: java.lang.String

nameRequired
public java.lang.String getName();
  • Type: java.lang.String

apiGroupOptional
public java.lang.String getApiGroup();
  • Type: java.lang.String

HorizontalPodAutoscaler

A HorizontalPodAutoscaler scales a workload up or down in response to a metric change.

This allows your services to scale up when demand is high and scale down when they are no longer needed.

Typical use cases for HorizontalPodAutoscaler:

  • When Memory usage is above 70%, scale up the number of replicas to meet the demand.
  • When CPU usage is below 30%, scale down the number of replicas to save resources.
  • When a service is experiencing a spike in traffic, scale up the number of replicas to meet the demand. Then, when the traffic subsides, scale down the number of replicas to save resources.

The autoscaler uses the following algorithm to determine the number of replicas to scale:

desiredReplicas = ceil[currentReplicas * ( currentMetricValue / desiredMetricValue )]

HorizontalPodAutoscaler’s can be used to with any Scalable workload:

  • Deployment
  • StatefulSet

Targets that already have a replica count defined:

Remove any replica counts from the target resource before associating with a HorizontalPodAutoscaler. If this isn’t done, then any time a change to that object is applied, Kubernetes will scale the current number of Pods to the value of the target.replicas key. This may not be desired and could lead to unexpected behavior.

https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#implicit-maintenance-mode-deactivation

Initializers

import org.cdk8s.plus30.HorizontalPodAutoscaler;

HorizontalPodAutoscaler.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
    .maxReplicas(java.lang.Number)
    .target(IScalable)
//  .metrics(java.util.List<Metric>)
//  .minReplicas(java.lang.Number)
//  .scaleDown(ScalingRules)
//  .scaleUp(ScalingRules)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


maxReplicasRequired
  • Type: java.lang.Number

The maximum number of replicas that can be scaled up to.


targetRequired

The workload to scale up or down.

Scalable workload types:

  • Deployment
  • StatefulSet

metricsOptional
  • Type: java.util.List<org.cdk8s.plus30.Metric>
  • Default: If metrics are not provided, then the target resource constraints (e.g. cpu limit) will be used as scaling metrics.

The metric conditions that trigger a scale up or scale down.


minReplicasOptional
  • Type: java.lang.Number
  • Default: 1

The minimum number of replicas that can be scaled down to.

Can be set to 0 if the alpha feature gate HPAScaleToZero is enabled and at least one Object or External metric is configured.


scaleDownOptional

The scaling behavior when scaling down.


scaleUpOptional
  • Type: org.cdk8s.plus30.ScalingRules
  • Default: Is the higher of:
  • Increase no more than 4 pods per 60 seconds
  • Double the number of pods per 60 seconds

The scaling behavior when scaling up.


Properties

maxReplicasRequired
public java.lang.Number getMaxReplicas();
  • Type: java.lang.Number

The maximum number of replicas that can be scaled up to.


minReplicasRequired
public java.lang.Number getMinReplicas();
  • Type: java.lang.Number

The minimum number of replicas that can be scaled down to.


resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.


scaleDownRequired
public ScalingRules getScaleDown();

The scaling behavior when scaling down.


scaleUpRequired
public ScalingRules getScaleUp();

The scaling behavior when scaling up.


targetRequired
public IScalable getTarget();

The workload to scale up or down.


metricsOptional
public java.util.List<Metric> getMetrics();

The metric conditions that trigger a scale up or scale down.


Ingress

Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend.

An Ingress can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc.

Initializers

import org.cdk8s.plus30.Ingress;

Ingress.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .className(java.lang.String)
//  .defaultBackend(IngressBackend)
//  .rules(java.util.List<IngressRule>)
//  .tls(java.util.List<IngressTls>)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


classNameOptional
  • Type: java.lang.String

Class Name for this ingress.

This field is a reference to an IngressClass resource that contains additional Ingress configuration, including the name of the Ingress controller.


defaultBackendOptional

The default backend services requests that do not match any rule.

Using this option or the addDefaultBackend() method is equivalent to adding a rule with both path and host undefined.


rulesOptional

Routing rules for this ingress.

Each rule must define an IngressBackend that will receive the requests that match this rule. If both host and path are not specifiec, this backend will be used as the default backend of the ingress.

You can also add rules later using addRule(), addHostRule(), addDefaultBackend() and addHostDefaultBackend().


tlsOptional

TLS settings for this ingress.

Using this option tells the ingress controller to expose a TLS endpoint. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.


Methods

addDefaultBackend
public addDefaultBackend(IngressBackend backend)
backendRequired

The backend to use for requests that do not match any rule.


addHostDefaultBackend
public addHostDefaultBackend(java.lang.String host, IngressBackend backend)
hostRequired
  • Type: java.lang.String

The host name to match.


backendRequired

The backend to route to.


addHostRule
public addHostRule(java.lang.String host, java.lang.String path, IngressBackend backend)
public addHostRule(java.lang.String host, java.lang.String path, IngressBackend backend, HttpIngressPathType pathType)
hostRequired
  • Type: java.lang.String

The host name.


pathRequired
  • Type: java.lang.String

The HTTP path.


backendRequired

The backend to route requests to.


pathTypeOptional

How the path is matched against request paths.


addRule
public addRule(java.lang.String path, IngressBackend backend)
public addRule(java.lang.String path, IngressBackend backend, HttpIngressPathType pathType)
pathRequired
  • Type: java.lang.String

The HTTP path.


backendRequired

The backend to route requests to.


pathTypeOptional

How the path is matched against request paths.


addRules
public addRules(IngressRule rules)
rulesRequired

The rules to add.


addTls
public addTls(java.util.List<IngressTls> tls)
tlsRequired

Properties

resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.


Job

A Job creates one or more Pods and ensures that a specified number of them successfully terminate.

As pods successfully complete, the Job tracks the successful completions. When a specified number of successful completions is reached, the task (ie, Job) is complete. Deleting a Job will clean up the Pods it created. A simple case is to create one Job object in order to reliably run one Pod to completion. The Job object will start a new Pod if the first Pod fails or is deleted (for example due to a node hardware failure or a node reboot). You can also use a Job to run multiple Pods in parallel.

Initializers

import org.cdk8s.plus30.Job;

Job.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .automountServiceAccountToken(java.lang.Boolean)
//  .containers(java.util.List<ContainerProps>)
//  .dns(PodDnsProps)
//  .dockerRegistryAuth(ISecret)
//  .hostAliases(java.util.List<HostAlias>)
//  .hostNetwork(java.lang.Boolean)
//  .initContainers(java.util.List<ContainerProps>)
//  .isolate(java.lang.Boolean)
//  .restartPolicy(RestartPolicy)
//  .securityContext(PodSecurityContextProps)
//  .serviceAccount(IServiceAccount)
//  .terminationGracePeriod(Duration)
//  .volumes(java.util.List<Volume>)
//  .podMetadata(ApiObjectMetadata)
//  .select(java.lang.Boolean)
//  .spread(java.lang.Boolean)
//  .activeDeadline(Duration)
//  .backoffLimit(java.lang.Number)
//  .ttlAfterFinished(Duration)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


automountServiceAccountTokenOptional
  • Type: java.lang.Boolean
  • Default: false

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


dockerRegistryAuthOptional

A secret containing docker credentials for authenticating to a registry.


hostAliasesOptional

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


hostNetworkOptional
  • Type: java.lang.Boolean
  • Default: false

Host network for the pod.


initContainersOptional

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


isolateOptional
  • Type: java.lang.Boolean
  • Default: false

Isolates the pod.

This will prevent any ingress or egress connections to / from this pod. You can however allow explicit connections post instantiation by using the .connections property.


restartPolicyOptional

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


securityContextOptional

SecurityContext holds pod-level security attributes and common container settings.


serviceAccountOptional

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


terminationGracePeriodOptional

Grace period until the pod is terminated.


volumesOptional

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


podMetadataOptional

The pod metadata of this workload.


selectOptional
  • Type: java.lang.Boolean
  • Default: true

Automatically allocates a pod label selector for this workload and add it to the pod metadata.

This ensures this workload manages pods created by its pod template.


spreadOptional
  • Type: java.lang.Boolean
  • Default: false

Automatically spread pods across hostname and zones.

https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#internal-default-constraints


activeDeadlineOptional

Specifies the duration the job may be active before the system tries to terminate it.


backoffLimitOptional
  • Type: java.lang.Number
  • Default: If not set, system defaults to 6.

Specifies the number of retries before marking this job failed.


ttlAfterFinishedOptional
  • Type: org.cdk8s.Duration
  • Default: If this field is unset, the Job won’t be automatically deleted.

Limits the lifetime of a Job that has finished execution (either Complete or Failed).

If this field is set, after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes. This field is alpha-level and is only honored by servers that enable the TTLAfterFinished feature.


Properties

resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.


activeDeadlineOptional
public Duration getActiveDeadline();

Duration before job is terminated.

If undefined, there is no deadline.


backoffLimitOptional
public java.lang.Number getBackoffLimit();
  • Type: java.lang.Number

Number of retries before marking failed.


ttlAfterFinishedOptional
public Duration getTtlAfterFinished();

TTL before the job is deleted after it is finished.


Namespace

In Kubernetes, namespaces provides a mechanism for isolating groups of resources within a single cluster.

Names of resources need to be unique within a namespace, but not across namespaces. Namespace-based scoping is applicable only for namespaced objects (e.g. Deployments, Services, etc) and not for cluster-wide objects (e.g. StorageClass, Nodes, PersistentVolumes, etc).

Initializers

import org.cdk8s.plus30.Namespace;

Namespace.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


Methods

toNamespaceSelectorConfig
public toNamespaceSelectorConfig()
toNetworkPolicyPeerConfig
public toNetworkPolicyPeerConfig()
toPodSelector
public toPodSelector()

Properties

resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.


Constants

NAME_LABEL
  • Type: java.lang.String

https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/#automatic-labelling


Namespaces

Represents a group of namespaces.

Initializers

import org.cdk8s.plus30.Namespaces;

new Namespaces(Construct scope, java.lang.String id);
new Namespaces(Construct scope, java.lang.String id, java.util.List<LabelExpression> expressions);
new Namespaces(Construct scope, java.lang.String id, java.util.List<LabelExpression> expressions, java.util.List<java.lang.String> names);
new Namespaces(Construct scope, java.lang.String id, java.util.List<LabelExpression> expressions, java.util.List<java.lang.String> names, java.util.Map<java.lang.String, java.lang.String> labels);
scopeRequired

idRequired
  • Type: java.lang.String

expressionsOptional

namesOptional
  • Type: java.util.List<java.lang.String>

labelsOptional
  • Type: java.util.Mapjava.lang.String>

Methods

toNamespaceSelectorConfig
public toNamespaceSelectorConfig()
toNetworkPolicyPeerConfig
public toNetworkPolicyPeerConfig()
toPodSelector
public toPodSelector()

Static Functions

all
import org.cdk8s.plus30.Namespaces;

Namespaces.all(Construct scope, java.lang.String id)
scopeRequired

idRequired
  • Type: java.lang.String

select
import org.cdk8s.plus30.Namespaces;

Namespaces.select(Construct scope, java.lang.String id, NamespacesSelectOptions options)
scopeRequired

idRequired
  • Type: java.lang.String

optionsRequired

NetworkPolicy

Control traffic flow at the IP address or port level (OSI layer 3 or 4), network policies are an application-centric construct which allow you to specify how a pod is allowed to communicate with various network peers.

  • Outgoing traffic is allowed if there are no network policies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the network policies that select the pod.
  • Incoming traffic is allowed to a pod if there are no network policies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod’s local node, OR if the traffic matches at least one ingress rule across all of the network policies that select the pod.

Network policies do not conflict; they are additive. If any policy or policies apply to a given pod for a given direction, the connections allowed in that direction from that pod is the union of what the applicable policies allow. Thus, order of evaluation does not affect the policy result.

For a connection from a source pod to a destination pod to be allowed, both the egress policy on the source pod and the ingress policy on the destination pod need to allow the connection. If either side does not allow the connection, it will not happen.

https://kubernetes.io/docs/concepts/services-networking/network-policies/#networkpolicy-resource

Initializers

import org.cdk8s.plus30.NetworkPolicy;

NetworkPolicy.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .egress(NetworkPolicyTraffic)
//  .ingress(NetworkPolicyTraffic)
//  .selector(IPodSelector)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


egressOptional

Egress traffic configuration.


ingressOptional

Ingress traffic configuration.


selectorOptional

Which pods does this policy object applies to.

This can either be a single pod / workload, or a grouping of pods selected via the Pods.select function. Rules is applied to any pods selected by this property. Multiple network policies can select the same set of pods. In this case, the rules for each are combined additively.

Note that


Methods

addEgressRule
public addEgressRule(INetworkPolicyPeer peer)
public addEgressRule(INetworkPolicyPeer peer, java.util.List<NetworkPolicyPort> ports)
peerRequired

portsOptional

addIngressRule
public addIngressRule(INetworkPolicyPeer peer)
public addIngressRule(INetworkPolicyPeer peer, java.util.List<NetworkPolicyPort> ports)
peerRequired

portsOptional

Properties

resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.


NetworkPolicyIpBlock

Describes a particular CIDR (Ex.

“192.168.1.1/24”,”2001:db9::/64”) that is allowed to the pods matched by a network policy selector. The except entry describes CIDRs that should not be included within this rule.

Methods

toNetworkPolicyPeerConfig
public toNetworkPolicyPeerConfig()
toPodSelector
public toPodSelector()

Static Functions

anyIpv4
import org.cdk8s.plus30.NetworkPolicyIpBlock;

NetworkPolicyIpBlock.anyIpv4(Construct scope, java.lang.String id)
scopeRequired

idRequired
  • Type: java.lang.String

anyIpv6
import org.cdk8s.plus30.NetworkPolicyIpBlock;

NetworkPolicyIpBlock.anyIpv6(Construct scope, java.lang.String id)
scopeRequired

idRequired
  • Type: java.lang.String

ipv4
import org.cdk8s.plus30.NetworkPolicyIpBlock;

NetworkPolicyIpBlock.ipv4(Construct scope, java.lang.String id, java.lang.String cidrIp)
NetworkPolicyIpBlock.ipv4(Construct scope, java.lang.String id, java.lang.String cidrIp, java.util.List<java.lang.String> except)
scopeRequired

idRequired
  • Type: java.lang.String

cidrIpRequired
  • Type: java.lang.String

exceptOptional
  • Type: java.util.List<java.lang.String>

ipv6
import org.cdk8s.plus30.NetworkPolicyIpBlock;

NetworkPolicyIpBlock.ipv6(Construct scope, java.lang.String id, java.lang.String cidrIp)
NetworkPolicyIpBlock.ipv6(Construct scope, java.lang.String id, java.lang.String cidrIp, java.util.List<java.lang.String> except)
scopeRequired

idRequired
  • Type: java.lang.String

cidrIpRequired
  • Type: java.lang.String

exceptOptional
  • Type: java.util.List<java.lang.String>

Properties

cidrRequired
public java.lang.String getCidr();
  • Type: java.lang.String

A string representing the IP Block Valid examples are “192.168.1.1/24” or “2001:db9::/64”.


exceptOptional
public java.util.List<java.lang.String> getExcept();
  • Type: java.util.List<java.lang.String>

A slice of CIDRs that should not be included within an IP Block Valid examples are “192.168.1.1/24” or “2001:db9::/64”. Except values will be rejected if they are outside the CIDR range.


PersistentVolume

A PersistentVolume (PV) is a piece of storage in the cluster that has been provisioned by an administrator or dynamically provisioned using Storage Classes.

It is a resource in the cluster just like a node is a cluster resource. PVs are volume plugins like Volumes, but have a lifecycle independent of any individual Pod that uses the PV. This API object captures the details of the implementation of the storage, be that NFS, iSCSI, or a cloud-provider-specific storage system.

Initializers

import org.cdk8s.plus30.PersistentVolume;

PersistentVolume.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .accessModes(java.util.List<PersistentVolumeAccessMode>)
//  .claim(IPersistentVolumeClaim)
//  .mountOptions(java.util.List<java.lang.String>)
//  .reclaimPolicy(PersistentVolumeReclaimPolicy)
//  .storage(Size)
//  .storageClassName(java.lang.String)
//  .volumeMode(PersistentVolumeMode)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


accessModesOptional

Contains all ways the volume can be mounted.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes


claimOptional

Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.

Expected to be non-nil when bound.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding


mountOptionsOptional
  • Type: java.util.List<java.lang.String>
  • Default: No options.

A list of mount options, e.g. [“ro”, “soft”]. Not validated - mount will simply fail if one is invalid.

https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options


reclaimPolicyOptional

When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource.

The reclaim policy tells the cluster what to do with the volume after it has been released of its claim.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming


storageOptional

What is the storage capacity of this volume.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources


storageClassNameOptional
  • Type: java.lang.String
  • Default: Volume does not belong to any storage class.

Name of StorageClass to which this persistent volume belongs.


volumeModeOptional

Defines what type of volume is required by the claim.


Methods

asVolume
public asVolume()
bind
public bind(IPersistentVolumeClaim claim)
claimRequired

The PVC to bind to.


reserve
public reserve()

Static Functions

fromPersistentVolumeName
import org.cdk8s.plus30.PersistentVolume;

PersistentVolume.fromPersistentVolumeName(Construct scope, java.lang.String id, java.lang.String volumeName)
scopeRequired

idRequired
  • Type: java.lang.String

volumeNameRequired
  • Type: java.lang.String

Properties

modeRequired
public PersistentVolumeMode getMode();

Volume mode of this volume.


reclaimPolicyRequired
public PersistentVolumeReclaimPolicy getReclaimPolicy();

Reclaim policy of this volume.


resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.


accessModesOptional
public java.util.List<PersistentVolumeAccessMode> getAccessModes();

Access modes requirement of this claim.


claimOptional
public IPersistentVolumeClaim getClaim();

PVC this volume is bound to.

Undefined means this volume is not yet claimed by any PVC.


mountOptionsOptional
public java.util.List<java.lang.String> getMountOptions();
  • Type: java.util.List<java.lang.String>

Mount options of this volume.


storageOptional
public Size getStorage();

Storage size of this volume.


storageClassNameOptional
public java.lang.String getStorageClassName();
  • Type: java.lang.String

Storage class this volume belongs to.


PersistentVolumeClaim

A PersistentVolumeClaim (PVC) is a request for storage by a user.

It is similar to a Pod. Pods consume node resources and PVCs consume PV resources. Pods can request specific levels of resources (CPU and Memory). Claims can request specific size and access modes

Initializers

import org.cdk8s.plus30.PersistentVolumeClaim;

PersistentVolumeClaim.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .accessModes(java.util.List<PersistentVolumeAccessMode>)
//  .storage(Size)
//  .storageClassName(java.lang.String)
//  .volume(IPersistentVolume)
//  .volumeMode(PersistentVolumeMode)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


accessModesOptional

Contains the access modes the volume should support.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1


storageOptional

Minimum storage size the volume should have.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources


storageClassNameOptional
  • Type: java.lang.String
  • Default: Not set.

Name of the StorageClass required by the claim. When this property is not set, the behavior is as follows:.

  • If the admission plugin is turned on, the storage class marked as default will be used.
  • If the admission plugin is turned off, the pvc can only be bound to volumes without a storage class.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1


volumeOptional

The PersistentVolume backing this claim.

The control plane still checks that storage class, access modes, and requested storage size on the volume are valid.

Note that in order to guarantee a proper binding, the volume should also define a claimRef referring to this claim. Otherwise, the volume may be claimed be other pvc’s before it gets a chance to bind to this one.

If the volume is managed (i.e not imported), you can use pv.claim() to easily create a bi-directional bounded claim.

https://kubernetes.io/docs/concepts/storage/persistent-volumes/#binding.


volumeModeOptional

Defines what type of volume is required by the claim.


Methods

bind
public bind(IPersistentVolume vol)
volRequired

The PV to bind to.


Static Functions

fromClaimName
import org.cdk8s.plus30.PersistentVolumeClaim;

PersistentVolumeClaim.fromClaimName(Construct scope, java.lang.String id, java.lang.String claimName)
scopeRequired

idRequired
  • Type: java.lang.String

claimNameRequired
  • Type: java.lang.String

Properties

resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.


volumeModeRequired
public PersistentVolumeMode getVolumeMode();

Volume mode requirement of this claim.


accessModesOptional
public java.util.List<PersistentVolumeAccessMode> getAccessModes();

Access modes requirement of this claim.


storageOptional
public Size getStorage();

Storage requirement of this claim.


storageClassNameOptional
public java.lang.String getStorageClassName();
  • Type: java.lang.String

Storage class requirment of this claim.


volumeOptional
public IPersistentVolume getVolume();

PV this claim is bound to.

Undefined means the claim is not bound to any specific volume.


Pod

Pod is a collection of containers that can run on a host.

This resource is created by clients and scheduled onto hosts.

Initializers

import org.cdk8s.plus30.Pod;

Pod.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .automountServiceAccountToken(java.lang.Boolean)
//  .containers(java.util.List<ContainerProps>)
//  .dns(PodDnsProps)
//  .dockerRegistryAuth(ISecret)
//  .hostAliases(java.util.List<HostAlias>)
//  .hostNetwork(java.lang.Boolean)
//  .initContainers(java.util.List<ContainerProps>)
//  .isolate(java.lang.Boolean)
//  .restartPolicy(RestartPolicy)
//  .securityContext(PodSecurityContextProps)
//  .serviceAccount(IServiceAccount)
//  .terminationGracePeriod(Duration)
//  .volumes(java.util.List<Volume>)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


automountServiceAccountTokenOptional
  • Type: java.lang.Boolean
  • Default: false

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


dockerRegistryAuthOptional

A secret containing docker credentials for authenticating to a registry.


hostAliasesOptional

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


hostNetworkOptional
  • Type: java.lang.Boolean
  • Default: false

Host network for the pod.


initContainersOptional

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


isolateOptional
  • Type: java.lang.Boolean
  • Default: false

Isolates the pod.

This will prevent any ingress or egress connections to / from this pod. You can however allow explicit connections post instantiation by using the .connections property.


restartPolicyOptional

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


securityContextOptional

SecurityContext holds pod-level security attributes and common container settings.


serviceAccountOptional

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


terminationGracePeriodOptional

Grace period until the pod is terminated.


volumesOptional

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


Properties

connectionsRequired
public PodConnections getConnections();

podMetadataRequired
public ApiObjectMetadataDefinition getPodMetadata();

resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.


schedulingRequired
public PodScheduling getScheduling();

Constants

ADDRESS_LABEL
  • Type: java.lang.String

This label is autoamtically added by cdk8s to any pod.

It provides a unique and stable identifier for the pod.


Pods

Represents a group of pods.

Initializers

import org.cdk8s.plus30.Pods;

new Pods(Construct scope, java.lang.String id);
new Pods(Construct scope, java.lang.String id, java.util.List<LabelExpression> expressions);
new Pods(Construct scope, java.lang.String id, java.util.List<LabelExpression> expressions, java.util.Map<java.lang.String, java.lang.String> labels);
new Pods(Construct scope, java.lang.String id, java.util.List<LabelExpression> expressions, java.util.Map<java.lang.String, java.lang.String> labels, INamespaceSelector namespaces);
scopeRequired

idRequired
  • Type: java.lang.String

expressionsOptional

labelsOptional
  • Type: java.util.Mapjava.lang.String>

namespacesOptional

Methods

toNetworkPolicyPeerConfig
public toNetworkPolicyPeerConfig()
toPodSelector
public toPodSelector()
toPodSelectorConfig
public toPodSelectorConfig()

Static Functions

all
import org.cdk8s.plus30.Pods;

Pods.all(Construct scope, java.lang.String id)
Pods.all(Construct scope, java.lang.String id, PodsAllOptions options)
scopeRequired

idRequired
  • Type: java.lang.String

optionsOptional

select
import org.cdk8s.plus30.Pods;

Pods.select(Construct scope, java.lang.String id, PodsSelectOptions options)
scopeRequired

idRequired
  • Type: java.lang.String

optionsRequired

Resource

Base class for all Kubernetes objects in stdk8s.

Represents a single resource.

Initializers

import org.cdk8s.plus30.Resource;

new Resource(Construct scope, java.lang.String id);
scopeRequired

idRequired
  • Type: java.lang.String

Methods

asApiResource
public asApiResource()
asNonApiResource
public asNonApiResource()

Properties

apiGroupRequired
public java.lang.String getApiGroup();
  • Type: java.lang.String

The group portion of the API version (e.g. “authorization.k8s.io”).


apiVersionRequired
public java.lang.String getApiVersion();
  • Type: java.lang.String

The object’s API version (e.g. “authorization.k8s.io/v1”).


kindRequired
public java.lang.String getKind();
  • Type: java.lang.String

The object kind (e.g. “Deployment”).


metadataRequired
public ApiObjectMetadataDefinition getMetadata();

nameRequired
public java.lang.String getName();
  • Type: java.lang.String

The name of this API object.


permissionsRequired
public ResourcePermissions getPermissions();

resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.


resourceNameOptional
public java.lang.String getResourceName();
  • Type: java.lang.String

The unique, namespace-global, name of an object inside the Kubernetes cluster.

If this is omitted, the ApiResource should represent all objects of the given type.


Role

Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.

Initializers

import org.cdk8s.plus30.Role;

Role.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .rules(java.util.List<RolePolicyRule>)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


rulesOptional

A list of rules the role should allow.


Methods

allow
public allow(java.util.List<java.lang.String> verbs, IApiResource resources)
verbsRequired
  • Type: java.util.List<java.lang.String>

resourcesRequired

The resource(s) to apply to.


allowCreate
public allowCreate(IApiResource resources)
resourcesRequired

The resource(s) to apply to.


allowDelete
public allowDelete(IApiResource resources)
resourcesRequired

The resource(s) to apply to.


allowDeleteCollection
public allowDeleteCollection(IApiResource resources)
resourcesRequired

The resource(s) to apply to.


allowGet
public allowGet(IApiResource resources)
resourcesRequired

The resource(s) to apply to.


allowList
public allowList(IApiResource resources)
resourcesRequired

The resource(s) to apply to.


allowPatch
public allowPatch(IApiResource resources)
resourcesRequired

The resource(s) to apply to.


allowRead
public allowRead(IApiResource resources)
resourcesRequired

The resource(s) to apply to.


allowReadWrite
public allowReadWrite(IApiResource resources)
resourcesRequired

The resource(s) to apply to.


allowUpdate
public allowUpdate(IApiResource resources)
resourcesRequired

The resource(s) to apply to.


allowWatch
public allowWatch(IApiResource resources)
resourcesRequired

The resource(s) to apply to.


bind
public bind(ISubject subjects)
subjectsRequired

a list of subjects to bind to.


Static Functions

fromRoleName
import org.cdk8s.plus30.Role;

Role.fromRoleName(Construct scope, java.lang.String id, java.lang.String name)
scopeRequired

idRequired
  • Type: java.lang.String

nameRequired
  • Type: java.lang.String

Properties

resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.


rulesRequired
public java.util.List<RolePolicyRule> getRules();

Rules associaated with this Role.

Returns a copy, use allow to add rules.


RoleBinding

A RoleBinding grants permissions within a specific namespace to a user or set of users.

Initializers

import org.cdk8s.plus30.RoleBinding;

RoleBinding.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
    .role(IRole)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


roleRequired

The role to bind to.

A RoleBinding can reference a Role or a ClusterRole.


Methods

addSubjects
public addSubjects(ISubject subjects)
subjectsRequired

The subjects to add.


Properties

resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.


roleRequired
public IRole getRole();

subjectsRequired
public java.util.List<ISubject> getSubjects();

Secret

Kubernetes Secrets let you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys.

Storing confidential information in a Secret is safer and more flexible than putting it verbatim in a Pod definition or in a container image.

https://kubernetes.io/docs/concepts/configuration/secret

Initializers

import org.cdk8s.plus30.Secret;

Secret.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .immutable(java.lang.Boolean)
//  .stringData(java.util.Map<java.lang.String, java.lang.String>)
//  .type(java.lang.String)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
  • Type: java.lang.Boolean
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


stringDataOptional
  • Type: java.util.Mapjava.lang.String>

stringData allows specifying non-binary secret data in string form.

It is provided as a write-only convenience method. All keys and values are merged into the data field on write, overwriting any existing values. It is never output when reading from the API.


typeOptional
  • Type: java.lang.String
  • Default: undefined - Don’t set a type.

Optional type associated with the secret.

Used to facilitate programmatic handling of secret data by various controllers.


Methods

addStringData
public addStringData(java.lang.String key, java.lang.String value)
keyRequired
  • Type: java.lang.String

Key.


valueRequired
  • Type: java.lang.String

Value.


envValue
public envValue(java.lang.String key)
public envValue(java.lang.String key, EnvValueFromSecretOptions options)
keyRequired
  • Type: java.lang.String

optionsOptional

getStringData
public getStringData(java.lang.String key)
keyRequired
  • Type: java.lang.String

Key.


Static Functions

fromSecretName
import org.cdk8s.plus30.Secret;

Secret.fromSecretName(Construct scope, java.lang.String id, java.lang.String name)
scopeRequired

idRequired
  • Type: java.lang.String

nameRequired
  • Type: java.lang.String

Properties

immutableRequired
public java.lang.Boolean getImmutable();
  • Type: java.lang.Boolean

Whether or not the secret is immutable.


resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.


Service

An abstract way to expose an application running on a set of Pods as a network service.

With Kubernetes you don’t need to modify your application to use an unfamiliar service discovery mechanism. Kubernetes gives Pods their own IP addresses and a single DNS name for a set of Pods, and can load-balance across them.

