API Reference

API Reference

API Reference

Packages

core.management.kubernetes.vmware.com/v1alpha1

Package v1alpha1 contains API definitions for the VKS cluster management Core APIs from core.v1alpha1 group-version. This includes APIs with Kind Cluster and ClusterResource.

Resource Types

AggregatedData

AggregatedData is the data aggregated from all the pods in a Kubernetes resource. This aggregates the CPU and Memory Requests and Limits across all pods in the given resource.

Appears In:
Field Description Default Validation

totalPods integer

totalPods is the total number of pods in the resource.

Minimum: 0

cpuRequests Quantity

cpuRequests is the total CPU requests across all the pods in the resource.

memoryRequests Quantity

memoryRequests is the total Memory requests across all the pods in the resource.

cpuLimits Quantity

cpuLimits is the total CPU limits across all the pods in the resource.

memoryLimits Quantity

memoryLimits is the total Memory limits across all the pods in the resource.

Cluster

Cluster is the representation of a VKS cluster in VKS cluster management.

This is a read-only API that displays the VKS clusters available for VKS cluster management. It also contains cluster health and observability information retrieved from the VKS cluster.

Field Description Default Validation

apiVersion string

core.management.kubernetes.vmware.com/v1alpha1

kind string

Cluster

metadata ObjectMeta

Refer to Kubernetes API documentation for fields of metadata.

spec ClusterSpec

spec contains the desired state of the cluster.

status ClusterStatus

status contains the status of the cluster.

ClusterHealth

ClusterHealth shows health information on the control-plane components in the cluster, including etcd, scheduler and controller-manager.

Appears In:
Field Description Default Validation

message string

message shows the overall health of the cluster.

etcdHealth ComponentHealth array

etcdHealth shows the health status of all the ETCD components on the cluster.

schedulerHealth ComponentHealth

schedulerHealth shows the health status of the Scheduler on the cluster.

controllerManagerHealth ComponentHealth

controllerManagerHealth shows the health status of the ControllerManager on the cluster.

lastUpdatedTime Time

lastUpdatedTime is the time at which this cluster health was recorded.

ClusterPhase

Underlying type: string

ClusterPhase shows the current phase of a cluster being managed by VKS cluster management.

Appears In:

ClusterResource

ClusterResource is a generic Kubernetes resource (object) in a cluster managed by VKS cluster management.

This is a read-only API that provides observability into various objects in the VKS cluster. It also provides an aggregation of the compute resources, for better observability, on the Kubernetes resources containing pods. Below are the list of resource Kinds that are returned in this API: - Namespace - Node - Pod - Deployment - Service - ReplicaSet - DaemonSet - StatefulSet - CronJob - Job - ConfigMap

Field Description Default Validation

apiVersion string

core.management.kubernetes.vmware.com/v1alpha1

kind string

ClusterResource

metadata ObjectMeta

Refer to Kubernetes API documentation for fields of metadata.

spec ClusterResourceSpec

spec contains the desired state of the cluster resource.

status ClusterResourceStatus

status contains the status of the cluster resource.

ClusterResourceSpec

Appears In:
Field Description Default Validation

selector Selector

selector is used to show the parent resource hierarchy.

gvk GroupVersionKind

gvk is the Group, Version and Kind used to identify the type of Kubernetes resource.

clusterNamespace string

clusterNamespace is the namespace in the cluster that this Kubernetes resource belongs to.

object RawExtension

object is the Kubernetes resource object of the given Group Version Kind.
The object can belong to one the following resource Kinds:
- Namespace
- Node
- Pod
- Deployment
- Service
- ReplicaSet
- DaemonSet
- StatefulSet
- CronJob
- Job
- ConfigMap

ClusterResourceState

Underlying type: string

ClusterResourceState shows the state of a Kubernetes resource (object) on the cluster.

Appears In:

ClusterResourceStatus

Appears In:
Field Description Default Validation

state ClusterResourceState

state shows the state of a Kubernetes resource (object) on the cluster.

message string

message shows the details related to the given state.
Example: the reason for unhealthy state of the Kubernetes resource.

aggregatedData AggregatedData

aggregatedData is the data aggregated from all the pods deployed in the given resource.
This data is shown for the resources containing pods, including the following Kinds:
- Namespace
- Node
- Deployment
- ReplicaSet
- DaemonSet
- StatefulSet
- CronJob
- Job

ClusterSpec

Appears In:
Field Description Default Validation

selector Selector

selector is used to show the parent resource hierarchy.

ClusterState

Underlying type: string

ClusterState shows the state of the VKS cluster management agents deployed on a cluster.

Appears In:

ClusterStatus

Appears In:
Field Description Default Validation

conditions Condition array

conditions shows the list of Conditions attached to the cluster.

phase ClusterPhase

phase shows the phase of the cluster being managed by VKS cluster management.

state ClusterState

state shows the state of the VKS cluster management agents deployed on the cluster.

allocatedMemory ResourceAllocation

allocatedMemory shows the memory allocation details in the cluster.

allocatedCpu ResourceAllocation

allocatedCpu shows the CPU allocation details in the cluster.

health ClusterHealth

health shows health information on the control-plane components in the cluster.

