---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.16.5
  name: dashboards.supabase.k8s.icb4dc0.de
spec:
  group: supabase.k8s.icb4dc0.de
  names:
    kind: Dashboard
    listKind: DashboardList
    plural: dashboards
    singular: dashboard
  scope: Namespaced
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        description: Dashboard is the Schema for the dashboards API.
        properties:
          apiVersion:
            description: |-
              APIVersion defines the versioned schema of this representation of an object.
              Servers should convert recognized schemas to the latest internal value, and
              may reject unrecognized values.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
            description: |-
              Kind is a string value representing the REST resource this object represents.
              Servers may infer this from the endpoint the client submits requests to.
              Cannot be updated.
              In CamelCase.
              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
          spec:
            description: DashboardSpec defines the desired state of Dashboard.
            properties:
              db:
                properties:
                  dbCredentialsRef:
                    description: |-
                      DBCredentialsRef - reference to a Secret key where the DB credentials can be retrieved from
                      Credentials need to be stored in basic auth form
                    properties:
                      name:
                        default: ""
                        description: |-
                          Name of the referent.
                          This field is effectively required, but due to backwards compatibility is
                          allowed to be empty. Instances of this type with an empty value here are
                          almost certainly wrong.
                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                        type: string
                    type: object
                    x-kubernetes-map-type: atomic
                  dbName:
                    type: string
                  host:
                    type: string
                  port:
                    default: 5432
                    description: Port - Database port, typically 5432
                    type: integer
                required:
                - dbCredentialsRef
                - dbName
                - host
                type: object
              pgMeta:
                description: PGMeta
                properties:
                  workloadTemplate:
                    description: WorkloadTemplate - customize the pg-meta deployment
                    properties:
                      additionalLabels:
                        additionalProperties:
                          type: string
                        type: object
                      replicas:
                        format: int32
                        type: integer
                      securityContext:
                        description: |-
                          PodSecurityContext holds pod-level security attributes and common container settings.
                          Some fields are also present in container.securityContext.  Field values of
                          container.securityContext take precedence over field values of PodSecurityContext.
                        properties:
                          appArmorProfile:
                            description: |-
                              appArmorProfile is the AppArmor options to use by the containers in this pod.
                              Note that this field cannot be set when spec.os.name is windows.
                            properties:
                              localhostProfile:
                                description: |-
                                  localhostProfile indicates a profile loaded on the node that should be used.
                                  The profile must be preconfigured on the node to work.
                                  Must match the loaded name of the profile.
                                  Must be set if and only if type is "Localhost".
                                type: string
                              type:
                                description: |-
                                  type indicates which kind of AppArmor profile will be applied.
                                  Valid options are:
                                    Localhost - a profile pre-loaded on the node.
                                    RuntimeDefault - the container runtime's default profile.
                                    Unconfined - no AppArmor enforcement.
                                type: string
                            required:
                            - type
                            type: object
                          fsGroup:
                            description: |-
                              A special supplemental group that applies to all containers in a pod.
                              Some volume types allow the Kubelet to change the ownership of that volume
                              to be owned by the pod:

                              1. The owning GID will be the FSGroup
                              2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
                              3. The permission bits are OR'd with rw-rw----

                              If unset, the Kubelet will not modify the ownership and permissions of any volume.
                              Note that this field cannot be set when spec.os.name is windows.
                            format: int64
                            type: integer
                          fsGroupChangePolicy:
                            description: |-
                              fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
                              before being exposed inside Pod. This field will only apply to
                              volume types which support fsGroup based ownership(and permissions).
                              It will have no effect on ephemeral volume types such as: secret, configmaps
                              and emptydir.
                              Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
                              Note that this field cannot be set when spec.os.name is windows.
                            type: string
                          runAsGroup:
                            description: |-
                              The GID to run the entrypoint of the container process.
                              Uses runtime default if unset.
                              May also be set in SecurityContext.  If set in both SecurityContext and
                              PodSecurityContext, the value specified in SecurityContext takes precedence
                              for that container.
                              Note that this field cannot be set when spec.os.name is windows.
                            format: int64
                            type: integer
                          runAsNonRoot:
                            description: |-
                              Indicates that the container must run as a non-root user.
                              If true, the Kubelet will validate the image at runtime to ensure that it
                              does not run as UID 0 (root) and fail to start the container if it does.
                              If unset or false, no such validation will be performed.
                              May also be set in SecurityContext.  If set in both SecurityContext and
                              PodSecurityContext, the value specified in SecurityContext takes precedence.
                            type: boolean
                          runAsUser:
                            description: |-
                              The UID to run the entrypoint of the container process.
                              Defaults to user specified in image metadata if unspecified.
                              May also be set in SecurityContext.  If set in both SecurityContext and
                              PodSecurityContext, the value specified in SecurityContext takes precedence
                              for that container.
                              Note that this field cannot be set when spec.os.name is windows.
                            format: int64
                            type: integer
                          seLinuxOptions:
                            description: |-
                              The SELinux context to be applied to all containers.
                              If unspecified, the container runtime will allocate a random SELinux context for each
                              container.  May also be set in SecurityContext.  If set in
                              both SecurityContext and PodSecurityContext, the value specified in SecurityContext
                              takes precedence for that container.
                              Note that this field cannot be set when spec.os.name is windows.
                            properties:
                              level:
                                description: Level is SELinux level label that applies
                                  to the container.
                                type: string
                              role:
                                description: Role is a SELinux role label that applies
                                  to the container.
                                type: string
                              type:
                                description: Type is a SELinux type label that applies
                                  to the container.
                                type: string
                              user:
                                description: User is a SELinux user label that applies
                                  to the container.
                                type: string
                            type: object
                          seccompProfile:
                            description: |-
                              The seccomp options to use by the containers in this pod.
                              Note that this field cannot be set when spec.os.name is windows.
                            properties:
                              localhostProfile:
                                description: |-
                                  localhostProfile indicates a profile defined in a file on the node should be used.
                                  The profile must be preconfigured on the node to work.
                                  Must be a descending path, relative to the kubelet's configured seccomp profile location.
                                  Must be set if type is "Localhost". Must NOT be set for any other type.
                                type: string
                              type:
                                description: |-
                                  type indicates which kind of seccomp profile will be applied.
                                  Valid options are:

                                  Localhost - a profile defined in a file on the node should be used.
                                  RuntimeDefault - the container runtime default profile should be used.
                                  Unconfined - no profile should be applied.
                                type: string
                            required:
                            - type
                            type: object
                          supplementalGroups:
                            description: |-
                              A list of groups applied to the first process run in each container, in
                              addition to the container's primary GID and fsGroup (if specified).  If
                              the SupplementalGroupsPolicy feature is enabled, the
                              supplementalGroupsPolicy field determines whether these are in addition
                              to or instead of any group memberships defined in the container image.
                              If unspecified, no additional groups are added, though group memberships
                              defined in the container image may still be used, depending on the
                              supplementalGroupsPolicy field.
                              Note that this field cannot be set when spec.os.name is windows.
                            items:
                              format: int64
                              type: integer
                            type: array
                            x-kubernetes-list-type: atomic
                          supplementalGroupsPolicy:
                            description: |-
                              Defines how supplemental groups of the first container processes are calculated.
                              Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
                              (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
                              and the container runtime must implement support for this feature.
                              Note that this field cannot be set when spec.os.name is windows.
                            type: string
                          sysctls:
                            description: |-
                              Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
                              sysctls (by the container runtime) might fail to launch.
                              Note that this field cannot be set when spec.os.name is windows.
                            items:
                              description: Sysctl defines a kernel parameter to be
                                set
                              properties:
                                name:
                                  description: Name of a property to set
                                  type: string
                                value:
                                  description: Value of a property to set
                                  type: string
                              required:
                              - name
                              - value
                              type: object
                            type: array
                            x-kubernetes-list-type: atomic
                          windowsOptions:
                            description: |-
                              The Windows specific settings applied to all containers.
                              If unspecified, the options within a container's SecurityContext will be used.
                              If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
                              Note that this field cannot be set when spec.os.name is linux.
                            properties:
                              gmsaCredentialSpec:
                                description: |-
                                  GMSACredentialSpec is where the GMSA admission webhook
                                  (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
                                  GMSA credential spec named by the GMSACredentialSpecName field.
                                type: string
                              gmsaCredentialSpecName:
                                description: GMSACredentialSpecName is the name of
                                  the GMSA credential spec to use.
                                type: string
                              hostProcess:
                                description: |-
                                  HostProcess determines if a container should be run as a 'Host Process' container.
                                  All of a Pod's containers must have the same effective HostProcess value
                                  (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
                                  In addition, if HostProcess is true then HostNetwork must also be set to true.
                                type: boolean
                              runAsUserName:
                                description: |-
                                  The UserName in Windows to run the entrypoint of the container process.
                                  Defaults to the user specified in image metadata if unspecified.
                                  May also be set in PodSecurityContext. If set in both SecurityContext and
                                  PodSecurityContext, the value specified in SecurityContext takes precedence.
                                type: string
                            type: object
                        type: object
                      workload:
                        description: Workload - customize the container template of
                          the workload
                        properties:
                          additionalEnv:
                            items:
                              description: EnvVar represents an environment variable
                                present in a Container.
                              properties:
                                name:
                                  description: Name of the environment variable. Must
                                    be a C_IDENTIFIER.
                                  type: string
                                value:
                                  description: |-
                                    Variable references $(VAR_NAME) are expanded
                                    using the previously defined environment variables in the container and
                                    any service environment variables. If a variable cannot be resolved,
                                    the reference in the input string will be unchanged. Double $$ are reduced
                                    to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
                                    "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
                                    Escaped references will never be expanded, regardless of whether the variable
                                    exists or not.
                                    Defaults to "".
                                  type: string
                                valueFrom:
                                  description: Source for the environment variable's
                                    value. Cannot be used if value is not empty.
                                  properties:
                                    configMapKeyRef:
                                      description: Selects a key of a ConfigMap.
                                      properties:
                                        key:
                                          description: The key to select.
                                          type: string
                                        name:
                                          default: ""
                                          description: |-
                                            Name of the referent.
                                            This field is effectively required, but due to backwards compatibility is
                                            allowed to be empty. Instances of this type with an empty value here are
                                            almost certainly wrong.
                                            More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          type: string
                                        optional:
                                          description: Specify whether the ConfigMap
                                            or its key must be defined
                                          type: boolean
                                      required:
                                      - key
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    fieldRef:
                                      description: |-
                                        Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
                                        spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
                                      properties:
                                        apiVersion:
                                          description: Version of the schema the FieldPath
                                            is written in terms of, defaults to "v1".
                                          type: string
                                        fieldPath:
                                          description: Path of the field to select
                                            in the specified API version.
                                          type: string
                                      required:
                                      - fieldPath
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    resourceFieldRef:
                                      description: |-
                                        Selects a resource of the container: only resources limits and requests
                                        (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
                                      properties:
                                        containerName:
                                          description: 'Container name: required for
                                            volumes, optional for env vars'
                                          type: string
                                        divisor:
                                          anyOf:
                                          - type: integer
                                          - type: string
                                          description: Specifies the output format
                                            of the exposed resources, defaults to
                                            "1"
                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                          x-kubernetes-int-or-string: true
                                        resource:
                                          description: 'Required: resource to select'
                                          type: string
                                      required:
                                      - resource
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    secretKeyRef:
                                      description: Selects a key of a secret in the
                                        pod's namespace
                                      properties:
                                        key:
                                          description: The key of the secret to select
                                            from.  Must be a valid secret key.
                                          type: string
                                        name:
                                          default: ""
                                          description: |-
                                            Name of the referent.
                                            This field is effectively required, but due to backwards compatibility is
                                            allowed to be empty. Instances of this type with an empty value here are
                                            almost certainly wrong.
                                            More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          type: string
                                        optional:
                                          description: Specify whether the Secret
                                            or its key must be defined
                                          type: boolean
                                      required:
                                      - key
                                      type: object
                                      x-kubernetes-map-type: atomic
                                  type: object
                              required:
                              - name
                              type: object
                            type: array
                          image:
                            type: string
                          imagePullSecrets:
                            items:
                              description: |-
                                LocalObjectReference contains enough information to let you locate the
                                referenced object inside the same namespace.
                              properties:
                                name:
                                  default: ""
                                  description: |-
                                    Name of the referent.
                                    This field is effectively required, but due to backwards compatibility is
                                    allowed to be empty. Instances of this type with an empty value here are
                                    almost certainly wrong.
                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                  type: string
                              type: object
                              x-kubernetes-map-type: atomic
                            type: array
                          pullPolicy:
                            description: PullPolicy describes a policy for if/when
                              to pull a container image
                            type: string
                          resources:
                            description: ResourceRequirements describes the compute
                              resource requirements.
                            properties:
                              claims:
                                description: |-
                                  Claims lists the names of resources, defined in spec.resourceClaims,
                                  that are used by this container.