For example, consider a stateless image-processing backend which is running with 3 replicas. Those replicas are fungible—frontends do not care which backend they use. While the actual Pods that compose the backend set may change, the frontend clients should not need to be aware of that, nor should they need to keep track of the set of backends themselves. The Service abstraction enables this decoupling.

If you’re able to use Kubernetes APIs for service discovery in your application, you can query the API server for Endpoints, that get updated whenever the set of Pods in a Service changes. For non-native applications, Kubernetes offers ways to place a network port or load balancer in between your application and the backend Pods.

Initializers

import org.cdk8s.plus30.Service;

Service.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .clusterIP(java.lang.String)
//  .externalIPs(java.util.List<java.lang.String>)
//  .externalName(java.lang.String)
//  .loadBalancerSourceRanges(java.util.List<java.lang.String>)
//  .ports(java.util.List<ServicePort>)
//  .publishNotReadyAddresses(java.lang.Boolean)
//  .selector(IPodSelector)
//  .type(ServiceType)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


clusterIPOptional
  • Type: java.lang.String
  • Default: Automatically assigned.

The IP address of the service and is usually assigned randomly by the master.

If an address is specified manually and is not in use by others, it will be allocated to the service; otherwise, creation of the service will fail. This field can not be changed through updates. Valid values are “None”, empty string (“”), or a valid IP address. “None” can be specified for headless services when proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName.

https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies


externalIPsOptional
  • Type: java.util.List<java.lang.String>
  • Default: No external IPs.

A list of IP addresses for which nodes in the cluster will also accept traffic for this service.

These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.


externalNameOptional
  • Type: java.lang.String
  • Default: No external name.

The externalName to be used when ServiceType.EXTERNAL_NAME is set.


loadBalancerSourceRangesOptional
  • Type: java.util.List<java.lang.String>

A list of CIDR IP addresses, if specified and supported by the platform, will restrict traffic through the cloud-provider load-balancer to the specified client IPs.

More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/


portsOptional

The ports this service binds to.

If the selector of the service is a managed pod / workload, its ports will are automatically extracted and used as the default value. Otherwise, no ports are bound.


publishNotReadyAddressesOptional
  • Type: java.lang.Boolean
  • Default: false

The publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready.

More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#servicespec-v1-core


selectorOptional
  • Type: org.cdk8s.plus30.IPodSelector
  • Default: unset, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify.

Which pods should the service select and route to.

You can pass one of the following:

  • An instance of Pod or any workload resource (e.g Deployment, StatefulSet, …)
  • Pods selected by the Pods.select function. Note that in this case only labels can be specified.

typeOptional

Determines how the Service is exposed.

More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types


Methods

bind
public bind(java.lang.Number port)
public bind(java.lang.Number port, ServiceBindOptions options)
portRequired
  • Type: java.lang.Number

The port definition.


optionsOptional

exposeViaIngress
public exposeViaIngress(java.lang.String path)
public exposeViaIngress(java.lang.String path, ExposeServiceViaIngressOptions options)
pathRequired
  • Type: java.lang.String

The path to expose the service under.


optionsOptional

Additional options.


select
public select(IPodSelector selector)
selectorRequired

selectLabel
public selectLabel(java.lang.String key, java.lang.String value)
keyRequired
  • Type: java.lang.String

valueRequired
  • Type: java.lang.String

Properties

portRequired
public java.lang.Number getPort();
  • Type: java.lang.Number

Return the first port of the service.


portsRequired
public java.util.List<ServicePort> getPorts();

Ports for this service.

Use bind() to bind additional service ports.


resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.


typeRequired
public ServiceType getType();

Determines how the Service is exposed.


clusterIPOptional
public java.lang.String getClusterIP();
  • Type: java.lang.String

The IP address of the service and is usually assigned randomly by the master.


externalNameOptional
public java.lang.String getExternalName();
  • Type: java.lang.String

The externalName to be used for EXTERNAL_NAME types.


ServiceAccount

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account

Initializers

import org.cdk8s.plus30.ServiceAccount;

ServiceAccount.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .automountToken(java.lang.Boolean)
//  .secrets(java.util.List<ISecret>)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


automountTokenOptional
  • Type: java.lang.Boolean
  • Default: false

Indicates whether pods running as this service account should have an API token automatically mounted.

Can be overridden at the pod level.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


secretsOptional

List of secrets allowed to be used by pods running using this ServiceAccount.

https://kubernetes.io/docs/concepts/configuration/secret


Methods

addSecret
public addSecret(ISecret secr)
secrRequired

The secret.


toSubjectConfiguration
public toSubjectConfiguration()

Static Functions

fromServiceAccountName
import org.cdk8s.plus30.ServiceAccount;

ServiceAccount.fromServiceAccountName(Construct scope, java.lang.String id, java.lang.String name)
ServiceAccount.fromServiceAccountName(Construct scope, java.lang.String id, java.lang.String name, FromServiceAccountNameOptions options)
scopeRequired

idRequired
  • Type: java.lang.String

nameRequired
  • Type: java.lang.String

The name of the service account resource.


optionsOptional

additional options.


Properties

automountTokenRequired
public java.lang.Boolean getAutomountToken();
  • Type: java.lang.Boolean

Whether or not a token is automatically mounted for this service account.


resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.


secretsRequired
public java.util.List<ISecret> getSecrets();

List of secrets allowed to be used by pods running using this service account.

Returns a copy. To add a secret, use addSecret().


ServiceAccountTokenSecret

Create a secret for a service account token.

https://kubernetes.io/docs/concepts/configuration/secret/#service-account-token-secrets

Initializers

import org.cdk8s.plus30.ServiceAccountTokenSecret;

ServiceAccountTokenSecret.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .immutable(java.lang.Boolean)
    .serviceAccount(IServiceAccount)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
  • Type: java.lang.Boolean
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


serviceAccountRequired

The service account to store a secret for.


SshAuthSecret

Create a secret for ssh authentication.

https://kubernetes.io/docs/concepts/configuration/secret/#ssh-authentication-secrets

Initializers

import org.cdk8s.plus30.SshAuthSecret;

SshAuthSecret.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .immutable(java.lang.Boolean)
    .sshPrivateKey(java.lang.String)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
  • Type: java.lang.Boolean
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


sshPrivateKeyRequired
  • Type: java.lang.String

The SSH private key to use.


StatefulSet

StatefulSet is the workload API object used to manage stateful applications.

Manages the deployment and scaling of a set of Pods, and provides guarantees about the ordering and uniqueness of these Pods.

Like a Deployment, a StatefulSet manages Pods that are based on an identical container spec. Unlike a Deployment, a StatefulSet maintains a sticky identity for each of their Pods. These pods are created from the same spec, but are not interchangeable: each has a persistent identifier that it maintains across any rescheduling.

If you want to use storage volumes to provide persistence for your workload, you can use a StatefulSet as part of the solution. Although individual Pods in a StatefulSet are susceptible to failure, the persistent Pod identifiers make it easier to match existing volumes to the new Pods that replace any that have failed.

Using StatefulSets

StatefulSets are valuable for applications that require one or more of the following.

  • Stable, unique network identifiers.
  • Stable, persistent storage.
  • Ordered, graceful deployment and scaling.
  • Ordered, automated rolling updates.

Initializers

import org.cdk8s.plus30.StatefulSet;

StatefulSet.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .automountServiceAccountToken(java.lang.Boolean)
//  .containers(java.util.List<ContainerProps>)
//  .dns(PodDnsProps)
//  .dockerRegistryAuth(ISecret)
//  .hostAliases(java.util.List<HostAlias>)
//  .hostNetwork(java.lang.Boolean)
//  .initContainers(java.util.List<ContainerProps>)
//  .isolate(java.lang.Boolean)
//  .restartPolicy(RestartPolicy)
//  .securityContext(PodSecurityContextProps)
//  .serviceAccount(IServiceAccount)
//  .terminationGracePeriod(Duration)
//  .volumes(java.util.List<Volume>)
//  .podMetadata(ApiObjectMetadata)
//  .select(java.lang.Boolean)
//  .spread(java.lang.Boolean)
//  .minReady(Duration)
//  .podManagementPolicy(PodManagementPolicy)
//  .replicas(java.lang.Number)
//  .service(Service)
//  .strategy(StatefulSetUpdateStrategy)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


automountServiceAccountTokenOptional
  • Type: java.lang.Boolean
  • Default: false

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


dockerRegistryAuthOptional

A secret containing docker credentials for authenticating to a registry.


hostAliasesOptional

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


hostNetworkOptional
  • Type: java.lang.Boolean
  • Default: false

Host network for the pod.


initContainersOptional

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


isolateOptional
  • Type: java.lang.Boolean
  • Default: false

Isolates the pod.

This will prevent any ingress or egress connections to / from this pod. You can however allow explicit connections post instantiation by using the .connections property.


restartPolicyOptional

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


securityContextOptional

SecurityContext holds pod-level security attributes and common container settings.


serviceAccountOptional

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


terminationGracePeriodOptional

Grace period until the pod is terminated.


volumesOptional

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


podMetadataOptional

The pod metadata of this workload.


selectOptional
  • Type: java.lang.Boolean
  • Default: true

Automatically allocates a pod label selector for this workload and add it to the pod metadata.

This ensures this workload manages pods created by its pod template.


spreadOptional
  • Type: java.lang.Boolean
  • Default: false

Automatically spread pods across hostname and zones.

https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#internal-default-constraints


minReadyOptional

Minimum duration for which a newly created pod should be ready without any of its container crashing, for it to be considered available.

Zero means the pod will be considered available as soon as it is ready.

This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate.

https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#min-ready-seconds


podManagementPolicyOptional

Pod management policy to use for this statefulset.


replicasOptional
  • Type: java.lang.Number
  • Default: 1

Number of desired pods.


serviceOptional

Service to associate with the statefulset.


strategyOptional

Indicates the StatefulSetUpdateStrategy that will be employed to update Pods in the StatefulSet when a revision is made to Template.


Methods

markHasAutoscaler
public markHasAutoscaler()
toScalingTarget
public toScalingTarget()

Properties

minReadyRequired
public Duration getMinReady();

Minimum duration for which a newly created pod should be ready without any of its container crashing, for it to be considered available.


podManagementPolicyRequired
public PodManagementPolicy getPodManagementPolicy();

Management policy to use for the set.


resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.


serviceRequired
public Service getService();

strategyRequired
public StatefulSetUpdateStrategy getStrategy();

The update startegy of this stateful set.


replicasOptional
public java.lang.Number getReplicas();
  • Type: java.lang.Number

Number of desired pods.


hasAutoscalerRequired
public java.lang.Boolean getHasAutoscaler();
  • Type: java.lang.Boolean

If this is a target of an autoscaler.


TlsSecret

Create a secret for storing a TLS certificate and its associated key.

https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets

Initializers

import org.cdk8s.plus30.TlsSecret;

TlsSecret.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .immutable(java.lang.Boolean)
    .tlsCert(java.lang.String)
    .tlsKey(java.lang.String)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
  • Type: java.lang.Boolean
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


tlsCertRequired
  • Type: java.lang.String

The TLS cert.


tlsKeyRequired
  • Type: java.lang.String

The TLS key.


User

Represents a user.

Methods

toSubjectConfiguration
public toSubjectConfiguration()

Static Functions

fromName
import org.cdk8s.plus30.User;

User.fromName(Construct scope, java.lang.String id, java.lang.String name)
scopeRequired

idRequired
  • Type: java.lang.String

nameRequired
  • Type: java.lang.String

Properties

kindRequired
public java.lang.String getKind();
  • Type: java.lang.String

nameRequired
public java.lang.String getName();
  • Type: java.lang.String

apiGroupOptional
public java.lang.String getApiGroup();
  • Type: java.lang.String

Volume

Volume represents a named volume in a pod that may be accessed by any container in the pod.

Docker also has a concept of volumes, though it is somewhat looser and less managed. In Docker, a volume is simply a directory on disk or in another Container. Lifetimes are not managed and until very recently there were only local-disk-backed volumes. Docker now provides volume drivers, but the functionality is very limited for now (e.g. as of Docker 1.7 only one volume driver is allowed per Container and there is no way to pass parameters to volumes).

A Kubernetes volume, on the other hand, has an explicit lifetime - the same as the Pod that encloses it. Consequently, a volume outlives any Containers that run within the Pod, and data is preserved across Container restarts. Of course, when a Pod ceases to exist, the volume will cease to exist, too. Perhaps more importantly than this, Kubernetes supports many types of volumes, and a Pod can use any number of them simultaneously.

At its core, a volume is just a directory, possibly with some data in it, which is accessible to the Containers in a Pod. How that directory comes to be, the medium that backs it, and the contents of it are determined by the particular volume type used.

To use a volume, a Pod specifies what volumes to provide for the Pod (the .spec.volumes field) and where to mount those into Containers (the .spec.containers[*].volumeMounts field).

A process in a container sees a filesystem view composed from their Docker image and volumes. The Docker image is at the root of the filesystem hierarchy, and any volumes are mounted at the specified paths within the image. Volumes can not mount onto other volumes

Methods

asVolume
public asVolume()

Static Functions

fromAwsElasticBlockStore
import org.cdk8s.plus30.Volume;

Volume.fromAwsElasticBlockStore(Construct scope, java.lang.String id, java.lang.String volumeId)
Volume.fromAwsElasticBlockStore(Construct scope, java.lang.String id, java.lang.String volumeId, AwsElasticBlockStoreVolumeOptions options)
scopeRequired

idRequired
  • Type: java.lang.String

volumeIdRequired
  • Type: java.lang.String

optionsOptional

fromAzureDisk
import org.cdk8s.plus30.Volume;

Volume.fromAzureDisk(Construct scope, java.lang.String id, java.lang.String diskName, java.lang.String diskUri)
Volume.fromAzureDisk(Construct scope, java.lang.String id, java.lang.String diskName, java.lang.String diskUri, AzureDiskVolumeOptions options)
scopeRequired

idRequired
  • Type: java.lang.String

diskNameRequired
  • Type: java.lang.String

diskUriRequired
  • Type: java.lang.String

optionsOptional

fromConfigMap
import org.cdk8s.plus30.Volume;

Volume.fromConfigMap(Construct scope, java.lang.String id, IConfigMap configMap)
Volume.fromConfigMap(Construct scope, java.lang.String id, IConfigMap configMap, ConfigMapVolumeOptions options)
scopeRequired

idRequired
  • Type: java.lang.String

configMapRequired

The config map to use to populate the volume.


optionsOptional

Options.


fromCsi
import org.cdk8s.plus30.Volume;

Volume.fromCsi(Construct scope, java.lang.String id, java.lang.String driver)
Volume.fromCsi(Construct scope, java.lang.String id, java.lang.String driver, CsiVolumeOptions options)
scopeRequired

idRequired
  • Type: java.lang.String

driverRequired
  • Type: java.lang.String

The name of the CSI driver to use to populate the volume.


optionsOptional

Options for the CSI volume, including driver-specific ones.


fromEmptyDir
import org.cdk8s.plus30.Volume;

Volume.fromEmptyDir(Construct scope, java.lang.String id, java.lang.String name)
Volume.fromEmptyDir(Construct scope, java.lang.String id, java.lang.String name, EmptyDirVolumeOptions options)
scopeRequired

idRequired
  • Type: java.lang.String

nameRequired
  • Type: java.lang.String

optionsOptional

Additional options.


fromGcePersistentDisk
import org.cdk8s.plus30.Volume;

Volume.fromGcePersistentDisk(Construct scope, java.lang.String id, java.lang.String pdName)
Volume.fromGcePersistentDisk(Construct scope, java.lang.String id, java.lang.String pdName, GCEPersistentDiskVolumeOptions options)
scopeRequired

idRequired
  • Type: java.lang.String

pdNameRequired
  • Type: java.lang.String

optionsOptional

fromHostPath
import org.cdk8s.plus30.Volume;

Volume.fromHostPath(Construct scope, java.lang.String id, java.lang.String name, HostPathVolumeOptions options)
scopeRequired

idRequired
  • Type: java.lang.String

nameRequired
  • Type: java.lang.String

optionsRequired

fromNfs
import org.cdk8s.plus30.Volume;

Volume.fromNfs(Construct scope, java.lang.String id, java.lang.String name, NfsVolumeOptions options)
scopeRequired

idRequired
  • Type: java.lang.String

nameRequired
  • Type: java.lang.String

optionsRequired

fromPersistentVolumeClaim
import org.cdk8s.plus30.Volume;

Volume.fromPersistentVolumeClaim(Construct scope, java.lang.String id, IPersistentVolumeClaim claim)
Volume.fromPersistentVolumeClaim(Construct scope, java.lang.String id, IPersistentVolumeClaim claim, PersistentVolumeClaimVolumeOptions options)
scopeRequired

idRequired
  • Type: java.lang.String

claimRequired

optionsOptional

fromSecret
import org.cdk8s.plus30.Volume;

Volume.fromSecret(Construct scope, java.lang.String id, ISecret secr)
Volume.fromSecret(Construct scope, java.lang.String id, ISecret secr, SecretVolumeOptions options)
scopeRequired

idRequired
  • Type: java.lang.String

secrRequired

The secret to use to populate the volume.


optionsOptional

Options.


Properties

nameRequired
public java.lang.String getName();
  • Type: java.lang.String

Workload

A workload is an application running on Kubernetes.

Whether your workload is a single component or several that work together, on Kubernetes you run it inside a set of pods. In Kubernetes, a Pod represents a set of running containers on your cluster.

Initializers

import org.cdk8s.plus30.Workload;

Workload.Builder.create(Construct scope, java.lang.String id)
//  .metadata(ApiObjectMetadata)
//  .automountServiceAccountToken(java.lang.Boolean)
//  .containers(java.util.List<ContainerProps>)
//  .dns(PodDnsProps)
//  .dockerRegistryAuth(ISecret)
//  .hostAliases(java.util.List<HostAlias>)
//  .hostNetwork(java.lang.Boolean)
//  .initContainers(java.util.List<ContainerProps>)
//  .isolate(java.lang.Boolean)
//  .restartPolicy(RestartPolicy)
//  .securityContext(PodSecurityContextProps)
//  .serviceAccount(IServiceAccount)
//  .terminationGracePeriod(Duration)
//  .volumes(java.util.List<Volume>)
//  .podMetadata(ApiObjectMetadata)
//  .select(java.lang.Boolean)
//  .spread(java.lang.Boolean)
    .build();
scopeRequired

idRequired
  • Type: java.lang.String

metadataOptional

Metadata that all persisted resources must have, which includes all objects users must create.


automountServiceAccountTokenOptional
  • Type: java.lang.Boolean
  • Default: false

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


dockerRegistryAuthOptional

A secret containing docker credentials for authenticating to a registry.


hostAliasesOptional

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


hostNetworkOptional
  • Type: java.lang.Boolean
  • Default: false

Host network for the pod.


initContainersOptional

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


isolateOptional
  • Type: java.lang.Boolean
  • Default: false

Isolates the pod.

This will prevent any ingress or egress connections to / from this pod. You can however allow explicit connections post instantiation by using the .connections property.


restartPolicyOptional

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


securityContextOptional

SecurityContext holds pod-level security attributes and common container settings.


serviceAccountOptional

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


terminationGracePeriodOptional

Grace period until the pod is terminated.


volumesOptional

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


podMetadataOptional

The pod metadata of this workload.


selectOptional
  • Type: java.lang.Boolean
  • Default: true

Automatically allocates a pod label selector for this workload and add it to the pod metadata.

This ensures this workload manages pods created by its pod template.


spreadOptional
  • Type: java.lang.Boolean
  • Default: false

Automatically spread pods across hostname and zones.

https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#internal-default-constraints


Methods

select
public select(LabelSelector selectors)
selectorsRequired

Properties

connectionsRequired
public PodConnections getConnections();

matchExpressionsRequired
public java.util.List<LabelSelectorRequirement> getMatchExpressions();

The expression matchers this workload will use in order to select pods.

Returns a a copy. Use select() to add expression matchers.


matchLabelsRequired
public java.util.Map<java.lang.String, java.lang.String> getMatchLabels();
  • Type: java.util.Mapjava.lang.String>

The label matchers this workload will use in order to select pods.

Returns a a copy. Use select() to add label matchers.


podMetadataRequired
public ApiObjectMetadataDefinition getPodMetadata();

The metadata of pods in this workload.


schedulingRequired
public WorkloadScheduling getScheduling();

Structs

AbstractPodProps

Properties for AbstractPod.

Initializer

import org.cdk8s.plus30.AbstractPodProps;

AbstractPodProps.builder()
//  .metadata(ApiObjectMetadata)
//  .automountServiceAccountToken(java.lang.Boolean)
//  .containers(java.util.List<ContainerProps>)
//  .dns(PodDnsProps)
//  .dockerRegistryAuth(ISecret)
//  .hostAliases(java.util.List<HostAlias>)
//  .hostNetwork(java.lang.Boolean)
//  .initContainers(java.util.List<ContainerProps>)
//  .isolate(java.lang.Boolean)
//  .restartPolicy(RestartPolicy)
//  .securityContext(PodSecurityContextProps)
//  .serviceAccount(IServiceAccount)
//  .terminationGracePeriod(Duration)
//  .volumes(java.util.List<Volume>)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


automountServiceAccountTokenOptional
public java.lang.Boolean getAutomountServiceAccountToken();
  • Type: java.lang.Boolean
  • Default: false

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional
public java.util.List<ContainerProps> getContainers();

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional
public PodDnsProps getDns();

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


dockerRegistryAuthOptional
public ISecret getDockerRegistryAuth();

A secret containing docker credentials for authenticating to a registry.


hostAliasesOptional
public java.util.List<HostAlias> getHostAliases();

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


hostNetworkOptional
public java.lang.Boolean getHostNetwork();
  • Type: java.lang.Boolean
  • Default: false

Host network for the pod.


initContainersOptional
public java.util.List<ContainerProps> getInitContainers();

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


isolateOptional
public java.lang.Boolean getIsolate();
  • Type: java.lang.Boolean
  • Default: false

Isolates the pod.

This will prevent any ingress or egress connections to / from this pod. You can however allow explicit connections post instantiation by using the .connections property.


restartPolicyOptional
public RestartPolicy getRestartPolicy();

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


securityContextOptional
public PodSecurityContextProps getSecurityContext();

SecurityContext holds pod-level security attributes and common container settings.


serviceAccountOptional
public IServiceAccount getServiceAccount();

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


terminationGracePeriodOptional
public Duration getTerminationGracePeriod();

Grace period until the pod is terminated.


volumesOptional
public java.util.List<Volume> getVolumes();

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


AddDeploymentOptions

Options to add a deployment to a service.

Initializer

import org.cdk8s.plus30.AddDeploymentOptions;

AddDeploymentOptions.builder()
//  .name(java.lang.String)
//  .nodePort(java.lang.Number)
//  .protocol(Protocol)
//  .targetPort(java.lang.Number)
//  .port(java.lang.Number)
    .build();
nameOptional
public java.lang.String getName();
  • Type: java.lang.String

The name of this port within the service.

This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. This maps to the ‘Name’ field in EndpointPort objects. Optional if only one ServicePort is defined on this service.


nodePortOptional
public java.lang.Number getNodePort();
  • Type: java.lang.Number
  • Default: auto-allocate a port if the ServiceType of this Service requires one.

The port on each node on which this service is exposed when type=NodePort or LoadBalancer.

Usually assigned by the system. If specified, it will be allocated to the service if unused or else creation of the service will fail. Default is to auto-allocate a port if the ServiceType of this Service requires one.

https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport


protocolOptional
public Protocol getProtocol();

The IP protocol for this port.

Supports “TCP”, “UDP”, and “SCTP”. Default is TCP.


targetPortOptional
public java.lang.Number getTargetPort();
  • Type: java.lang.Number
  • Default: The value of port will be used.

The port number the service will redirect to.


portOptional
public java.lang.Number getPort();
  • Type: java.lang.Number
  • Default: Copied from the first container of the deployment.

The port number the service will bind to.


AddDirectoryOptions

Options for configmap.addDirectory().

Initializer

import org.cdk8s.plus30.AddDirectoryOptions;

AddDirectoryOptions.builder()
//  .exclude(java.util.List<java.lang.String>)
//  .keyPrefix(java.lang.String)
    .build();
excludeOptional
public java.util.List<java.lang.String> getExclude();
  • Type: java.util.List<java.lang.String>
  • Default: include all files

Glob patterns to exclude when adding files.


keyPrefixOptional
public java.lang.String getKeyPrefix();
  • Type: java.lang.String
  • Default: “”

A prefix to add to all keys in the config map.


ApiResourceOptions

Options for ApiResource.

Initializer

import org.cdk8s.plus30.ApiResourceOptions;

ApiResourceOptions.builder()
    .apiGroup(java.lang.String)
    .resourceType(java.lang.String)
    .build();
apiGroupRequired
public java.lang.String getApiGroup();
  • Type: java.lang.String

The group portion of the API version (e.g. authorization.k8s.io).


resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of the resource type as it appears in the relevant API endpoint.

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources


AwsElasticBlockStorePersistentVolumeProps

Properties for AwsElasticBlockStorePersistentVolume.

Initializer

import org.cdk8s.plus30.AwsElasticBlockStorePersistentVolumeProps;

AwsElasticBlockStorePersistentVolumeProps.builder()
//  .metadata(ApiObjectMetadata)
//  .accessModes(java.util.List<PersistentVolumeAccessMode>)
//  .claim(IPersistentVolumeClaim)
//  .mountOptions(java.util.List<java.lang.String>)
//  .reclaimPolicy(PersistentVolumeReclaimPolicy)
//  .storage(Size)
//  .storageClassName(java.lang.String)
//  .volumeMode(PersistentVolumeMode)
    .volumeId(java.lang.String)
//  .fsType(java.lang.String)
//  .partition(java.lang.Number)
//  .readOnly(java.lang.Boolean)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


accessModesOptional
public java.util.List<PersistentVolumeAccessMode> getAccessModes();

Contains all ways the volume can be mounted.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes


claimOptional
public IPersistentVolumeClaim getClaim();

Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.

Expected to be non-nil when bound.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding


mountOptionsOptional
public java.util.List<java.lang.String> getMountOptions();
  • Type: java.util.List<java.lang.String>
  • Default: No options.

A list of mount options, e.g. [“ro”, “soft”]. Not validated - mount will simply fail if one is invalid.

https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options


reclaimPolicyOptional
public PersistentVolumeReclaimPolicy getReclaimPolicy();

When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource.

The reclaim policy tells the cluster what to do with the volume after it has been released of its claim.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming


storageOptional
public Size getStorage();

What is the storage capacity of this volume.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources


storageClassNameOptional
public java.lang.String getStorageClassName();
  • Type: java.lang.String
  • Default: Volume does not belong to any storage class.

Name of StorageClass to which this persistent volume belongs.


volumeModeOptional
public PersistentVolumeMode getVolumeMode();

Defines what type of volume is required by the claim.


volumeIdRequired
public java.lang.String getVolumeId();
  • Type: java.lang.String

Unique ID of the persistent disk resource in AWS (Amazon EBS volume).

More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


fsTypeOptional
public java.lang.String getFsType();
  • Type: java.lang.String
  • Default: ‘ext4’

Filesystem type of the volume that you want to mount.

Tip: Ensure that the filesystem type is supported by the host operating system.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


partitionOptional
public java.lang.Number getPartition();
  • Type: java.lang.Number
  • Default: No partition.

The partition in the volume that you want to mount.

If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as “1”. Similarly, the volume partition for /dev/sda is “0” (or you can leave the property empty).


readOnlyOptional
public java.lang.Boolean getReadOnly();
  • Type: java.lang.Boolean
  • Default: false

Specify “true” to force and set the ReadOnly property in VolumeMounts to “true”.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


AwsElasticBlockStoreVolumeOptions

Options of Volume.fromAwsElasticBlockStore.

Initializer

import org.cdk8s.plus30.AwsElasticBlockStoreVolumeOptions;

AwsElasticBlockStoreVolumeOptions.builder()
//  .fsType(java.lang.String)
//  .name(java.lang.String)
//  .partition(java.lang.Number)
//  .readOnly(java.lang.Boolean)
    .build();
fsTypeOptional
public java.lang.String getFsType();
  • Type: java.lang.String
  • Default: ‘ext4’

Filesystem type of the volume that you want to mount.

Tip: Ensure that the filesystem type is supported by the host operating system.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


nameOptional
public java.lang.String getName();
  • Type: java.lang.String
  • Default: auto-generated

The volume name.


partitionOptional
public java.lang.Number getPartition();
  • Type: java.lang.Number
  • Default: No partition.

The partition in the volume that you want to mount.

If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as “1”. Similarly, the volume partition for /dev/sda is “0” (or you can leave the property empty).


readOnlyOptional
public java.lang.Boolean getReadOnly();
  • Type: java.lang.Boolean
  • Default: false

Specify “true” to force and set the ReadOnly property in VolumeMounts to “true”.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


AzureDiskPersistentVolumeProps

Properties for AzureDiskPersistentVolume.

Initializer

import org.cdk8s.plus30.AzureDiskPersistentVolumeProps;

AzureDiskPersistentVolumeProps.builder()
//  .metadata(ApiObjectMetadata)
//  .accessModes(java.util.List<PersistentVolumeAccessMode>)
//  .claim(IPersistentVolumeClaim)
//  .mountOptions(java.util.List<java.lang.String>)
//  .reclaimPolicy(PersistentVolumeReclaimPolicy)
//  .storage(Size)
//  .storageClassName(java.lang.String)
//  .volumeMode(PersistentVolumeMode)
    .diskName(java.lang.String)
    .diskUri(java.lang.String)
//  .cachingMode(AzureDiskPersistentVolumeCachingMode)
//  .fsType(java.lang.String)
//  .kind(AzureDiskPersistentVolumeKind)
//  .readOnly(java.lang.Boolean)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


accessModesOptional
public java.util.List<PersistentVolumeAccessMode> getAccessModes();

Contains all ways the volume can be mounted.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes


claimOptional
public IPersistentVolumeClaim getClaim();

Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.