ComponentHealth

ComponentHealth shows details on the health status of a component.

Appears In:
Field Description Default Validation

name string

name shows the name of the component

state ComponentState

state shows the current state the component in the cluster.

message string

message shows the details related to the given state.
Example: the reason for unhealthy state of the component.

ComponentState

Underlying type: string

ComponentState shows the state of a component on the cluster.

Appears In:

ResourceAllocation

ResourceAllocation is used to display the CPU and Memory metrics of a cluster.

Appears In:
Field Description Default Validation

capacity Quantity

capacity is the total quantity of compute resources available including reserved resources.

allocatable Quantity

allocatable is the quantity of compute resources that can be allocated by the Kubelet
excluding reserved resources.

requested Quantity

requested is the requested quantity of compute resources.

allocatedPercentage integer

allocatedPercentage represents the percentage of the resource allocated from the
total allocatable quantity.

dataprotection.management.kubernetes.vmware.com/v1alpha1

Package v1alpha1 contains API definitions for the VKS cluster management ClusterDataProtection APIs from policy.v1alpha1 group-version. This includes APIs with Kind ClusterDataProtection, ClusterBackupLocation, ClusterBackup, ClusterRestore, ClusterSchedule and ClusterBackupLocationCredential.

Resource Types

AwsS3Config

Appears In:
Field Description Default Validation

s3ForcePathStyle boolean

s3ForcePathStyle is a flag for whether to force path style URLs for S3 objects.
It defaults to false and can be set it to true when using local storage service like Minio.

s3Url string

s3Url is the service endpoint for AWS S3 storage solution.

MinLength: 1

publicUrl string

publicUrl is the service endpoint used for generating download URLs.
This field is primarily for local storage services like Minio.

caCerts string

caCerts is a PEM-encoded certificate bundle to trust while connecting to AWS S3.

BackupHooks

BackupHooks contains custom actions that should be executed at different phases of the backup.

Appears In:
Field Description Default Validation

resources BackupResourceHookSpec array

resources are hooks that should be executed when backing up individual instances of a resource.

BackupResourceHook

BackupResourceHook defines a hook for a backup resource.

Appears In:
Field Description Default Validation

exec ExecHook

exec defines an exec hook.

BackupResourceHookSpec

BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on the rules defined for namespaces and labels.

Appears In:
Field Description Default Validation

name string

name is the name of this hook.

MinLength: 1

includedNamespaces string array

includedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies
to all namespaces.

excludedNamespaces string array

excludedNamespaces specifies the namespaces to which this hook spec does not apply.

labelSelector LabelSelector

labelSelector if specified, filters the resources to which this hook spec applies.

preHooks BackupResourceHook array

preHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup.
These are executed before any "additional items" from item actions are processed.

postHooks BackupResourceHook array

postHooks is a list of BackupResourceHooks to execute after storing the item in the backup.
These are executed after all "additional items" from item actions are processed.

ClusterBackup

ClusterBackup is used to take a backup of the given state of a cluster.

The ClusterBackup API will invoke a Velero backup in the target cluster according to the spec. It can back up any of the following resources: - All resources in a cluster - Selected namespaces in a VKS cluster - Specific resources in a cluster identified by a label

Additionally, resources filters and hooks can be defined to customize the backup. The status field reports the progress, outcome, and metadata of the backup.

A ClusterBackup can only be applied at the Cluster level: - To create a backup at the cluster level, provide cluster name and supervisor namespace name in 'spec.selector.matchNames'. ClusterBackup name can be provided in 'metadata.generateName', so the backend can generate the fully qualified name by appending the selector names. To use metadata.name directly, it needs to be fully qualified in the format: "<backup-name>:cluster:<cluster-name>:supervisor-namespace:<svns-name>"

Field Description Default Validation

apiVersion string

dataprotection.management.kubernetes.vmware.com/v1alpha1

kind string

ClusterBackup

metadata ObjectMeta

Refer to Kubernetes API documentation for fields of metadata.

spec ClusterBackupSpec

spec contains the desired state of the backup.

status ClusterBackupStatus

status contains the status of the backup.

ClusterBackupLocation

ClusterBackupLocation is used to define a target location for storing backups.

ClusterBackupLocation identifies the place where you want the backup stored, and references the associated data protection credential. The target location can be shared across multiple clusters.

ClusterBackupLocation can only be applied at the Organization level by selecting specific or all clusters: - To create a backup at the organization level, provide 'metadata.namespace'="@org".

Inherited read-only ClusterBackupLocations at the cluster: - For each backup location, you will see a read-only backup location resource at every selected cluster in the organization. The 'metadata.name' of this read-only resource will be prefixed with "org:" and suffixed with the selector names to maintain uniqueness. 'spec.selector' will point to the corresponding cluster, and 'metadata.namespace' will point to the project to which the cluster belongs.

Field Description Default Validation

apiVersion string

dataprotection.management.kubernetes.vmware.com/v1alpha1

kind string

ClusterBackupLocation

metadata ObjectMeta

Refer to Kubernetes API documentation for fields of metadata.

spec ClusterBackupLocationSpec

spec contains the desired state of the backup location.

status ClusterBackupLocationStatus

status contains the status of the backup location.