                                  This is an alpha field and requires enabling the
                                  DynamicResourceAllocation feature gate.

                                  This field is immutable. It can only be set for containers.
                                items:
                                  description: ResourceClaim references one entry
                                    in PodSpec.ResourceClaims.
                                  properties:
                                    name:
                                      description: |-
                                        Name must match the name of one entry in pod.spec.resourceClaims of
                                        the Pod where this field is used. It makes that resource available
                                        inside a container.
                                      type: string
                                    request:
                                      description: |-
                                        Request is the name chosen for a request in the referenced claim.
                                        If empty, everything from the claim is made available, otherwise
                                        only the result of this request.
                                      type: string
                                  required:
                                  - name
                                  type: object
                                type: array
                                x-kubernetes-list-map-keys:
                                - name
                                x-kubernetes-list-type: map
                              limits:
                                additionalProperties:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                  x-kubernetes-int-or-string: true
                                description: |-
                                  Limits describes the maximum amount of compute resources allowed.
                                  More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
                                type: object
                              requests:
                                additionalProperties:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                  x-kubernetes-int-or-string: true
                                description: |-
                                  Requests describes the minimum amount of compute resources required.
                                  If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
                                  otherwise to an implementation-defined value. Requests cannot exceed Limits.
                                  More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
                                type: object
                            type: object
                          securityContext:
                            description: SecurityContext -
                            properties:
                              allowPrivilegeEscalation:
                                description: |-
                                  AllowPrivilegeEscalation controls whether a process can gain more
                                  privileges than its parent process. This bool directly controls if
                                  the no_new_privs flag will be set on the container process.
                                  AllowPrivilegeEscalation is true always when the container is:
                                  1) run as Privileged
                                  2) has CAP_SYS_ADMIN
                                  Note that this field cannot be set when spec.os.name is windows.
                                type: boolean
                              appArmorProfile:
                                description: |-
                                  appArmorProfile is the AppArmor options to use by this container. If set, this profile
                                  overrides the pod's appArmorProfile.
                                  Note that this field cannot be set when spec.os.name is windows.
                                properties:
                                  localhostProfile:
                                    description: |-
                                      localhostProfile indicates a profile loaded on the node that should be used.
                                      The profile must be preconfigured on the node to work.
                                      Must match the loaded name of the profile.
                                      Must be set if and only if type is "Localhost".
                                    type: string
                                  type:
                                    description: |-
                                      type indicates which kind of AppArmor profile will be applied.
                                      Valid options are:
                                        Localhost - a profile pre-loaded on the node.
                                        RuntimeDefault - the container runtime's default profile.
                                        Unconfined - no AppArmor enforcement.
                                    type: string
                                required:
                                - type
                                type: object
                              capabilities:
                                description: |-
                                  The capabilities to add/drop when running containers.
                                  Defaults to the default set of capabilities granted by the container runtime.
                                  Note that this field cannot be set when spec.os.name is windows.
                                properties:
                                  add:
                                    description: Added capabilities
                                    items:
                                      description: Capability represent POSIX capabilities
                                        type
                                      type: string
                                    type: array
                                    x-kubernetes-list-type: atomic
                                  drop:
                                    description: Removed capabilities
                                    items:
                                      description: Capability represent POSIX capabilities
                                        type
                                      type: string
                                    type: array
                                    x-kubernetes-list-type: atomic
                                type: object
                              privileged:
                                description: |-
                                  Run container in privileged mode.
                                  Processes in privileged containers are essentially equivalent to root on the host.
                                  Defaults to false.
                                  Note that this field cannot be set when spec.os.name is windows.
                                type: boolean
                              procMount:
                                description: |-
                                  procMount denotes the type of proc mount to use for the containers.
                                  The default value is Default which uses the container runtime defaults for
                                  readonly paths and masked paths.
                                  This requires the ProcMountType feature flag to be enabled.
                                  Note that this field cannot be set when spec.os.name is windows.
                                type: string
                              readOnlyRootFilesystem:
                                description: |-
                                  Whether this container has a read-only root filesystem.
                                  Default is false.
                                  Note that this field cannot be set when spec.os.name is windows.
                                type: boolean
                              runAsGroup:
                                description: |-
                                  The GID to run the entrypoint of the container process.
                                  Uses runtime default if unset.
                                  May also be set in PodSecurityContext.  If set in both SecurityContext and
                                  PodSecurityContext, the value specified in SecurityContext takes precedence.
                                  Note that this field cannot be set when spec.os.name is windows.
                                format: int64
                                type: integer
                              runAsNonRoot:
                                description: |-
                                  Indicates that the container must run as a non-root user.
                                  If true, the Kubelet will validate the image at runtime to ensure that it
                                  does not run as UID 0 (root) and fail to start the container if it does.
                                  If unset or false, no such validation will be performed.
                                  May also be set in PodSecurityContext.  If set in both SecurityContext and
                                  PodSecurityContext, the value specified in SecurityContext takes precedence.
                                type: boolean
                              runAsUser:
                                description: |-
                                  The UID to run the entrypoint of the container process.
                                  Defaults to user specified in image metadata if unspecified.
                                  May also be set in PodSecurityContext.  If set in both SecurityContext and
                                  PodSecurityContext, the value specified in SecurityContext takes precedence.
                                  Note that this field cannot be set when spec.os.name is windows.
                                format: int64
                                type: integer
                              seLinuxOptions:
                                description: |-
                                  The SELinux context to be applied to the container.
                                  If unspecified, the container runtime will allocate a random SELinux context for each
                                  container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
                                  PodSecurityContext, the value specified in SecurityContext takes precedence.
                                  Note that this field cannot be set when spec.os.name is windows.
                                properties:
                                  level:
                                    description: Level is SELinux level label that
                                      applies to the container.
                                    type: string
                                  role:
                                    description: Role is a SELinux role label that
                                      applies to the container.
                                    type: string
                                  type:
                                    description: Type is a SELinux type label that
                                      applies to the container.
                                    type: string
                                  user:
                                    description: User is a SELinux user label that
                                      applies to the container.
                                    type: string
                                type: object
                              seccompProfile:
                                description: |-
                                  The seccomp options to use by this container. If seccomp options are
                                  provided at both the pod & container level, the container options
                                  override the pod options.
                                  Note that this field cannot be set when spec.os.name is windows.
                                properties:
                                  localhostProfile:
                                    description: |-
                                      localhostProfile indicates a profile defined in a file on the node should be used.
                                      The profile must be preconfigured on the node to work.
                                      Must be a descending path, relative to the kubelet's configured seccomp profile location.
                                      Must be set if type is "Localhost". Must NOT be set for any other type.
                                    type: string
                                  type:
                                    description: |-
                                      type indicates which kind of seccomp profile will be applied.
                                      Valid options are:

                                      Localhost - a profile defined in a file on the node should be used.
                                      RuntimeDefault - the container runtime default profile should be used.
                                      Unconfined - no profile should be applied.
                                    type: string
                                required:
                                - type
                                type: object
                              windowsOptions:
                                description: |-
                                  The Windows specific settings applied to all containers.
                                  If unspecified, the options from the PodSecurityContext will be used.
                                  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
                                  Note that this field cannot be set when spec.os.name is linux.
                                properties:
                                  gmsaCredentialSpec:
                                    description: |-
                                      GMSACredentialSpec is where the GMSA admission webhook
                                      (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
                                      GMSA credential spec named by the GMSACredentialSpecName field.
                                    type: string
                                  gmsaCredentialSpecName:
                                    description: GMSACredentialSpecName is the name
                                      of the GMSA credential spec to use.
                                    type: string
                                  hostProcess:
                                    description: |-
                                      HostProcess determines if a container should be run as a 'Host Process' container.
                                      All of a Pod's containers must have the same effective HostProcess value
                                      (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
                                      In addition, if HostProcess is true then HostNetwork must also be set to true.
                                    type: boolean
                                  runAsUserName:
                                    description: |-
                                      The UserName in Windows to run the entrypoint of the container process.
                                      Defaults to the user specified in image metadata if unspecified.
                                      May also be set in PodSecurityContext. If set in both SecurityContext and
                                      PodSecurityContext, the value specified in SecurityContext takes precedence.
                                    type: string
                                type: object
                            type: object
                          volumeMounts:
                            items:
                              description: VolumeMount describes a mounting of a Volume
                                within a container.
                              properties:
                                mountPath:
                                  description: |-
                                    Path within the container at which the volume should be mounted.  Must
                                    not contain ':'.
                                  type: string
                                mountPropagation:
                                  description: |-
                                    mountPropagation determines how mounts are propagated from the host
                                    to container and the other way around.
                                    When not set, MountPropagationNone is used.
                                    This field is beta in 1.10.
                                    When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
                                    (which defaults to None).
                                  type: string
                                name:
                                  description: This must match the Name of a Volume.
                                  type: string
                                readOnly:
                                  description: |-
                                    Mounted read-only if true, read-write otherwise (false or unspecified).
                                    Defaults to false.
                                  type: boolean
                                recursiveReadOnly:
                                  description: |-
                                    RecursiveReadOnly specifies whether read-only mounts should be handled
                                    recursively.

                                    If ReadOnly is false, this field has no meaning and must be unspecified.

                                    If ReadOnly is true, and this field is set to Disabled, the mount is not made
                                    recursively read-only.  If this field is set to IfPossible, the mount is made
                                    recursively read-only, if it is supported by the container runtime.  If this
                                    field is set to Enabled, the mount is made recursively read-only if it is
                                    supported by the container runtime, otherwise the pod will not be started and
                                    an error will be generated to indicate the reason.

                                    If this field is set to IfPossible or Enabled, MountPropagation must be set to
                                    None (or be unspecified, which defaults to None).