Expected to be non-nil when bound.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding


mountOptionsOptional
public java.util.List<java.lang.String> getMountOptions();
  • Type: java.util.List<java.lang.String>
  • Default: No options.

A list of mount options, e.g. [“ro”, “soft”]. Not validated - mount will simply fail if one is invalid.

https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options


reclaimPolicyOptional
public PersistentVolumeReclaimPolicy getReclaimPolicy();

When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource.

The reclaim policy tells the cluster what to do with the volume after it has been released of its claim.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming


storageOptional
public Size getStorage();

What is the storage capacity of this volume.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources


storageClassNameOptional
public java.lang.String getStorageClassName();
  • Type: java.lang.String
  • Default: Volume does not belong to any storage class.

Name of StorageClass to which this persistent volume belongs.


volumeModeOptional
public PersistentVolumeMode getVolumeMode();

Defines what type of volume is required by the claim.


diskNameRequired
public java.lang.String getDiskName();
  • Type: java.lang.String

The Name of the data disk in the blob storage.


diskUriRequired
public java.lang.String getDiskUri();
  • Type: java.lang.String

The URI the data disk in the blob storage.


cachingModeOptional
public AzureDiskPersistentVolumeCachingMode getCachingMode();

Host Caching mode.


fsTypeOptional
public java.lang.String getFsType();
  • Type: java.lang.String
  • Default: ‘ext4’

Filesystem type to mount.

Must be a filesystem type supported by the host operating system.


kindOptional
public AzureDiskPersistentVolumeKind getKind();

Kind of disk.


readOnlyOptional
public java.lang.Boolean getReadOnly();
  • Type: java.lang.Boolean
  • Default: false

Force the ReadOnly setting in VolumeMounts.


AzureDiskVolumeOptions

Options of Volume.fromAzureDisk.

Initializer

import org.cdk8s.plus30.AzureDiskVolumeOptions;

AzureDiskVolumeOptions.builder()
//  .cachingMode(AzureDiskPersistentVolumeCachingMode)
//  .fsType(java.lang.String)
//  .kind(AzureDiskPersistentVolumeKind)
//  .name(java.lang.String)
//  .readOnly(java.lang.Boolean)
    .build();
cachingModeOptional
public AzureDiskPersistentVolumeCachingMode getCachingMode();

Host Caching mode.


fsTypeOptional
public java.lang.String getFsType();
  • Type: java.lang.String
  • Default: ‘ext4’

Filesystem type to mount.

Must be a filesystem type supported by the host operating system.


kindOptional
public AzureDiskPersistentVolumeKind getKind();

Kind of disk.


nameOptional
public java.lang.String getName();
  • Type: java.lang.String
  • Default: auto-generated

The volume name.


readOnlyOptional
public java.lang.Boolean getReadOnly();
  • Type: java.lang.Boolean
  • Default: false

Force the ReadOnly setting in VolumeMounts.


BasicAuthSecretProps

Options for BasicAuthSecret.

Initializer

import org.cdk8s.plus30.BasicAuthSecretProps;

BasicAuthSecretProps.builder()
//  .metadata(ApiObjectMetadata)
//  .immutable(java.lang.Boolean)
    .password(java.lang.String)
    .username(java.lang.String)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
public java.lang.Boolean getImmutable();
  • Type: java.lang.Boolean
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


passwordRequired
public java.lang.String getPassword();
  • Type: java.lang.String

The password or token for authentication.


usernameRequired
public java.lang.String getUsername();
  • Type: java.lang.String

The user name for authentication.


ClusterRoleBindingProps

Properties for ClusterRoleBinding.

Initializer

import org.cdk8s.plus30.ClusterRoleBindingProps;

ClusterRoleBindingProps.builder()
//  .metadata(ApiObjectMetadata)
    .role(IClusterRole)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


roleRequired
public IClusterRole getRole();

The role to bind to.


ClusterRolePolicyRule

Policy rule of a `ClusterRole.

Initializer

import org.cdk8s.plus30.ClusterRolePolicyRule;

ClusterRolePolicyRule.builder()
    .endpoints(java.util.List<IApiEndpoint>)
    .verbs(java.util.List<java.lang.String>)
    .build();
endpointsRequired
public java.util.List<IApiEndpoint> getEndpoints();

Endpoints this rule applies to.

Can be either api resources or non api resources.


verbsRequired
public java.util.List<java.lang.String> getVerbs();
  • Type: java.util.List<java.lang.String>

Verbs to allow.

(e.g [‘get’, ‘watch’])


ClusterRoleProps

Properties for ClusterRole.

Initializer

import org.cdk8s.plus30.ClusterRoleProps;

ClusterRoleProps.builder()
//  .metadata(ApiObjectMetadata)
//  .aggregationLabels(java.util.Map<java.lang.String, java.lang.String>)
//  .rules(java.util.List<ClusterRolePolicyRule>)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


aggregationLabelsOptional
public java.util.Map<java.lang.String, java.lang.String> getAggregationLabels();
  • Type: java.util.Mapjava.lang.String>

Specify labels that should be used to locate ClusterRoles, whose rules will be automatically filled into this ClusterRole’s rules.


rulesOptional
public java.util.List<ClusterRolePolicyRule> getRules();

A list of rules the role should allow.


CommandProbeOptions

Options for Probe.fromCommand().

Initializer

import org.cdk8s.plus30.CommandProbeOptions;

CommandProbeOptions.builder()
//  .failureThreshold(java.lang.Number)
//  .initialDelaySeconds(Duration)
//  .periodSeconds(Duration)
//  .successThreshold(java.lang.Number)
//  .timeoutSeconds(Duration)
    .build();
failureThresholdOptional
public java.lang.Number getFailureThreshold();
  • Type: java.lang.Number
  • Default: 3

Minimum consecutive failures for the probe to be considered failed after having succeeded.

Defaults to 3. Minimum value is 1.


initialDelaySecondsOptional
public Duration getInitialDelaySeconds();

Number of seconds after the container has started before liveness probes are initiated.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes


periodSecondsOptional
public Duration getPeriodSeconds();

How often (in seconds) to perform the probe.

Default to 10 seconds. Minimum value is 1.


successThresholdOptional
public java.lang.Number getSuccessThreshold();
  • Type: java.lang.Number
  • Default: 1 Must be 1 for liveness and startup. Minimum value is 1.

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1.

Must be 1 for liveness and startup. Minimum value is 1.


timeoutSecondsOptional
public Duration getTimeoutSeconds();

Number of seconds after which the probe times out.

Defaults to 1 second. Minimum value is 1.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes


CommonSecretProps

Common properties for Secret.

Initializer

import org.cdk8s.plus30.CommonSecretProps;

CommonSecretProps.builder()
//  .metadata(ApiObjectMetadata)
//  .immutable(java.lang.Boolean)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
public java.lang.Boolean getImmutable();
  • Type: java.lang.Boolean
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


ConfigMapProps

Properties for initialization of ConfigMap.

Initializer

import org.cdk8s.plus30.ConfigMapProps;

ConfigMapProps.builder()
//  .metadata(ApiObjectMetadata)
//  .binaryData(java.util.Map<java.lang.String, java.lang.String>)
//  .data(java.util.Map<java.lang.String, java.lang.String>)
//  .immutable(java.lang.Boolean)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


binaryDataOptional
public java.util.Map<java.lang.String, java.lang.String> getBinaryData();
  • Type: java.util.Mapjava.lang.String>

BinaryData contains the binary data.

Each key must consist of alphanumeric characters, ‘-‘, ‘_’ or ‘.’. BinaryData can contain byte sequences that are not in the UTF-8 range. The keys stored in BinaryData must not overlap with the ones in the Data field, this is enforced during validation process.

You can also add binary data using configMap.addBinaryData().


dataOptional
public java.util.Map<java.lang.String, java.lang.String> getData();
  • Type: java.util.Mapjava.lang.String>

Data contains the configuration data.

Each key must consist of alphanumeric characters, ‘-‘, ‘_’ or ‘.’. Values with non-UTF-8 byte sequences must use the BinaryData field. The keys stored in Data must not overlap with the keys in the BinaryData field, this is enforced during validation process.

You can also add data using configMap.addData().


immutableOptional
public java.lang.Boolean getImmutable();
  • Type: java.lang.Boolean
  • Default: false

If set to true, ensures that data stored in the ConfigMap cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


ConfigMapVolumeOptions

Options for the ConfigMap-based volume.

Initializer

import org.cdk8s.plus30.ConfigMapVolumeOptions;

ConfigMapVolumeOptions.builder()
//  .defaultMode(java.lang.Number)
//  .items(java.util.Map<java.lang.String, PathMapping>)
//  .name(java.lang.String)
//  .optional(java.lang.Boolean)
    .build();
defaultModeOptional
public java.lang.Number getDefaultMode();
  • Type: java.lang.Number
  • Default: 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Mode bits to use on created files by default.

Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.


itemsOptional
public java.util.Map<java.lang.String, PathMapping> getItems();
  • Type: java.util.Mapklzzwxh:12741>
  • Default: no mapping

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value.

If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the ‘..’ path or start with ‘..’.


nameOptional
public java.lang.String getName();
  • Type: java.lang.String
  • Default: auto-generated

The volume name.


optionalOptional
public java.lang.Boolean getOptional();
  • Type: java.lang.Boolean
  • Default: undocumented

Specify whether the ConfigMap or its keys must be defined.


ContainerLifecycle

Container lifecycle properties.

Initializer

import org.cdk8s.plus30.ContainerLifecycle;

ContainerLifecycle.builder()
//  .postStart(Handler)
//  .preStop(Handler)
    .build();
postStartOptional
public Handler getPostStart();

This hook is executed immediately after a container is created.

However, there is no guarantee that the hook will execute before the container ENTRYPOINT.


preStopOptional
public Handler getPreStop();

This hook is called immediately before a container is terminated due to an API request or management event such as a liveness/startup probe failure, preemption, resource contention and others.

A call to the PreStop hook fails if the container is already in a terminated or completed state and the hook must complete before the TERM signal to stop the container can be sent. The Pod’s termination grace period countdown begins before the PreStop hook is executed, so regardless of the outcome of the handler, the container will eventually terminate within the Pod’s termination grace period. No parameters are passed to the handler.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination


ContainerOpts

Optional properties of a container.

Initializer

import org.cdk8s.plus30.ContainerOpts;

ContainerOpts.builder()
//  .args(java.util.List<java.lang.String>)
//  .command(java.util.List<java.lang.String>)
//  .envFrom(java.util.List<EnvFrom>)
//  .envVariables(java.util.Map<java.lang.String, EnvValue>)
//  .imagePullPolicy(ImagePullPolicy)
//  .lifecycle(ContainerLifecycle)
//  .liveness(Probe)
//  .name(java.lang.String)
//  .port(java.lang.Number)
//  .portNumber(java.lang.Number)
//  .ports(java.util.List<ContainerPort>)
//  .readiness(Probe)
//  .resources(ContainerResources)
//  .restartPolicy(ContainerRestartPolicy)
//  .securityContext(ContainerSecurityContextProps)
//  .startup(Probe)
//  .volumeMounts(java.util.List<VolumeMount>)
//  .workingDir(java.lang.String)
    .build();
argsOptional
public java.util.List<java.lang.String> getArgs();
  • Type: java.util.List<java.lang.String>
  • Default: []

Arguments to the entrypoint. The docker image’s CMD is used if command is not provided.

Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not.

Cannot be updated.

https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell


commandOptional
public java.util.List<java.lang.String> getCommand();
  • Type: java.util.List<java.lang.String>
  • Default: The docker image’s ENTRYPOINT.

Entrypoint array.

Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell


envFromOptional
public java.util.List<EnvFrom> getEnvFrom();

List of sources to populate environment variables in the container.

When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by the envVariables property with a duplicate key will take precedence.


envVariablesOptional
public java.util.Map<java.lang.String, EnvValue> getEnvVariables();
  • Type: java.util.Mapklzzwxh:12712>
  • Default: No environment variables.

Environment variables to set in the container.


imagePullPolicyOptional
public ImagePullPolicy getImagePullPolicy();

Image pull policy for this container.


lifecycleOptional
public ContainerLifecycle getLifecycle();

Describes actions that the management system should take in response to container lifecycle events.


livenessOptional
public Probe getLiveness();

Periodic probe of container liveness.

Container will be restarted if the probe fails.


nameOptional
public java.lang.String getName();
  • Type: java.lang.String
  • Default: ‘main’

Name of the container specified as a DNS_LABEL.

Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.


~~port~~Optional
  • Deprecated: - use portNumber.
public java.lang.Number getPort();
  • Type: java.lang.Number

portNumberOptional
public java.lang.Number getPortNumber();
  • Type: java.lang.Number
  • Default: Only the ports mentiond in the ports property are exposed.

Number of port to expose on the pod’s IP address.

This must be a valid port number, 0 < x < 65536.

This is a convinience property if all you need a single TCP numbered port. In case more advanced configuartion is required, use the ports property.

This port is added to the list of ports mentioned in the ports property.


portsOptional
public java.util.List<ContainerPort> getPorts();

List of ports to expose from this container.


readinessOptional
public Probe getReadiness();

Determines when the container is ready to serve traffic.


resourcesOptional
public ContainerResources getResources();

Compute resources (CPU and memory requests and limits) required by the container.

https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/


restartPolicyOptional
public ContainerRestartPolicy getRestartPolicy();

Kubelet will start init containers with restartPolicy=Always in the order with other init containers, but instead of waiting for its completion, it will wait for the container startup completion Currently, only accepted value is Always.

https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/


securityContextOptional
public ContainerSecurityContextProps getSecurityContext();

SecurityContext defines the security options the container should be run with.

If set, the fields override equivalent fields of the pod’s security context.

https://kubernetes.io/docs/tasks/configure-pod-container/security-context/


startupOptional
public Probe getStartup();
  • Type: org.cdk8s.plus30.Probe
  • Default: If a port is provided, then knocks on that port to determine when the container is ready for readiness and liveness probe checks. Otherwise, no startup probe is defined.

StartupProbe indicates that the Pod has successfully initialized.

If specified, no other probes are executed until this completes successfully


volumeMountsOptional
public java.util.List<VolumeMount> getVolumeMounts();

Pod volumes to mount into the container’s filesystem.

Cannot be updated.


workingDirOptional
public java.lang.String getWorkingDir();
  • Type: java.lang.String
  • Default: The container runtime’s default.

Container’s working directory.

If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.


ContainerPort

Represents a network port in a single container.

Initializer

import org.cdk8s.plus30.ContainerPort;

ContainerPort.builder()
    .number(java.lang.Number)
//  .hostIp(java.lang.String)
//  .hostPort(java.lang.Number)
//  .name(java.lang.String)
//  .protocol(Protocol)
    .build();
numberRequired
public java.lang.Number getNumber();
  • Type: java.lang.Number

Number of port to expose on the pod’s IP address.

This must be a valid port number, 0 < x < 65536.


hostIpOptional
public java.lang.String getHostIp();
  • Type: java.lang.String
  • Default: 127.0.0.1.

What host IP to bind the external port to.


hostPortOptional
public java.lang.Number getHostPort();
  • Type: java.lang.Number
  • Default: auto generated by kubernetes and might change on restarts.

Number of port to expose on the host.

If specified, this must be a valid port number, 0 < x < 65536. Most containers do not need this.


nameOptional
public java.lang.String getName();
  • Type: java.lang.String
  • Default: port is not named.

If specified, this must be an IANA_SVC_NAME and unique within the pod.

Each named port in a pod must have a unique name. Name for the port that can be referred to by services.


protocolOptional
public Protocol getProtocol();

Protocol for port.

Must be UDP, TCP, or SCTP. Defaults to “TCP”.


ContainerProps

Properties for creating a container.

Initializer

import org.cdk8s.plus30.ContainerProps;

ContainerProps.builder()
//  .args(java.util.List<java.lang.String>)
//  .command(java.util.List<java.lang.String>)
//  .envFrom(java.util.List<EnvFrom>)
//  .envVariables(java.util.Map<java.lang.String, EnvValue>)
//  .imagePullPolicy(ImagePullPolicy)
//  .lifecycle(ContainerLifecycle)
//  .liveness(Probe)
//  .name(java.lang.String)
//  .port(java.lang.Number)
//  .portNumber(java.lang.Number)
//  .ports(java.util.List<ContainerPort>)
//  .readiness(Probe)
//  .resources(ContainerResources)
//  .restartPolicy(ContainerRestartPolicy)
//  .securityContext(ContainerSecurityContextProps)
//  .startup(Probe)
//  .volumeMounts(java.util.List<VolumeMount>)
//  .workingDir(java.lang.String)
    .image(java.lang.String)
    .build();
argsOptional
public java.util.List<java.lang.String> getArgs();
  • Type: java.util.List<java.lang.String>
  • Default: []

Arguments to the entrypoint. The docker image’s CMD is used if command is not provided.

Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not.

Cannot be updated.

https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell


commandOptional
public java.util.List<java.lang.String> getCommand();
  • Type: java.util.List<java.lang.String>
  • Default: The docker image’s ENTRYPOINT.

Entrypoint array.

Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell


envFromOptional
public java.util.List<EnvFrom> getEnvFrom();

List of sources to populate environment variables in the container.

When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by the envVariables property with a duplicate key will take precedence.


envVariablesOptional
public java.util.Map<java.lang.String, EnvValue> getEnvVariables();
  • Type: java.util.Mapklzzwxh:12629>
  • Default: No environment variables.

Environment variables to set in the container.


imagePullPolicyOptional
public ImagePullPolicy getImagePullPolicy();

Image pull policy for this container.


lifecycleOptional
public ContainerLifecycle getLifecycle();

Describes actions that the management system should take in response to container lifecycle events.


livenessOptional
public Probe getLiveness();

Periodic probe of container liveness.

Container will be restarted if the probe fails.


nameOptional
public java.lang.String getName();
  • Type: java.lang.String
  • Default: ‘main’

Name of the container specified as a DNS_LABEL.

Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.


~~port~~Optional
  • Deprecated: - use portNumber.
public java.lang.Number getPort();
  • Type: java.lang.Number

portNumberOptional
public java.lang.Number getPortNumber();
  • Type: java.lang.Number
  • Default: Only the ports mentiond in the ports property are exposed.

Number of port to expose on the pod’s IP address.

This must be a valid port number, 0 < x < 65536.

This is a convinience property if all you need a single TCP numbered port. In case more advanced configuartion is required, use the ports property.

This port is added to the list of ports mentioned in the ports property.


portsOptional
public java.util.List<ContainerPort> getPorts();

List of ports to expose from this container.


readinessOptional
public Probe getReadiness();

Determines when the container is ready to serve traffic.


resourcesOptional
public ContainerResources getResources();

Compute resources (CPU and memory requests and limits) required by the container.

https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/


restartPolicyOptional
public ContainerRestartPolicy getRestartPolicy();

Kubelet will start init containers with restartPolicy=Always in the order with other init containers, but instead of waiting for its completion, it will wait for the container startup completion Currently, only accepted value is Always.

https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/


securityContextOptional
public ContainerSecurityContextProps getSecurityContext();

SecurityContext defines the security options the container should be run with.

If set, the fields override equivalent fields of the pod’s security context.

https://kubernetes.io/docs/tasks/configure-pod-container/security-context/


startupOptional
public Probe getStartup();
  • Type: org.cdk8s.plus30.Probe
  • Default: If a port is provided, then knocks on that port to determine when the container is ready for readiness and liveness probe checks. Otherwise, no startup probe is defined.

StartupProbe indicates that the Pod has successfully initialized.

If specified, no other probes are executed until this completes successfully


volumeMountsOptional
public java.util.List<VolumeMount> getVolumeMounts();

Pod volumes to mount into the container’s filesystem.

Cannot be updated.


workingDirOptional
public java.lang.String getWorkingDir();
  • Type: java.lang.String
  • Default: The container runtime’s default.

Container’s working directory.

If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.


imageRequired
public java.lang.String getImage();
  • Type: java.lang.String

Docker image name.


ContainerResources

CPU and memory compute resources.

Initializer

import org.cdk8s.plus30.ContainerResources;

ContainerResources.builder()
//  .cpu(CpuResources)
//  .ephemeralStorage(EphemeralStorageResources)
//  .memory(MemoryResources)
    .build();
cpuOptional
public CpuResources getCpu();

ephemeralStorageOptional
public EphemeralStorageResources getEphemeralStorage();

memoryOptional
public MemoryResources getMemory();

ContainerSecurityContextProps

Properties for ContainerSecurityContext.

Initializer

import org.cdk8s.plus30.ContainerSecurityContextProps;

ContainerSecurityContextProps.builder()
//  .allowPrivilegeEscalation(java.lang.Boolean)
//  .capabilities(ContainerSecutiryContextCapabilities)
//  .ensureNonRoot(java.lang.Boolean)
//  .group(java.lang.Number)
//  .privileged(java.lang.Boolean)
//  .readOnlyRootFilesystem(java.lang.Boolean)
//  .seccompProfile(SeccompProfile)
//  .user(java.lang.Number)
    .build();
allowPrivilegeEscalationOptional
public java.lang.Boolean getAllowPrivilegeEscalation();
  • Type: java.lang.Boolean
  • Default: false

Whether a process can gain more privileges than its parent process.


capabilitiesOptional
public ContainerSecutiryContextCapabilities getCapabilities();

POSIX capabilities for running containers.


ensureNonRootOptional
public java.lang.Boolean getEnsureNonRoot();
  • Type: java.lang.Boolean
  • Default: true

Indicates that the container must run as a non-root user.

If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does.


groupOptional
public java.lang.Number getGroup();
  • Type: java.lang.Number
  • Default: 26000. An arbitrary number bigger than 9999 is selected here. This is so that the container is blocked to access host files even if somehow it manages to get access to host file system.

The GID to run the entrypoint of the container process.


privilegedOptional
public java.lang.Boolean getPrivileged();
  • Type: java.lang.Boolean
  • Default: false

Run container in privileged mode.

Processes in privileged containers are essentially equivalent to root on the host.


readOnlyRootFilesystemOptional
public java.lang.Boolean getReadOnlyRootFilesystem();
  • Type: java.lang.Boolean
  • Default: true

Whether this container has a read-only root filesystem.


seccompProfileOptional
public SeccompProfile getSeccompProfile();

Container’s seccomp profile settings.

Only one profile source may be set


userOptional
public java.lang.Number getUser();
  • Type: java.lang.Number
  • Default: 25000. An arbitrary number bigger than 9999 is selected here. This is so that the container is blocked to access host files even if somehow it manages to get access to host file system.

The UID to run the entrypoint of the container process.


ContainerSecutiryContextCapabilities

Initializer

import org.cdk8s.plus30.ContainerSecutiryContextCapabilities;

ContainerSecutiryContextCapabilities.builder()
//  .add(java.util.List<Capability>)
//  .drop(java.util.List<Capability>)
    .build();
addOptional
public java.util.List<Capability> getAdd();

Added capabilities.


dropOptional
public java.util.List<Capability> getDrop();

Removed capabilities.


CpuResources

CPU request and limit.

Initializer

import org.cdk8s.plus30.CpuResources;

CpuResources.builder()
//  .limit(Cpu)
//  .request(Cpu)
    .build();
limitOptional
public Cpu getLimit();

requestOptional
public Cpu getRequest();

CronJobProps

Properties for CronJob.

Initializer

import org.cdk8s.plus30.CronJobProps;

CronJobProps.builder()
//  .metadata(ApiObjectMetadata)
//  .automountServiceAccountToken(java.lang.Boolean)
//  .containers(java.util.List<ContainerProps>)
//  .dns(PodDnsProps)
//  .dockerRegistryAuth(ISecret)
//  .hostAliases(java.util.List<HostAlias>)
//  .hostNetwork(java.lang.Boolean)
//  .initContainers(java.util.List<ContainerProps>)
//  .isolate(java.lang.Boolean)
//  .restartPolicy(RestartPolicy)
//  .securityContext(PodSecurityContextProps)
//  .serviceAccount(IServiceAccount)
//  .terminationGracePeriod(Duration)
//  .volumes(java.util.List<Volume>)
//  .podMetadata(ApiObjectMetadata)
//  .select(java.lang.Boolean)
//  .spread(java.lang.Boolean)
//  .activeDeadline(Duration)
//  .backoffLimit(java.lang.Number)
//  .ttlAfterFinished(Duration)
    .schedule(Cron)
//  .concurrencyPolicy(ConcurrencyPolicy)
//  .failedJobsRetained(java.lang.Number)
//  .startingDeadline(Duration)
//  .successfulJobsRetained(java.lang.Number)
//  .suspend(java.lang.Boolean)
//  .timeZone(java.lang.String)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


automountServiceAccountTokenOptional
public java.lang.Boolean getAutomountServiceAccountToken();
  • Type: java.lang.Boolean
  • Default: false

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional
public java.util.List<ContainerProps> getContainers();

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional
public PodDnsProps getDns();

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


dockerRegistryAuthOptional
public ISecret getDockerRegistryAuth();

A secret containing docker credentials for authenticating to a registry.


hostAliasesOptional
public java.util.List<HostAlias> getHostAliases();

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


hostNetworkOptional
public java.lang.Boolean getHostNetwork();
  • Type: java.lang.Boolean
  • Default: false

Host network for the pod.


initContainersOptional
public java.util.List<ContainerProps> getInitContainers();

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


isolateOptional
public java.lang.Boolean getIsolate();
  • Type: java.lang.Boolean
  • Default: false

Isolates the pod.

This will prevent any ingress or egress connections to / from this pod. You can however allow explicit connections post instantiation by using the .connections property.


restartPolicyOptional
public RestartPolicy getRestartPolicy();

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


securityContextOptional
public PodSecurityContextProps getSecurityContext();

SecurityContext holds pod-level security attributes and common container settings.


serviceAccountOptional
public IServiceAccount getServiceAccount();

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


terminationGracePeriodOptional
public Duration getTerminationGracePeriod();

Grace period until the pod is terminated.


volumesOptional
public java.util.List<Volume> getVolumes();

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


podMetadataOptional
public ApiObjectMetadata getPodMetadata();

The pod metadata of this workload.


selectOptional
public java.lang.Boolean getSelect();
  • Type: java.lang.Boolean
  • Default: true

Automatically allocates a pod label selector for this workload and add it to the pod metadata.

This ensures this workload manages pods created by its pod template.


spreadOptional
public java.lang.Boolean getSpread();
  • Type: java.lang.Boolean
  • Default: false

Automatically spread pods across hostname and zones.

https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#internal-default-constraints


activeDeadlineOptional
public Duration getActiveDeadline();

Specifies the duration the job may be active before the system tries to terminate it.


backoffLimitOptional
public java.lang.Number getBackoffLimit();
  • Type: java.lang.Number
  • Default: If not set, system defaults to 6.

Specifies the number of retries before marking this job failed.


ttlAfterFinishedOptional
public Duration getTtlAfterFinished();
  • Type: org.cdk8s.Duration
  • Default: If this field is unset, the Job won’t be automatically deleted.

Limits the lifetime of a Job that has finished execution (either Complete or Failed).

If this field is set, after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes. This field is alpha-level and is only honored by servers that enable the TTLAfterFinished feature.


scheduleRequired
public Cron getSchedule();

Specifies the time in which the job would run again.

This is defined as a cron expression in the CronJob resource.


concurrencyPolicyOptional
public ConcurrencyPolicy getConcurrencyPolicy();

Specifies the concurrency policy for the job.


failedJobsRetainedOptional
public java.lang.Number getFailedJobsRetained();
  • Type: java.lang.Number
  • Default: 1

Specifies the number of failed jobs history retained.

This would retain the Job and the associated Pod resource and can be useful for debugging.


startingDeadlineOptional
public Duration getStartingDeadline();

Kubernetes attempts to start cron jobs at its schedule time, but this is not guaranteed.

This deadline specifies how much time can pass after a schedule point, for which kubernetes can still start the job. For example, if this is set to 100 seconds, kubernetes is allowed to start the job at a maximum 100 seconds after the scheduled time.

Note that the Kubernetes CronJobController checks for things every 10 seconds, for this reason, a deadline below 10 seconds is not allowed, as it may cause your job to never be scheduled.

In addition, kubernetes will stop scheduling jobs if more than 100 schedules were missed (for any reason). This property also controls what time interval should kubernetes consider when counting for missed schedules.

For example, suppose a CronJob is set to schedule a new Job every one minute beginning at 08:30:00, and its startingDeadline field is not set. If the CronJob controller happens to be down from 08:29:00 to 10:21:00, the job will not start as the number of missed jobs which missed their schedule is greater than 100. However, if startingDeadline is set to 200 seconds, kubernetes will only count 3 missed schedules, and thus start a new execution at 10:22:00.


successfulJobsRetainedOptional
public java.lang.Number getSuccessfulJobsRetained();
  • Type: java.lang.Number
  • Default: 3

Specifies the number of successful jobs history retained.

This would retain the Job and the associated Pod resource and can be useful for debugging.


suspendOptional
public java.lang.Boolean getSuspend();
  • Type: java.lang.Boolean
  • Default: false

Specifies if the cron job should be suspended.

Only applies to future executions, current ones are remained untouched.


timeZoneOptional
public java.lang.String getTimeZone();
  • Type: java.lang.String
  • Default: Timezone of kube-controller-manager process.