ClusterBackupLocationCredential

ClusterBackupLocationCredential is used to encrypt and securely store credentials of the storage service used to store backups.

Data Protection capability requires access to a public storage service to store cluster backups. The credentials required to access your selected storage service can be provided using this API, to ensure they are encrypted and stored securely.

The encrypted data is never returned in any response, and it cannot be edited/changed. Hence, patch/update is not supported in this API.

Field Description Default Validation

apiVersion string

dataprotection.management.kubernetes.vmware.com/v1alpha1

kind string

ClusterBackupLocationCredential

metadata ObjectMeta

Refer to Kubernetes API documentation for fields of metadata.

spec ClusterBackupLocationCredentialSpec

spec contains the desired state of the credential.

ClusterBackupLocationCredentialProvider

Underlying type: string

ClusterBackupLocationCredentialProvider is the service provider that can be accessed using the credential.

Appears In:

ClusterBackupLocationCredentialSpec

Appears In:
Field Description Default Validation

provider ClusterBackupLocationCredentialProvider

provider is the service provider that can be accessed using the credential.
For example, AmazonS3.

Enum: [AmazonS3]

keyValueSecretData KeyValueSecretData array

keyValueSecretData contains the secret data in the form of key-value pairs.
This data is encrypted and stored securely, and it is never returned in the API response.
For example, aws_access_key_id and aws_secret_access_key can be provided here to provide access
to the Amazon S3 storage to store cluster backups.

ClusterBackupLocationSpec

Appears In:
Field Description Default Validation

selector Selector

selector is used to show the parent resource hierarchy.

targetProvider TargetProvider

targetProvider is the target provider of the backup storage.

Enum: [AWS_S3]

awsS3Config AwsS3Config

awsS3Config contains the AWS S3 storage configuration fields.
This config is required when AWS_S3 target provider is selected.

bucket string

bucket is the bucket to use for storage.

MinLength: 1

region string

region is the region of the bucket origin.

credentialRef ResourceRef

credentialRef is the reference to the ClusterBackupLocationCredential to be used to access the bucket.
Since ClusterBackupLocationCredential is an organization scoped resource, this reference should contain
the name of the ClusterBackupLocationCredential, with the namespace set to "@org".

prefix string

prefix is the prefix of the bucket.

clusterRefs ResourceRef array

clusterRefs is the list of cluster references on which this backup location can be used.
Since Cluster is a supervisor namespace scoped resource, each reference should contain:
- The name of the cluster, which is provided in 'metadata.generateName'
field of the Cluster resource.
- The selector with the supervisor namespace name to identify the
namespace to which the cluster belongs, which is provided in
'spec.selector' field of the Cluster resource.

ClusterBackupLocationStatus

Appears In:
Field Description Default Validation

conditions Condition array

conditions shows the list of Conditions attached to the backup location.

phase Phase

phase shows the current phase of the ClusterBackup location.

message string

message contains a short summary explaining the reason for the given Phase.

ClusterBackupSpec

Appears In:
Field Description Default Validation

selector Selector

selector is used to show the parent resource hierarchy.

includedNamespaces string array

includedNamespaces are the namespace on the cluster to include in the backup.
If empty, all namespaces are included.

excludedNamespaces string array

excludedNamespaces are the namespaces on the cluster to exclude from the backup.

includedNamespaceScopedResources string array

includedNamespaceScopedResources are the namespace-scoped resources on the cluster to include in
the backup. Keeping this empty is equivalent to setting any element to "*", which means all
the namespace-scoped resources are included.

excludedNamespaceScopedResources string array

excludedNamespaceScopedResources are the namespace-scoped resources on the cluster to exclude
from the backup. If any element is set to "*", all the namespace-scoped resources are excluded.

includedClusterScopedResources string array

includedClusterScopedResources are the cluster-scoped resource types on the cluster to include in
the backup. If any element is set to "*", all the cluster-scoped resource types are included. If
empty, only related cluster-scoped resources are included.

excludedClusterScopedResources string array

excludedClusterScopedResources are the cluster-scoped resource types on the cluster to exclude
from the backup. If any element is set to "*", all the cluster-scoped resource types are excluded.

labelSelector LabelSelector

labelSelector is used to include or exclude individual resources on the cluster to the backup,
by selecting the resources based on labels. If empty, all objects are included.

snapshotVolumes boolean

snapshotVolumes is a flag that specifies whether to take cloud snapshots of any PersistentVolumes referenced
in the set of objects included in the backup.
- If set to true, snapshots will be taken.
- If set to false, snapshots will be skipped.
- If left unset, snapshots will be attempted if volume snapshots are
configured for the cluster.

ttlHours integer

ttlHours is the backup retention period, in hours.

Minimum: 0

snapshotMoveData boolean

snapshotMoveData specifies whether snapshot data should be moved to the target location.

storageLocation string

storageLocation is the name of the ClusterBackupStorageLocation where the backup should be stored.

hooks BackupHooks

hooks represent custom actions that should be executed at different phases of the backup.

