ServiceWithHealthchecks

Scope: Namespaced
Version: v1alpha1

ServiceWithHealthchecks is the schema for the servicewithhealthchecks API.

  • apiVersion
    string
  • kind
    string
  • metadata
    object
  • spec
    object

    Defines the desired state of servicewithHealthchecks.

    • spec.allocateLoadBalancerNodePorts
      boolean

      Determines whether NodePort should be automatically allocated for services of LoadBalancer type. Default is true. It may be set to false if the cluster load-balancer does not rely on NodePorts.

      If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This parameter can be set only for services of LoadBalancer type and is automatically reset when the type is changed to another.

    • spec.clusterIP
      string

      The IP address of the service.

      Normally, the IP address is randomly assigned to the service. If the IP address is manually specified, it must be within the valid range (specified by the system configuration) and free for assignment; otherwise, service creation will fail.

      This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above).

      Valid values are None, empty string (“”), or a valid IP address. Setting this to None makes a “headless service” (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info.

    • spec.externalIPs
      array of strings

      A list of IP addresses where nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP.

      A common example is external load-balancers that are not part of the Kubernetes system.

    • spec.externalName
      string

      An external reference that discovery mechanisms will return as an alias for this service (e.g., a DNS record CNAME).

      Must be a lowercase RFC-1123 hostname and requires type to be “ExternalName”.

    • spec.externalTrafficPolicy
      string

      Describes how nodes distribute service traffic they receive on one of the Service’s “externally-facing” addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to Local, the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. Traffic mistakenly sent to a node with no endpoints will be dropped.

      The default value, Cluster, uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).

      Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get Cluster semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.

    • spec.healthCheckNodePort
      integer

      Specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used.

      If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not.

      If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type).

      This field cannot be updated once set.

    • spec.healthcheck
      object

      Required value

      • spec.healthcheck.initialDelaySeconds
        integer

        Number of seconds after the container has started before liveness probes are initiated.

        Default: 10

        Allowed values: 0 <= X <= 108000

      • spec.healthcheck.periodSeconds
        integer

        How often (in seconds) to perform the probe.

        Default: 10

        Allowed values: 1 <= X <= 108000

      • spec.healthcheck.probes
        array of objects
        • spec.healthcheck.probes.failureThreshold
          integer

          Minimum consecutive failures for the probe to be considered failed after having succeeded.

          Default: 3

          Allowed values: 1 <= X

        • spec.healthcheck.probes.http
          object
          • spec.healthcheck.probes.http.caCert
            string

            CA certificate for HTTPS connection.

          • spec.healthcheck.probes.http.host
            string

            Hostname to connect to, defaults to the pod’s IP address.

          • spec.healthcheck.probes.http.httpHeaders
            array of objects

            Custom headers that will be added to the HTTP request and used when performing the probe. Duplicate headers are allowed.

            • spec.healthcheck.probes.http.httpHeaders.name
              string

              Required value

              The header name.

              This will be canonicalized upon output, so case-variant names will be understood as the same header.

            • spec.healthcheck.probes.http.httpHeaders.value
              string

              Required value

              The header value.

          • spec.healthcheck.probes.http.insecureSkipTLSVerify
            boolean

            Indicates if the client should skip verifying the server’s TLS certificate chain and hostname.

            Default: false

          • spec.healthcheck.probes.http.method
            string

            Method to use for the request.

            Default: GET

            Allowed values: GET, HEAD

          • spec.healthcheck.probes.http.path
            string

            Path to access on the HTTP server.

          • spec.healthcheck.probes.http.scheme
            string

            Scheme to use for connecting to the host.

            Default: HTTP

            Allowed values: HTTP, HTTPS

          • spec.healthcheck.probes.http.targetPort
            integer

            Required value

            Number of the port to access on the container.

            Allowed values: 1 <= X <= 65535

        • spec.healthcheck.probes.mode
          string

          The mode for the probe.

          Allowed values: HTTP, TCP, PostgreSQL

        • spec.healthcheck.probes.postgreSQL
          object
          • spec.healthcheck.probes.postgreSQL.authSecretName
            string

            The name of the secret located in the same namespace as this resource.

            The secret can contain the following authentication fields: tlsMode, clientCert, clientKey, caCert, password, user.

            Warining. The type of the secret must be network.deckhouse.io/postgresql-credentials.

          • spec.healthcheck.probes.postgreSQL.dbName
            string

            Optional Database Name.

          • spec.healthcheck.probes.postgreSQL.query
            string

            Query to PostgreSQL for testing.

            Must return one of the values TRUE: t, true, y, yes,1. to be considered successful.

            Warining. The privileges for the user under whom the requests are executed should be minimal.

            Default: select 1

          • spec.healthcheck.probes.postgreSQL.targetPort
            integer

            Required value

            Number of the port to access on the container.