Specifies the timezone for the job.

This helps aligining the schedule to follow the specified timezone.

{@link https://en.wikipedia.org/wiki/List_of_tz_database_time_zones} for list of valid timezone values.


CsiVolumeOptions

Options for the CSI driver based volume.

Initializer

import org.cdk8s.plus30.CsiVolumeOptions;

CsiVolumeOptions.builder()
//  .attributes(java.util.Map<java.lang.String, java.lang.String>)
//  .fsType(java.lang.String)
//  .name(java.lang.String)
//  .readOnly(java.lang.Boolean)
    .build();
attributesOptional
public java.util.Map<java.lang.String, java.lang.String> getAttributes();
  • Type: java.util.Mapjava.lang.String>
  • Default: undefined

Any driver-specific attributes to pass to the CSI volume builder.


fsTypeOptional
public java.lang.String getFsType();
  • Type: java.lang.String
  • Default: driver-dependent

The filesystem type to mount.

Ex. “ext4”, “xfs”, “ntfs”. If not provided, the empty value is passed to the associated CSI driver, which will determine the default filesystem to apply.


nameOptional
public java.lang.String getName();
  • Type: java.lang.String
  • Default: auto-generated

The volume name.


readOnlyOptional
public java.lang.Boolean getReadOnly();
  • Type: java.lang.Boolean
  • Default: false

Whether the mounted volume should be read-only or not.


DaemonSetProps

Properties for DaemonSet.

Initializer

import org.cdk8s.plus30.DaemonSetProps;

DaemonSetProps.builder()
//  .metadata(ApiObjectMetadata)
//  .automountServiceAccountToken(java.lang.Boolean)
//  .containers(java.util.List<ContainerProps>)
//  .dns(PodDnsProps)
//  .dockerRegistryAuth(ISecret)
//  .hostAliases(java.util.List<HostAlias>)
//  .hostNetwork(java.lang.Boolean)
//  .initContainers(java.util.List<ContainerProps>)
//  .isolate(java.lang.Boolean)
//  .restartPolicy(RestartPolicy)
//  .securityContext(PodSecurityContextProps)
//  .serviceAccount(IServiceAccount)
//  .terminationGracePeriod(Duration)
//  .volumes(java.util.List<Volume>)
//  .podMetadata(ApiObjectMetadata)
//  .select(java.lang.Boolean)
//  .spread(java.lang.Boolean)
//  .minReadySeconds(java.lang.Number)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


automountServiceAccountTokenOptional
public java.lang.Boolean getAutomountServiceAccountToken();
  • Type: java.lang.Boolean
  • Default: false

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional
public java.util.List<ContainerProps> getContainers();

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional
public PodDnsProps getDns();

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


dockerRegistryAuthOptional
public ISecret getDockerRegistryAuth();

A secret containing docker credentials for authenticating to a registry.


hostAliasesOptional
public java.util.List<HostAlias> getHostAliases();

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


hostNetworkOptional
public java.lang.Boolean getHostNetwork();
  • Type: java.lang.Boolean
  • Default: false

Host network for the pod.


initContainersOptional
public java.util.List<ContainerProps> getInitContainers();

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


isolateOptional
public java.lang.Boolean getIsolate();
  • Type: java.lang.Boolean
  • Default: false

Isolates the pod.

This will prevent any ingress or egress connections to / from this pod. You can however allow explicit connections post instantiation by using the .connections property.


restartPolicyOptional
public RestartPolicy getRestartPolicy();

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


securityContextOptional
public PodSecurityContextProps getSecurityContext();

SecurityContext holds pod-level security attributes and common container settings.


serviceAccountOptional
public IServiceAccount getServiceAccount();

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


terminationGracePeriodOptional
public Duration getTerminationGracePeriod();

Grace period until the pod is terminated.


volumesOptional
public java.util.List<Volume> getVolumes();

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


podMetadataOptional
public ApiObjectMetadata getPodMetadata();

The pod metadata of this workload.


selectOptional
public java.lang.Boolean getSelect();
  • Type: java.lang.Boolean
  • Default: true

Automatically allocates a pod label selector for this workload and add it to the pod metadata.

This ensures this workload manages pods created by its pod template.


spreadOptional
public java.lang.Boolean getSpread();
  • Type: java.lang.Boolean
  • Default: false

Automatically spread pods across hostname and zones.

https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#internal-default-constraints


minReadySecondsOptional
public java.lang.Number getMinReadySeconds();
  • Type: java.lang.Number
  • Default: 0

Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available.


DeploymentExposeViaServiceOptions

Options for Deployment.exposeViaService.

Initializer

import org.cdk8s.plus30.DeploymentExposeViaServiceOptions;

DeploymentExposeViaServiceOptions.builder()
//  .name(java.lang.String)
//  .ports(java.util.List<ServicePort>)
//  .serviceType(ServiceType)
    .build();
nameOptional
public java.lang.String getName();
  • Type: java.lang.String
  • Default: auto generated.

The name of the service to expose.

If you’d like to expose the deployment multiple times, you must explicitly set a name starting from the second expose call.


portsOptional
public java.util.List<ServicePort> getPorts();

The ports that the service should bind to.


serviceTypeOptional
public ServiceType getServiceType();

The type of the exposed service.


DeploymentProps

Properties for Deployment.

Initializer

import org.cdk8s.plus30.DeploymentProps;

DeploymentProps.builder()
//  .metadata(ApiObjectMetadata)
//  .automountServiceAccountToken(java.lang.Boolean)
//  .containers(java.util.List<ContainerProps>)
//  .dns(PodDnsProps)
//  .dockerRegistryAuth(ISecret)
//  .hostAliases(java.util.List<HostAlias>)
//  .hostNetwork(java.lang.Boolean)
//  .initContainers(java.util.List<ContainerProps>)
//  .isolate(java.lang.Boolean)
//  .restartPolicy(RestartPolicy)
//  .securityContext(PodSecurityContextProps)
//  .serviceAccount(IServiceAccount)
//  .terminationGracePeriod(Duration)
//  .volumes(java.util.List<Volume>)
//  .podMetadata(ApiObjectMetadata)
//  .select(java.lang.Boolean)
//  .spread(java.lang.Boolean)
//  .minReady(Duration)
//  .progressDeadline(Duration)
//  .replicas(java.lang.Number)
//  .strategy(DeploymentStrategy)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


automountServiceAccountTokenOptional
public java.lang.Boolean getAutomountServiceAccountToken();
  • Type: java.lang.Boolean
  • Default: false

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional
public java.util.List<ContainerProps> getContainers();

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional
public PodDnsProps getDns();

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


dockerRegistryAuthOptional
public ISecret getDockerRegistryAuth();

A secret containing docker credentials for authenticating to a registry.


hostAliasesOptional
public java.util.List<HostAlias> getHostAliases();

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


hostNetworkOptional
public java.lang.Boolean getHostNetwork();
  • Type: java.lang.Boolean
  • Default: false

Host network for the pod.


initContainersOptional
public java.util.List<ContainerProps> getInitContainers();

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


isolateOptional
public java.lang.Boolean getIsolate();
  • Type: java.lang.Boolean
  • Default: false

Isolates the pod.

This will prevent any ingress or egress connections to / from this pod. You can however allow explicit connections post instantiation by using the .connections property.


restartPolicyOptional
public RestartPolicy getRestartPolicy();

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


securityContextOptional
public PodSecurityContextProps getSecurityContext();

SecurityContext holds pod-level security attributes and common container settings.


serviceAccountOptional
public IServiceAccount getServiceAccount();

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


terminationGracePeriodOptional
public Duration getTerminationGracePeriod();

Grace period until the pod is terminated.


volumesOptional
public java.util.List<Volume> getVolumes();

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


podMetadataOptional
public ApiObjectMetadata getPodMetadata();

The pod metadata of this workload.


selectOptional
public java.lang.Boolean getSelect();
  • Type: java.lang.Boolean
  • Default: true

Automatically allocates a pod label selector for this workload and add it to the pod metadata.

This ensures this workload manages pods created by its pod template.


spreadOptional
public java.lang.Boolean getSpread();
  • Type: java.lang.Boolean
  • Default: false

Automatically spread pods across hostname and zones.

https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#internal-default-constraints


minReadyOptional
public Duration getMinReady();

Minimum duration for which a newly created pod should be ready without any of its container crashing, for it to be considered available.

Zero means the pod will be considered available as soon as it is ready.

https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#min-ready-seconds


progressDeadlineOptional
public Duration getProgressDeadline();

The maximum duration for a deployment to make progress before it is considered to be failed.

The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status.

Note that progress will not be estimated during the time a deployment is paused.

https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#progress-deadline-seconds


replicasOptional
public java.lang.Number getReplicas();
  • Type: java.lang.Number
  • Default: 2

Number of desired pods.


strategyOptional
public DeploymentStrategy getStrategy();

Specifies the strategy used to replace old Pods by new ones.


DeploymentStrategyRollingUpdateOptions

Options for DeploymentStrategy.rollingUpdate.

Initializer

import org.cdk8s.plus30.DeploymentStrategyRollingUpdateOptions;

DeploymentStrategyRollingUpdateOptions.builder()
//  .maxSurge(PercentOrAbsolute)
//  .maxUnavailable(PercentOrAbsolute)
    .build();
maxSurgeOptional
public PercentOrAbsolute getMaxSurge();

The maximum number of pods that can be scheduled above the desired number of pods.

Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding up. This can not be 0 if maxUnavailable is 0.

Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods.


maxUnavailableOptional
public PercentOrAbsolute getMaxUnavailable();

The maximum number of pods that can be unavailable during the update.

Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if maxSurge is 0.

Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.


DnsOption

Custom DNS option.

Initializer

import org.cdk8s.plus30.DnsOption;

DnsOption.builder()
    .name(java.lang.String)
//  .value(java.lang.String)
    .build();
nameRequired
public java.lang.String getName();
  • Type: java.lang.String

Option name.


valueOptional
public java.lang.String getValue();
  • Type: java.lang.String
  • Default: No value.

Option value.


DockerConfigSecretProps

Options for DockerConfigSecret.

Initializer

import org.cdk8s.plus30.DockerConfigSecretProps;

DockerConfigSecretProps.builder()
//  .metadata(ApiObjectMetadata)
//  .immutable(java.lang.Boolean)
    .data(java.util.Map<java.lang.String, java.lang.Object>)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
public java.lang.Boolean getImmutable();
  • Type: java.lang.Boolean
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


dataRequired
public java.util.Map<java.lang.String, java.lang.Object> getData();
  • Type: java.util.Mapjava.lang.Object>

JSON content to provide for the ~/.docker/config.json file. This will be stringified and inserted as stringData.

https://docs.docker.com/engine/reference/commandline/cli/#sample-configuration-file


EmptyDirVolumeOptions

Options for volumes populated with an empty directory.

Initializer

import org.cdk8s.plus30.EmptyDirVolumeOptions;

EmptyDirVolumeOptions.builder()
//  .medium(EmptyDirMedium)
//  .sizeLimit(Size)
    .build();
mediumOptional
public EmptyDirMedium getMedium();

By default, emptyDir volumes are stored on whatever medium is backing the node - that might be disk or SSD or network storage, depending on your environment.

However, you can set the emptyDir.medium field to EmptyDirMedium.MEMORY to tell Kubernetes to mount a tmpfs (RAM-backed filesystem) for you instead. While tmpfs is very fast, be aware that unlike disks, tmpfs is cleared on node reboot and any files you write will count against your Container’s memory limit.


sizeLimitOptional
public Size getSizeLimit();

Total amount of local storage required for this EmptyDir volume.

The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod.


EnvValueFromConfigMapOptions

Options to specify an envionment variable value from a ConfigMap key.

Initializer

import org.cdk8s.plus30.EnvValueFromConfigMapOptions;

EnvValueFromConfigMapOptions.builder()
//  .optional(java.lang.Boolean)
    .build();
optionalOptional
public java.lang.Boolean getOptional();
  • Type: java.lang.Boolean
  • Default: false

Specify whether the ConfigMap or its key must be defined.


EnvValueFromFieldRefOptions

Options to specify an environment variable value from a field reference.

Initializer

import org.cdk8s.plus30.EnvValueFromFieldRefOptions;

EnvValueFromFieldRefOptions.builder()
//  .apiVersion(java.lang.String)
//  .key(java.lang.String)
    .build();
apiVersionOptional
public java.lang.String getApiVersion();
  • Type: java.lang.String

Version of the schema the FieldPath is written in terms of.


keyOptional
public java.lang.String getKey();
  • Type: java.lang.String

The key to select the pod label or annotation.


EnvValueFromProcessOptions

Options to specify an environment variable value from the process environment.

Initializer

import org.cdk8s.plus30.EnvValueFromProcessOptions;

EnvValueFromProcessOptions.builder()
//  .required(java.lang.Boolean)
    .build();
requiredOptional
public java.lang.Boolean getRequired();
  • Type: java.lang.Boolean
  • Default: false

Specify whether the key must exist in the environment.

If this is set to true, and the key does not exist, an error will thrown.


EnvValueFromResourceOptions

Options to specify an environment variable value from a resource.

Initializer

import org.cdk8s.plus30.EnvValueFromResourceOptions;

EnvValueFromResourceOptions.builder()
//  .container(Container)
//  .divisor(java.lang.String)
    .build();
containerOptional
public Container getContainer();

The container to select the value from.


divisorOptional
public java.lang.String getDivisor();
  • Type: java.lang.String

The output format of the exposed resource.


EnvValueFromSecretOptions

Options to specify an environment variable value from a Secret.

Initializer

import org.cdk8s.plus30.EnvValueFromSecretOptions;

EnvValueFromSecretOptions.builder()
//  .optional(java.lang.Boolean)
    .build();
optionalOptional
public java.lang.Boolean getOptional();
  • Type: java.lang.Boolean
  • Default: false

Specify whether the Secret or its key must be defined.


EphemeralStorageResources

Emphemeral storage request and limit.

Initializer

import org.cdk8s.plus30.EphemeralStorageResources;

EphemeralStorageResources.builder()
//  .limit(Size)
//  .request(Size)
    .build();
limitOptional
public Size getLimit();

requestOptional
public Size getRequest();

ExposeDeploymentViaIngressOptions

Options for exposing a deployment via an ingress.

Initializer

import org.cdk8s.plus30.ExposeDeploymentViaIngressOptions;

ExposeDeploymentViaIngressOptions.builder()
//  .name(java.lang.String)
//  .ports(java.util.List<ServicePort>)
//  .serviceType(ServiceType)
//  .ingress(Ingress)
//  .pathType(HttpIngressPathType)
    .build();
nameOptional
public java.lang.String getName();
  • Type: java.lang.String
  • Default: auto generated.

The name of the service to expose.

If you’d like to expose the deployment multiple times, you must explicitly set a name starting from the second expose call.


portsOptional
public java.util.List<ServicePort> getPorts();

The ports that the service should bind to.


serviceTypeOptional
public ServiceType getServiceType();

The type of the exposed service.


ingressOptional
public Ingress getIngress();

The ingress to add rules to.


pathTypeOptional
public HttpIngressPathType getPathType();

The type of the path.


ExposeServiceViaIngressOptions

Options for exposing a service using an ingress.

Initializer

import org.cdk8s.plus30.ExposeServiceViaIngressOptions;

ExposeServiceViaIngressOptions.builder()
//  .ingress(Ingress)
//  .pathType(HttpIngressPathType)
    .build();
ingressOptional
public Ingress getIngress();

The ingress to add rules to.


pathTypeOptional
public HttpIngressPathType getPathType();

The type of the path.


FromServiceAccountNameOptions

Initializer

import org.cdk8s.plus30.FromServiceAccountNameOptions;

FromServiceAccountNameOptions.builder()
//  .namespaceName(java.lang.String)
    .build();
namespaceNameOptional
public java.lang.String getNamespaceName();
  • Type: java.lang.String
  • Default: “default”

The name of the namespace the service account belongs to.


GCEPersistentDiskPersistentVolumeProps

Properties for GCEPersistentDiskPersistentVolume.

Initializer

import org.cdk8s.plus30.GCEPersistentDiskPersistentVolumeProps;

GCEPersistentDiskPersistentVolumeProps.builder()
//  .metadata(ApiObjectMetadata)
//  .accessModes(java.util.List<PersistentVolumeAccessMode>)
//  .claim(IPersistentVolumeClaim)
//  .mountOptions(java.util.List<java.lang.String>)
//  .reclaimPolicy(PersistentVolumeReclaimPolicy)
//  .storage(Size)
//  .storageClassName(java.lang.String)
//  .volumeMode(PersistentVolumeMode)
    .pdName(java.lang.String)
//  .fsType(java.lang.String)
//  .partition(java.lang.Number)
//  .readOnly(java.lang.Boolean)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


accessModesOptional
public java.util.List<PersistentVolumeAccessMode> getAccessModes();

Contains all ways the volume can be mounted.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes


claimOptional
public IPersistentVolumeClaim getClaim();

Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.

Expected to be non-nil when bound.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding


mountOptionsOptional
public java.util.List<java.lang.String> getMountOptions();
  • Type: java.util.List<java.lang.String>
  • Default: No options.

A list of mount options, e.g. [“ro”, “soft”]. Not validated - mount will simply fail if one is invalid.

https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options


reclaimPolicyOptional
public PersistentVolumeReclaimPolicy getReclaimPolicy();

When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource.

The reclaim policy tells the cluster what to do with the volume after it has been released of its claim.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming


storageOptional
public Size getStorage();

What is the storage capacity of this volume.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources


storageClassNameOptional
public java.lang.String getStorageClassName();
  • Type: java.lang.String
  • Default: Volume does not belong to any storage class.

Name of StorageClass to which this persistent volume belongs.


volumeModeOptional
public PersistentVolumeMode getVolumeMode();

Defines what type of volume is required by the claim.


pdNameRequired
public java.lang.String getPdName();
  • Type: java.lang.String

Unique name of the PD resource in GCE.

Used to identify the disk in GCE.

https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk


fsTypeOptional
public java.lang.String getFsType();
  • Type: java.lang.String
  • Default: ‘ext4’

Filesystem type of the volume that you want to mount.

Tip: Ensure that the filesystem type is supported by the host operating system.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


partitionOptional
public java.lang.Number getPartition();
  • Type: java.lang.Number
  • Default: No partition.

The partition in the volume that you want to mount.

If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as “1”. Similarly, the volume partition for /dev/sda is “0” (or you can leave the property empty).


readOnlyOptional
public java.lang.Boolean getReadOnly();
  • Type: java.lang.Boolean
  • Default: false

Specify “true” to force and set the ReadOnly property in VolumeMounts to “true”.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


GCEPersistentDiskVolumeOptions

Options of Volume.fromGcePersistentDisk.

Initializer

import org.cdk8s.plus30.GCEPersistentDiskVolumeOptions;

GCEPersistentDiskVolumeOptions.builder()
//  .fsType(java.lang.String)
//  .name(java.lang.String)
//  .partition(java.lang.Number)
//  .readOnly(java.lang.Boolean)
    .build();
fsTypeOptional
public java.lang.String getFsType();
  • Type: java.lang.String
  • Default: ‘ext4’

Filesystem type of the volume that you want to mount.

Tip: Ensure that the filesystem type is supported by the host operating system.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


nameOptional
public java.lang.String getName();
  • Type: java.lang.String
  • Default: auto-generated

The volume name.


partitionOptional
public java.lang.Number getPartition();
  • Type: java.lang.Number
  • Default: No partition.

The partition in the volume that you want to mount.

If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as “1”. Similarly, the volume partition for /dev/sda is “0” (or you can leave the property empty).


readOnlyOptional
public java.lang.Boolean getReadOnly();
  • Type: java.lang.Boolean
  • Default: false

Specify “true” to force and set the ReadOnly property in VolumeMounts to “true”.

https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore


HandlerFromHttpGetOptions

Options for Handler.fromHttpGet.

Initializer

import org.cdk8s.plus30.HandlerFromHttpGetOptions;

HandlerFromHttpGetOptions.builder()
//  .port(java.lang.Number)
    .build();
portOptional
public java.lang.Number getPort();
  • Type: java.lang.Number
  • Default: defaults to container.port.

The TCP port to use when sending the GET request.


HandlerFromTcpSocketOptions

Options for Handler.fromTcpSocket.

Initializer

import org.cdk8s.plus30.HandlerFromTcpSocketOptions;

HandlerFromTcpSocketOptions.builder()
//  .host(java.lang.String)
//  .port(java.lang.Number)
    .build();
hostOptional
public java.lang.String getHost();
  • Type: java.lang.String
  • Default: defaults to the pod IP

The host name to connect to on the container.


portOptional
public java.lang.Number getPort();
  • Type: java.lang.Number
  • Default: defaults to container.port.

The TCP port to connect to on the container.


HorizontalPodAutoscalerProps

Properties for HorizontalPodAutoscaler.

Initializer

import org.cdk8s.plus30.HorizontalPodAutoscalerProps;

HorizontalPodAutoscalerProps.builder()
//  .metadata(ApiObjectMetadata)
    .maxReplicas(java.lang.Number)
    .target(IScalable)
//  .metrics(java.util.List<Metric>)
//  .minReplicas(java.lang.Number)
//  .scaleDown(ScalingRules)
//  .scaleUp(ScalingRules)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


maxReplicasRequired
public java.lang.Number getMaxReplicas();
  • Type: java.lang.Number

The maximum number of replicas that can be scaled up to.


targetRequired
public IScalable getTarget();

The workload to scale up or down.

Scalable workload types:

  • Deployment
  • StatefulSet

metricsOptional
public java.util.List<Metric> getMetrics();
  • Type: java.util.List<org.cdk8s.plus30.Metric>
  • Default: If metrics are not provided, then the target resource constraints (e.g. cpu limit) will be used as scaling metrics.

The metric conditions that trigger a scale up or scale down.


minReplicasOptional
public java.lang.Number getMinReplicas();
  • Type: java.lang.Number
  • Default: 1

The minimum number of replicas that can be scaled down to.

Can be set to 0 if the alpha feature gate HPAScaleToZero is enabled and at least one Object or External metric is configured.


scaleDownOptional
public ScalingRules getScaleDown();

The scaling behavior when scaling down.


scaleUpOptional
public ScalingRules getScaleUp();
  • Type: org.cdk8s.plus30.ScalingRules
  • Default: Is the higher of:
  • Increase no more than 4 pods per 60 seconds
  • Double the number of pods per 60 seconds

The scaling behavior when scaling up.


HostAlias

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s /etc/hosts file.

Initializer

import org.cdk8s.plus30.HostAlias;

HostAlias.builder()
    .hostnames(java.util.List<java.lang.String>)
    .ip(java.lang.String)
    .build();
hostnamesRequired
public java.util.List<java.lang.String> getHostnames();
  • Type: java.util.List<java.lang.String>

Hostnames for the chosen IP address.


ipRequired
public java.lang.String getIp();
  • Type: java.lang.String

IP address of the host file entry.


HostPathVolumeOptions

Options for a HostPathVolume-based volume.

Initializer

import org.cdk8s.plus30.HostPathVolumeOptions;

HostPathVolumeOptions.builder()
    .path(java.lang.String)
//  .type(HostPathVolumeType)
    .build();
pathRequired
public java.lang.String getPath();
  • Type: java.lang.String

The path of the directory on the host.


typeOptional
public HostPathVolumeType getType();

The expected type of the path found on the host.


HttpGetProbeOptions

Options for Probe.fromHttpGet().

Initializer

import org.cdk8s.plus30.HttpGetProbeOptions;

HttpGetProbeOptions.builder()
//  .failureThreshold(java.lang.Number)
//  .initialDelaySeconds(Duration)
//  .periodSeconds(Duration)
//  .successThreshold(java.lang.Number)
//  .timeoutSeconds(Duration)
//  .host(java.lang.String)
//  .port(java.lang.Number)
//  .scheme(ConnectionScheme)
    .build();
failureThresholdOptional
public java.lang.Number getFailureThreshold();
  • Type: java.lang.Number
  • Default: 3

Minimum consecutive failures for the probe to be considered failed after having succeeded.

Defaults to 3. Minimum value is 1.


initialDelaySecondsOptional
public Duration getInitialDelaySeconds();

Number of seconds after the container has started before liveness probes are initiated.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes


periodSecondsOptional
public Duration getPeriodSeconds();

How often (in seconds) to perform the probe.

Default to 10 seconds. Minimum value is 1.


successThresholdOptional
public java.lang.Number getSuccessThreshold();
  • Type: java.lang.Number
  • Default: 1 Must be 1 for liveness and startup. Minimum value is 1.

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1.

Must be 1 for liveness and startup. Minimum value is 1.


timeoutSecondsOptional
public Duration getTimeoutSeconds();

Number of seconds after which the probe times out.

Defaults to 1 second. Minimum value is 1.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes


hostOptional
public java.lang.String getHost();
  • Type: java.lang.String
  • Default: defaults to the pod IP

The host name to connect to on the container.


portOptional
public java.lang.Number getPort();
  • Type: java.lang.Number
  • Default: defaults to container.port.

The TCP port to use when sending the GET request.


schemeOptional
public ConnectionScheme getScheme();

Scheme to use for connecting to the host (HTTP or HTTPS).


IngressProps

Properties for Ingress.

Initializer

import org.cdk8s.plus30.IngressProps;

IngressProps.builder()
//  .metadata(ApiObjectMetadata)
//  .className(java.lang.String)
//  .defaultBackend(IngressBackend)
//  .rules(java.util.List<IngressRule>)
//  .tls(java.util.List<IngressTls>)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


classNameOptional
public java.lang.String getClassName();
  • Type: java.lang.String

Class Name for this ingress.

This field is a reference to an IngressClass resource that contains additional Ingress configuration, including the name of the Ingress controller.


defaultBackendOptional
public IngressBackend getDefaultBackend();

The default backend services requests that do not match any rule.

Using this option or the addDefaultBackend() method is equivalent to adding a rule with both path and host undefined.


rulesOptional
public java.util.List<IngressRule> getRules();

Routing rules for this ingress.

Each rule must define an IngressBackend that will receive the requests that match this rule. If both host and path are not specifiec, this backend will be used as the default backend of the ingress.

You can also add rules later using addRule(), addHostRule(), addDefaultBackend() and addHostDefaultBackend().


tlsOptional
public java.util.List<IngressTls> getTls();

TLS settings for this ingress.

Using this option tells the ingress controller to expose a TLS endpoint. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.


IngressRule

Represents the rules mapping the paths under a specified host to the related backend services.

Incoming requests are first evaluated for a host match, then routed to the backend associated with the matching path.

Initializer

import org.cdk8s.plus30.IngressRule;

IngressRule.builder()
    .backend(IngressBackend)
//  .host(java.lang.String)
//  .path(java.lang.String)
//  .pathType(HttpIngressPathType)
    .build();
backendRequired
public IngressBackend getBackend();

Backend defines the referenced service endpoint to which the traffic will be forwarded to.


hostOptional
public java.lang.String getHost();
  • Type: java.lang.String
  • Default: If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue.

Host is the fully qualified domain name of a network host, as defined by RFC 3986.

Note the following deviations from the “host” part of the URI as defined in the RFC: 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the IP in the Spec of the parent Ingress. 2. The : delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. Incoming requests are matched against the host before the IngressRuleValue.


pathOptional
public java.lang.String getPath();
  • Type: java.lang.String
  • Default: If unspecified, the path defaults to a catch all sending traffic to the backend.

Path is an extended POSIX regex as defined by IEEE Std 1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax) matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional “path” part of a URL as defined by RFC 3986. Paths must begin with a ‘/’.


pathTypeOptional
public HttpIngressPathType getPathType();

Specify how the path is matched against request paths.

By default, path types will be matched by prefix.

https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types


IngressTls

Represents the TLS configuration mapping that is passed to the ingress controller for SSL termination.

Initializer

import org.cdk8s.plus30.IngressTls;

IngressTls.builder()
//  .hosts(java.util.List<java.lang.String>)
//  .secret(ISecret)
    .build();
hostsOptional
public java.util.List<java.lang.String> getHosts();
  • Type: java.util.List<java.lang.String>
  • Default: If unspecified, it defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress.

Hosts are a list of hosts included in the TLS certificate.

The values in this list must match the name/s used in the TLS Secret.


secretOptional
public ISecret getSecret();

Secret is the secret that contains the certificate and key used to terminate SSL traffic on 443.

If the SNI host in a listener conflicts with the “Host” header field used by an IngressRule, the SNI host is used for termination and value of the Host header is used for routing.


JobProps

Properties for Job.

Initializer

import org.cdk8s.plus30.JobProps;

JobProps.builder()
//  .metadata(ApiObjectMetadata)
//  .automountServiceAccountToken(java.lang.Boolean)
//  .containers(java.util.List<ContainerProps>)
//  .dns(PodDnsProps)
//  .dockerRegistryAuth(ISecret)
//  .hostAliases(java.util.List<HostAlias>)
//  .hostNetwork(java.lang.Boolean)
//  .initContainers(java.util.List<ContainerProps>)
//  .isolate(java.lang.Boolean)
//  .restartPolicy(RestartPolicy)
//  .securityContext(PodSecurityContextProps)
//  .serviceAccount(IServiceAccount)
//  .terminationGracePeriod(Duration)
//  .volumes(java.util.List<Volume>)
//  .podMetadata(ApiObjectMetadata)
//  .select(java.lang.Boolean)
//  .spread(java.lang.Boolean)
//  .activeDeadline(Duration)
//  .backoffLimit(java.lang.Number)
//  .ttlAfterFinished(Duration)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


automountServiceAccountTokenOptional
public java.lang.Boolean getAutomountServiceAccountToken();
  • Type: java.lang.Boolean
  • Default: false

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional
public java.util.List<ContainerProps> getContainers();

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional
public PodDnsProps getDns();

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


dockerRegistryAuthOptional
public ISecret getDockerRegistryAuth();

A secret containing docker credentials for authenticating to a registry.


hostAliasesOptional
public java.util.List<HostAlias> getHostAliases();

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


hostNetworkOptional
public java.lang.Boolean getHostNetwork();
  • Type: java.lang.Boolean
  • Default: false

Host network for the pod.


initContainersOptional
public java.util.List<ContainerProps> getInitContainers();

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


isolateOptional
public java.lang.Boolean getIsolate();
  • Type: java.lang.Boolean
  • Default: false

Isolates the pod.

