ServiceWithHealthchecks
Scope: Namespaced
Version: v1alpha1
ServiceWithHealthchecks is the schema for the servicewithhealthchecks API.
- stringapiVersion
- stringkind
- objectmetadata
- objectspec
Defines the desired state of
servicewithHealthchecks.- booleanspec.allocateLoadBalancerNodePorts
Determines whether NodePort should be automatically allocated for services of LoadBalancer type. Default is
true. It may be set tofalseif the cluster load-balancer does not rely on NodePorts.If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This parameter can be set only for services of LoadBalancer type and is automatically reset when the type is changed to another.
- stringspec.clusterIP
The IP address of the service.
Normally, the IP address is randomly assigned to the service. If the IP address is manually specified, it must be within the valid range (specified by the system configuration) and free for assignment; otherwise, service creation will fail.
This field may not be changed through updates unless the type field is also being changed to
ExternalName(which requires this field to be blank) or the type field is being changed fromExternalName(in which case this field may optionally be specified, as describe above).Valid values are
None, empty string (“”), or a valid IP address. Setting this toNonemakes a “headless service” (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info. - array of stringsspec.externalIPs
A list of IP addresses where nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP.
A common example is external load-balancers that are not part of the Kubernetes system.
- stringspec.externalName
An external reference that discovery mechanisms will return as an alias for this service (e.g., a DNS record CNAME).
Must be a lowercase RFC-1123 hostname and requires
typeto be “ExternalName”. - stringspec.externalTrafficPolicy
Describes how nodes distribute service traffic they receive on one of the Service’s “externally-facing” addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to
Local, the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. Traffic mistakenly sent to a node with no endpoints will be dropped.The default value,
Cluster, uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get
Clustersemantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node. - integerspec.healthCheckNodePort
Specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and
externalTrafficPolicyis set toLocal. If a value is specified, is in-range, and is not in use, it will be used.If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not.
If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type).
This field cannot be updated once set.
- objectspec.healthcheck
Required value
- integerspec.healthcheck.initialDelaySeconds
Number of seconds after the container has started before liveness probes are initiated.
Default:
10Allowed values:
0 <= X <= 108000 - integerspec.healthcheck.periodSeconds
How often (in seconds) to perform the probe.
Default:
10Allowed values:
1 <= X <= 108000 - array of objectsspec.healthcheck.probes
- integerspec.healthcheck.probes.failureThreshold
Minimum consecutive failures for the probe to be considered failed after having succeeded.
Default:
3Allowed values:
1 <= X - objectspec.healthcheck.probes.http
- stringspec.healthcheck.probes.http.caCert
CA certificate for HTTPS connection.
- stringspec.healthcheck.probes.http.host
Hostname to connect to, defaults to the pod’s IP address.
- array of objectsspec.healthcheck.probes.http.httpHeaders
Custom headers that will be added to the HTTP request and used when performing the probe. Duplicate headers are allowed.
- stringspec.healthcheck.probes.http.httpHeaders.name
Required value
The header name.
This will be canonicalized upon output, so case-variant names will be understood as the same header.
- stringspec.healthcheck.probes.http.httpHeaders.value
Required value
The header value.
- booleanspec.healthcheck.probes.http.insecureSkipTLSVerify
Indicates if the client should skip verifying the server’s TLS certificate chain and hostname.
Default:
false - stringspec.healthcheck.probes.http.method
Method to use for the request.
Default:
"GET"Allowed values:
GET,HEAD - stringspec.healthcheck.probes.http.path
Path to access on the HTTP server.
- stringspec.healthcheck.probes.http.scheme
Scheme to use for connecting to the host.
Default:
"HTTP"Allowed values:
HTTP,HTTPS - integerspec.healthcheck.probes.http.targetPort
Required value
Number of the port to access on the container.
Allowed values:
1 <= X <= 65535
- stringspec.healthcheck.probes.mode
The mode for the probe.
Allowed values:
HTTP,TCP,PostgreSQL - objectspec.healthcheck.probes.postgreSQL
- stringspec.healthcheck.probes.postgreSQL.authSecretName
The name of the secret located in the same namespace as this resource.
The secret can contain the following authentication fields:
tlsMode,clientCert,clientKey,caCert,password,user. - stringspec.healthcheck.probes.postgreSQL.dbName
Optional Database Name.
- stringspec.healthcheck.probes.postgreSQL.query
Query to PostgreSQL for testing.
Must return one of the values
TRUE:t,true,y,yes,1. to be considered successful.Warining. The privileges for the user under whom the requests are executed should be minimal.
Default:
"select 1" - integerspec.healthcheck.probes.postgreSQL.targetPort
Required value
Number of the port to access on the container.
Allowed values:
1 <= X <= 65535
- integerspec.healthcheck.probes.successThreshold
Minimum consecutive successes for the probe to be considered successful after having failed.