            Allowed values: 1 <= X <= 65535

        • spec.healthcheck.probes.successThreshold
          integer

          Minimum consecutive successes for the probe to be considered successful after having failed.

          Default: 1

          Allowed values: 1 <= X

        • spec.healthcheck.probes.tcp
          object
          • spec.healthcheck.probes.tcp.targetPort
            integer

            Required value

            Number of the port to access on the container.

            Allowed values: 1 <= X <= 65535

        • spec.healthcheck.probes.timeoutSeconds
          integer

          Number of seconds after which the probe times out.

          Default: 1

          Allowed values: 1 <= X

    • spec.internalTrafficPolicy
      string

      Describes how nodes distribute service traffic they receive on the ClusterIP.

      If set to Local, the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints.

      The default value, Cluster, uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).

    • spec.ipFamilies
      array of strings

      A family of IP addresses (e.g., IPv4, IPv6) assigned to a service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field.

      If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service.

      Valid values are IPv4 and IPv6.This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to “headless” services.

      This field will be wiped when updating a Service to type ExternalName.

      This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.

      • Element of the array
        string

        Represents the IP Family (IPv4 or IPv6).

        This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).

    • spec.ipFamilyPolicy
      string

      Required or requested dual stack support for the service.

      If there is no value provided, then this field will be set to SingleStack. Services can be SingleStack (a single IP family), PreferDualStack (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or RequireDualStack (two IP families on dual-stack configured clusters, otherwise fail).

      The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName.

    • spec.loadBalancerClass
      string

      The class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. internal-vip or example.com/internal-vip. Unprefixed names are reserved for end-users.

      This field can only be set when the Service type is LoadBalancer.

      If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation.

      If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type LoadBalancer.

      Once set, it can not be changed. This field will be wiped when a service is updated to a non LoadBalancer type.

    • spec.loadBalancerIP
      string

      Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created.

      This field will be ignored if the cloud-provider does not support the feature.

    • spec.loadBalancerSourceRanges
      array of strings

      If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs.

      This field will be ignored if the cloud-provider does not support the feature. More info.

    • spec.ports
      array of objects

      The list of ports that are exposed by this service. More info.

      ServicePort contains information on service’s port.

      • spec.ports.appProtocol
        string

        The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:

        • Un-prefixed protocol names - reserved for IANA standard service names as RFC-6335.
        • Kubernetes-defined prefixed names:
          • kubernetes.io/h2c — HTTP/2 prior knowledge over cleartext as described in RFC;
          • kubernetes.io/ws — WebSocket over cleartext as described in RFC;
          • kubernetes.io/wss — WebSocket over TLS as described in RFC.
        • Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.
      • spec.ports.name
        string

        The name of this port within the service. This must be a DNS_LABEL.

        All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the ‘name’ field in the EndpointPort. Optional if only one ServicePort is defined on this service.

      • spec.ports.nodePort
        integer

        The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail.

        If not specified, a port will be allocated if this Service requires one.

        If this field is specified when creating a Service which does not need it, creation will fail.

        This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info.

      • spec.ports.port
        integer

        Required value

        The port that will be exposed by this service.

      • spec.ports.protocol
        string

        The IP protocol for this port. Supports TCP, UDP, and SCTP.

        Default: TCP

      • spec.ports.targetPort
        integer

        Number of the port to access on the pods targeted by the service.

        If this is not specified, the value of the port field is used (an identity map).

        This field is ignored for services with clusterIP=None, and should be omitted or set equal to the port field. More info.

    • spec.publishNotReadyAddresses
      boolean

      Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet’s Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery.

      The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered “ready” even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior.

    • spec.selector
      object

      Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify.

      Only applies to types ClusterIP, NodePort, and LoadBalancer.

      Ignored if type is ExternalName. More info.

    • spec.sessionAffinity
      string

      Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. More info.

    • spec.sessionAffinityConfig
      object

      Contains the configurations of session affinity.

      • spec.sessionAffinityConfig.clientIP
        object

        Contains the configurations of ClientIP based session affinity.

        • spec.sessionAffinityConfig.clientIP.timeoutSeconds
          integer

          Specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400 (for 1 day) if ServiceAffinity == ClientIP.

    • spec.trafficDistribution
      string

      Offers a way to express preferences for how traffic is distributed to Service endpoints. Implementations can use this field as a hint, but are not required to guarantee strict adherence.

      If the field is not set, the implementation will apply its default routing strategy. If set to PreferClose, implementations should prioritize endpoints that are topologically close (e.g., same zone).

    • spec.type
      string

      Determines how the Service is exposed.

      Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer.

      ClusterIP allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects.

      If clusterIP is None, no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP.

      NodePort builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP.

      LoadBalancer builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP.

      ExternalName aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info.