This will prevent any ingress or egress connections to / from this pod. You can however allow explicit connections post instantiation by using the .connections property.


restartPolicyOptional
public RestartPolicy getRestartPolicy();

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


securityContextOptional
public PodSecurityContextProps getSecurityContext();

SecurityContext holds pod-level security attributes and common container settings.


serviceAccountOptional
public IServiceAccount getServiceAccount();

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


terminationGracePeriodOptional
public Duration getTerminationGracePeriod();

Grace period until the pod is terminated.


volumesOptional
public java.util.List<Volume> getVolumes();

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


podMetadataOptional
public ApiObjectMetadata getPodMetadata();

The pod metadata of this workload.


selectOptional
public java.lang.Boolean getSelect();
  • Type: java.lang.Boolean
  • Default: true

Automatically allocates a pod label selector for this workload and add it to the pod metadata.

This ensures this workload manages pods created by its pod template.


spreadOptional
public java.lang.Boolean getSpread();
  • Type: java.lang.Boolean
  • Default: false

Automatically spread pods across hostname and zones.

https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#internal-default-constraints


activeDeadlineOptional
public Duration getActiveDeadline();

Specifies the duration the job may be active before the system tries to terminate it.


backoffLimitOptional
public java.lang.Number getBackoffLimit();
  • Type: java.lang.Number
  • Default: If not set, system defaults to 6.

Specifies the number of retries before marking this job failed.


ttlAfterFinishedOptional
public Duration getTtlAfterFinished();
  • Type: org.cdk8s.Duration
  • Default: If this field is unset, the Job won’t be automatically deleted.

Limits the lifetime of a Job that has finished execution (either Complete or Failed).

If this field is set, after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes. This field is alpha-level and is only honored by servers that enable the TTLAfterFinished feature.


LabelSelectorOptions

Options for LabelSelector.of.

Initializer

import org.cdk8s.plus30.LabelSelectorOptions;

LabelSelectorOptions.builder()
//  .expressions(java.util.List<LabelExpression>)
//  .labels(java.util.Map<java.lang.String, java.lang.String>)
    .build();
expressionsOptional
public java.util.List<LabelExpression> getExpressions();

Expression based label matchers.


labelsOptional
public java.util.Map<java.lang.String, java.lang.String> getLabels();
  • Type: java.util.Mapjava.lang.String>

Strict label matchers.


LabelSelectorRequirement

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

Initializer

import org.cdk8s.plus30.LabelSelectorRequirement;

LabelSelectorRequirement.builder()
    .key(java.lang.String)
    .operator(java.lang.String)
//  .values(java.util.List<java.lang.String>)
    .build();
keyRequired
public java.lang.String getKey();
  • Type: java.lang.String

The label key that the selector applies to.


operatorRequired
public java.lang.String getOperator();
  • Type: java.lang.String

Represents a key’s relationship to a set of values.


valuesOptional
public java.util.List<java.lang.String> getValues();
  • Type: java.util.List<java.lang.String>

An array of string values.

If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.


MemoryResources

Memory request and limit.

Initializer

import org.cdk8s.plus30.MemoryResources;

MemoryResources.builder()
//  .limit(Size)
//  .request(Size)
    .build();
limitOptional
public Size getLimit();

requestOptional
public Size getRequest();

MetricContainerResourceOptions

Options for Metric.containerResource().

Initializer

import org.cdk8s.plus30.MetricContainerResourceOptions;

MetricContainerResourceOptions.builder()
    .container(Container)
    .target(MetricTarget)
    .build();
containerRequired
public Container getContainer();

Container where the metric can be found.


targetRequired
public MetricTarget getTarget();

Target metric value that will trigger scaling.


MetricObjectOptions

Options for Metric.object().

Initializer

import org.cdk8s.plus30.MetricObjectOptions;

MetricObjectOptions.builder()
    .name(java.lang.String)
    .target(MetricTarget)
//  .labelSelector(LabelSelector)
    .object(IResource)
    .build();
nameRequired
public java.lang.String getName();
  • Type: java.lang.String

The name of the metric to scale on.


targetRequired
public MetricTarget getTarget();

The target metric value that will trigger scaling.


labelSelectorOptional
public LabelSelector getLabelSelector();

A selector to find a metric by label.

When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping.


objectRequired
public IResource getObject();

Resource where the metric can be found.


MetricOptions

Base options for a Metric.

Initializer

import org.cdk8s.plus30.MetricOptions;

MetricOptions.builder()
    .name(java.lang.String)
    .target(MetricTarget)
//  .labelSelector(LabelSelector)
    .build();
nameRequired
public java.lang.String getName();
  • Type: java.lang.String

The name of the metric to scale on.


targetRequired
public MetricTarget getTarget();

The target metric value that will trigger scaling.


labelSelectorOptional
public LabelSelector getLabelSelector();

A selector to find a metric by label.

When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping.


MountOptions

Options for mounts.

Initializer

import org.cdk8s.plus30.MountOptions;

MountOptions.builder()
//  .propagation(MountPropagation)
//  .readOnly(java.lang.Boolean)
//  .subPath(java.lang.String)
//  .subPathExpr(java.lang.String)
    .build();
propagationOptional
public MountPropagation getPropagation();

Determines how mounts are propagated from the host to container and the other way around.

When not set, MountPropagationNone is used.

Mount propagation allows for sharing volumes mounted by a Container to other Containers in the same Pod, or even to other Pods on the same node.


readOnlyOptional
public java.lang.Boolean getReadOnly();
  • Type: java.lang.Boolean
  • Default: false

Mounted read-only if true, read-write otherwise (false or unspecified).

Defaults to false.


subPathOptional
public java.lang.String getSubPath();
  • Type: java.lang.String
  • Default: “” the volume’s root

Path within the volume from which the container’s volume should be mounted.).


subPathExprOptional
public java.lang.String getSubPathExpr();
  • Type: java.lang.String
  • Default: “” volume’s root.

Expanded path within the volume from which the container’s volume should be mounted.

Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment. Defaults to “” (volume’s root).

subPathExpr and subPath are mutually exclusive.


NamespaceProps

Properties for Namespace.

Initializer

import org.cdk8s.plus30.NamespaceProps;

NamespaceProps.builder()
//  .metadata(ApiObjectMetadata)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


NamespaceSelectorConfig

Configuration for selecting namespaces.

Initializer

import org.cdk8s.plus30.NamespaceSelectorConfig;

NamespaceSelectorConfig.builder()
//  .labelSelector(LabelSelector)
//  .names(java.util.List<java.lang.String>)
    .build();
labelSelectorOptional
public LabelSelector getLabelSelector();

A selector to select namespaces by labels.


namesOptional
public java.util.List<java.lang.String> getNames();
  • Type: java.util.List<java.lang.String>

A list of names to select namespaces by names.


NamespacesSelectOptions

Options for Namespaces.select.

Initializer

import org.cdk8s.plus30.NamespacesSelectOptions;

NamespacesSelectOptions.builder()
//  .expressions(java.util.List<LabelExpression>)
//  .labels(java.util.Map<java.lang.String, java.lang.String>)
//  .names(java.util.List<java.lang.String>)
    .build();
expressionsOptional
public java.util.List<LabelExpression> getExpressions();

Namespaces must satisfy these selectors.

The selectors query labels, just like the labels property, but they provide a more advanced matching mechanism.


labelsOptional
public java.util.Map<java.lang.String, java.lang.String> getLabels();
  • Type: java.util.Mapjava.lang.String>
  • Default: no strict labels requirements.

Labels the namespaces must have.

This is equivalent to using an ‘Is’ selector.


namesOptional
public java.util.List<java.lang.String> getNames();
  • Type: java.util.List<java.lang.String>
  • Default: no name requirements.

Namespaces names must be one of these.


NetworkPolicyAddEgressRuleOptions

Options for NetworkPolicy.addEgressRule.

Initializer

import org.cdk8s.plus30.NetworkPolicyAddEgressRuleOptions;

NetworkPolicyAddEgressRuleOptions.builder()
//  .ports(java.util.List<NetworkPolicyPort>)
    .build();
portsOptional
public java.util.List<NetworkPolicyPort> getPorts();

Ports the rule should allow outgoing traffic to.


NetworkPolicyPeerConfig

Configuration for network peers.

A peer can either by an ip block, or a selection of pods, not both.

Initializer

import org.cdk8s.plus30.NetworkPolicyPeerConfig;

NetworkPolicyPeerConfig.builder()
//  .ipBlock(NetworkPolicyIpBlock)
//  .podSelector(PodSelectorConfig)
    .build();
ipBlockOptional
public NetworkPolicyIpBlock getIpBlock();

The ip block this peer represents.


podSelectorOptional
public PodSelectorConfig getPodSelector();

The pod selector this peer represents.


NetworkPolicyPortProps

Properties for NetworkPolicyPort.

Initializer

import org.cdk8s.plus30.NetworkPolicyPortProps;

NetworkPolicyPortProps.builder()
//  .endPort(java.lang.Number)
//  .port(java.lang.Number)
//  .protocol(NetworkProtocol)
    .build();
endPortOptional
public java.lang.Number getEndPort();
  • Type: java.lang.Number
  • Default: not a port range.

End port (relative to port).

Only applies if port is defined. Use this to specify a port range, rather that a specific one.


portOptional
public java.lang.Number getPort();
  • Type: java.lang.Number
  • Default: all ports are allowed.

Specific port number.


protocolOptional
public NetworkProtocol getProtocol();

Protocol.


NetworkPolicyProps

Properties for NetworkPolicy.

Initializer

import org.cdk8s.plus30.NetworkPolicyProps;

NetworkPolicyProps.builder()
//  .metadata(ApiObjectMetadata)
//  .egress(NetworkPolicyTraffic)
//  .ingress(NetworkPolicyTraffic)
//  .selector(IPodSelector)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


egressOptional
public NetworkPolicyTraffic getEgress();

Egress traffic configuration.


ingressOptional
public NetworkPolicyTraffic getIngress();

Ingress traffic configuration.


selectorOptional
public IPodSelector getSelector();

Which pods does this policy object applies to.

This can either be a single pod / workload, or a grouping of pods selected via the Pods.select function. Rules is applied to any pods selected by this property. Multiple network policies can select the same set of pods. In this case, the rules for each are combined additively.

Note that


NetworkPolicyRule

Describes a rule allowing traffic from / to pods matched by a network policy selector.

Initializer

import org.cdk8s.plus30.NetworkPolicyRule;

NetworkPolicyRule.builder()
    .peer(INetworkPolicyPeer)
//  .ports(java.util.List<NetworkPolicyPort>)
    .build();
peerRequired
public INetworkPolicyPeer getPeer();

Peer this rule interacts with.


portsOptional
public java.util.List<NetworkPolicyPort> getPorts();

The ports of the rule.


NetworkPolicyTraffic

Describes how the network policy should configure egress / ingress traffic.

Initializer

import org.cdk8s.plus30.NetworkPolicyTraffic;

NetworkPolicyTraffic.builder()
//  .default(NetworkPolicyTrafficDefault)
//  .rules(java.util.List<NetworkPolicyRule>)
    .build();
defaultOptional
public NetworkPolicyTrafficDefault getDefault();

Specifies the default behavior of the policy when no rules are defined.


rulesOptional
public java.util.List<NetworkPolicyRule> getRules();

List of rules to be applied to the selected pods.

If empty, the behavior of the policy is dictated by the default property.


NfsVolumeOptions

Options for the NFS based volume.

Initializer

import org.cdk8s.plus30.NfsVolumeOptions;

NfsVolumeOptions.builder()
    .path(java.lang.String)
    .server(java.lang.String)
//  .readOnly(java.lang.Boolean)
    .build();
pathRequired
public java.lang.String getPath();
  • Type: java.lang.String

Path that is exported by the NFS server.


serverRequired
public java.lang.String getServer();
  • Type: java.lang.String

Server is the hostname or IP address of the NFS server.


readOnlyOptional
public java.lang.Boolean getReadOnly();
  • Type: java.lang.Boolean
  • Default: false

If set to true, will force the NFS export to be mounted with read-only permissions.


NodeTaintQueryOptions

Options for NodeTaintQuery.

Initializer

import org.cdk8s.plus30.NodeTaintQueryOptions;

NodeTaintQueryOptions.builder()
//  .effect(TaintEffect)
//  .evictAfter(Duration)
    .build();
effectOptional
public TaintEffect getEffect();

The taint effect to match.


evictAfterOptional
public Duration getEvictAfter();

How much time should a pod that tolerates the NO_EXECUTE effect be bound to the node.

Only applies for the NO_EXECUTE effect.


PathMapping

Maps a string key to a path within a volume.

Initializer

import org.cdk8s.plus30.PathMapping;

PathMapping.builder()
    .path(java.lang.String)
//  .mode(java.lang.Number)
    .build();
pathRequired
public java.lang.String getPath();
  • Type: java.lang.String

The relative path of the file to map the key to.

May not be an absolute path. May not contain the path element ‘..’. May not start with the string ‘..’.


modeOptional
public java.lang.Number getMode();
  • Type: java.lang.Number

Optional: mode bits to use on this file, must be a value between 0 and 0777.

If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.


PersistentVolumeClaimProps

Properties for PersistentVolumeClaim.

Initializer

import org.cdk8s.plus30.PersistentVolumeClaimProps;

PersistentVolumeClaimProps.builder()
//  .metadata(ApiObjectMetadata)
//  .accessModes(java.util.List<PersistentVolumeAccessMode>)
//  .storage(Size)
//  .storageClassName(java.lang.String)
//  .volume(IPersistentVolume)
//  .volumeMode(PersistentVolumeMode)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


accessModesOptional
public java.util.List<PersistentVolumeAccessMode> getAccessModes();

Contains the access modes the volume should support.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1


storageOptional
public Size getStorage();

Minimum storage size the volume should have.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources


storageClassNameOptional
public java.lang.String getStorageClassName();
  • Type: java.lang.String
  • Default: Not set.

Name of the StorageClass required by the claim. When this property is not set, the behavior is as follows:.

  • If the admission plugin is turned on, the storage class marked as default will be used.
  • If the admission plugin is turned off, the pvc can only be bound to volumes without a storage class.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1


volumeOptional
public IPersistentVolume getVolume();

The PersistentVolume backing this claim.

The control plane still checks that storage class, access modes, and requested storage size on the volume are valid.

Note that in order to guarantee a proper binding, the volume should also define a claimRef referring to this claim. Otherwise, the volume may be claimed be other pvc’s before it gets a chance to bind to this one.

If the volume is managed (i.e not imported), you can use pv.claim() to easily create a bi-directional bounded claim.

https://kubernetes.io/docs/concepts/storage/persistent-volumes/#binding.


volumeModeOptional
public PersistentVolumeMode getVolumeMode();

Defines what type of volume is required by the claim.


PersistentVolumeClaimVolumeOptions

Options for a PersistentVolumeClaim-based volume.

Initializer

import org.cdk8s.plus30.PersistentVolumeClaimVolumeOptions;

PersistentVolumeClaimVolumeOptions.builder()
//  .name(java.lang.String)
//  .readOnly(java.lang.Boolean)
    .build();
nameOptional
public java.lang.String getName();
  • Type: java.lang.String
  • Default: Derived from the PVC name.

The volume name.


readOnlyOptional
public java.lang.Boolean getReadOnly();
  • Type: java.lang.Boolean
  • Default: false

Will force the ReadOnly setting in VolumeMounts.


PersistentVolumeProps

Properties for PersistentVolume.

Initializer

import org.cdk8s.plus30.PersistentVolumeProps;

PersistentVolumeProps.builder()
//  .metadata(ApiObjectMetadata)
//  .accessModes(java.util.List<PersistentVolumeAccessMode>)
//  .claim(IPersistentVolumeClaim)
//  .mountOptions(java.util.List<java.lang.String>)
//  .reclaimPolicy(PersistentVolumeReclaimPolicy)
//  .storage(Size)
//  .storageClassName(java.lang.String)
//  .volumeMode(PersistentVolumeMode)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


accessModesOptional
public java.util.List<PersistentVolumeAccessMode> getAccessModes();

Contains all ways the volume can be mounted.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes


claimOptional
public IPersistentVolumeClaim getClaim();

Part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.

Expected to be non-nil when bound.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding


mountOptionsOptional
public java.util.List<java.lang.String> getMountOptions();
  • Type: java.util.List<java.lang.String>
  • Default: No options.

A list of mount options, e.g. [“ro”, “soft”]. Not validated - mount will simply fail if one is invalid.

https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options


reclaimPolicyOptional
public PersistentVolumeReclaimPolicy getReclaimPolicy();

When a user is done with their volume, they can delete the PVC objects from the API that allows reclamation of the resource.

The reclaim policy tells the cluster what to do with the volume after it has been released of its claim.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming


storageOptional
public Size getStorage();

What is the storage capacity of this volume.

https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources


storageClassNameOptional
public java.lang.String getStorageClassName();
  • Type: java.lang.String
  • Default: Volume does not belong to any storage class.

Name of StorageClass to which this persistent volume belongs.


volumeModeOptional
public PersistentVolumeMode getVolumeMode();

Defines what type of volume is required by the claim.


PodConnectionsAllowFromOptions

Options for PodConnections.allowFrom.

Initializer

import org.cdk8s.plus30.PodConnectionsAllowFromOptions;

PodConnectionsAllowFromOptions.builder()
//  .isolation(PodConnectionsIsolation)
//  .ports(java.util.List<NetworkPolicyPort>)
    .build();
isolationOptional
public PodConnectionsIsolation getIsolation();

Which isolation should be applied to establish the connection.


portsOptional
public java.util.List<NetworkPolicyPort> getPorts();

Ports to allow incoming traffic to.


PodConnectionsAllowToOptions

Options for PodConnections.allowTo.

Initializer

import org.cdk8s.plus30.PodConnectionsAllowToOptions;

PodConnectionsAllowToOptions.builder()
//  .isolation(PodConnectionsIsolation)
//  .ports(java.util.List<NetworkPolicyPort>)
    .build();
isolationOptional
public PodConnectionsIsolation getIsolation();

Which isolation should be applied to establish the connection.


portsOptional
public java.util.List<NetworkPolicyPort> getPorts();

Ports to allow outgoing traffic to.


PodDnsProps

Properties for PodDns.

Initializer

import org.cdk8s.plus30.PodDnsProps;

PodDnsProps.builder()
//  .hostname(java.lang.String)
//  .hostnameAsFQDN(java.lang.Boolean)
//  .nameservers(java.util.List<java.lang.String>)
//  .options(java.util.List<DnsOption>)
//  .policy(DnsPolicy)
//  .searches(java.util.List<java.lang.String>)
//  .subdomain(java.lang.String)
    .build();
hostnameOptional
public java.lang.String getHostname();
  • Type: java.lang.String
  • Default: Set to a system-defined value.

Specifies the hostname of the Pod.


hostnameAsFQDNOptional
public java.lang.Boolean getHostnameAsFQDN();
  • Type: java.lang.Boolean
  • Default: false

If true the pod’s hostname will be configured as the pod’s FQDN, rather than the leaf name (the default).

In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to FQDN. If a pod does not have FQDN, this has no effect.


nameserversOptional
public java.util.List<java.lang.String> getNameservers();
  • Type: java.util.List<java.lang.String>

A list of IP addresses that will be used as DNS servers for the Pod.

There can be at most 3 IP addresses specified. When the policy is set to “NONE”, the list must contain at least one IP address, otherwise this property is optional. The servers listed will be combined to the base nameservers generated from the specified DNS policy with duplicate addresses removed.


optionsOptional
public java.util.List<DnsOption> getOptions();

List of objects where each object may have a name property (required) and a value property (optional).

The contents in this property will be merged to the options generated from the specified DNS policy. Duplicate entries are removed.


policyOptional
public DnsPolicy getPolicy();

Set DNS policy for the pod.

If policy is set to None, other configuration must be supplied.


searchesOptional
public java.util.List<java.lang.String> getSearches();
  • Type: java.util.List<java.lang.String>

A list of DNS search domains for hostname lookup in the Pod.

When specified, the provided list will be merged into the base search domain names generated from the chosen DNS policy. Duplicate domain names are removed.

Kubernetes allows for at most 6 search domains.


subdomainOptional
public java.lang.String getSubdomain();
  • Type: java.lang.String
  • Default: No subdomain.

If specified, the fully qualified Pod hostname will be “...svc.“.


PodProps

Properties for Pod.

Initializer

import org.cdk8s.plus30.PodProps;

PodProps.builder()
//  .metadata(ApiObjectMetadata)
//  .automountServiceAccountToken(java.lang.Boolean)
//  .containers(java.util.List<ContainerProps>)
//  .dns(PodDnsProps)
//  .dockerRegistryAuth(ISecret)
//  .hostAliases(java.util.List<HostAlias>)
//  .hostNetwork(java.lang.Boolean)
//  .initContainers(java.util.List<ContainerProps>)
//  .isolate(java.lang.Boolean)
//  .restartPolicy(RestartPolicy)
//  .securityContext(PodSecurityContextProps)
//  .serviceAccount(IServiceAccount)
//  .terminationGracePeriod(Duration)
//  .volumes(java.util.List<Volume>)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


automountServiceAccountTokenOptional
public java.lang.Boolean getAutomountServiceAccountToken();
  • Type: java.lang.Boolean
  • Default: false

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional
public java.util.List<ContainerProps> getContainers();

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional
public PodDnsProps getDns();

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


dockerRegistryAuthOptional
public ISecret getDockerRegistryAuth();

A secret containing docker credentials for authenticating to a registry.


hostAliasesOptional
public java.util.List<HostAlias> getHostAliases();

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


hostNetworkOptional
public java.lang.Boolean getHostNetwork();
  • Type: java.lang.Boolean
  • Default: false

Host network for the pod.


initContainersOptional
public java.util.List<ContainerProps> getInitContainers();

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


isolateOptional
public java.lang.Boolean getIsolate();
  • Type: java.lang.Boolean
  • Default: false

Isolates the pod.

This will prevent any ingress or egress connections to / from this pod. You can however allow explicit connections post instantiation by using the .connections property.


restartPolicyOptional
public RestartPolicy getRestartPolicy();

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


securityContextOptional
public PodSecurityContextProps getSecurityContext();

SecurityContext holds pod-level security attributes and common container settings.


serviceAccountOptional
public IServiceAccount getServiceAccount();

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


terminationGracePeriodOptional
public Duration getTerminationGracePeriod();

Grace period until the pod is terminated.


volumesOptional
public java.util.List<Volume> getVolumes();

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


PodsAllOptions

Options for Pods.all.

Initializer

import org.cdk8s.plus30.PodsAllOptions;

PodsAllOptions.builder()
//  .namespaces(Namespaces)
    .build();
namespacesOptional
public Namespaces getNamespaces();

Namespaces the pods are allowed to be in.

Use Namespaces.all() to allow all namespaces.


PodSchedulingAttractOptions

Options for PodScheduling.attract.

Initializer

import org.cdk8s.plus30.PodSchedulingAttractOptions;

PodSchedulingAttractOptions.builder()
//  .weight(java.lang.Number)
    .build();
weightOptional
public java.lang.Number getWeight();
  • Type: java.lang.Number
  • Default: no weight. assignment is assumed to be required (hard).

Indicates the attraction is optional (soft), with this weight score.


PodSchedulingColocateOptions

Options for PodScheduling.colocate.

Initializer

import org.cdk8s.plus30.PodSchedulingColocateOptions;

PodSchedulingColocateOptions.builder()
//  .topology(Topology)
//  .weight(java.lang.Number)
    .build();
topologyOptional
public Topology getTopology();

Which topology to coloate on.


weightOptional
public java.lang.Number getWeight();
  • Type: java.lang.Number
  • Default: no weight. co-location is assumed to be required (hard).

Indicates the co-location is optional (soft), with this weight score.


PodSchedulingSeparateOptions

Options for PodScheduling.separate.

Initializer

import org.cdk8s.plus30.PodSchedulingSeparateOptions;

PodSchedulingSeparateOptions.builder()
//  .topology(Topology)
//  .weight(java.lang.Number)
    .build();
topologyOptional
public Topology getTopology();

Which topology to separate on.


weightOptional
public java.lang.Number getWeight();
  • Type: java.lang.Number
  • Default: no weight. separation is assumed to be required (hard).

Indicates the separation is optional (soft), with this weight score.


PodSecurityContextProps

Properties for PodSecurityContext.

Initializer

import org.cdk8s.plus30.PodSecurityContextProps;

PodSecurityContextProps.builder()
//  .ensureNonRoot(java.lang.Boolean)
//  .fsGroup(java.lang.Number)
//  .fsGroupChangePolicy(FsGroupChangePolicy)
//  .group(java.lang.Number)
//  .sysctls(java.util.List<Sysctl>)
//  .user(java.lang.Number)
    .build();
ensureNonRootOptional
public java.lang.Boolean getEnsureNonRoot();
  • Type: java.lang.Boolean
  • Default: true

Indicates that the container must run as a non-root user.

If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does.


fsGroupOptional
public java.lang.Number getFsGroup();
  • Type: java.lang.Number
  • Default: Volume ownership is not changed.

Modify the ownership and permissions of pod volumes to this GID.


fsGroupChangePolicyOptional
public FsGroupChangePolicy getFsGroupChangePolicy();

Defines behavior of changing ownership and permission of the volume before being exposed inside Pod.

This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir.


groupOptional
public java.lang.Number getGroup();
  • Type: java.lang.Number
  • Default: Group configured by container runtime

The GID to run the entrypoint of the container process.


sysctlsOptional
public java.util.List<Sysctl> getSysctls();

Sysctls hold a list of namespaced sysctls used for the pod.

Pods with unsupported sysctls (by the container runtime) might fail to launch.


userOptional
public java.lang.Number getUser();
  • Type: java.lang.Number
  • Default: User specified in image metadata

The UID to run the entrypoint of the container process.


PodSelectorConfig

Configuration for selecting pods, optionally in particular namespaces.

Initializer

import org.cdk8s.plus30.PodSelectorConfig;

PodSelectorConfig.builder()
    .labelSelector(LabelSelector)
//  .namespaces(NamespaceSelectorConfig)
    .build();
labelSelectorRequired
public LabelSelector getLabelSelector();

A selector to select pods by labels.


namespacesOptional
public NamespaceSelectorConfig getNamespaces();

Configuration for selecting which namepsaces are the pods allowed to be in.


PodsSelectOptions

Options for Pods.select.

Initializer

import org.cdk8s.plus30.PodsSelectOptions;

PodsSelectOptions.builder()
//  .expressions(java.util.List<LabelExpression>)
//  .labels(java.util.Map<java.lang.String, java.lang.String>)
//  .namespaces(Namespaces)
    .build();
expressionsOptional
public java.util.List<LabelExpression> getExpressions();

Expressions the pods must satisify.


labelsOptional
public java.util.Map<java.lang.String, java.lang.String> getLabels();
  • Type: java.util.Mapjava.lang.String>
  • Default: no strict labels requirements.

Labels the pods must have.


namespacesOptional
public Namespaces getNamespaces();

Namespaces the pods are allowed to be in.

Use Namespaces.all() to allow all namespaces.


ProbeOptions

Probe options.

Initializer

import org.cdk8s.plus30.ProbeOptions;

ProbeOptions.builder()
//  .failureThreshold(java.lang.Number)
//  .initialDelaySeconds(Duration)
//  .periodSeconds(Duration)
//  .successThreshold(java.lang.Number)
//  .timeoutSeconds(Duration)
    .build();
failureThresholdOptional
public java.lang.Number getFailureThreshold();
  • Type: java.lang.Number
  • Default: 3

Minimum consecutive failures for the probe to be considered failed after having succeeded.

Defaults to 3. Minimum value is 1.


initialDelaySecondsOptional
public Duration getInitialDelaySeconds();

Number of seconds after the container has started before liveness probes are initiated.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes


periodSecondsOptional
public Duration getPeriodSeconds();

How often (in seconds) to perform the probe.

Default to 10 seconds. Minimum value is 1.


successThresholdOptional
public java.lang.Number getSuccessThreshold();
  • Type: java.lang.Number
  • Default: 1 Must be 1 for liveness and startup. Minimum value is 1.

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1.

Must be 1 for liveness and startup. Minimum value is 1.


timeoutSecondsOptional
public Duration getTimeoutSeconds();

Number of seconds after which the probe times out.

Defaults to 1 second. Minimum value is 1.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes


ResourceProps

Initialization properties for resources.

Initializer

import org.cdk8s.plus30.ResourceProps;

ResourceProps.builder()
//  .metadata(ApiObjectMetadata)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


RoleBindingProps

Properties for RoleBinding.

Initializer

import org.cdk8s.plus30.RoleBindingProps;

RoleBindingProps.builder()
//  .metadata(ApiObjectMetadata)
    .role(IRole)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


roleRequired
public IRole getRole();

The role to bind to.

A RoleBinding can reference a Role or a ClusterRole.


RolePolicyRule

Policy rule of a `Role.