ClusterBackupStatus

Appears In:
Field Description Default Validation

conditions Condition array

conditions shows the list of Conditions attached to the backup.
The description of the conditions is as follows:
- "Scheduled" with status 'Unknown' indicates the backup request has not
been applied to the cluster yet.
- "Scheduled" with status 'False' indicates the request could not be
forwarded to the cluster.
- "Scheduled" with status 'True' and "Ready" with status 'Unknown'
indicates the backup create/delete action has been applied/deleted but
not yet acted upon.
- "Ready" with status 'True' indicates the creation of backup is complete.
- "Ready" with status 'False' indicates the creation of backup is in error
state.

phase Phase

phase shows the current phase of the ClusterBackup on the cluster.

message string

message contains a short summary explaining the reason for the given Phase.

startTime Time

startTime is the time when the backup was started.

completionTime Time

completionTime is the time when the backup was completed.

expiration Time

expiration is the expiration time associated with the ClusterBackup object, if it is eligible for garbage-collection.

progress Progress

progress shows the current progress of the backup.

resources Resources array

resources is a list of important resources containing the resource kind and list of resource names belonging
to that kind. Currently, the expected resource kinds in a backup are Namespace, PersistentVolumeClaim and
PersistentVolume. Other resources which are part of the backup will be saved in an appropriate format in S3
bucket and will be accessible to the user on demand.

gatherBackupResourcesStatus GatherBackupResourcesStatus

gatherBackupResourcesStatus holds the status of ListClusterBackupResources action which is triggered on the cluster
once the backup is completed. This will specify the state of that process such that the user is indicated,
if the action to get the resources is processed or failed.

failureReason string

failureReason contains the error that caused the entire backup to fail, in-case of such a failure.

volumeBackups VolumeBackupRestore array

volumeBackups contain the information about volumes that are backed up.

ClusterDataProtection

ClusterDataProtection is a singleton resource used to enable data protection feature on a cluster.

The name, namespace and selector should be the same as that of the resource on which data protection feature is being enabled, for example, Cluster. - To enable data protection on a Cluster, provide the supervisor namespace name in 'spec.selector.matchNames'. Cluster name can be provided in 'metadata.generateName', so the backend can generate the fully qualified name by appending the selector names. To use metadata.name directly, it needs to be fully qualified in the format: "<cluster-name>:cluster:<cluster-name>:supervisor-namespace:<svns-name>" which is same as the 'metadata.name' value returned in the Cluster API.

Field Description Default Validation

apiVersion string

dataprotection.management.kubernetes.vmware.com/v1alpha1

kind string

ClusterDataProtection

metadata ObjectMeta

Refer to Kubernetes API documentation for fields of metadata.

spec ClusterDataProtectionSpec

spec contains the desired state of the data protection.

status ClusterDataProtectionStatus

status contains the status of the data protection.

ClusterDataProtectionSpec

Appears In:
Field Description Default Validation

selector Selector

selector is used to show the parent resource hierarchy.

ClusterDataProtectionStatus

Appears In:
Field Description Default Validation

conditions Condition array

conditions shows the list of Conditions attached to the data protection.
The description of the conditions is as follows:
- "Scheduled" with status 'Unknown' indicates the data protection
enablement request has not reached the cluster yet.
- "Scheduled" with status 'False' indicates the data protection could not
be enabled.
- "Scheduled" with status 'True' and "Ready" with status 'Unknown'
indicates the data protection enablement action has been
applied/deleted but not yet acted upon.
- "Ready" with status 'True' indicates the data protection is enabled on
the cluster.
- "Ready" with status 'False' indicates the data protection could not be
enabled on the cluster.

phase Phase

phase shows the current phase of the data protection on the cluster.

message string

message contains a short summary explaining the reason for the given data protection.

clusterNamespace string

clusterNamespace is the namespace used to install backup solution.

version string

version is the version information of backup solution.

ClusterRestore

ClusterRestore is used to restore a previous state of the cluster using a backup.

This API will invoke a Velero restore in the target cluster according to the spec. It can restore: - The entire cluster backup - Selected namespaces from the backup - Specific resources from the backup identified by a label - The backup from a different cluster

Additionally, resource filters and hooks can be defined to customize the restore. The status field reports the progress, outcome, and metadata of the restore.

A ClusterRestore can only be applied at the Cluster level: - To initiate a restore at the cluster level, provide cluster name and supervisor namespace name in 'spec.selector.matchNames'. ClusterRestore name can be provided in 'metadata.generateName', so the backend can generate the fully qualified name by appending the selector names. To use metadata.name directly, it needs to be fully qualified in the format: "<restore-name>:cluster:<cluster-name>:supervisor-namespace:<svns-name>"

Field Description Default Validation

apiVersion string

dataprotection.management.kubernetes.vmware.com/v1alpha1

kind string

ClusterRestore

metadata ObjectMeta

Refer to Kubernetes API documentation for fields of metadata.

spec ClusterRestoreSpec

spec contains the desired state of the restore.

status ClusterRestoreStatus

status contains the status of the restore.

