DEFAULT

app

required:    false
scopable:    false
default:     default

A user-defined code linking to:

  • who is responsible for this service.
  • who is billable.

This code thus provides a most useful object grouping and filtering key.

Short and simple codes, like ERP, are easier to work with.

comment

required:    false
scopable:    false

Comments help the users understand the role of the object and its resources.

drpnodes

required:    false
scopable:    true
convert:     other-nodes

Example:

drpnodes = n1 n2

A node selector expression specifying the list of cluster nodes hosting object instances when all primary nodes are unavailable, like in a DRP situation.

If not specified or left empty, the node evaluating the keyword is assumed to be the only instance hosting node.

Labels can be used to define a list of nodes by an arbitrary property. For example cn=fr cn=kr would be evaluated as n1 n2 n3 if n1 and n2 have the cn=fr label and n3 has the cn=kr label.

The glob syntax can be used in the node selector expression. For example n1 n[23] n4* would be expanded to n1 n2 n3 n4 in a n1 n2 n3 n4 n5 cluster.

The drpnodes can be data synchronization targets for sync resources.

env

required:    false
scopable:    false
default:     The same as the node `env`.

A code like PRD, DEV, etc... the agent can use to enforce data protection policies:

  • A non-PRD object instance can not be started on a PRD node
  • A PRD object instance can be started on a non-PRD node (typically in a DRP situation)

The default value is read from the node env keyword.

grant

required:    false
scopable:    true
convert:     list-lowercase

Example:

grant = admin:test* guest:*

Grant roles to the user.

A whitespace-separated list of pervasives role or per-namespace roles.

Pervasive roles:

  • root

    Add resource triggers, non-containerized resources (non-root users can only add container.docker, container.podman task.docker, task.podman and volume)

  • squatter

    Create a new namespace.

  • prioritizer

    Set the priority keyword of an object.

  • blacklistadmin

    Clear the blacklist of daemon listeners clients.

  • <per-namespace role>:<namespace selector>

Per-namespace roles:

  • admin

    Create, delete objects in the namespace.

  • operator

    Start, stop, provision, unprovision, freeze, unfreeze objects in the namespace.

  • guest

    List and read configuration and status of the objects in the namespace.

A namespace selector is a glob pattern applied to existing namespaces.

id

required:    false
scopable:    false
default:     A random generated UUID.

A rfc4122 random uuid generated by the agent.

nodes

required:    false
scopable:    true
default:     *
convert:     nodes

A node selector expression specifying the list of cluster nodes hosting object instances.

If not specified or left empty, the node evaluating the keyword is assumed to be the only instance hosting node.

Labels can be used to define a list of nodes by an arbitrary property. For example cn=fr cn=kr would be evaluated as n1 n2 n3 if n1 and n2 have the cn=fr label and n3 has the cn=kr label.

The glob syntax can be used in the node selector expression. For example n1 n[23] n4* would be expanded to n1 n2 n3 n4 in a n1 n2 n3 n4 n5 cluster.