                                    If this field is not specified, it is treated as an equivalent of Disabled.
                                  type: string
                                subPath:
                                  description: |-
                                    Path within the volume from which the container's volume should be mounted.
                                    Defaults to "" (volume's root).
                                  type: string
                                subPathExpr:
                                  description: |-
                                    Expanded path within the volume from which the container's volume should be mounted.
                                    Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
                                    Defaults to "" (volume's root).
                                    SubPathExpr and SubPath are mutually exclusive.
                                  type: string
                              required:
                              - mountPath
                              - name
                              type: object
                            type: array
                        type: object
                    required:
                    - securityContext
                    type: object
                type: object
              studio:
                description: Studio
                properties:
                  externalUrl:
                    description: |-
                      APIExternalURL is referring to the URL where Supabase API will be available
                      Typically this is the ingress of the API gateway
                    type: string
                  gatewayServiceSelector:
                    additionalProperties:
                      type: string
                    default:
                      app.kubernetes.io/component: api-gateway
                      app.kubernetes.io/name: envoy
                    description: |-
                      GatewayServiceSelector - selector to find the service for the API gateway
                      Required to configure the API URL in the studio deployment
                      If you don't run multiple APIGateway instances in the same namespaces, the default will be fine
                    type: object
                  jwt:
                    properties:
                      anonKey:
                        default: anon_key
                        description: AnonKey - key in secret where to read the anon
                          JWT from
                        type: string
                      secretKey:
                        default: secret
                        description: SecretKey - key in secret where to read the JWT
                          HMAC secret from
                        type: string
                      secretRef:
                        description: SecretRef - object reference to the Secret where
                          JWT values are stored
                        properties:
                          name:
                            default: ""
                            description: |-
                              Name of the referent.
                              This field is effectively required, but due to backwards compatibility is
                              allowed to be empty. Instances of this type with an empty value here are
                              almost certainly wrong.
                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                            type: string
                        type: object
                        x-kubernetes-map-type: atomic
                      serviceKey:
                        default: service_key
                        description: ServiceKey - key in secret where to read the
                          service JWT from
                        type: string
                    type: object
                  workloadTemplate:
                    description: WorkloadTemplate - customize the studio deployment
                    properties:
                      additionalLabels:
                        additionalProperties:
                          type: string
                        type: object
                      replicas:
                        format: int32
                        type: integer
                      securityContext:
                        description: |-
                          PodSecurityContext holds pod-level security attributes and common container settings.
                          Some fields are also present in container.securityContext.  Field values of
                          container.securityContext take precedence over field values of PodSecurityContext.
                        properties:
                          appArmorProfile:
                            description: |-
                              appArmorProfile is the AppArmor options to use by the containers in this pod.
                              Note that this field cannot be set when spec.os.name is windows.
                            properties:
                              localhostProfile:
                                description: |-
                                  localhostProfile indicates a profile loaded on the node that should be used.
                                  The profile must be preconfigured on the node to work.
                                  Must match the loaded name of the profile.
                                  Must be set if and only if type is "Localhost".
                                type: string
                              type:
                                description: |-
                                  type indicates which kind of AppArmor profile will be applied.
                                  Valid options are:
                                    Localhost - a profile pre-loaded on the node.
                                    RuntimeDefault - the container runtime's default profile.
                                    Unconfined - no AppArmor enforcement.
                                type: string
                            required:
                            - type
                            type: object
                          fsGroup:
                            description: |-
                              A special supplemental group that applies to all containers in a pod.
                              Some volume types allow the Kubelet to change the ownership of that volume
                              to be owned by the pod:

                              1. The owning GID will be the FSGroup
                              2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
                              3. The permission bits are OR'd with rw-rw----

                              If unset, the Kubelet will not modify the ownership and permissions of any volume.
                              Note that this field cannot be set when spec.os.name is windows.
                            format: int64
                            type: integer
                          fsGroupChangePolicy:
                            description: |-
                              fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
                              before being exposed inside Pod. This field will only apply to
                              volume types which support fsGroup based ownership(and permissions).
                              It will have no effect on ephemeral volume types such as: secret, configmaps
                              and emptydir.
                              Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
                              Note that this field cannot be set when spec.os.name is windows.
                            type: string
                          runAsGroup:
                            description: |-
                              The GID to run the entrypoint of the container process.
                              Uses runtime default if unset.
                              May also be set in SecurityContext.  If set in both SecurityContext and
                              PodSecurityContext, the value specified in SecurityContext takes precedence
                              for that container.
                              Note that this field cannot be set when spec.os.name is windows.
                            format: int64
                            type: integer
                          runAsNonRoot:
                            description: |-
                              Indicates that the container must run as a non-root user.
                              If true, the Kubelet will validate the image at runtime to ensure that it
                              does not run as UID 0 (root) and fail to start the container if it does.
                              If unset or false, no such validation will be performed.
                              May also be set in SecurityContext.  If set in both SecurityContext and
                              PodSecurityContext, the value specified in SecurityContext takes precedence.
                            type: boolean
                          runAsUser:
                            description: |-
                              The UID to run the entrypoint of the container process.
                              Defaults to user specified in image metadata if unspecified.
                              May also be set in SecurityContext.  If set in both SecurityContext and
                              PodSecurityContext, the value specified in SecurityContext takes precedence
                              for that container.
                              Note that this field cannot be set when spec.os.name is windows.
                            format: int64
                            type: integer
                          seLinuxOptions:
                            description: |-
                              The SELinux context to be applied to all containers.
                              If unspecified, the container runtime will allocate a random SELinux context for each
                              container.  May also be set in SecurityContext.  If set in
                              both SecurityContext and PodSecurityContext, the value specified in SecurityContext
                              takes precedence for that container.
                              Note that this field cannot be set when spec.os.name is windows.
                            properties:
                              level:
                                description: Level is SELinux level label that applies
                                  to the container.
                                type: string
                              role:
                                description: Role is a SELinux role label that applies
                                  to the container.
                                type: string
                              type:
                                description: Type is a SELinux type label that applies
                                  to the container.
                                type: string
                              user:
                                description: User is a SELinux user label that applies
                                  to the container.
                                type: string
                            type: object
                          seccompProfile:
                            description: |-
                              The seccomp options to use by the containers in this pod.
                              Note that this field cannot be set when spec.os.name is windows.
                            properties:
                              localhostProfile:
                                description: |-
                                  localhostProfile indicates a profile defined in a file on the node should be used.
                                  The profile must be preconfigured on the node to work.
                                  Must be a descending path, relative to the kubelet's configured seccomp profile location.
                                  Must be set if type is "Localhost". Must NOT be set for any other type.
                                type: string
                              type:
                                description: |-
                                  type indicates which kind of seccomp profile will be applied.
                                  Valid options are:

                                  Localhost - a profile defined in a file on the node should be used.
                                  RuntimeDefault - the container runtime default profile should be used.
                                  Unconfined - no profile should be applied.
                                type: string
                            required:
                            - type
                            type: object
                          supplementalGroups:
                            description: |-
                              A list of groups applied to the first process run in each container, in
                              addition to the container's primary GID and fsGroup (if specified).  If
                              the SupplementalGroupsPolicy feature is enabled, the
                              supplementalGroupsPolicy field determines whether these are in addition
                              to or instead of any group memberships defined in the container image.
                              If unspecified, no additional groups are added, though group memberships
                              defined in the container image may still be used, depending on the
                              supplementalGroupsPolicy field.
                              Note that this field cannot be set when spec.os.name is windows.
                            items:
                              format: int64
                              type: integer
                            type: array
                            x-kubernetes-list-type: atomic
                          supplementalGroupsPolicy:
                            description: |-
                              Defines how supplemental groups of the first container processes are calculated.
                              Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
                              (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
                              and the container runtime must implement support for this feature.
                              Note that this field cannot be set when spec.os.name is windows.
                            type: string
                          sysctls:
                            description: |-
                              Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
                              sysctls (by the container runtime) might fail to launch.
                              Note that this field cannot be set when spec.os.name is windows.
                            items:
                              description: Sysctl defines a kernel parameter to be
                                set
                              properties:
                                name:
                                  description: Name of a property to set
                                  type: string
                                value:
                                  description: Value of a property to set
                                  type: string
                              required:
                              - name
                              - value
                              type: object
                            type: array
                            x-kubernetes-list-type: atomic
                          windowsOptions:
                            description: |-
                              The Windows specific settings applied to all containers.
                              If unspecified, the options within a container's SecurityContext will be used.
                              If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
                              Note that this field cannot be set when spec.os.name is linux.
                            properties:
                              gmsaCredentialSpec:
                                description: |-
                                  GMSACredentialSpec is where the GMSA admission webhook
                                  (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
                                  GMSA credential spec named by the GMSACredentialSpecName field.
                                type: string
                              gmsaCredentialSpecName:
                                description: GMSACredentialSpecName is the name of
                                  the GMSA credential spec to use.
                                type: string
                              hostProcess:
                                description: |-
                                  HostProcess determines if a container should be run as a 'Host Process' container.
                                  All of a Pod's containers must have the same effective HostProcess value
                                  (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
                                  In addition, if HostProcess is true then HostNetwork must also be set to true.
                                type: boolean
                              runAsUserName:
                                description: |-
                                  The UserName in Windows to run the entrypoint of the container process.
                                  Defaults to the user specified in image metadata if unspecified.
                                  May also be set in PodSecurityContext. If set in both SecurityContext and
                                  PodSecurityContext, the value specified in SecurityContext takes precedence.
                                type: string
                            type: object
                        type: object
                      workload:
                        description: Workload - customize the container template of
                          the workload
                        properties:
                          additionalEnv:
                            items:
                              description: EnvVar represents an environment variable
                                present in a Container.
                              properties:
                                name:
                                  description: Name of the environment variable. Must
                                    be a C_IDENTIFIER.
                                  type: string
                                value:
                                  description: |-
                                    Variable references $(VAR_NAME) are expanded
                                    using the previously defined environment variables in the container and
                                    any service environment variables. If a variable cannot be resolved,
                                    the reference in the input string will be unchanged. Double $$ are reduced
                                    to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
                                    "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
                                    Escaped references will never be expanded, regardless of whether the variable
                                    exists or not.
                                    Defaults to "".
                                  type: string
                                valueFrom:
                                  description: Source for the environment variable's
                                    value. Cannot be used if value is not empty.
                                  properties:
                                    configMapKeyRef:
                                      description: Selects a key of a ConfigMap.
                                      properties:
                                        key:
                                          description: The key to select.
                                          type: string
                                        name:
                                          default: ""
                                          description: |-
                                            Name of the referent.
                                            This field is effectively required, but due to backwards compatibility is
                                            allowed to be empty. Instances of this type with an empty value here are
                                            almost certainly wrong.
                                            More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          type: string
                                        optional:
                                          description: Specify whether the ConfigMap
                                            or its key must be defined
                                          type: boolean
                                      required:
                                      - key
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    fieldRef:
                                      description: |-
                                        Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
                                        spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
                                      properties:
                                        apiVersion:
                                          description: Version of the schema the FieldPath
                                            is written in terms of, defaults to "v1".
                                          type: string
                                        fieldPath:
                                          description: Path of the field to select
                                            in the specified API version.
                                          type: string
                                      required:
                                      - fieldPath
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    resourceFieldRef:
                                      description: |-
                                        Selects a resource of the container: only resources limits and requests
                                        (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
                                      properties:
                                        containerName:
                                          description: 'Container name: required for
                                            volumes, optional for env vars'
                                          type: string
                                        divisor:
                                          anyOf:
                                          - type: integer
                                          - type: string
                                          description: Specifies the output format
                                            of the exposed resources, defaults to
                                            "1"
                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                          x-kubernetes-int-or-string: true
                                        resource:
                                          description: 'Required: resource to select'
                                          type: string
                                      required:
                                      - resource
                                      type: object
                                      x-kubernetes-map-type: atomic
                                    secretKeyRef:
                                      description: Selects a key of a secret in the
                                        pod's namespace
                                      properties:
                                        key:
                                          description: The key of the secret to select
                                            from.  Must be a valid secret key.
                                          type: string
                                        name:
                                          default: ""
                                          description: |-
                                            Name of the referent.
                                            This field is effectively required, but due to backwards compatibility is
                                            allowed to be empty. Instances of this type with an empty value here are
                                            almost certainly wrong.
                                            More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          type: string
                                        optional:
                                          description: Specify whether the Secret
                                            or its key must be defined
                                          type: boolean
                                      required:
                                      - key
                                      type: object
                                      x-kubernetes-map-type: atomic
                                  type: object
                              required:
                              - name
                              type: object
                            type: array
                          image:
                            type: string
                          imagePullSecrets:
                            items:
                              description: |-
                                LocalObjectReference contains enough information to let you locate the
                                referenced object inside the same namespace.
                              properties:
                                name:
                                  default: ""
                                  description: |-
                                    Name of the referent.
                                    This field is effectively required, but due to backwards compatibility is
                                    allowed to be empty. Instances of this type with an empty value here are
                                    almost certainly wrong.
                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                  type: string
                              type: object
                              x-kubernetes-map-type: atomic
                            type: array
                          pullPolicy:
                            description: PullPolicy describes a policy for if/when
                              to pull a container image
                            type: string
                          resources:
                            description: ResourceRequirements describes the compute
                              resource requirements.
                            properties:
                              claims:
                                description: |-
                                  Claims lists the names of resources, defined in spec.resourceClaims,
                                  that are used by this container.

                                  This is an alpha field and requires enabling the
                                  DynamicResourceAllocation feature gate.

                                  This field is immutable. It can only be set for containers.
                                items:
                                  description: ResourceClaim references one entry
                                    in PodSpec.ResourceClaims.
                                  properties:
                                    name:
                                      description: |-
                                        Name must match the name of one entry in pod.spec.resourceClaims of
                                        the Pod where this field is used. It makes that resource available
                                        inside a container.
                                      type: string
                                    request:
                                      description: |-
                                        Request is the name chosen for a request in the referenced claim.
                                        If empty, everything from the claim is made available, otherwise
                                        only the result of this request.
                                      type: string
                                  required:
                                  - name
                                  type: object
                                type: array
                                x-kubernetes-list-map-keys:
                                - name
                                x-kubernetes-list-type: map
                              limits:
                                additionalProperties:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                  x-kubernetes-int-or-string: true
                                description: |-
                                  Limits describes the maximum amount of compute resources allowed.
                                  More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
                                type: object
                              requests:
                                additionalProperties:
                                  anyOf:
                                  - type: integer
                                  - type: string
                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                  x-kubernetes-int-or-string: true
                                description: |-
                                  Requests describes the minimum amount of compute resources required.
                                  If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
                                  otherwise to an implementation-defined value. Requests cannot exceed Limits.
                                  More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
                                type: object
                            type: object
                          securityContext:
                            description: SecurityContext -
                            properties:
                              allowPrivilegeEscalation:
                                description: |-
                                  AllowPrivilegeEscalation controls whether a process can gain more
                                  privileges than its parent process. This bool directly controls if
                                  the no_new_privs flag will be set on the container process.
                                  AllowPrivilegeEscalation is true always when the container is:
                                  1) run as Privileged
                                  2) has CAP_SYS_ADMIN
                                  Note that this field cannot be set when spec.os.name is windows.
                                type: boolean
                              appArmorProfile:
                                description: |-
                                  appArmorProfile is the AppArmor options to use by this container. If set, this profile
                                  overrides the pod's appArmorProfile.
                                  Note that this field cannot be set when spec.os.name is windows.
                                properties:
                                  localhostProfile:
                                    description: |-
                                      localhostProfile indicates a profile loaded on the node that should be used.
                                      The profile must be preconfigured on the node to work.
                                      Must match the loaded name of the profile.
                                      Must be set if and only if type is "Localhost".
                                    type: string
                                  type:
                                    description: |-
                                      type indicates which kind of AppArmor profile will be applied.
                                      Valid options are:
                                        Localhost - a profile pre-loaded on the node.
                                        RuntimeDefault - the container runtime's default profile.
                                        Unconfined - no AppArmor enforcement.
                                    type: string
                                required:
                                - type
                                type: object
                              capabilities:
                                description: |-
                                  The capabilities to add/drop when running containers.
                                  Defaults to the default set of capabilities granted by the container runtime.
                                  Note that this field cannot be set when spec.os.name is windows.
                                properties:
                                  add:
                                    description: Added capabilities
                                    items:
                                      description: Capability represent POSIX capabilities
                                        type
                                      type: string
                                    type: array
                                    x-kubernetes-list-type: atomic
                                  drop:
                                    description: Removed capabilities
                                    items:
                                      description: Capability represent POSIX capabilities
                                        type
                                      type: string
                                    type: array
                                    x-kubernetes-list-type: atomic
                                type: object
                              privileged:
                                description: |-
                                  Run container in privileged mode.
                                  Processes in privileged containers are essentially equivalent to root on the host.
                                  Defaults to false.
                                  Note that this field cannot be set when spec.os.name is windows.
                                type: boolean
                              procMount:
                                description: |-
                                  procMount denotes the type of proc mount to use for the containers.
                                  The default value is Default which uses the container runtime defaults for
                                  readonly paths and masked paths.
                                  This requires the ProcMountType feature flag to be enabled.
                                  Note that this field cannot be set when spec.os.name is windows.
                                type: string
                              readOnlyRootFilesystem:
                                description: |-
                                  Whether this container has a read-only root filesystem.
                                  Default is false.
                                  Note that this field cannot be set when spec.os.name is windows.
                                type: boolean
                              runAsGroup:
                                description: |-
                                  The GID to run the entrypoint of the container process.
                                  Uses runtime default if unset.
                                  May also be set in PodSecurityContext.  If set in both SecurityContext and
                                  PodSecurityContext, the value specified in SecurityContext takes precedence.
                                  Note that this field cannot be set when spec.os.name is windows.
                                format: int64
                                type: integer
                              runAsNonRoot:
                                description: |-
                                  Indicates that the container must run as a non-root user.
                                  If true, the Kubelet will validate the image at runtime to ensure that it
                                  does not run as UID 0 (root) and fail to start the container if it does.
                                  If unset or false, no such validation will be performed.
                                  May also be set in PodSecurityContext.  If set in both SecurityContext and
                                  PodSecurityContext, the value specified in SecurityContext takes precedence.
                                type: boolean
                              runAsUser:
                                description: |-
                                  The UID to run the entrypoint of the container process.
                                  Defaults to user specified in image metadata if unspecified.
                                  May also be set in PodSecurityContext.  If set in both SecurityContext and
                                  PodSecurityContext, the value specified in SecurityContext takes precedence.
                                  Note that this field cannot be set when spec.os.name is windows.
                                format: int64
                                type: integer
                              seLinuxOptions:
                                description: |-
                                  The SELinux context to be applied to the container.
                                  If unspecified, the container runtime will allocate a random SELinux context for each
                                  container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
                                  PodSecurityContext, the value specified in SecurityContext takes precedence.
                                  Note that this field cannot be set when spec.os.name is windows.
                                properties:
                                  level:
                                    description: Level is SELinux level label that
                                      applies to the container.
                                    type: string
                                  role:
                                    description: Role is a SELinux role label that
                                      applies to the container.
                                    type: string
                                  type:
                                    description: Type is a SELinux type label that
                                      applies to the container.
                                    type: string
                                  user:
                                    description: User is a SELinux user label that
                                      applies to the container.
                                    type: string
                                type: object
                              seccompProfile:
                                description: |-
                                  The seccomp options to use by this container. If seccomp options are
                                  provided at both the pod & container level, the container options
                                  override the pod options.
                                  Note that this field cannot be set when spec.os.name is windows.
                                properties:
                                  localhostProfile:
                                    description: |-
                                      localhostProfile indicates a profile defined in a file on the node should be used.
                                      The profile must be preconfigured on the node to work.
                                      Must be a descending path, relative to the kubelet's configured seccomp profile location.
                                      Must be set if type is "Localhost". Must NOT be set for any other type.
                                    type: string
                                  type:
                                    description: |-
                                      type indicates which kind of seccomp profile will be applied.
                                      Valid options are:

                                      Localhost - a profile defined in a file on the node should be used.
                                      RuntimeDefault - the container runtime default profile should be used.
                                      Unconfined - no profile should be applied.
                                    type: string
                                required:
                                - type
                                type: object
                              windowsOptions:
                                description: |-
                                  The Windows specific settings applied to all containers.
                                  If unspecified, the options from the PodSecurityContext will be used.
                                  If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
                                  Note that this field cannot be set when spec.os.name is linux.
                                properties:
                                  gmsaCredentialSpec:
                                    description: |-
                                      GMSACredentialSpec is where the GMSA admission webhook
                                      (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
                                      GMSA credential spec named by the GMSACredentialSpecName field.
                                    type: string
                                  gmsaCredentialSpecName:
                                    description: GMSACredentialSpecName is the name
                                      of the GMSA credential spec to use.
                                    type: string
                                  hostProcess:
                                    description: |-
                                      HostProcess determines if a container should be run as a 'Host Process' container.
                                      All of a Pod's containers must have the same effective HostProcess value
                                      (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
                                      In addition, if HostProcess is true then HostNetwork must also be set to true.
                                    type: boolean
                                  runAsUserName:
                                    description: |-
                                      The UserName in Windows to run the entrypoint of the container process.
                                      Defaults to the user specified in image metadata if unspecified.
                                      May also be set in PodSecurityContext. If set in both SecurityContext and
                                      PodSecurityContext, the value specified in SecurityContext takes precedence.
                                    type: string
                                type: object
                            type: object
                          volumeMounts:
                            items:
                              description: VolumeMount describes a mounting of a Volume
                                within a container.
                              properties:
                                mountPath:
                                  description: |-
                                    Path within the container at which the volume should be mounted.  Must
                                    not contain ':'.
                                  type: string
                                mountPropagation:
                                  description: |-
                                    mountPropagation determines how mounts are propagated from the host
                                    to container and the other way around.
                                    When not set, MountPropagationNone is used.
                                    This field is beta in 1.10.
                                    When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
                                    (which defaults to None).
                                  type: string
                                name:
                                  description: This must match the Name of a Volume.
                                  type: string
                                readOnly:
                                  description: |-
                                    Mounted read-only if true, read-write otherwise (false or unspecified).
                                    Defaults to false.
                                  type: boolean
                                recursiveReadOnly:
                                  description: |-
                                    RecursiveReadOnly specifies whether read-only mounts should be handled
                                    recursively.

                                    If ReadOnly is false, this field has no meaning and must be unspecified.

                                    If ReadOnly is true, and this field is set to Disabled, the mount is not made
                                    recursively read-only.  If this field is set to IfPossible, the mount is made
                                    recursively read-only, if it is supported by the container runtime.  If this
                                    field is set to Enabled, the mount is made recursively read-only if it is
                                    supported by the container runtime, otherwise the pod will not be started and
                                    an error will be generated to indicate the reason.

                                    If this field is set to IfPossible or Enabled, MountPropagation must be set to
                                    None (or be unspecified, which defaults to None).

                                    If this field is not specified, it is treated as an equivalent of Disabled.
                                  type: string
                                subPath:
                                  description: |-
                                    Path within the volume from which the container's volume should be mounted.
                                    Defaults to "" (volume's root).
                                  type: string
                                subPathExpr:
                                  description: |-
                                    Expanded path within the volume from which the container's volume should be mounted.
                                    Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
                                    Defaults to "" (volume's root).
                                    SubPathExpr and SubPath are mutually exclusive.
                                  type: string
                              required:
                              - mountPath
                              - name
                              type: object
                            type: array
                        type: object
                    required:
                    - securityContext
                    type: object
                required:
                - externalUrl
                type: object
            required:
            - db
            type: object
          status:
            description: DashboardStatus defines the observed state of Dashboard.
            type: object
        type: object
    served: true
    storage: true
    subresources:
      status: {}