ClusterRestoreSpec

Appears In:
Field Description Default Validation

selector Selector

selector is used to show the parent resource hierarchy.

clusterBackupRef ResourceRef

clusterBackupRef is the reference to the ClusterBackup on the cluster to restore from.
Since ClusterBackup is a cluster scoped resource, this reference should contain:
- The name of the ClusterBackup resource created on the cluster, which is
provided in 'metadata.generateName' field of the ClusterBackup resource.
- The selector with the cluster name and supervisor namespace name to
identify the cluster on which the backup was created, which is provided
in 'spec.selector' field of the ClusterBackup resource.

includedNamespaces string array

includedNamespaces are the namespaces in the backup to include in the restore.
If empty, all namespaces are included.

excludedNamespaces string array

excludedNamespaces are the namespaces in the backup to exclude from the restore.

includedResources string array

includedResources are the resources in the backup to include in the restore. If empty,
all resources in the backup are restored.

excludedResources string array

excludedResources are the resources in the backup to exclude from the restore.

labelSelector LabelSelector

labelSelector is used to include or exclude individual resources in the backup to restore,
by selecting the resources based on labels. If empty, all objects are included.

namespaceMapping object (keys:string, values:string)

namespaceMapping is a map of source namespace names in the backup to target namespace names to restore
into. Any source namespaces not included in the map will be restored into namespaces of the same name.

restorePvs boolean

restorePvs is a flag that specifies whether to restore all included PersistentVolumes from a snapshot.
- If set to true, the volumes will be restored.
- If set to false, volumes will not be restored.
- If left unset, volume restore will be attempted if the backup had
snapshots included and snapshot locations are configured for the cluster.

includeClusterResources boolean

includeClusterResources is a flag that specifies whether cluster-scoped resources should be included
in the restore.
- If set to true, all cluster-scoped resources will be restored.
- If set to false, all cluster-scoped resources will be excluded during the
restore.
- If unset, all cluster-scoped resources are included if and only if all
namespaces are included and there are no excluded namespaces. Otherwise,
only cluster-scoped resources associated with the namespace-scoped
resources included in the restore spec are restored. For example, if a
PersistentVolumeClaim for a namespace is included in the restore, its
associated PersistentVolume (which is cluster-scoped) would also be
restored.

hooks RestoreHooks

hooks represent custom actions that should be executed during or post restore.

ClusterRestoreStatus

Appears In:
Field Description Default Validation

conditions Condition array

conditions shows the list of Conditions attached to the restore.
The description of the conditions is as follows:
- "Scheduled" with status 'Unknown' indicates the restore request has not
been applied to the cluster yet.
- "Scheduled" with status 'False' indicates the request could not be
forwarded to the cluster.
- "Scheduled" with status 'True' and "Ready" with status 'Unknown'
indicates the restore create/delete action has been applied/deleted
but not yet acted upon.
- "Ready" with status 'True' indicates the restore is complete.
- "Ready" with status 'False' indicates the restore is in error state.

phase Phase

phase shows the current phase of the ClusterRestore on the cluster.

message string

message contains a short summary explaining the reason for the given ClusterRestore.

completionTime Time

completionTime is the time when the ClusterRestore was completed.

progress Progress

progress shows the current progress of the ClusterRestore.

volumeRestores VolumeBackupRestore array

volumeRestores contain the information about volumes that are restored.

ClusterSchedule

ClusterSchedule is used to schedule a cron job for periodically taking backups of the given state of a cluster.

The ClusterSchedule API describes a template for creating ClusterBackups at specified intervals. When you create a ClusterSchedule, velero ClusterBackup CRs are generated at the defined intervals in the target cluster according to the schedule. This API also allows to pause and resume the schedule.

A ClusterSchedule can only be applied at the Cluster level: - To create a schedule at the cluster level, provide cluster name and supervisor namespace name in 'spec.selector.matchNames'. ClusterSchedule name can be provided in 'metadata.generateName', so the backend can generate the fully qualified name by appending the selector names. To use metadata.name directly, it needs to be fully qualified in the format: "<schedule-name>:cluster:<cluster-name>:supervisor-namespace:<svns-name>"

Field Description Default Validation

apiVersion string

dataprotection.management.kubernetes.vmware.com/v1alpha1

kind string

ClusterSchedule

metadata ObjectMeta

Refer to Kubernetes API documentation for fields of metadata.

spec ClusterScheduleSpec

spec contains the desired state of the schedule.

status ClusterScheduleStatus

status contains the status of the schedule.

ClusterScheduleSpec

Appears In:
Field Description Default Validation

selector Selector

selector is used to show the parent resource hierarchy.

template ClusterBackupSpec

template is a template containing the details of the backup to take at given periodic intervals.

schedule string

schedule is a Cron expression defining when to run the backups.
Example Cron expression: "0 7 * * *"

MinLength: 1

paused boolean

paused can be used to pause a schedule for backups. By default, the schedule is not paused.

ClusterScheduleStatus

Appears In:
Field Description Default Validation

conditions Condition array

conditions shows the list of Conditions attached to the schedule.
The description of the conditions is as follows:
- "Scheduled" with status 'Unknown' indicates the schedule request has not
been applied to the cluster yet.
- "Scheduled" with status 'False' indicates the request could not be
forwarded to the cluster.
- "Scheduled" with status 'True' and "Ready" with status 'Unknown'
indicates the schedule create/delete action has been applied/deleted but
not yet acted upon.
- "Ready" with status 'True' indicates the creation of schedule is
complete.
- "Ready" with status 'False' indicates the creation of schedule is in
error state.

phase Phase

phase shows the current phase of the ClusterSchedule on the cluster.

message string

message contains a short summary explaining the reason for the given Phase.

lastClusterBackupTime Time

lastClusterBackupTime is the timestamp showing when the last backup associated with this schedule
was successfully run.