Default:
1Allowed values:
1 <= X - objectspec.healthcheck.probes.tcp
- integerspec.healthcheck.probes.tcp.targetPort
Required value
Number of the port to access on the container.
Allowed values:
1 <= X <= 65535
- integerspec.healthcheck.probes.timeoutSeconds
Number of seconds after which the probe times out.
Default:
1Allowed values:
1 <= X
- stringspec.internalTrafficPolicy
Describes how nodes distribute service traffic they receive on the ClusterIP.
If set to
Local, the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints.The default value,
Cluster, uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). - array of stringsspec.ipFamilies
A family of IP addresses (e.g., IPv4, IPv6) assigned to a service. This field is usually assigned automatically based on cluster configuration and the
ipFamilyPolicyfield.If this field is specified manually, the requested family is available in the cluster, and
ipFamilyPolicyallows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service.Valid values are
IPv4andIPv6.This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to “headless” services.This field will be wiped when updating a Service to type
ExternalName.This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the
clusterIPsfield, if specified. BothclusterIPsandipFamiliesare governed by theipFamilyPolicyfield.- stringElement of the array
Represents the IP Family (IPv4 or IPv6).
This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
- stringspec.ipFamilyPolicy
Required or requested dual stack support for the service.
If there is no value provided, then this field will be set to
SingleStack. Services can beSingleStack(a single IP family),PreferDualStack(two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), orRequireDualStack(two IP families on dual-stack configured clusters, otherwise fail).The
ipFamiliesandclusterIPsfields depend on the value of this field. This field will be wiped when updating a service to typeExternalName. - stringspec.loadBalancerClass
The class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g.
internal-viporexample.com/internal-vip. Unprefixed names are reserved for end-users.This field can only be set when the Service type is
LoadBalancer.If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation.
If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type
LoadBalancer.Once set, it can not be changed. This field will be wiped when a service is updated to a non
LoadBalancertype. - stringspec.loadBalancerIP
Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created.
This field will be ignored if the cloud-provider does not support the feature.
- array of stringsspec.loadBalancerSourceRanges
If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs.
This field will be ignored if the cloud-provider does not support the feature. More info.
- array of objectsspec.ports
The list of ports that are exposed by this service. More info.
ServicePort contains information on service’s port.
- stringspec.ports.appProtocol
The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:
- Un-prefixed protocol names - reserved for IANA standard service names as RFC-6335.
- Kubernetes-defined prefixed names:
- Other protocols should use implementation-defined prefixed names such as
mycompany.com/my-custom-protocol.
- stringspec.ports.name
The name of this port within the service. This must be a
DNS_LABEL.All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the ‘name’ field in the
EndpointPort. Optional if only oneServicePortis defined on this service. - integerspec.ports.nodePort
The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail.
If not specified, a port will be allocated if this Service requires one.
If this field is specified when creating a Service which does not need it, creation will fail.
This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info.
- integerspec.ports.port
Required value
The port that will be exposed by this service.
- stringspec.ports.protocol
The IP protocol for this port. Supports
TCP,UDP, andSCTP.Default:
"TCP" - integerspec.ports.targetPort
Number of the port to access on the pods targeted by the service.
If this is not specified, the value of the
portfield is used (an identity map).This field is ignored for services with
clusterIP=None, and should be omitted or set equal to theportfield. More info.
- booleanspec.publishNotReadyAddresses
Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet’s Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery.
The Kubernetes controllers that generate
EndpointsandEndpointSliceresources for Services interpret this to mean that all endpoints are considered “ready” even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through theEndpointsorEndpointSliceresources can safely assume this behavior. - objectspec.selector
Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify.
Only applies to types ClusterIP, NodePort, and LoadBalancer.
Ignored if type is
ExternalName. More info. - stringspec.sessionAffinity
Used to maintain session affinity. Enable client IP based session affinity. Must be
ClientIPorNone. More info. - objectspec.sessionAffinityConfig
Contains the configurations of session affinity.
- objectspec.sessionAffinityConfig.clientIP
Contains the configurations of
ClientIPbased session affinity.- integerspec.sessionAffinityConfig.clientIP.timeoutSeconds
Specifies the seconds of
ClientIPtype session sticky time. The value must be>0 && <=86400(for 1 day) ifServiceAffinity == ClientIP.
- stringspec.trafficDistribution
Offers a way to express preferences for how traffic is distributed to Service endpoints. Implementations can use this field as a hint, but are not required to guarantee strict adherence.
If the field is not set, the implementation will apply its default routing strategy. If set to
PreferClose, implementations should prioritize endpoints that are topologically close (e.g., same zone). - stringspec.type
Determines how the Service is exposed.
Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
ClusterIP allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the
selectoror if that is not specified, by manual construction of anEndpointsobject orEndpointSliceobjects.If
clusterIPisNone, no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP.NodePort builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the
clusterIP.LoadBalancer builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the
clusterIP.ExternalName aliases this service to the specified
externalName. Several other fields do not apply to ExternalName services. More info.