Initializer

import org.cdk8s.plus30.RolePolicyRule;

RolePolicyRule.builder()
    .resources(java.util.List<IApiResource>)
    .verbs(java.util.List<java.lang.String>)
    .build();
resourcesRequired
public java.util.List<IApiResource> getResources();

Resources this rule applies to.


verbsRequired
public java.util.List<java.lang.String> getVerbs();
  • Type: java.util.List<java.lang.String>

Verbs to allow.

(e.g [‘get’, ‘watch’])


RoleProps

Properties for Role.

Initializer

import org.cdk8s.plus30.RoleProps;

RoleProps.builder()
//  .metadata(ApiObjectMetadata)
//  .rules(java.util.List<RolePolicyRule>)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


rulesOptional
public java.util.List<RolePolicyRule> getRules();

A list of rules the role should allow.


ScalingPolicy

Initializer

import org.cdk8s.plus30.ScalingPolicy;

ScalingPolicy.builder()
    .replicas(Replicas)
//  .duration(Duration)
    .build();
replicasRequired
public Replicas getReplicas();

The type and quantity of replicas to change.


durationOptional
public Duration getDuration();

The amount of time the scaling policy has to continue scaling before the target metric must be revalidated.

Must be greater than 0 seconds and no longer than 30 minutes.


ScalingRules

Defines the scaling behavior for one direction.

Initializer

import org.cdk8s.plus30.ScalingRules;

ScalingRules.builder()
//  .policies(java.util.List<ScalingPolicy>)
//  .stabilizationWindow(Duration)
//  .strategy(ScalingStrategy)
    .build();
policiesOptional
public java.util.List<ScalingPolicy> getPolicies();
  • Type: java.util.List<org.cdk8s.plus30.ScalingPolicy>
  • Default: * Scale up
  • Increase no more than 4 pods per 60 seconds
  • Double the number of pods per 60 seconds
  • Scale down
  • Decrease to minReplica count

The scaling policies.


stabilizationWindowOptional
public Duration getStabilizationWindow();
  • Type: org.cdk8s.Duration
  • Default: * On scale down no stabilization is performed.
  • On scale up stabilization is performed for 5 minutes.

Defines the window of past metrics that the autoscaler should consider when calculating wether or not autoscaling should occur.

Minimum duration is 1 second, max is 1 hour.


strategyOptional
public ScalingStrategy getStrategy();

The strategy to use when scaling.


ScalingTarget

Properties used to configure the target of an Autoscaler.

Initializer

import org.cdk8s.plus30.ScalingTarget;

ScalingTarget.builder()
    .apiVersion(java.lang.String)
    .containers(java.util.List<Container>)
    .kind(java.lang.String)
    .name(java.lang.String)
//  .replicas(java.lang.Number)
    .build();
apiVersionRequired
public java.lang.String getApiVersion();
  • Type: java.lang.String

The object’s API version (e.g. “authorization.k8s.io/v1”).


containersRequired
public java.util.List<Container> getContainers();

Container definitions associated with the target.


kindRequired
public java.lang.String getKind();
  • Type: java.lang.String

The object kind (e.g. “Deployment”).


nameRequired
public java.lang.String getName();
  • Type: java.lang.String

The Kubernetes name of this resource.


replicasOptional
public java.lang.Number getReplicas();
  • Type: java.lang.Number

The fixed number of replicas defined on the target.

This is used for validation purposes as Scalable targets should not have a fixed number of replicas.


SeccompProfile

Initializer

import org.cdk8s.plus30.SeccompProfile;

SeccompProfile.builder()
    .type(SeccompProfileType)
//  .localhostProfile(java.lang.String)
    .build();
typeRequired
public SeccompProfileType getType();

Indicates which kind of seccomp profile will be applied.


localhostProfileOptional
public java.lang.String getLocalhostProfile();
  • Type: java.lang.String
  • Default: empty string

localhostProfile indicates a profile defined in a file on the node should be used.

The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet’s configured seccomp profile location. Must only be set if type is “Localhost”.


SecretProps

Options for Secret.

Initializer

import org.cdk8s.plus30.SecretProps;

SecretProps.builder()
//  .metadata(ApiObjectMetadata)
//  .immutable(java.lang.Boolean)
//  .stringData(java.util.Map<java.lang.String, java.lang.String>)
//  .type(java.lang.String)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
public java.lang.Boolean getImmutable();
  • Type: java.lang.Boolean
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


stringDataOptional
public java.util.Map<java.lang.String, java.lang.String> getStringData();
  • Type: java.util.Mapjava.lang.String>

stringData allows specifying non-binary secret data in string form.

It is provided as a write-only convenience method. All keys and values are merged into the data field on write, overwriting any existing values. It is never output when reading from the API.


typeOptional
public java.lang.String getType();
  • Type: java.lang.String
  • Default: undefined - Don’t set a type.

Optional type associated with the secret.

Used to facilitate programmatic handling of secret data by various controllers.


SecretValue

Represents a specific value in JSON secret.

Initializer

import org.cdk8s.plus30.SecretValue;

SecretValue.builder()
    .key(java.lang.String)
    .secret(ISecret)
    .build();
keyRequired
public java.lang.String getKey();
  • Type: java.lang.String

The JSON key.


secretRequired
public ISecret getSecret();

The secret.


SecretVolumeOptions

Options for the Secret-based volume.

Initializer

import org.cdk8s.plus30.SecretVolumeOptions;

SecretVolumeOptions.builder()
//  .defaultMode(java.lang.Number)
//  .items(java.util.Map<java.lang.String, PathMapping>)
//  .name(java.lang.String)
//  .optional(java.lang.Boolean)
    .build();
defaultModeOptional
public java.lang.Number getDefaultMode();
  • Type: java.lang.Number
  • Default: 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Mode bits to use on created files by default.

Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.


itemsOptional
public java.util.Map<java.lang.String, PathMapping> getItems();
  • Type: java.util.Mapklzzwxh:11507>
  • Default: no mapping

If unspecified, each key-value pair in the Data field of the referenced secret will be projected into the volume as a file whose name is the key and content is the value.

If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the ‘..’ path or start with ‘..’.


nameOptional
public java.lang.String getName();
  • Type: java.lang.String
  • Default: auto-generated

The volume name.


optionalOptional
public java.lang.Boolean getOptional();
  • Type: java.lang.Boolean
  • Default: undocumented

Specify whether the secret or its keys must be defined.


ServiceAccountProps

Properties for initialization of ServiceAccount.

Initializer

import org.cdk8s.plus30.ServiceAccountProps;

ServiceAccountProps.builder()
//  .metadata(ApiObjectMetadata)
//  .automountToken(java.lang.Boolean)
//  .secrets(java.util.List<ISecret>)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


automountTokenOptional
public java.lang.Boolean getAutomountToken();
  • Type: java.lang.Boolean
  • Default: false

Indicates whether pods running as this service account should have an API token automatically mounted.

Can be overridden at the pod level.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


secretsOptional
public java.util.List<ISecret> getSecrets();

List of secrets allowed to be used by pods running using this ServiceAccount.

https://kubernetes.io/docs/concepts/configuration/secret


ServiceAccountTokenSecretProps

Options for ServiceAccountTokenSecret.

Initializer

import org.cdk8s.plus30.ServiceAccountTokenSecretProps;

ServiceAccountTokenSecretProps.builder()
//  .metadata(ApiObjectMetadata)
//  .immutable(java.lang.Boolean)
    .serviceAccount(IServiceAccount)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
public java.lang.Boolean getImmutable();
  • Type: java.lang.Boolean
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


serviceAccountRequired
public IServiceAccount getServiceAccount();

The service account to store a secret for.


ServiceBindOptions

Options for Service.bind.

Initializer

import org.cdk8s.plus30.ServiceBindOptions;

ServiceBindOptions.builder()
//  .name(java.lang.String)
//  .nodePort(java.lang.Number)
//  .protocol(Protocol)
//  .targetPort(java.lang.Number)
    .build();
nameOptional
public java.lang.String getName();
  • Type: java.lang.String

The name of this port within the service.

This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. This maps to the ‘Name’ field in EndpointPort objects. Optional if only one ServicePort is defined on this service.


nodePortOptional
public java.lang.Number getNodePort();
  • Type: java.lang.Number
  • Default: auto-allocate a port if the ServiceType of this Service requires one.

The port on each node on which this service is exposed when type=NodePort or LoadBalancer.

Usually assigned by the system. If specified, it will be allocated to the service if unused or else creation of the service will fail. Default is to auto-allocate a port if the ServiceType of this Service requires one.

https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport


protocolOptional
public Protocol getProtocol();

The IP protocol for this port.

Supports “TCP”, “UDP”, and “SCTP”. Default is TCP.


targetPortOptional
public java.lang.Number getTargetPort();
  • Type: java.lang.Number
  • Default: The value of port will be used.

The port number the service will redirect to.


ServiceIngressBackendOptions

Options for setting up backends for ingress rules.

Initializer

import org.cdk8s.plus30.ServiceIngressBackendOptions;

ServiceIngressBackendOptions.builder()
//  .port(java.lang.Number)
    .build();
portOptional
public java.lang.Number getPort();
  • Type: java.lang.Number
  • Default: if the service exposes a single port, this port will be used.

The port to use to access the service.

  • This option will fail if the service does not expose any ports.
  • If the service exposes multiple ports, this option must be specified.
  • If the service exposes a single port, this option is optional and if specified, it must be the same port exposed by the service.

ServicePort

Definition of a service port.

Initializer

import org.cdk8s.plus30.ServicePort;

ServicePort.builder()
//  .name(java.lang.String)
//  .nodePort(java.lang.Number)
//  .protocol(Protocol)
//  .targetPort(java.lang.Number)
    .port(java.lang.Number)
    .build();
nameOptional
public java.lang.String getName();
  • Type: java.lang.String

The name of this port within the service.

This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. This maps to the ‘Name’ field in EndpointPort objects. Optional if only one ServicePort is defined on this service.


nodePortOptional
public java.lang.Number getNodePort();
  • Type: java.lang.Number
  • Default: auto-allocate a port if the ServiceType of this Service requires one.

The port on each node on which this service is exposed when type=NodePort or LoadBalancer.

Usually assigned by the system. If specified, it will be allocated to the service if unused or else creation of the service will fail. Default is to auto-allocate a port if the ServiceType of this Service requires one.

https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport


protocolOptional
public Protocol getProtocol();

The IP protocol for this port.

Supports “TCP”, “UDP”, and “SCTP”. Default is TCP.


targetPortOptional
public java.lang.Number getTargetPort();
  • Type: java.lang.Number
  • Default: The value of port will be used.

The port number the service will redirect to.


portRequired
public java.lang.Number getPort();
  • Type: java.lang.Number

The port number the service will bind to.


ServiceProps

Properties for Service.

Initializer

import org.cdk8s.plus30.ServiceProps;

ServiceProps.builder()
//  .metadata(ApiObjectMetadata)
//  .clusterIP(java.lang.String)
//  .externalIPs(java.util.List<java.lang.String>)
//  .externalName(java.lang.String)
//  .loadBalancerSourceRanges(java.util.List<java.lang.String>)
//  .ports(java.util.List<ServicePort>)
//  .publishNotReadyAddresses(java.lang.Boolean)
//  .selector(IPodSelector)
//  .type(ServiceType)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


clusterIPOptional
public java.lang.String getClusterIP();
  • Type: java.lang.String
  • Default: Automatically assigned.

The IP address of the service and is usually assigned randomly by the master.

If an address is specified manually and is not in use by others, it will be allocated to the service; otherwise, creation of the service will fail. This field can not be changed through updates. Valid values are “None”, empty string (“”), or a valid IP address. “None” can be specified for headless services when proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName.

https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies


externalIPsOptional
public java.util.List<java.lang.String> getExternalIPs();
  • Type: java.util.List<java.lang.String>
  • Default: No external IPs.

A list of IP addresses for which nodes in the cluster will also accept traffic for this service.

These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.


externalNameOptional
public java.lang.String getExternalName();
  • Type: java.lang.String
  • Default: No external name.

The externalName to be used when ServiceType.EXTERNAL_NAME is set.


loadBalancerSourceRangesOptional
public java.util.List<java.lang.String> getLoadBalancerSourceRanges();
  • Type: java.util.List<java.lang.String>

A list of CIDR IP addresses, if specified and supported by the platform, will restrict traffic through the cloud-provider load-balancer to the specified client IPs.

More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/


portsOptional
public java.util.List<ServicePort> getPorts();

The ports this service binds to.

If the selector of the service is a managed pod / workload, its ports will are automatically extracted and used as the default value. Otherwise, no ports are bound.


publishNotReadyAddressesOptional
public java.lang.Boolean getPublishNotReadyAddresses();
  • Type: java.lang.Boolean
  • Default: false

The publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready.

More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#servicespec-v1-core


selectorOptional
public IPodSelector getSelector();
  • Type: org.cdk8s.plus30.IPodSelector
  • Default: unset, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify.

Which pods should the service select and route to.

You can pass one of the following:

  • An instance of Pod or any workload resource (e.g Deployment, StatefulSet, …)
  • Pods selected by the Pods.select function. Note that in this case only labels can be specified.

typeOptional
public ServiceType getType();

Determines how the Service is exposed.

More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types


SshAuthSecretProps

Options for SshAuthSecret.

Initializer

import org.cdk8s.plus30.SshAuthSecretProps;

SshAuthSecretProps.builder()
//  .metadata(ApiObjectMetadata)
//  .immutable(java.lang.Boolean)
    .sshPrivateKey(java.lang.String)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
public java.lang.Boolean getImmutable();
  • Type: java.lang.Boolean
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


sshPrivateKeyRequired
public java.lang.String getSshPrivateKey();
  • Type: java.lang.String

The SSH private key to use.


StatefulSetProps

Properties for initialization of StatefulSet.

Initializer

import org.cdk8s.plus30.StatefulSetProps;

StatefulSetProps.builder()
//  .metadata(ApiObjectMetadata)
//  .automountServiceAccountToken(java.lang.Boolean)
//  .containers(java.util.List<ContainerProps>)
//  .dns(PodDnsProps)
//  .dockerRegistryAuth(ISecret)
//  .hostAliases(java.util.List<HostAlias>)
//  .hostNetwork(java.lang.Boolean)
//  .initContainers(java.util.List<ContainerProps>)
//  .isolate(java.lang.Boolean)
//  .restartPolicy(RestartPolicy)
//  .securityContext(PodSecurityContextProps)
//  .serviceAccount(IServiceAccount)
//  .terminationGracePeriod(Duration)
//  .volumes(java.util.List<Volume>)
//  .podMetadata(ApiObjectMetadata)
//  .select(java.lang.Boolean)
//  .spread(java.lang.Boolean)
//  .minReady(Duration)
//  .podManagementPolicy(PodManagementPolicy)
//  .replicas(java.lang.Number)
//  .service(Service)
//  .strategy(StatefulSetUpdateStrategy)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


automountServiceAccountTokenOptional
public java.lang.Boolean getAutomountServiceAccountToken();
  • Type: java.lang.Boolean
  • Default: false

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional
public java.util.List<ContainerProps> getContainers();

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional
public PodDnsProps getDns();

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


dockerRegistryAuthOptional
public ISecret getDockerRegistryAuth();

A secret containing docker credentials for authenticating to a registry.


hostAliasesOptional
public java.util.List<HostAlias> getHostAliases();

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


hostNetworkOptional
public java.lang.Boolean getHostNetwork();
  • Type: java.lang.Boolean
  • Default: false

Host network for the pod.


initContainersOptional
public java.util.List<ContainerProps> getInitContainers();

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


isolateOptional
public java.lang.Boolean getIsolate();
  • Type: java.lang.Boolean
  • Default: false

Isolates the pod.

This will prevent any ingress or egress connections to / from this pod. You can however allow explicit connections post instantiation by using the .connections property.


restartPolicyOptional
public RestartPolicy getRestartPolicy();

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


securityContextOptional
public PodSecurityContextProps getSecurityContext();

SecurityContext holds pod-level security attributes and common container settings.


serviceAccountOptional
public IServiceAccount getServiceAccount();

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


terminationGracePeriodOptional
public Duration getTerminationGracePeriod();

Grace period until the pod is terminated.


volumesOptional
public java.util.List<Volume> getVolumes();

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


podMetadataOptional
public ApiObjectMetadata getPodMetadata();

The pod metadata of this workload.


selectOptional
public java.lang.Boolean getSelect();
  • Type: java.lang.Boolean
  • Default: true

Automatically allocates a pod label selector for this workload and add it to the pod metadata.

This ensures this workload manages pods created by its pod template.


spreadOptional
public java.lang.Boolean getSpread();
  • Type: java.lang.Boolean
  • Default: false

Automatically spread pods across hostname and zones.

https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#internal-default-constraints


minReadyOptional
public Duration getMinReady();

Minimum duration for which a newly created pod should be ready without any of its container crashing, for it to be considered available.

Zero means the pod will be considered available as soon as it is ready.

This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate.

https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#min-ready-seconds


podManagementPolicyOptional
public PodManagementPolicy getPodManagementPolicy();

Pod management policy to use for this statefulset.


replicasOptional
public java.lang.Number getReplicas();
  • Type: java.lang.Number
  • Default: 1

Number of desired pods.


serviceOptional
public Service getService();

Service to associate with the statefulset.


strategyOptional
public StatefulSetUpdateStrategy getStrategy();

Indicates the StatefulSetUpdateStrategy that will be employed to update Pods in the StatefulSet when a revision is made to Template.


StatefulSetUpdateStrategyRollingUpdateOptions

Options for StatefulSetUpdateStrategy.rollingUpdate.

Initializer

import org.cdk8s.plus30.StatefulSetUpdateStrategyRollingUpdateOptions;

StatefulSetUpdateStrategyRollingUpdateOptions.builder()
//  .partition(java.lang.Number)
    .build();
partitionOptional
public java.lang.Number getPartition();
  • Type: java.lang.Number
  • Default: 0

If specified, all Pods with an ordinal that is greater than or equal to the partition will be updated when the StatefulSet’s .spec.template is updated. All Pods with an ordinal that is less than the partition will not be updated, and, even if they are deleted, they will be recreated at the previous version.

If the partition is greater than replicas, updates to the pod template will not be propagated to Pods. In most cases you will not need to use a partition, but they are useful if you want to stage an update, roll out a canary, or perform a phased roll out.

https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions


SubjectConfiguration

Subject contains a reference to the object or user identities a role binding applies to.

This can either hold a direct API object reference, or a value for non-objects such as user and group names.

Initializer

import org.cdk8s.plus30.SubjectConfiguration;

SubjectConfiguration.builder()
    .kind(java.lang.String)
    .name(java.lang.String)
//  .apiGroup(java.lang.String)
//  .namespace(java.lang.String)
    .build();
kindRequired
public java.lang.String getKind();
  • Type: java.lang.String

Kind of object being referenced.

Values defined by this API group are “User”, “Group”, and “ServiceAccount”. If the Authorizer does not recognized the kind value, the Authorizer should report an error.


nameRequired
public java.lang.String getName();
  • Type: java.lang.String

Name of the object being referenced.


apiGroupOptional
public java.lang.String getApiGroup();
  • Type: java.lang.String

APIGroup holds the API group of the referenced subject.

Defaults to “” for ServiceAccount subjects. Defaults to “rbac.authorization.k8s.io” for User and Group subjects.


namespaceOptional
public java.lang.String getNamespace();
  • Type: java.lang.String

Namespace of the referenced object.

If the object kind is non-namespace, such as “User” or “Group”, and this value is not empty the Authorizer should report an error.


Sysctl

Sysctl defines a kernel parameter to be set.

Initializer

import org.cdk8s.plus30.Sysctl;

Sysctl.builder()
    .name(java.lang.String)
    .value(java.lang.String)
    .build();
nameRequired
public java.lang.String getName();
  • Type: java.lang.String

Name of a property to set.


valueRequired
public java.lang.String getValue();
  • Type: java.lang.String

Value of a property to set.


TcpSocketProbeOptions

Options for Probe.fromTcpSocket().

Initializer

import org.cdk8s.plus30.TcpSocketProbeOptions;

TcpSocketProbeOptions.builder()
//  .failureThreshold(java.lang.Number)
//  .initialDelaySeconds(Duration)
//  .periodSeconds(Duration)
//  .successThreshold(java.lang.Number)
//  .timeoutSeconds(Duration)
//  .host(java.lang.String)
//  .port(java.lang.Number)
    .build();
failureThresholdOptional
public java.lang.Number getFailureThreshold();
  • Type: java.lang.Number
  • Default: 3

Minimum consecutive failures for the probe to be considered failed after having succeeded.

Defaults to 3. Minimum value is 1.


initialDelaySecondsOptional
public Duration getInitialDelaySeconds();

Number of seconds after the container has started before liveness probes are initiated.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes


periodSecondsOptional
public Duration getPeriodSeconds();

How often (in seconds) to perform the probe.

Default to 10 seconds. Minimum value is 1.


successThresholdOptional
public java.lang.Number getSuccessThreshold();
  • Type: java.lang.Number
  • Default: 1 Must be 1 for liveness and startup. Minimum value is 1.

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1.

Must be 1 for liveness and startup. Minimum value is 1.


timeoutSecondsOptional
public Duration getTimeoutSeconds();

Number of seconds after which the probe times out.

Defaults to 1 second. Minimum value is 1.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes


hostOptional
public java.lang.String getHost();
  • Type: java.lang.String
  • Default: defaults to the pod IP

The host name to connect to on the container.


portOptional
public java.lang.Number getPort();
  • Type: java.lang.Number
  • Default: defaults to container.port.

The TCP port to connect to on the container.


TlsSecretProps

Options for TlsSecret.

Initializer

import org.cdk8s.plus30.TlsSecretProps;

TlsSecretProps.builder()
//  .metadata(ApiObjectMetadata)
//  .immutable(java.lang.Boolean)
    .tlsCert(java.lang.String)
    .tlsKey(java.lang.String)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


immutableOptional
public java.lang.Boolean getImmutable();
  • Type: java.lang.Boolean
  • Default: false

If set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified).

If not set to true, the field can be modified at any time.


tlsCertRequired
public java.lang.String getTlsCert();
  • Type: java.lang.String

The TLS cert.


tlsKeyRequired
public java.lang.String getTlsKey();
  • Type: java.lang.String

The TLS key.


VolumeMount

Mount a volume from the pod to the container.

Initializer

import org.cdk8s.plus30.VolumeMount;

VolumeMount.builder()
//  .propagation(MountPropagation)
//  .readOnly(java.lang.Boolean)
//  .subPath(java.lang.String)
//  .subPathExpr(java.lang.String)
    .path(java.lang.String)
    .volume(Volume)
    .build();
propagationOptional
public MountPropagation getPropagation();

Determines how mounts are propagated from the host to container and the other way around.

When not set, MountPropagationNone is used.

Mount propagation allows for sharing volumes mounted by a Container to other Containers in the same Pod, or even to other Pods on the same node.


readOnlyOptional
public java.lang.Boolean getReadOnly();
  • Type: java.lang.Boolean
  • Default: false

Mounted read-only if true, read-write otherwise (false or unspecified).

Defaults to false.


subPathOptional
public java.lang.String getSubPath();
  • Type: java.lang.String
  • Default: “” the volume’s root

Path within the volume from which the container’s volume should be mounted.).


subPathExprOptional
public java.lang.String getSubPathExpr();
  • Type: java.lang.String
  • Default: “” volume’s root.

Expanded path within the volume from which the container’s volume should be mounted.

Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment. Defaults to “” (volume’s root).

subPathExpr and subPath are mutually exclusive.


pathRequired
public java.lang.String getPath();
  • Type: java.lang.String

Path within the container at which the volume should be mounted.

Must not contain ‘:’.


volumeRequired
public Volume getVolume();

The volume to mount.


WorkloadProps

Properties for Workload.

Initializer

import org.cdk8s.plus30.WorkloadProps;

WorkloadProps.builder()
//  .metadata(ApiObjectMetadata)
//  .automountServiceAccountToken(java.lang.Boolean)
//  .containers(java.util.List<ContainerProps>)
//  .dns(PodDnsProps)
//  .dockerRegistryAuth(ISecret)
//  .hostAliases(java.util.List<HostAlias>)
//  .hostNetwork(java.lang.Boolean)
//  .initContainers(java.util.List<ContainerProps>)
//  .isolate(java.lang.Boolean)
//  .restartPolicy(RestartPolicy)
//  .securityContext(PodSecurityContextProps)
//  .serviceAccount(IServiceAccount)
//  .terminationGracePeriod(Duration)
//  .volumes(java.util.List<Volume>)
//  .podMetadata(ApiObjectMetadata)
//  .select(java.lang.Boolean)
//  .spread(java.lang.Boolean)
    .build();
metadataOptional
public ApiObjectMetadata getMetadata();

Metadata that all persisted resources must have, which includes all objects users must create.


automountServiceAccountTokenOptional
public java.lang.Boolean getAutomountServiceAccountToken();
  • Type: java.lang.Boolean
  • Default: false

Indicates whether a service account token should be automatically mounted.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server


containersOptional
public java.util.List<ContainerProps> getContainers();

List of containers belonging to the pod.

Containers cannot currently be added or removed. There must be at least one container in a Pod.

You can add additionnal containers using podSpec.addContainer()


dnsOptional
public PodDnsProps getDns();

DNS settings for the pod.

https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/


dockerRegistryAuthOptional
public ISecret getDockerRegistryAuth();

A secret containing docker credentials for authenticating to a registry.


hostAliasesOptional
public java.util.List<HostAlias> getHostAliases();

HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod’s hosts file.


hostNetworkOptional
public java.lang.Boolean getHostNetwork();
  • Type: java.lang.Boolean
  • Default: false

Host network for the pod.


initContainersOptional
public java.util.List<ContainerProps> getInitContainers();

List of initialization containers belonging to the pod.

Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.

Init containers cannot currently be added ,removed or updated.

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/


isolateOptional
public java.lang.Boolean getIsolate();
  • Type: java.lang.Boolean
  • Default: false

Isolates the pod.

This will prevent any ingress or egress connections to / from this pod. You can however allow explicit connections post instantiation by using the .connections property.


restartPolicyOptional
public RestartPolicy getRestartPolicy();

Restart policy for all containers within the pod.

https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy


securityContextOptional
public PodSecurityContextProps getSecurityContext();

SecurityContext holds pod-level security attributes and common container settings.


serviceAccountOptional
public IServiceAccount getServiceAccount();

A service account provides an identity for processes that run in a Pod.

When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/


terminationGracePeriodOptional
public Duration getTerminationGracePeriod();

Grace period until the pod is terminated.


volumesOptional
public java.util.List<Volume> getVolumes();

List of volumes that can be mounted by containers belonging to the pod.

You can also add volumes later using podSpec.addVolume()

https://kubernetes.io/docs/concepts/storage/volumes


podMetadataOptional
public ApiObjectMetadata getPodMetadata();

The pod metadata of this workload.


selectOptional
public java.lang.Boolean getSelect();
  • Type: java.lang.Boolean
  • Default: true

Automatically allocates a pod label selector for this workload and add it to the pod metadata.

This ensures this workload manages pods created by its pod template.


spreadOptional
public java.lang.Boolean getSpread();
  • Type: java.lang.Boolean
  • Default: false

Automatically spread pods across hostname and zones.

https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#internal-default-constraints


WorkloadSchedulingSpreadOptions

Options for WorkloadScheduling.spread.

Initializer

import org.cdk8s.plus30.WorkloadSchedulingSpreadOptions;

WorkloadSchedulingSpreadOptions.builder()
//  .topology(Topology)
//  .weight(java.lang.Number)
    .build();
topologyOptional
public Topology getTopology();

Which topology to spread on.


weightOptional
public java.lang.Number getWeight();
  • Type: java.lang.Number
  • Default: no weight. spread is assumed to be required.

Indicates the spread is optional, with this weight score.


Classes

ApiResource

Represents information about an API resource type.

Methods

asApiResource
public asApiResource()
asNonApiResource
public asNonApiResource()

Static Functions

custom
import org.cdk8s.plus30.ApiResource;

ApiResource.custom(ApiResourceOptions options)
optionsRequired

Properties

apiGroupRequired
public java.lang.String getApiGroup();
  • Type: java.lang.String

The group portion of the API version (e.g. authorization.k8s.io).


resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of the resource type as it appears in the relevant API endpoint.

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources


Constants

API_SERVICES

API resource information for APIService.


BINDINGS

API resource information for Binding.


CERTIFICATE_SIGNING_REQUESTS

API resource information for CertificateSigningRequest.


CLUSTER_ROLE_BINDINGS

API resource information for ClusterRoleBinding.


CLUSTER_ROLES

API resource information for ClusterRole.


COMPONENT_STATUSES

API resource information for ComponentStatus.


CONFIG_MAPS

API resource information for ConfigMap.


CONTROLLER_REVISIONS

API resource information for ControllerRevision.


CRON_JOBS

API resource information for CronJob.


CSI_DRIVERS

API resource information for CSIDriver.


CSI_NODES

API resource information for CSINode.


CSI_STORAGE_CAPACITIES

API resource information for CSIStorageCapacity.


CUSTOM_RESOURCE_DEFINITIONS

API resource information for CustomResourceDefinition.


DAEMON_SETS

API resource information for DaemonSet.


DEPLOYMENTS

API resource information for Deployment.


ENDPOINT_SLICES

API resource information for EndpointSlice.


ENDPOINTS

API resource information for Endpoints.


EVENTS

API resource information for Event.


FLOW_SCHEMAS

API resource information for FlowSchema.


HORIZONTAL_POD_AUTOSCALERS

API resource information for HorizontalPodAutoscaler.