ExecHook

Underlying type: struct{Container *string "json:\"container,omitempty\""; Command []string "json:\"command,omitempty\""; OnError *HookErrorMode "json:\"onError,omitempty\""; TimeoutSeconds *int32 "json:\"timeoutSeconds,omitempty\""}

ExecHook is a hook that uses the pod exec API to execute a command in a container in a pod.

Appears In:

ExecRestoreHook

Underlying type: struct{Container *string "json:\"container,omitempty\""; Command []string "json:\"command,omitempty\""; OnError *HookErrorMode "json:\"onError,omitempty\""; ExecTimeoutSeconds *int32 "json:\"execTimeoutSeconds,omitempty\""; WaitTimeoutSeconds *int32 "json:\"waitTimeoutSeconds,omitempty\""}

ExecRestoreHook is a hook that uses pod exec API to execute a command inside a container in a pod.

Appears In:

GatherBackupResourcesStatus

GatherBackupResourcesStatus shows the status of ListClusterBackupResources action.

Appears In:
Field Description Default Validation

conditions Condition array

conditions shows the list of Conditions attached to sub-operations like uploads during the collection
of backup resources.

phase GatherBackupResourcesStatusPhase

phase is the overall state of the ListClusterBackupResources operation.

message string

message contains a short summary explaining the reason for the given Phase.

GatherBackupResourcesStatusPhase

Underlying type: string

GatherBackupResourcesStatusPhase is the phase of the ListClusterBackupResources action in the associated cluster.

Appears In:

InitRestoreHook

Underlying type: struct{InitContainers []k8s.io/apimachinery/pkg/runtime.RawExtension "json:\"initContainers,omitempty\" patchStrategy:\"replace\""; TimeoutSeconds *int32 "json:\"timeoutSeconds,omitempty\""}

InitRestoreHook is a hook that adds an init container to a PodSpec to run commands before the workload pod is able to start.

Appears In:

KeyValueSecretData

KeyValueSecretData contains the secret data in the form of key-value pairs. This data is encrypted and stored securely, and it is never returned in the API response.

Appears In:
Field Description Default Validation

key string

key of the secret data.

MinLength: 1
Pattern: ^[a-zA-Z0-9_.-]*$

value integer array

value of the secret data.

Phase

Underlying type: string

Phase of the data protection objects, these objects includes: - ClusterBackup - ClusterRestore - ClusterSchedule - ClusterDataProtection - ClusterBackupLocation

Appears In:

PodVolumeBackupRestorePhase

Underlying type: string

PodVolumeBackupRestorePhase is the phase of the pod volume backup or restore on the cluster.

Appears In:

Progress

Progress provides additional data to track backup completion progress.

Appears In:
Field Description Default Validation

totalItems integer

totalItems is the total number of items to be backed up. This number may change
throughout the execution of the backup due to plugins that return additional related
items to back up, the velero.io/exclude-from-backup label, and various other
filters activating as the items are processed.

Minimum: 0

itemsProcessed integer

itemsProcessed is the number of items that have actually been processed

Minimum: 0

Resources

Resources represents all the resources belonging to a Kubernetes resource Kind.

Appears In:
Field Description Default Validation

kind string

kind is a Kubernetes resource Kind.

names string array

names are the list of resource names under the specified Kind.

RestoreHooks

RestoreHooks contain custom actions that should be executed during or post restore.

Appears In:
Field Description Default Validation

resources RestoreResourceHookSpec array

resources are hooks that should be executed when restoring individual instances of a resource.

RestoreResourceHook

RestoreResourceHook defines a restore hook for a resource.

Appears In:
Field Description Default Validation

exec ExecRestoreHook

exec defines an exec restore hook.

init InitRestoreHook

init defines an init restore hook.

RestoreResourceHookSpec

RestoreResourceHookSpec defines one or more RestoreResourceHooks that should be executed based on the rules defined for namespaces, and labels.

Appears In:
Field Description Default Validation

name string

name is the name of this hook.

MinLength: 1

includedNamespaces string array

includedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies
to all namespaces.

excludedNamespaces string array

excludedNamespaces specifies the namespaces to which this hook spec does not apply.

labelSelector LabelSelector

labelSelector if specified, filters the resources to which this hook spec applies.

postHooks RestoreResourceHook array

postHooks is a list of ClusterRestoreResourceHooks to execute during and after restoring a resource.

TargetProvider

Underlying type: string

TargetProvider is the target storage provider of the backup storage.

Appears In:

VolumeBackupRestore

VolumeBackupRestore contains metadata about a particular volume backup taken or restored.

Appears In:
Field Description Default Validation

pvcName string

pvcName is the name of the persistent volume claim.

pvcNamespace string

pvcNamespace is the namespace of the persistent volume claim.

pvName string

pvName is the name of the persistent volume.

scName string

scName is the name of the storage class used by the persistent volume.

sizeBytes integer

sizeBytes is the complete size of the snapshot in bytes.