INGRESS_CLASSES

API resource information for IngressClass.


INGRESSES

API resource information for Ingress.


JOBS

API resource information for Job.


LEASES

API resource information for Lease.


LIMIT_RANGES

API resource information for LimitRange.


LOCAL_SUBJECT_ACCESS_REVIEWS

API resource information for LocalSubjectAccessReview.


MUTATING_WEBHOOK_CONFIGURATIONS

API resource information for MutatingWebhookConfiguration.


NAMESPACES

API resource information for Namespace.


NETWORK_POLICIES

API resource information for NetworkPolicy.


NODES

API resource information for Node.


PERSISTENT_VOLUME_CLAIMS

API resource information for PersistentVolumeClaim.


PERSISTENT_VOLUMES

API resource information for PersistentVolume.


POD_DISRUPTION_BUDGETS

API resource information for PodDisruptionBudget.


POD_TEMPLATES

API resource information for PodTemplate.


PODS

API resource information for Pod.


PRIORITY_CLASSES

API resource information for PriorityClass.


PRIORITY_LEVEL_CONFIGURATIONS

API resource information for PriorityLevelConfiguration.


REPLICA_SETS

API resource information for ReplicaSet.


REPLICATION_CONTROLLERS

API resource information for ReplicationController.


RESOURCE_QUOTAS

API resource information for ResourceQuota.


ROLE_BINDINGS

API resource information for RoleBinding.


ROLES

API resource information for Role.


RUNTIME_CLASSES

API resource information for RuntimeClass.


SECRETS

API resource information for Secret.


SELF_SUBJECT_ACCESS_REVIEWS

API resource information for SelfSubjectAccessReview.


SELF_SUBJECT_RULES_REVIEWS

API resource information for SelfSubjectRulesReview.


SERVICE_ACCOUNTS

API resource information for ServiceAccount.


SERVICES

API resource information for Service.


STATEFUL_SETS

API resource information for StatefulSet.


STORAGE_CLASSES

API resource information for StorageClass.


SUBJECT_ACCESS_REVIEWS

API resource information for SubjectAccessReview.


TOKEN_REVIEWS

API resource information for TokenReview.


VALIDATING_WEBHOOK_CONFIGURATIONS

API resource information for ValidatingWebhookConfiguration.


VOLUME_ATTACHMENTS

API resource information for VolumeAttachment.


Container

A single application container that you want to run within a pod.

Initializers

import org.cdk8s.plus30.Container;

Container.Builder.create()
//  .args(java.util.List<java.lang.String>)
//  .command(java.util.List<java.lang.String>)
//  .envFrom(java.util.List<EnvFrom>)
//  .envVariables(java.util.Map<java.lang.String, EnvValue>)
//  .imagePullPolicy(ImagePullPolicy)
//  .lifecycle(ContainerLifecycle)
//  .liveness(Probe)
//  .name(java.lang.String)
//  .port(java.lang.Number)
//  .portNumber(java.lang.Number)
//  .ports(java.util.List<ContainerPort>)
//  .readiness(Probe)
//  .resources(ContainerResources)
//  .restartPolicy(ContainerRestartPolicy)
//  .securityContext(ContainerSecurityContextProps)
//  .startup(Probe)
//  .volumeMounts(java.util.List<VolumeMount>)
//  .workingDir(java.lang.String)
    .image(java.lang.String)
    .build();
argsOptional
  • Type: java.util.List<java.lang.String>
  • Default: []

Arguments to the entrypoint. The docker image’s CMD is used if command is not provided.

Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not.

Cannot be updated.

https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell


commandOptional
  • Type: java.util.List<java.lang.String>
  • Default: The docker image’s ENTRYPOINT.

Entrypoint array.

Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell


envFromOptional

List of sources to populate environment variables in the container.

When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by the envVariables property with a duplicate key will take precedence.


envVariablesOptional
  • Type: java.util.Mapklzzwxh:11008>
  • Default: No environment variables.

Environment variables to set in the container.


imagePullPolicyOptional

Image pull policy for this container.


lifecycleOptional

Describes actions that the management system should take in response to container lifecycle events.


livenessOptional

Periodic probe of container liveness.

Container will be restarted if the probe fails.


nameOptional
  • Type: java.lang.String
  • Default: ‘main’

Name of the container specified as a DNS_LABEL.

Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.


~~port~~Optional
  • Deprecated: - use portNumber.

  • Type: java.lang.Number


portNumberOptional
  • Type: java.lang.Number
  • Default: Only the ports mentiond in the ports property are exposed.

Number of port to expose on the pod’s IP address.

This must be a valid port number, 0 < x < 65536.

This is a convinience property if all you need a single TCP numbered port. In case more advanced configuartion is required, use the ports property.

This port is added to the list of ports mentioned in the ports property.


portsOptional

List of ports to expose from this container.


readinessOptional

Determines when the container is ready to serve traffic.


resourcesOptional

Compute resources (CPU and memory requests and limits) required by the container.

https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/


restartPolicyOptional

Kubelet will start init containers with restartPolicy=Always in the order with other init containers, but instead of waiting for its completion, it will wait for the container startup completion Currently, only accepted value is Always.

https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/


securityContextOptional

SecurityContext defines the security options the container should be run with.

If set, the fields override equivalent fields of the pod’s security context.

https://kubernetes.io/docs/tasks/configure-pod-container/security-context/


startupOptional
  • Type: org.cdk8s.plus30.Probe
  • Default: If a port is provided, then knocks on that port to determine when the container is ready for readiness and liveness probe checks. Otherwise, no startup probe is defined.

StartupProbe indicates that the Pod has successfully initialized.

If specified, no other probes are executed until this completes successfully


volumeMountsOptional

Pod volumes to mount into the container’s filesystem.

Cannot be updated.


workingDirOptional
  • Type: java.lang.String
  • Default: The container runtime’s default.

Container’s working directory.

If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.


imageRequired
  • Type: java.lang.String

Docker image name.


Methods

addPort
public addPort(ContainerPort port)
portRequired

mount
public mount(java.lang.String path, IStorage storage)
public mount(java.lang.String path, IStorage storage, MountOptions options)
pathRequired
  • Type: java.lang.String

The desired path in the container.


storageRequired

The storage to mount.


optionsOptional

Properties

envRequired
public Env getEnv();

The environment of the container.


imageRequired
public java.lang.String getImage();
  • Type: java.lang.String

The container image.


imagePullPolicyRequired
public ImagePullPolicy getImagePullPolicy();

Image pull policy for this container.


mountsRequired
public java.util.List<VolumeMount> getMounts();

Volume mounts configured for this container.


nameRequired
public java.lang.String getName();
  • Type: java.lang.String

The name of the container.


portsRequired
public java.util.List<ContainerPort> getPorts();

Ports exposed by this containers.

Returns a copy, use addPort to modify.


securityContextRequired
public ContainerSecurityContext getSecurityContext();

The security context of the container.


argsOptional
public java.util.List<java.lang.String> getArgs();
  • Type: java.util.List<java.lang.String>

Arguments to the entrypoint.


commandOptional
public java.util.List<java.lang.String> getCommand();
  • Type: java.util.List<java.lang.String>

Entrypoint array (the command to execute when the container starts).


~~port~~Optional
  • Deprecated: - use portNumber.
public java.lang.Number getPort();
  • Type: java.lang.Number

portNumberOptional
public java.lang.Number getPortNumber();
  • Type: java.lang.Number

The port number that was configured for this container.

If undefined, either the container doesn’t expose a port, or its port configuration is stored in the ports field.


resourcesOptional
public ContainerResources getResources();

Compute resources (CPU and memory requests and limits) required by the container.

https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/


restartPolicyOptional
public ContainerRestartPolicy getRestartPolicy();

The restart policy of the container.


workingDirOptional
public java.lang.String getWorkingDir();
  • Type: java.lang.String

The working directory inside the container.


ContainerSecurityContext

Container security attributes and settings.

Initializers

import org.cdk8s.plus30.ContainerSecurityContext;

ContainerSecurityContext.Builder.create()
//  .allowPrivilegeEscalation(java.lang.Boolean)
//  .capabilities(ContainerSecutiryContextCapabilities)
//  .ensureNonRoot(java.lang.Boolean)
//  .group(java.lang.Number)
//  .privileged(java.lang.Boolean)
//  .readOnlyRootFilesystem(java.lang.Boolean)
//  .seccompProfile(SeccompProfile)
//  .user(java.lang.Number)
    .build();
allowPrivilegeEscalationOptional
  • Type: java.lang.Boolean
  • Default: false

Whether a process can gain more privileges than its parent process.


capabilitiesOptional

POSIX capabilities for running containers.


ensureNonRootOptional
  • Type: java.lang.Boolean
  • Default: true

Indicates that the container must run as a non-root user.

If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does.


groupOptional
  • Type: java.lang.Number
  • Default: 26000. An arbitrary number bigger than 9999 is selected here. This is so that the container is blocked to access host files even if somehow it manages to get access to host file system.

The GID to run the entrypoint of the container process.


privilegedOptional
  • Type: java.lang.Boolean
  • Default: false

Run container in privileged mode.

Processes in privileged containers are essentially equivalent to root on the host.


readOnlyRootFilesystemOptional
  • Type: java.lang.Boolean
  • Default: true

Whether this container has a read-only root filesystem.


seccompProfileOptional

Container’s seccomp profile settings.

Only one profile source may be set


userOptional
  • Type: java.lang.Number
  • Default: 25000. An arbitrary number bigger than 9999 is selected here. This is so that the container is blocked to access host files even if somehow it manages to get access to host file system.

The UID to run the entrypoint of the container process.


Properties

ensureNonRootRequired
public java.lang.Boolean getEnsureNonRoot();
  • Type: java.lang.Boolean

privilegedRequired
public java.lang.Boolean getPrivileged();
  • Type: java.lang.Boolean

readOnlyRootFilesystemRequired
public java.lang.Boolean getReadOnlyRootFilesystem();
  • Type: java.lang.Boolean

allowPrivilegeEscalationOptional
public java.lang.Boolean getAllowPrivilegeEscalation();
  • Type: java.lang.Boolean

capabilitiesOptional
public ContainerSecutiryContextCapabilities getCapabilities();

groupOptional
public java.lang.Number getGroup();
  • Type: java.lang.Number

seccompProfileOptional
public SeccompProfile getSeccompProfile();

userOptional
public java.lang.Number getUser();
  • Type: java.lang.Number

Cpu

Represents the amount of CPU.

The amount can be passed as millis or units.

Static Functions

millis
import org.cdk8s.plus30.Cpu;

Cpu.millis(java.lang.Number amount)
amountRequired
  • Type: java.lang.Number

units
import org.cdk8s.plus30.Cpu;

Cpu.units(java.lang.Number amount)
amountRequired
  • Type: java.lang.Number

Properties

amountRequired
public java.lang.String getAmount();
  • Type: java.lang.String

DeploymentStrategy

Deployment strategies.

Static Functions

recreate
import org.cdk8s.plus30.DeploymentStrategy;

DeploymentStrategy.recreate()
rollingUpdate
import org.cdk8s.plus30.DeploymentStrategy;

DeploymentStrategy.rollingUpdate()
DeploymentStrategy.rollingUpdate(DeploymentStrategyRollingUpdateOptions options)
optionsOptional

Env

Container environment variables.

Initializers

import org.cdk8s.plus30.Env;

new Env(java.util.List<EnvFrom> sources, java.util.Map<java.lang.String, EnvValue> variables);
sourcesRequired

variablesRequired
  • Type: java.util.Mapklzzwxh:10845>

Methods

addVariable
public addVariable(java.lang.String name, EnvValue value)
nameRequired
  • Type: java.lang.String

valueRequired

copyFrom
public copyFrom(EnvFrom from)
fromRequired

Static Functions

fromConfigMap
import org.cdk8s.plus30.Env;

Env.fromConfigMap(IConfigMap configMap)
Env.fromConfigMap(IConfigMap configMap, java.lang.String prefix)
configMapRequired

prefixOptional
  • Type: java.lang.String

fromSecret
import org.cdk8s.plus30.Env;

Env.fromSecret(ISecret secr)
secrRequired

Properties

sourcesRequired
public java.util.List<EnvFrom> getSources();

The list of sources used to populate the container environment, in addition to the variables.

Returns a copy. To add a source use container.env.copyFrom().


variablesRequired
public java.util.Map<java.lang.String, EnvValue> getVariables();
  • Type: java.util.Mapklzzwxh:10822>

The environment variables for this container.

Returns a copy. To add environment variables use container.env.addVariable().


EnvFrom

A collection of env variables defined in other resources.

Initializers

import org.cdk8s.plus30.EnvFrom;

new EnvFrom();
new EnvFrom(IConfigMap configMap);
new EnvFrom(IConfigMap configMap, java.lang.String prefix);
new EnvFrom(IConfigMap configMap, java.lang.String prefix, ISecret sec);
configMapOptional

prefixOptional
  • Type: java.lang.String

secOptional

EnvValue

Utility class for creating reading env values from various sources.

Static Functions

fromConfigMap
import org.cdk8s.plus30.EnvValue;

EnvValue.fromConfigMap(IConfigMap configMap, java.lang.String key)
EnvValue.fromConfigMap(IConfigMap configMap, java.lang.String key, EnvValueFromConfigMapOptions options)
configMapRequired

The config map.


keyRequired
  • Type: java.lang.String

The key to extract the value from.


optionsOptional

Additional options.


fromFieldRef
import org.cdk8s.plus30.EnvValue;

EnvValue.fromFieldRef(EnvFieldPaths fieldPath)
EnvValue.fromFieldRef(EnvFieldPaths fieldPath, EnvValueFromFieldRefOptions options)
fieldPathRequired

: The field reference.


optionsOptional

: Additional options.


fromProcess
import org.cdk8s.plus30.EnvValue;

EnvValue.fromProcess(java.lang.String key)
EnvValue.fromProcess(java.lang.String key, EnvValueFromProcessOptions options)
keyRequired
  • Type: java.lang.String

The key to read.


optionsOptional

Additional options.


fromResource
import org.cdk8s.plus30.EnvValue;

EnvValue.fromResource(ResourceFieldPaths resource)
EnvValue.fromResource(ResourceFieldPaths resource, EnvValueFromResourceOptions options)
resourceRequired

: Resource to select the value from.


optionsOptional

: Additional options.


fromSecretValue
import org.cdk8s.plus30.EnvValue;

EnvValue.fromSecretValue(SecretValue secretValue)
EnvValue.fromSecretValue(SecretValue secretValue, EnvValueFromSecretOptions options)
secretValueRequired

The secret value (secrent + key).


optionsOptional

Additional options.


fromValue
import org.cdk8s.plus30.EnvValue;

EnvValue.fromValue(java.lang.String value)
valueRequired
  • Type: java.lang.String

The value.


Properties

valueOptional
public java.lang.Object getValue();
  • Type: java.lang.Object

valueFromOptional
public java.lang.Object getValueFrom();
  • Type: java.lang.Object

Handler

Defines a specific action that should be taken.

Static Functions

fromCommand
import org.cdk8s.plus30.Handler;

Handler.fromCommand(java.util.List<java.lang.String> command)
commandRequired
  • Type: java.util.List<java.lang.String>

The command to execute.


fromHttpGet
import org.cdk8s.plus30.Handler;

Handler.fromHttpGet(java.lang.String path)
Handler.fromHttpGet(java.lang.String path, HandlerFromHttpGetOptions options)
pathRequired
  • Type: java.lang.String

The URL path to hit.


optionsOptional

Options.


fromTcpSocket
import org.cdk8s.plus30.Handler;

Handler.fromTcpSocket()
Handler.fromTcpSocket(HandlerFromTcpSocketOptions options)
optionsOptional

Options.


IngressBackend

The backend for an ingress path.

Static Functions

fromResource
import org.cdk8s.plus30.IngressBackend;

IngressBackend.fromResource(IResource resource)
resourceRequired

fromService
import org.cdk8s.plus30.IngressBackend;

IngressBackend.fromService(Service serv)
IngressBackend.fromService(Service serv, ServiceIngressBackendOptions options)
servRequired

The service object.


optionsOptional

LabeledNode

A node that is matched by label selectors.

Initializers

import org.cdk8s.plus30.LabeledNode;

new LabeledNode(java.util.List<NodeLabelQuery> labelSelector);
labelSelectorRequired

Properties

labelSelectorRequired
public java.util.List<NodeLabelQuery> getLabelSelector();

LabelExpression

Represents a query that can be performed against resources with labels.

Static Functions

doesNotExist
import org.cdk8s.plus30.LabelExpression;

LabelExpression.doesNotExist(java.lang.String key)
keyRequired
  • Type: java.lang.String

exists
import org.cdk8s.plus30.LabelExpression;

LabelExpression.exists(java.lang.String key)
keyRequired
  • Type: java.lang.String

in
import org.cdk8s.plus30.LabelExpression;

LabelExpression.in(java.lang.String key, java.util.List<java.lang.String> values)
keyRequired
  • Type: java.lang.String

valuesRequired
  • Type: java.util.List<java.lang.String>

notIn
import org.cdk8s.plus30.LabelExpression;

LabelExpression.notIn(java.lang.String key, java.util.List<java.lang.String> values)
keyRequired
  • Type: java.lang.String

valuesRequired
  • Type: java.util.List<java.lang.String>

Properties

keyRequired
public java.lang.String getKey();
  • Type: java.lang.String

operatorRequired
public java.lang.String getOperator();
  • Type: java.lang.String

valuesOptional
public java.util.List<java.lang.String> getValues();
  • Type: java.util.List<java.lang.String>

LabelSelector

Match a resource by labels.

Methods

isEmpty
public isEmpty()

Static Functions

of
import org.cdk8s.plus30.LabelSelector;

LabelSelector.of()
LabelSelector.of(LabelSelectorOptions options)
optionsOptional

Metric

A metric condition that HorizontalPodAutoscaler’s scale on.

Static Functions

containerCpu
import org.cdk8s.plus30.Metric;

Metric.containerCpu(MetricContainerResourceOptions options)
optionsRequired

containerEphemeralStorage
import org.cdk8s.plus30.Metric;

Metric.containerEphemeralStorage(MetricContainerResourceOptions options)
optionsRequired

containerMemory
import org.cdk8s.plus30.Metric;

Metric.containerMemory(MetricContainerResourceOptions options)
optionsRequired

containerStorage
import org.cdk8s.plus30.Metric;

Metric.containerStorage(MetricContainerResourceOptions options)
optionsRequired

external
import org.cdk8s.plus30.Metric;

Metric.external(MetricOptions options)
optionsRequired

object
import org.cdk8s.plus30.Metric;

Metric.object(MetricObjectOptions options)
optionsRequired

pods
import org.cdk8s.plus30.Metric;

Metric.pods(MetricOptions options)
optionsRequired

resourceCpu
import org.cdk8s.plus30.Metric;

Metric.resourceCpu(MetricTarget target)
targetRequired

resourceEphemeralStorage
import org.cdk8s.plus30.Metric;

Metric.resourceEphemeralStorage(MetricTarget target)
targetRequired

resourceMemory
import org.cdk8s.plus30.Metric;

Metric.resourceMemory(MetricTarget target)
targetRequired

resourceStorage
import org.cdk8s.plus30.Metric;

Metric.resourceStorage(MetricTarget target)
targetRequired

Properties

typeRequired
public java.lang.String getType();
  • Type: java.lang.String

MetricTarget

A metric condition that will trigger scaling behavior when satisfied.

Static Functions

averageUtilization
import org.cdk8s.plus30.MetricTarget;

MetricTarget.averageUtilization(java.lang.Number averageUtilization)
averageUtilizationRequired
  • Type: java.lang.Number

The percentage of the utilization metric.

e.g. 50 for 50%.


averageValue
import org.cdk8s.plus30.MetricTarget;

MetricTarget.averageValue(java.lang.Number averageValue)
averageValueRequired
  • Type: java.lang.Number

The average metric value.


value
import org.cdk8s.plus30.MetricTarget;

MetricTarget.value(java.lang.Number value)
valueRequired
  • Type: java.lang.Number

The target value.


NamedNode

A node that is matched by its name.

Initializers

import org.cdk8s.plus30.NamedNode;

new NamedNode(java.lang.String name);
nameRequired
  • Type: java.lang.String

Properties

nameRequired
public java.lang.String getName();
  • Type: java.lang.String

NetworkPolicyPort

Describes a port to allow traffic on.

Static Functions

allTcp
import org.cdk8s.plus30.NetworkPolicyPort;

NetworkPolicyPort.allTcp()
allUdp
import org.cdk8s.plus30.NetworkPolicyPort;

NetworkPolicyPort.allUdp()
of
import org.cdk8s.plus30.NetworkPolicyPort;

NetworkPolicyPort.of(NetworkPolicyPortProps props)
propsRequired

tcp
import org.cdk8s.plus30.NetworkPolicyPort;

NetworkPolicyPort.tcp(java.lang.Number port)
portRequired
  • Type: java.lang.Number

tcpRange
import org.cdk8s.plus30.NetworkPolicyPort;

NetworkPolicyPort.tcpRange(java.lang.Number startPort, java.lang.Number endPort)
startPortRequired
  • Type: java.lang.Number

endPortRequired
  • Type: java.lang.Number

udp
import org.cdk8s.plus30.NetworkPolicyPort;

NetworkPolicyPort.udp(java.lang.Number port)
portRequired
  • Type: java.lang.Number

udpRange
import org.cdk8s.plus30.NetworkPolicyPort;

NetworkPolicyPort.udpRange(java.lang.Number startPort, java.lang.Number endPort)
startPortRequired
  • Type: java.lang.Number

endPortRequired
  • Type: java.lang.Number

Node

Represents a node in the cluster.

Initializers

import org.cdk8s.plus30.Node;

new Node();

Static Functions

labeled
import org.cdk8s.plus30.Node;

Node.labeled(NodeLabelQuery labelSelector)
labelSelectorRequired

named
import org.cdk8s.plus30.Node;

Node.named(java.lang.String nodeName)
nodeNameRequired
  • Type: java.lang.String

tainted
import org.cdk8s.plus30.Node;

Node.tainted(NodeTaintQuery taintSelector)
taintSelectorRequired

NodeLabelQuery

Represents a query that can be performed against nodes with labels.

Static Functions

doesNotExist
import org.cdk8s.plus30.NodeLabelQuery;

NodeLabelQuery.doesNotExist(java.lang.String key)
keyRequired
  • Type: java.lang.String

exists
import org.cdk8s.plus30.NodeLabelQuery;

NodeLabelQuery.exists(java.lang.String key)
keyRequired
  • Type: java.lang.String

gt
import org.cdk8s.plus30.NodeLabelQuery;

NodeLabelQuery.gt(java.lang.String key, java.util.List<java.lang.String> values)
keyRequired
  • Type: java.lang.String

valuesRequired
  • Type: java.util.List<java.lang.String>

in
import org.cdk8s.plus30.NodeLabelQuery;

NodeLabelQuery.in(java.lang.String key, java.util.List<java.lang.String> values)
keyRequired
  • Type: java.lang.String

valuesRequired
  • Type: java.util.List<java.lang.String>

is
import org.cdk8s.plus30.NodeLabelQuery;

NodeLabelQuery.is(java.lang.String key, java.lang.String value)
keyRequired
  • Type: java.lang.String

valueRequired
  • Type: java.lang.String

lt
import org.cdk8s.plus30.NodeLabelQuery;

NodeLabelQuery.lt(java.lang.String key, java.util.List<java.lang.String> values)
keyRequired
  • Type: java.lang.String

valuesRequired
  • Type: java.util.List<java.lang.String>

notIn
import org.cdk8s.plus30.NodeLabelQuery;

NodeLabelQuery.notIn(java.lang.String key, java.util.List<java.lang.String> values)
keyRequired
  • Type: java.lang.String

valuesRequired
  • Type: java.util.List<java.lang.String>

NodeTaintQuery

Taint queries that can be perfomed against nodes.

Static Functions

any
import org.cdk8s.plus30.NodeTaintQuery;

NodeTaintQuery.any()
exists
import org.cdk8s.plus30.NodeTaintQuery;

NodeTaintQuery.exists(java.lang.String key)
NodeTaintQuery.exists(java.lang.String key, NodeTaintQueryOptions options)
keyRequired
  • Type: java.lang.String

optionsOptional

is
import org.cdk8s.plus30.NodeTaintQuery;

NodeTaintQuery.is(java.lang.String key, java.lang.String value)
NodeTaintQuery.is(java.lang.String key, java.lang.String value, NodeTaintQueryOptions options)
keyRequired
  • Type: java.lang.String

valueRequired
  • Type: java.lang.String

optionsOptional

NonApiResource

Factory for creating non api resources.

Methods

asApiResource
public asApiResource()
asNonApiResource
public asNonApiResource()

Static Functions

of
import org.cdk8s.plus30.NonApiResource;

NonApiResource.of(java.lang.String url)
urlRequired
  • Type: java.lang.String

PercentOrAbsolute

Union like class repsenting either a ration in percents or an absolute number.

Methods

isZero
public isZero()

Static Functions

absolute
import org.cdk8s.plus30.PercentOrAbsolute;

PercentOrAbsolute.absolute(java.lang.Number num)
numRequired
  • Type: java.lang.Number

percent
import org.cdk8s.plus30.PercentOrAbsolute;

PercentOrAbsolute.percent(java.lang.Number percent)
percentRequired
  • Type: java.lang.Number

Properties

valueRequired
public java.lang.Object getValue();
  • Type: java.lang.Object

PodConnections

Controls network isolation rules for inter-pod communication.

Initializers

import org.cdk8s.plus30.PodConnections;

new PodConnections(AbstractPod instance);
instanceRequired

Methods

allowFrom
public allowFrom(INetworkPolicyPeer peer)
public allowFrom(INetworkPolicyPeer peer, PodConnectionsAllowFromOptions options)
peerRequired

optionsOptional

allowTo
public allowTo(INetworkPolicyPeer peer)
public allowTo(INetworkPolicyPeer peer, PodConnectionsAllowToOptions options)
peerRequired

optionsOptional

isolate
public isolate()

PodDns

Holds dns settings of the pod.

Initializers

import org.cdk8s.plus30.PodDns;

PodDns.Builder.create()
//  .hostname(java.lang.String)
//  .hostnameAsFQDN(java.lang.Boolean)
//  .nameservers(java.util.List<java.lang.String>)
//  .options(java.util.List<DnsOption>)
//  .policy(DnsPolicy)
//  .searches(java.util.List<java.lang.String>)
//  .subdomain(java.lang.String)
    .build();
hostnameOptional
  • Type: java.lang.String
  • Default: Set to a system-defined value.

Specifies the hostname of the Pod.


hostnameAsFQDNOptional
  • Type: java.lang.Boolean
  • Default: false

If true the pod’s hostname will be configured as the pod’s FQDN, rather than the leaf name (the default).

In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to FQDN. If a pod does not have FQDN, this has no effect.


nameserversOptional
  • Type: java.util.List<java.lang.String>

A list of IP addresses that will be used as DNS servers for the Pod.

There can be at most 3 IP addresses specified. When the policy is set to “NONE”, the list must contain at least one IP address, otherwise this property is optional. The servers listed will be combined to the base nameservers generated from the specified DNS policy with duplicate addresses removed.


optionsOptional

List of objects where each object may have a name property (required) and a value property (optional).

The contents in this property will be merged to the options generated from the specified DNS policy. Duplicate entries are removed.


policyOptional

Set DNS policy for the pod.

If policy is set to None, other configuration must be supplied.


searchesOptional
  • Type: java.util.List<java.lang.String>

A list of DNS search domains for hostname lookup in the Pod.

When specified, the provided list will be merged into the base search domain names generated from the chosen DNS policy. Duplicate domain names are removed.

Kubernetes allows for at most 6 search domains.


subdomainOptional
  • Type: java.lang.String
  • Default: No subdomain.

If specified, the fully qualified Pod hostname will be “...svc.“.


Methods

addNameserver
public addNameserver(java.lang.String nameservers)
nameserversRequired
  • Type: java.lang.String

addOption
public addOption(DnsOption options)
optionsRequired

addSearch
public addSearch(java.lang.String searches)
searchesRequired
  • Type: java.lang.String

Properties

hostnameAsFQDNRequired
public java.lang.Boolean getHostnameAsFQDN();
  • Type: java.lang.Boolean

Whether or not the pods hostname is set to its FQDN.


nameserversRequired
public java.util.List<java.lang.String> getNameservers();
  • Type: java.util.List<java.lang.String>

Nameservers defined for this pod.


optionsRequired
public java.util.List<DnsOption> getOptions();

Custom dns options defined for this pod.


policyRequired
public DnsPolicy getPolicy();

The DNS policy of this pod.


searchesRequired
public java.util.List<java.lang.String> getSearches();
  • Type: java.util.List<java.lang.String>

Search domains defined for this pod.


hostnameOptional
public java.lang.String getHostname();
  • Type: java.lang.String

The configured hostname of the pod.

Undefined means its set to a system-defined value.


subdomainOptional
public java.lang.String getSubdomain();
  • Type: java.lang.String

The configured subdomain of the pod.


PodScheduling

Controls the pod scheduling strategy.

Initializers

import org.cdk8s.plus30.PodScheduling;

new PodScheduling(AbstractPod instance);
instanceRequired

Methods

assign
public assign(NamedNode node)
nodeRequired

attract
public attract(LabeledNode node)
public attract(LabeledNode node, PodSchedulingAttractOptions options)
nodeRequired

optionsOptional

colocate
public colocate(IPodSelector selector)
public colocate(IPodSelector selector, PodSchedulingColocateOptions options)
selectorRequired

optionsOptional

separate
public separate(IPodSelector selector)
public separate(IPodSelector selector, PodSchedulingSeparateOptions options)
selectorRequired

optionsOptional

tolerate
public tolerate(TaintedNode node)
nodeRequired

PodSecurityContext

Holds pod-level security attributes and common container settings.