Minimum: 0

method VolumeBackupRestoreMethod

method is the method used to perform the volume backup or backup.

podInfo VolumeBackupRestorePodInfo

podInfo contains additional metadata about the pod where the volume was mounted.
This is only present for file system backups.

VolumeBackupRestoreMethod

Underlying type: string

VolumeBackupRestoreMethod is the method used to perform a volume backup or restore.

Appears In:

VolumeBackupRestorePodInfo

VolumeBackupRestorePodInfo contains additional metadata about the pod where a backed up or restored volume was mounted.

Appears In:
Field Description Default Validation

podName string

podName is the name of the pod where the volume was mounted.

podNamespace string

podNamespace is the namespace of the pod where the volume was mounted.

podVolumeName string

podVolumeName is the name of the volume as depicted in the pod manifest.

phase PodVolumeBackupRestorePhase

phase is the phase of the pod volume backup or restore.

policy.management.kubernetes.vmware.com/v1alpha1

Package v1alpha1 contains API definitions for the VKS cluster management Policy APIs from policy.v1alpha1 group-version. This includes APIs with Kind Policy, PolicyTemplate, PolicySchema and PolicyInsight.

Resource Types

ClusterPolicy

ClusterPolicy to apply on a resource (organization / project / cluster).

To apply a policy, you need to first identify the ClusterPolicySchema you wish to use by viewing the available list of ClusterPolicySchemas. These schemas are grouped by various policy types, for example, security-policy, image-registry-policy, custom-policy etc. ClusterPolicy creation requires the reference to the ClusterPolicySchema and the inputs described in that schema.

Parent Resource Hierarchy can be provided as below: - To apply a policy at the organization level, provide 'metadata.namespace'="@org". - To apply a policy at the project level, provide 'metadata.namespace'="<project-name>". - To apply a policy at the cluster level, provide cluster name and supervisor namespace name in 'spec.selector.matchNames'. ClusterPolicy name can be provided in 'metadata.generateName', so the backend can generate the fully qualified name by appending the selector names. To use metadata.name directly, it needs to be fully qualified in the format: "<policy-name>:cluster:<cluster-name>:supervisor-namespace:<svns-name>"

Inherited read-only ClusterPolicies: - When a policy is applied at the organization level, you will see a read-only ClusterPolicy resource at every project and every cluster in the organization. The 'metadata.name' of this read-only resource will be prefixed with "org:" and suffixed with the selector names to maintain uniqueness. 'metadata.namespace' and 'spec.selector' will point to the corresponding project or cluster. - Similarly, when a policy is applied at the project level, you will see a read-only ClusterPolicy resource at every cluster in that project. The 'metadata.name' of this read-only resource will be prefixed with "prj:" and suffixed with the selector names.

Field Description Default Validation

apiVersion string

policy.management.kubernetes.vmware.com/v1alpha1

kind string

ClusterPolicy

metadata ObjectMeta

Refer to Kubernetes API documentation for fields of metadata.

spec ClusterPolicySpec

spec contains the desired state of the policy.

status ClusterPolicyStatus

status contains the status of the policy.

ClusterPolicyInsight

ClusterPolicyInsight provides insight related to the policies applied on a resource.

Below are the various types of insights reported by this API: - VIOLATION: Indicates that a Kubernetes resource on the cluster is not in compliance with the policy. This insight is only applicable to Gatekeeper-based policies. - SYNC: Indicates that the policy sync to the VKS cluster failed. - THRESHOLD: Indicates that a namespace on the cluster has exceeded 80% of the applied quota. This insight is only applicable to Namespace Quota policies. - HEALTH: Indicates that the policy is not enforced due to policy operator health issues. For example, Gatekeeper installation failure. This insight is only applicable to Gatekeeper-based policies. - INCOMPATIBILITY: Indicates a warning that the policy may not work, because the Gatekeeper installation on the cluster is not managed by VKS cluster management. This situation may potentially cause issues with the functionality of policies applied to the cluster.

This is a read-only API.

Field Description Default Validation

apiVersion string

policy.management.kubernetes.vmware.com/v1alpha1

kind string

ClusterPolicyInsight

metadata ObjectMeta

Refer to Kubernetes API documentation for fields of metadata.

spec ClusterPolicyInsightSpec

spec contains the desired state of the policy insight.

status ClusterPolicyInsightStatus

status contains the status of the policy insight.

ClusterPolicyInsightSpec

Appears In:
Field Description Default Validation

selector Selector

selector is used to show the parent resource hierarchy.

clusterPolicyRef ResourceRef

clusterPolicyRef is the reference to the source policy that is responsible for the insight.

clusterNamespace string

clusterNamespace is the impacted namespace on the cluster from which the insight is generated.

ClusterPolicyInsightStatus

Appears In:
Field Description Default Validation

policyType ClusterPolicyType

policyType shows the type of policy that triggered the insight.

Enum: [security-policy image-registry-policy custom-policy namespace-quota-policy mutation-policy]

insightType InsightType

insightType shows the type of policy insight.

Enum: [Violation Sync Threshold Health Incompatibility]

message string

message contains details about the policy insight.
For example, this could include details on how a resource is violating the policy,
or why a policy failed to sync or the percentage of the quota used in a namespace, etc.