Initializers

import org.cdk8s.plus30.PodSecurityContext;

PodSecurityContext.Builder.create()
//  .ensureNonRoot(java.lang.Boolean)
//  .fsGroup(java.lang.Number)
//  .fsGroupChangePolicy(FsGroupChangePolicy)
//  .group(java.lang.Number)
//  .sysctls(java.util.List<Sysctl>)
//  .user(java.lang.Number)
    .build();
ensureNonRootOptional
  • Type: java.lang.Boolean
  • Default: true

Indicates that the container must run as a non-root user.

If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does.


fsGroupOptional
  • Type: java.lang.Number
  • Default: Volume ownership is not changed.

Modify the ownership and permissions of pod volumes to this GID.


fsGroupChangePolicyOptional

Defines behavior of changing ownership and permission of the volume before being exposed inside Pod.

This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir.


groupOptional
  • Type: java.lang.Number
  • Default: Group configured by container runtime

The GID to run the entrypoint of the container process.


sysctlsOptional

Sysctls hold a list of namespaced sysctls used for the pod.

Pods with unsupported sysctls (by the container runtime) might fail to launch.


userOptional
  • Type: java.lang.Number
  • Default: User specified in image metadata

The UID to run the entrypoint of the container process.


Properties

ensureNonRootRequired
public java.lang.Boolean getEnsureNonRoot();
  • Type: java.lang.Boolean

fsGroupChangePolicyRequired
public FsGroupChangePolicy getFsGroupChangePolicy();

sysctlsRequired
public java.util.List<Sysctl> getSysctls();

fsGroupOptional
public java.lang.Number getFsGroup();
  • Type: java.lang.Number

groupOptional
public java.lang.Number getGroup();
  • Type: java.lang.Number

userOptional
public java.lang.Number getUser();
  • Type: java.lang.Number

Probe

Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.

Static Functions

fromCommand
import org.cdk8s.plus30.Probe;

Probe.fromCommand(java.util.List<java.lang.String> command)
Probe.fromCommand(java.util.List<java.lang.String> command, CommandProbeOptions options)
commandRequired
  • Type: java.util.List<java.lang.String>

The command to execute.


optionsOptional

Options.


fromHttpGet
import org.cdk8s.plus30.Probe;

Probe.fromHttpGet(java.lang.String path)
Probe.fromHttpGet(java.lang.String path, HttpGetProbeOptions options)
pathRequired
  • Type: java.lang.String

The URL path to hit.


optionsOptional

Options.


fromTcpSocket
import org.cdk8s.plus30.Probe;

Probe.fromTcpSocket()
Probe.fromTcpSocket(TcpSocketProbeOptions options)
optionsOptional

Options.


Replicas

The amount of replicas that will change.

Static Functions

absolute
import org.cdk8s.plus30.Replicas;

Replicas.absolute(java.lang.Number value)
valueRequired
  • Type: java.lang.Number

The amount of change to apply.

Must be greater than 0.


percent
import org.cdk8s.plus30.Replicas;

Replicas.percent(java.lang.Number value)
valueRequired
  • Type: java.lang.Number

The percentage of change to apply.

Must be greater than 0.


ResourcePermissions

Controls permissions for operations on resources.

Initializers

import org.cdk8s.plus30.ResourcePermissions;

new ResourcePermissions(Resource instance);
instanceRequired

Methods

grantRead
public grantRead(ISubject subjects)
subjectsRequired

grantReadWrite
public grantReadWrite(ISubject subjects)
subjectsRequired

StatefulSetUpdateStrategy

StatefulSet update strategies.

Static Functions

onDelete
import org.cdk8s.plus30.StatefulSetUpdateStrategy;

StatefulSetUpdateStrategy.onDelete()
rollingUpdate
import org.cdk8s.plus30.StatefulSetUpdateStrategy;

StatefulSetUpdateStrategy.rollingUpdate()
StatefulSetUpdateStrategy.rollingUpdate(StatefulSetUpdateStrategyRollingUpdateOptions options)
optionsOptional

TaintedNode

A node that is matched by taint selectors.

Initializers

import org.cdk8s.plus30.TaintedNode;

new TaintedNode(java.util.List<NodeTaintQuery> taintSelector);
taintSelectorRequired

Properties

taintSelectorRequired
public java.util.List<NodeTaintQuery> getTaintSelector();

Topology

Available topology domains.

Static Functions

custom
import org.cdk8s.plus30.Topology;

Topology.custom(java.lang.String key)
keyRequired
  • Type: java.lang.String

Properties

keyRequired
public java.lang.String getKey();
  • Type: java.lang.String

Constants

HOSTNAME

A hostname represents a single node in the cluster.

https://kubernetes.io/docs/reference/labels-annotations-taints/#kubernetesiohostname


REGION

A region represents a larger domain, made up of one or more zones.

It is uncommon for Kubernetes clusters to span multiple regions. While the exact definition of a zone or region is left to infrastructure implementations, common properties of a region include higher network latency between them than within them, non-zero cost for network traffic between them, and failure independence from other zones or regions.

For example, nodes within a region might share power infrastructure (e.g. a UPS or generator), but nodes in different regions typically would not.

https://kubernetes.io/docs/reference/labels-annotations-taints/#topologykubernetesioregion


ZONE

A zone represents a logical failure domain.

It is common for Kubernetes clusters to span multiple zones for increased availability. While the exact definition of a zone is left to infrastructure implementations, common properties of a zone include very low network latency within a zone, no-cost network traffic within a zone, and failure independence from other zones. For example, nodes within a zone might share a network switch, but nodes in different zones should not.

https://kubernetes.io/docs/reference/labels-annotations-taints/#topologykubernetesiozone


WorkloadScheduling

Controls the pod scheduling strategy of this workload.

It offers some additional API’s on top of the core pod scheduling.

Initializers

import org.cdk8s.plus30.WorkloadScheduling;

new WorkloadScheduling(AbstractPod instance);
instanceRequired

Methods

spread
public spread()
public spread(WorkloadSchedulingSpreadOptions options)
optionsOptional

Protocols

IApiEndpoint

An API Endpoint can either be a resource descriptor (e.g /pods) or a non resource url (e.g /healthz). It must be one or the other, and not both.

Methods

asApiResource
public asApiResource()
asNonApiResource
public asNonApiResource()

IApiResource

Represents a resource or collection of resources.

Properties

apiGroupRequired
public java.lang.String getApiGroup();
  • Type: java.lang.String

The group portion of the API version (e.g. authorization.k8s.io).


resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources


resourceNameOptional
public java.lang.String getResourceName();
  • Type: java.lang.String

The unique, namespace-global, name of an object inside the Kubernetes cluster.

If this is omitted, the ApiResource should represent all objects of the given type.


IClusterRole

Represents a cluster-level role.

Properties

nodeRequired
public Node getNode();

The tree node.


apiGroupRequired
public java.lang.String getApiGroup();
  • Type: java.lang.String

The group portion of the API version (e.g. authorization.k8s.io).


resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources


resourceNameOptional
public java.lang.String getResourceName();
  • Type: java.lang.String

The unique, namespace-global, name of an object inside the Kubernetes cluster.

If this is omitted, the ApiResource should represent all objects of the given type.


apiVersionRequired
public java.lang.String getApiVersion();
  • Type: java.lang.String

The object’s API version (e.g. “authorization.k8s.io/v1”).


kindRequired
public java.lang.String getKind();
  • Type: java.lang.String

The object kind (e.g. “Deployment”).


nameRequired
public java.lang.String getName();
  • Type: java.lang.String

The Kubernetes name of this resource.


IConfigMap

Represents a config map.

Properties

nodeRequired
public Node getNode();

The tree node.


apiGroupRequired
public java.lang.String getApiGroup();
  • Type: java.lang.String

The group portion of the API version (e.g. authorization.k8s.io).


resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources


resourceNameOptional
public java.lang.String getResourceName();
  • Type: java.lang.String

The unique, namespace-global, name of an object inside the Kubernetes cluster.

If this is omitted, the ApiResource should represent all objects of the given type.


apiVersionRequired
public java.lang.String getApiVersion();
  • Type: java.lang.String

The object’s API version (e.g. “authorization.k8s.io/v1”).


kindRequired
public java.lang.String getKind();
  • Type: java.lang.String

The object kind (e.g. “Deployment”).


nameRequired
public java.lang.String getName();
  • Type: java.lang.String

The Kubernetes name of this resource.


INamespaceSelector

Represents an object that can select namespaces.

Methods

toNamespaceSelectorConfig
public toNamespaceSelectorConfig()

Properties

nodeRequired
public Node getNode();

The tree node.


INetworkPolicyPeer

Describes a peer to allow traffic to/from.

Methods

toNetworkPolicyPeerConfig
public toNetworkPolicyPeerConfig()
toPodSelector
public toPodSelector()

Properties

nodeRequired
public Node getNode();

The tree node.


IPersistentVolume

Contract of a PersistentVolumeClaim.

Properties

nodeRequired
public Node getNode();

The tree node.


apiGroupRequired
public java.lang.String getApiGroup();
  • Type: java.lang.String

The group portion of the API version (e.g. authorization.k8s.io).


resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources


resourceNameOptional
public java.lang.String getResourceName();
  • Type: java.lang.String

The unique, namespace-global, name of an object inside the Kubernetes cluster.

If this is omitted, the ApiResource should represent all objects of the given type.


apiVersionRequired
public java.lang.String getApiVersion();
  • Type: java.lang.String

The object’s API version (e.g. “authorization.k8s.io/v1”).


kindRequired
public java.lang.String getKind();
  • Type: java.lang.String

The object kind (e.g. “Deployment”).


nameRequired
public java.lang.String getName();
  • Type: java.lang.String

The Kubernetes name of this resource.


IPersistentVolumeClaim

Contract of a PersistentVolumeClaim.

Properties

nodeRequired
public Node getNode();

The tree node.


apiGroupRequired
public java.lang.String getApiGroup();
  • Type: java.lang.String

The group portion of the API version (e.g. authorization.k8s.io).


resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources


resourceNameOptional
public java.lang.String getResourceName();
  • Type: java.lang.String

The unique, namespace-global, name of an object inside the Kubernetes cluster.

If this is omitted, the ApiResource should represent all objects of the given type.


apiVersionRequired
public java.lang.String getApiVersion();
  • Type: java.lang.String

The object’s API version (e.g. “authorization.k8s.io/v1”).


kindRequired
public java.lang.String getKind();
  • Type: java.lang.String

The object kind (e.g. “Deployment”).


nameRequired
public java.lang.String getName();
  • Type: java.lang.String

The Kubernetes name of this resource.


IPodSelector

Represents an object that can select pods.

Methods

toPodSelectorConfig
public toPodSelectorConfig()

Properties

nodeRequired
public Node getNode();

The tree node.


IResource

Represents a resource.

Properties

nodeRequired
public Node getNode();

The tree node.


apiGroupRequired
public java.lang.String getApiGroup();
  • Type: java.lang.String

The group portion of the API version (e.g. authorization.k8s.io).


resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources


resourceNameOptional
public java.lang.String getResourceName();
  • Type: java.lang.String

The unique, namespace-global, name of an object inside the Kubernetes cluster.

If this is omitted, the ApiResource should represent all objects of the given type.


apiVersionRequired
public java.lang.String getApiVersion();
  • Type: java.lang.String

The object’s API version (e.g. “authorization.k8s.io/v1”).


kindRequired
public java.lang.String getKind();
  • Type: java.lang.String

The object kind (e.g. “Deployment”).


nameRequired
public java.lang.String getName();
  • Type: java.lang.String

The Kubernetes name of this resource.


IRole

A reference to any Role or ClusterRole.

Properties

nodeRequired
public Node getNode();

The tree node.


apiGroupRequired
public java.lang.String getApiGroup();
  • Type: java.lang.String

The group portion of the API version (e.g. authorization.k8s.io).


resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources


resourceNameOptional
public java.lang.String getResourceName();
  • Type: java.lang.String

The unique, namespace-global, name of an object inside the Kubernetes cluster.

If this is omitted, the ApiResource should represent all objects of the given type.


apiVersionRequired
public java.lang.String getApiVersion();
  • Type: java.lang.String

The object’s API version (e.g. “authorization.k8s.io/v1”).


kindRequired
public java.lang.String getKind();
  • Type: java.lang.String

The object kind (e.g. “Deployment”).


nameRequired
public java.lang.String getName();
  • Type: java.lang.String

The Kubernetes name of this resource.


IScalable

Represents a scalable workload.

Methods

markHasAutoscaler
public markHasAutoscaler()
toScalingTarget
public toScalingTarget()

Properties

hasAutoscalerRequired
public java.lang.Boolean getHasAutoscaler();
  • Type: java.lang.Boolean

If this is a target of an autoscaler.


ISecret

Methods

envValue
public envValue(java.lang.String key)
public envValue(java.lang.String key, EnvValueFromSecretOptions options)
keyRequired
  • Type: java.lang.String

Secret’s key.


optionsOptional

Additional EnvValue options.


Properties

nodeRequired
public Node getNode();

The tree node.


apiGroupRequired
public java.lang.String getApiGroup();
  • Type: java.lang.String

The group portion of the API version (e.g. authorization.k8s.io).


resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources


resourceNameOptional
public java.lang.String getResourceName();
  • Type: java.lang.String

The unique, namespace-global, name of an object inside the Kubernetes cluster.

If this is omitted, the ApiResource should represent all objects of the given type.


apiVersionRequired
public java.lang.String getApiVersion();
  • Type: java.lang.String

The object’s API version (e.g. “authorization.k8s.io/v1”).


kindRequired
public java.lang.String getKind();
  • Type: java.lang.String

The object kind (e.g. “Deployment”).


nameRequired
public java.lang.String getName();
  • Type: java.lang.String

The Kubernetes name of this resource.


IServiceAccount

Properties

nodeRequired
public Node getNode();

The tree node.


apiGroupRequired
public java.lang.String getApiGroup();
  • Type: java.lang.String

The group portion of the API version (e.g. authorization.k8s.io).


resourceTypeRequired
public java.lang.String getResourceType();
  • Type: java.lang.String

The name of a resource type as it appears in the relevant API endpoint.

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources


resourceNameOptional
public java.lang.String getResourceName();
  • Type: java.lang.String

The unique, namespace-global, name of an object inside the Kubernetes cluster.

If this is omitted, the ApiResource should represent all objects of the given type.


apiVersionRequired
public java.lang.String getApiVersion();
  • Type: java.lang.String

The object’s API version (e.g. “authorization.k8s.io/v1”).


kindRequired
public java.lang.String getKind();
  • Type: java.lang.String

The object kind (e.g. “Deployment”).


nameRequired
public java.lang.String getName();
  • Type: java.lang.String

The Kubernetes name of this resource.


IStorage

Represents a piece of storage in the cluster.

Methods

asVolume
public asVolume()

Properties

nodeRequired
public Node getNode();

The tree node.


ISubject

Represents an object that can be used as a role binding subject.

Methods

toSubjectConfiguration
public toSubjectConfiguration()

Properties

nodeRequired
public Node getNode();

The tree node.


Enums

AzureDiskPersistentVolumeCachingMode

Azure disk caching modes.

NONE

None.


READ_ONLY

ReadOnly.


READ_WRITE

ReadWrite.


AzureDiskPersistentVolumeKind

Azure Disk kinds.

SHARED

Multiple blob disks per storage account.


DEDICATED

Single blob disk per storage account.


MANAGED

Azure managed data disk.


Capability

Capability - complete list of POSIX capabilities.

ALL

ALL.


AUDIT_CONTROL

CAP_AUDIT_CONTROL.


AUDIT_READ

CAP_AUDIT_READ.


AUDIT_WRITE

CAP_AUDIT_WRITE.


BLOCK_SUSPEND

CAP_BLOCK_SUSPEND.


BPF

CAP_BPF.


CHECKPOINT_RESTORE

CAP_CHECKPOINT_RESTORE.


CHOWN

CAP_CHOWN.


DAC_OVERRIDE

CAP_DAC_OVERRIDE.


CAP_DAC_READ_SEARCH.


FOWNER

CAP_FOWNER.


FSETID

CAP_FSETID.


IPC_LOCK

CAP_IPC_LOCK.


IPC_OWNER

CAP_IPC_OWNER.


KILL

CAP_KILL.


LEASE

CAP_LEASE.


LINUX_IMMUTABLE

CAP_LINUX_IMMUTABLE.


MAC_ADMIN

CAP_MAC_ADMIN.


MAC_OVERRIDE

CAP_MAC_OVERRIDE.


MKNOD

CAP_MKNOD.


NET_ADMIN

CAP_NET_ADMIN.


NET_BIND_SERVICE

CAP_NET_BIND_SERVICE.


NET_BROADCAST

CAP_NET_BROADCAST.


NET_RAW

CAP_NET_RAW.


PERFMON

CAP_PERFMON.


SETGID

CAP_SETGID.


SETFCAP

CAP_SETFCAP.


SETPCAP

CAP_SETPCAP.


SETUID

CAP_SETUID.


SYS_ADMIN

CAP_SYS_ADMIN.


SYS_BOOT

CAP_SYS_BOOT.


SYS_CHROOT

CAP_SYS_CHROOT.


SYS_MODULE

CAP_SYS_MODULE.


SYS_NICE

CAP_SYS_NICE.


SYS_PACCT

CAP_SYS_PACCT.


SYS_PTRACE

CAP_SYS_PTRACE.


SYS_RAWIO

CAP_SYS_RAWIO.


SYS_RESOURCE

CAP_SYS_RESOURCE.


SYS_TIME

CAP_SYS_TIME.


SYS_TTY_CONFIG

CAP_SYS_TTY_CONFIG.


SYSLOG

CAP_SYSLOG.


WAKE_ALARM

CAP_WAKE_ALARM.


ConcurrencyPolicy

Concurrency policy for CronJobs.

ALLOW

This policy allows to run job concurrently.


FORBID

This policy does not allow to run job concurrently.

It does not let a new job to be scheduled if the previous one is not finished yet.


REPLACE

This policy replaces the currently running job if a new job is being scheduled.


ConnectionScheme

HTTP

Use HTTP request for connecting to host.


HTTPS

Use HTTPS request for connecting to host.


ContainerRestartPolicy

RestartPolicy defines the restart behavior of individual containers in a pod.

This field may only be set for init containers, and the only allowed value is “Always”. For non-init containers or when this field is not specified, the restart behavior is defined by the Pod’s restart policy and the container type. Setting the RestartPolicy as “Always” for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy “Always” will be shut down. This lifecycle differs from normal init containers and is often referred to as a “sidecar” container.

https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/

ALWAYS

If an init container is created with its restartPolicy set to Always, it will start and remain running during the entire life of the Pod.

For regular containers, this is ignored by Kubernetes.


DnsPolicy

Pod DNS policies.

CLUSTER_FIRST

Any DNS query that does not match the configured cluster domain suffix, such as “www.kubernetes.io”, is forwarded to the upstream nameserver inherited from the node. Cluster administrators may have extra stub-domain and upstream DNS servers configured.


CLUSTER_FIRST_WITH_HOST_NET

For Pods running with hostNetwork, you should explicitly set its DNS policy “ClusterFirstWithHostNet”.


DEFAULT

The Pod inherits the name resolution configuration from the node that the pods run on.


NONE

It allows a Pod to ignore DNS settings from the Kubernetes environment.

All DNS settings are supposed to be provided using the dnsConfig field in the Pod Spec.


EmptyDirMedium

The medium on which to store the volume.

DEFAULT

The default volume of the backing node.


MEMORY

Mount a tmpfs (RAM-backed filesystem) for you instead.

While tmpfs is very fast, be aware that unlike disks, tmpfs is cleared on node reboot and any files you write will count against your Container’s memory limit.


EnvFieldPaths

POD_NAME

The name of the pod.


POD_NAMESPACE

The namespace of the pod.


POD_UID

The uid of the pod.


POD_LABEL

The labels of the pod.


POD_ANNOTATION

The annotations of the pod.


POD_IP

The ipAddress of the pod.


SERVICE_ACCOUNT_NAME

The service account name of the pod.


NODE_NAME

The name of the node.


NODE_IP

The ipAddress of the node.


POD_IPS

The ipAddresess of the pod.


FsGroupChangePolicy

ON_ROOT_MISMATCH

Only change permissions and ownership if permission and ownership of root directory does not match with expected permissions of the volume.

This could help shorten the time it takes to change ownership and permission of a volume


ALWAYS

Always change permission and ownership of the volume when volume is mounted.


HostPathVolumeType

Host path types.

DEFAULT

Empty string (default) is for backward compatibility, which means that no checks will be performed before mounting the hostPath volume.


DIRECTORY_OR_CREATE

If nothing exists at the given path, an empty directory will be created there as needed with permission set to 0755, having the same group and ownership with Kubelet.


DIRECTORY

A directory must exist at the given path.


FILE_OR_CREATE

If nothing exists at the given path, an empty file will be created there as needed with permission set to 0644, having the same group and ownership with Kubelet.


FILE

A file must exist at the given path.


SOCKET

A UNIX socket must exist at the given path.


CHAR_DEVICE

A character device must exist at the given path.


BLOCK_DEVICE

A block device must exist at the given path.


HttpIngressPathType

Specify how the path is matched against request paths.

https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types

PREFIX

Matches the URL path exactly.


EXACT

Matches based on a URL path prefix split by ‘/’.


IMPLEMENTATION_SPECIFIC

Matching is specified by the underlying IngressClass.


ImagePullPolicy

ALWAYS

Every time the kubelet launches a container, the kubelet queries the container image registry to resolve the name to an image digest.

If the kubelet has a container image with that exact digest cached locally, the kubelet uses its cached image; otherwise, the kubelet downloads (pulls) the image with the resolved digest, and uses that image to launch the container.

Default is Always if ImagePullPolicy is omitted and either the image tag is :latest or the image tag is omitted.


IF_NOT_PRESENT

The image is pulled only if it is not already present locally.

Default is IfNotPresent if ImagePullPolicy is omitted and the image tag is present but not :latest


NEVER

The image is assumed to exist locally.

No attempt is made to pull the image.


MountPropagation

NONE

This volume mount will not receive any subsequent mounts that are mounted to this volume or any of its subdirectories by the host.

In similar fashion, no mounts created by the Container will be visible on the host.

This is the default mode.

This mode is equal to private mount propagation as described in the Linux kernel documentation


HOST_TO_CONTAINER

This volume mount will receive all subsequent mounts that are mounted to this volume or any of its subdirectories.

In other words, if the host mounts anything inside the volume mount, the Container will see it mounted there.

Similarly, if any Pod with Bidirectional mount propagation to the same volume mounts anything there, the Container with HostToContainer mount propagation will see it.

This mode is equal to rslave mount propagation as described in the Linux kernel documentation


BIDIRECTIONAL

This volume mount behaves the same the HostToContainer mount.

In addition, all volume mounts created by the Container will be propagated back to the host and to all Containers of all Pods that use the same volume

A typical use case for this mode is a Pod with a FlexVolume or CSI driver or a Pod that needs to mount something on the host using a hostPath volume.

This mode is equal to rshared mount propagation as described in the Linux kernel documentation

Caution: Bidirectional mount propagation can be dangerous. It can damage the host operating system and therefore it is allowed only in privileged Containers. Familiarity with Linux kernel behavior is strongly recommended. In addition, any volume mounts created by Containers in Pods must be destroyed (unmounted) by the Containers on termination.


NetworkPolicyTrafficDefault

Default behaviors of network traffic in policies.

DENY

The policy denies all traffic.

Since rules are additive, additional rules or policies can allow specific traffic.


ALLOW

The policy allows all traffic (either ingress or egress).

Since rules are additive, no additional rule or policies can subsequently deny the traffic.


NetworkProtocol

Network protocols.

TCP

TCP.


UDP

UDP.


SCTP

SCTP.


PersistentVolumeAccessMode

Access Modes.

READ_WRITE_ONCE

The volume can be mounted as read-write by a single node.

ReadWriteOnce access mode still can allow multiple pods to access the volume when the pods are running on the same node.


READ_ONLY_MANY

The volume can be mounted as read-only by many nodes.


READ_WRITE_MANY

The volume can be mounted as read-write by many nodes.


READ_WRITE_ONCE_POD

The volume can be mounted as read-write by a single Pod.

Use ReadWriteOncePod access mode if you want to ensure that only one pod across whole cluster can read that PVC or write to it. This is only supported for CSI volumes and Kubernetes version 1.22+.


PersistentVolumeMode

Volume Modes.

FILE_SYSTEM

Volume is ounted into Pods into a directory.

If the volume is backed by a block device and the device is empty, Kubernetes creates a filesystem on the device before mounting it for the first time.


BLOCK

Use a volume as a raw block device.

Such volume is presented into a Pod as a block device, without any filesystem on it. This mode is useful to provide a Pod the fastest possible way to access a volume, without any filesystem layer between the Pod and the volume. On the other hand, the application running in the Pod must know how to handle a raw block device


PersistentVolumeReclaimPolicy

Reclaim Policies.

RETAIN

The Retain reclaim policy allows for manual reclamation of the resource.

When the PersistentVolumeClaim is deleted, the PersistentVolume still exists and the volume is considered “released”. But it is not yet available for another claim because the previous claimant’s data remains on the volume. An administrator can manually reclaim the volume with the following steps:

  1. Delete the PersistentVolume. The associated storage asset in external infrastructure (such as an AWS EBS, GCE PD, Azure Disk, or Cinder volume) still exists after the PV is deleted.
  2. Manually clean up the data on the associated storage asset accordingly.
  3. Manually delete the associated storage asset.

If you want to reuse the same storage asset, create a new PersistentVolume with the same storage asset definition.


DELETE

For volume plugins that support the Delete reclaim policy, deletion removes both the PersistentVolume object from Kubernetes, as well as the associated storage asset in the external infrastructure, such as an AWS EBS, GCE PD, Azure Disk, or Cinder volume.

Volumes that were dynamically provisioned inherit the reclaim policy of their StorageClass, which defaults to Delete. The administrator should configure the StorageClass according to users’ expectations; otherwise, the PV must be edited or patched after it is created


PodConnectionsIsolation

Isolation determines which policies are created when allowing connections from a a pod / workload to peers.

POD

Only creates network policies that select the pod.


PEER

Only creates network policies that select the peer.


PodManagementPolicy

Controls how pods are created during initial scale up, when replacing pods on nodes, or when scaling down.

The default policy is OrderedReady, where pods are created in increasing order (pod-0, then pod-1, etc) and the controller will wait until each pod is ready before continuing. When scaling down, the pods are removed in the opposite order.

The alternative policy is Parallel which will create pods in parallel to match the desired scale without waiting, and on scale down will delete all pods at once.

ORDERED_READY


PARALLEL


Protocol

Network protocols.

TCP

TCP.


UDP

UDP.


SCTP

SCTP.


ResourceFieldPaths

CPU_LIMIT

CPU limit of the container.


MEMORY_LIMIT

Memory limit of the container.


CPU_REQUEST

CPU request of the container.


MEMORY_REQUEST

Memory request of the container.


STORAGE_LIMIT

Ephemeral storage limit of the container.


STORAGE_REQUEST

Ephemeral storage request of the container.


RestartPolicy

Restart policy for all containers within the pod.

ALWAYS

Always restart the pod after it exits.


ON_FAILURE

Only restart if the pod exits with a non-zero exit code.


NEVER

Never restart the pod.


ScalingStrategy

MAX_CHANGE

Use the policy that provisions the most changes.


MIN_CHANGE

Use the policy that provisions the least amount of changes.


~~DISABLED~~

  • Deprecated: - Omit the ScalingRule instead

Disables scaling in this direction.


SeccompProfileType

LOCALHOST

A profile defined in a file on the node should be used.


RUNTIME_DEFAULT

The container runtime default profile should be used.


UNCONFINED

No profile should be applied.


ServiceType

For some parts of your application (for example, frontends) you may want to expose a Service onto an external IP address, that’s outside of your cluster.

Kubernetes ServiceTypes allow you to specify what kind of Service you want. The default is ClusterIP.

CLUSTER_IP

Exposes the Service on a cluster-internal IP.

Choosing this value makes the Service only reachable from within the cluster. This is the default ServiceType


NODE_PORT

Exposes the Service on each Node’s IP at a static port (the NodePort).

A ClusterIP Service, to which the NodePort Service routes, is automatically created. You’ll be able to contact the NodePort Service, from outside the cluster, by requesting :.


LOAD_BALANCER

Exposes the Service externally using a cloud provider’s load balancer.

NodePort and ClusterIP Services, to which the external load balancer routes, are automatically created.


EXTERNAL_NAME

Maps the Service to the contents of the externalName field (e.g. foo.bar.example.com), by returning a CNAME record with its value. No proxying of any kind is set up.

Note: You need either kube-dns version 1.7 or CoreDNS version 0.0.8 or higher to use the ExternalName type.


TaintEffect

Taint effects.

NO_SCHEDULE

This means that no pod will be able to schedule onto the node unless it has a matching toleration.


PREFER_NO_SCHEDULE

This is a “preference” or “soft” version of NO_SCHEDULE – the system will try to avoid placing a pod that does not tolerate the taint on the node, but it is not required.


NO_EXECUTE

This affects pods that are already running on the node as follows:.

  • Pods that do not tolerate the taint are evicted immediately.
  • Pods that tolerate the taint without specifying duration remain bound forever.
  • Pods that tolerate the taint with a specified duration remain bound for the specified amount of time.