ClusterPolicySchema

ClusterPolicySchema defines the schema required to apply policies.

VKS cluster management has a set of built-in policy templates combined into various schemas. In addition, creation of a new ClusterPolicyTemplate will internally generate a corresponding ClusterPolicySchema using that template. ClusterPolicy creation always requires a ClusterPolicySchema reference and optional inputs defined in this schema.

The type of the policy is embedded in the schema name. For example: - baseline:security-policy - restricted:security-policy - custom:image-registry-policy - k8srequirelabels:custom-policy

ClusterPolicySchema is a read-only API. It is organization scoped, but viewable by everyone.

Field Description Default Validation

apiVersion string

policy.management.kubernetes.vmware.com/v1alpha1

kind string

ClusterPolicySchema

metadata ObjectMeta

Refer to Kubernetes API documentation for fields of metadata.

spec ClusterPolicySchemaSpec

spec contains the desired state of the policy schema.

ClusterPolicySchemaSpec

Appears In:
Field Description Default Validation

type ClusterPolicyType

type shows the type of the policy.

Enum: [security-policy image-registry-policy custom-policy namespace-quota-policy mutation-policy]

openAPIV3Schema JSONSchemaProps

openAPIV3Schema defines the set of variable inputs needed to create a ClusterPolicy using this ClusterPolicySchema.

clusterPolicyTemplateRefs ResourceRef array

clusterPolicyTemplateRefs define the list of ClusterPolicyTemplates applied when a ClusterPolicy is created using this ClusterPolicySchema.

ClusterPolicySpec

Appears In:
Field Description Default Validation

selector Selector

selector is used to show the parent resource hierarchy.

clusterPolicySchemaRef ResourceRef

clusterPolicySchemaRef is the reference to the ClusterPolicySchema to use for applying the policy.
Since ClusterPolicySchema is an organization scoped resource, this reference should contain
the name of the ClusterPolicySchema, with the namespace set to "@org".

input RawExtension

input is the arbitrary input required for creating a policy with the chosen schema.
Input validations, if any, are defined in the ClusterPolicySchema resource.

clusterNamespaceSelector LabelSelector

clusterNamespaceSelector is a label based namespace selector used to filter namespaces in
the cluster when applying the policy.

ClusterPolicyStatus

Appears In:
Field Description Default Validation

conditions Condition array

conditions shows the list of Conditions attached to the cluster.

phase Phase

phase shows the current phase of the policy application on a cluster.
This will only be seen on the cluster policies, including policies inherited from
parent resources.

message string

message contains a short summary explaining the reason for the given Phase.

ClusterPolicyTemplate

ClusterPolicyTemplate is a wrapper for the policy definition containing the enforcement logic.

This template object is a pre-requisite for applying certain policies. The embedded object contains the policy enforcement logic. When a policy created requires this template, the embedded object in this template will get applied on the cluster along with the policy object.

An example of this template object is OPA Gatekeeper ConstraintTemplate object, which contains the Gatekeeper enforcement logic in Rego/CEL and is a pre-requisite for applying a Gatekeeper based policy (Constraint object).

ClusterPolicyTemplate is an organization scoped API, viewable by everyone, but only organization admins can perform write operations like creating/deleting new templates. Built-in templates cannot be updated or deleted.

Field Description Default Validation

apiVersion string

policy.management.kubernetes.vmware.com/v1alpha1

kind string

ClusterPolicyTemplate

metadata ObjectMeta

Refer to Kubernetes API documentation for fields of metadata.

spec ClusterPolicyTemplateSpec

spec contains the desired state of the policy template.

ClusterPolicyTemplateSpec

Appears In:
Field Description Default Validation

templateType TemplateType

templateType is the type of the policy template.
Currently, we only support 'OPAGatekeeper' TemplateType.

OPAGatekeeper

Enum: [OPAGatekeeper]

objectKind ObjectKind

objectKind is the Kind of the Kubernetes Resource embedded in Object.
Currently, we only support 'ConstraintTemplate' ObjectKind.

ConstraintTemplate

Enum: [ConstraintTemplate]

object RawExtension

object is the Kubernetes Resource of the specified ObjectKind (for example, ConstraintTemplate
resource). Object name must match the 'metadata.name' of the ClusterPolicyTemplate.
If 'metadata.name' is not provided, it will be auto set using this object name.

dataInventory GroupVersionKind array

dataInventory is a list of Kubernetes api-resource kinds that need to be synced/replicated
in Gatekeeper in order to enforce policy rules on those resources.
Note: This is used for OPAGatekeeper based templates, and should be used if the policy
enforcement logic in the Rego code requires cached data read using "data.inventory" fields.

ClusterPolicyType

Underlying type: string

ClusterPolicyType shows the type of the policy.

Appears In:

InsightType

Underlying type: string

InsightType shows the type of the policy insight.

Appears In:

ObjectKind

Underlying type: string

ObjectKind is the Kind of the Kubernetes resource that is provided.

Appears In:

Phase

Underlying type: string

Phase shows the current phase of the policy application on a cluster.

Appears In:

TemplateType

Underlying type: string

TemplateType is the type of the policy template.

Appears In: