1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 name: persistence.edge.ncr.com
5 annotations:
6 controller-gen.kubebuilder.io/version: (unknown)
7spec:
8 group: edge.ncr.com
9 names:
10 kind: Persistence
11 listKind: PersistenceList
12 plural: persistence
13 singular: persistence
14 scope: Namespaced
15 versions:
16 - name: v1alpha1
17 schema:
18 openAPIV3Schema:
19 type: object
20 description: Persistence is the Schema for the Persistence API
21 properties:
22 apiVersion:
23 type: string
24 description: |-
25 APIVersion defines the versioned schema of this representation of an object.
26 Servers should convert recognized schemas to the latest internal value, and
27 may reject unrecognized values.
28 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
29 kind:
30 type: string
31 description: |-
32 Kind is a string value representing the REST resource this object represents.
33 Servers may infer this from the endpoint the client submits requests to.
34 Cannot be updated.
35 In CamelCase.
36 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
37 metadata:
38 type: object
39 spec:
40 type: object
41 description: PersistencSpec defines the desired state of Persistence
42 properties:
43 nameSubstitution:
44 type: string
45 nodeSelectorTerms:
46 type: array
47 items:
48 type: object
49 description: |-
50 A null or empty node selector term matches no objects. The requirements of
51 them are ANDed.
52 The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
53 properties:
54 matchExpressions:
55 type: array
56 description: A list of node selector requirements by node's labels.
57 items:
58 type: object
59 description: |-
60 A node selector requirement is a selector that contains values, a key, and an operator
61 that relates the key and values.
62 properties:
63 key:
64 type: string
65 description: The label key that the selector applies to.
66 operator:
67 type: string
68 description: |-
69 Represents a key's relationship to a set of values.
70 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
71 values:
72 type: array
73 description: |-
74 An array of string values. If the operator is In or NotIn,
75 the values array must be non-empty. If the operator is Exists or DoesNotExist,
76 the values array must be empty. If the operator is Gt or Lt, the values
77 array must have a single element, which will be interpreted as an integer.
78 This array is replaced during a strategic merge patch.
79 items:
80 type: string
81 x-kubernetes-list-type: atomic
82 required:
83 - key
84 - operator
85 x-kubernetes-list-type: atomic
86 matchFields:
87 type: array
88 description: A list of node selector requirements by node's fields.
89 items:
90 type: object
91 description: |-
92 A node selector requirement is a selector that contains values, a key, and an operator
93 that relates the key and values.
94 properties:
95 key:
96 type: string
97 description: The label key that the selector applies to.
98 operator:
99 type: string
100 description: |-
101 Represents a key's relationship to a set of values.
102 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
103 values:
104 type: array
105 description: |-
106 An array of string values. If the operator is In or NotIn,
107 the values array must be non-empty. If the operator is Exists or DoesNotExist,
108 the values array must be empty. If the operator is Gt or Lt, the values
109 array must have a single element, which will be interpreted as an integer.
110 This array is replaced during a strategic merge patch.
111 items:
112 type: string
113 x-kubernetes-list-type: atomic
114 required:
115 - key
116 - operator
117 x-kubernetes-list-type: atomic
118 x-kubernetes-map-type: atomic
119 statefulSet:
120 type: object
121 description: |-
122 StatefulSet represents a set of pods with consistent identities.
123 Identities are defined as:
124 - Network: A single stable DNS and hostname.
125 - Storage: As many VolumeClaims as requested.
126
127
128 The StatefulSet guarantees that a given network identity will always
129 map to the same storage identity.
130 properties:
131 apiVersion:
132 type: string
133 description: |-
134 APIVersion defines the versioned schema of this representation of an object.
135 Servers should convert recognized schemas to the latest internal value, and
136 may reject unrecognized values.
137 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
138 kind:
139 type: string
140 description: |-
141 Kind is a string value representing the REST resource this object represents.
142 Servers may infer this from the endpoint the client submits requests to.
143 Cannot be updated.
144 In CamelCase.
145 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
146 metadata:
147 type: object
148 description: |-
149 Standard object's metadata.
150 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
151 properties:
152 name:
153 type: string
154 namespace:
155 type: string
156 labels:
157 type: object
158 additionalProperties:
159 type: string
160 annotations:
161 type: object
162 additionalProperties:
163 type: string
164 finalizers:
165 type: array
166 items:
167 type: string
168 spec:
169 type: object
170 description: Spec defines the desired identities of pods in this set.
171 properties:
172 replicas:
173 type: integer
174 description: |-
175 replicas is the desired number of replicas of the given Template.
176 These are replicas in the sense that they are instantiations of the
177 same Template, but individual replicas also have a consistent identity.
178 If unspecified, defaults to 1.
179 TODO: Consider a rename of this field.
180 format: int32
181 selector:
182 type: object
183 description: |-
184 selector is a label query over pods that should match the replica count.
185 It must match the pod template's labels.
186 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
187 properties:
188 matchExpressions:
189 type: array
190 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
191 items:
192 type: object
193 description: |-
194 A label selector requirement is a selector that contains values, a key, and an operator that
195 relates the key and values.
196 properties:
197 key:
198 type: string
199 description: key is the label key that the selector applies to.
200 operator:
201 type: string
202 description: |-
203 operator represents a key's relationship to a set of values.
204 Valid operators are In, NotIn, Exists and DoesNotExist.
205 values:
206 type: array
207 description: |-
208 values is an array of string values. If the operator is In or NotIn,
209 the values array must be non-empty. If the operator is Exists or DoesNotExist,
210 the values array must be empty. This array is replaced during a strategic
211 merge patch.
212 items:
213 type: string
214 x-kubernetes-list-type: atomic
215 required:
216 - key
217 - operator
218 x-kubernetes-list-type: atomic
219 matchLabels:
220 type: object
221 additionalProperties:
222 type: string
223 description: |-
224 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
225 map is equivalent to an element of matchExpressions, whose key field is "key", the
226 operator is "In", and the values array contains only "value". The requirements are ANDed.
227 x-kubernetes-map-type: atomic
228 template:
229 type: object
230 description: |-
231 template is the object that describes the pod that will be created if
232 insufficient replicas are detected. Each pod stamped out by the StatefulSet
233 will fulfill this Template, but have a unique identity from the rest
234 of the StatefulSet. Each pod will be named with the format
235 <statefulsetname>-<podindex>. For example, a pod in a StatefulSet named
236 "web" with index number "3" would be named "web-3".
237 The only allowed template.spec.restartPolicy value is "Always".
238 properties:
239 metadata:
240 type: object
241 description: |-
242 Standard object's metadata.
243 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
244 properties:
245 name:
246 type: string
247 namespace:
248 type: string
249 labels:
250 type: object
251 additionalProperties:
252 type: string
253 annotations:
254 type: object
255 additionalProperties:
256 type: string
257 finalizers:
258 type: array
259 items:
260 type: string
261 spec:
262 type: object
263 description: |-
264 Specification of the desired behavior of the pod.
265 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
266 properties:
267 restartPolicy:
268 type: string
269 description: |-
270 Restart policy for all containers within the pod.
271 One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.
272 Default to Always.
273 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
274 terminationGracePeriodSeconds:
275 type: integer
276 description: |-
277 Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.
278 Value must be non-negative integer. The value zero indicates stop immediately via
279 the kill signal (no opportunity to shut down).
280 If this value is nil, the default grace period will be used instead.
281 The grace period is the duration in seconds after the processes running in the pod are sent
282 a termination signal and the time when the processes are forcibly halted with a kill signal.
283 Set this value longer than the expected cleanup time for your process.
284 Defaults to 30 seconds.
285 format: int64
286 activeDeadlineSeconds:
287 type: integer
288 description: |-
289 Optional duration in seconds the pod may be active on the node relative to
290 StartTime before the system will actively try to mark it failed and kill associated containers.
291 Value must be a positive integer.
292 format: int64
293 dnsPolicy:
294 type: string
295 description: |-
296 Set DNS policy for the pod.
297 Defaults to "ClusterFirst".
298 Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.
299 DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.
300 To have DNS options set along with hostNetwork, you have to specify DNS policy
301 explicitly to 'ClusterFirstWithHostNet'.
302 serviceAccountName:
303 type: string
304 description: |-
305 ServiceAccountName is the name of the ServiceAccount to use to run this pod.
306 More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
307 serviceAccount:
308 type: string
309 description: |-
310 DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.
311 Deprecated: Use serviceAccountName instead.
312 automountServiceAccountToken:
313 type: boolean
314 description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
315 nodeName:
316 type: string
317 description: |-
318 NodeName is a request to schedule this pod onto a specific node. If it is non-empty,
319 the scheduler simply schedules this pod onto that node, assuming that it fits resource
320 requirements.
321 hostNetwork:
322 type: boolean
323 description: |-
324 Host networking requested for this pod. Use the host's network namespace.
325 If this option is set, the ports that will be used must be specified.
326 Default to false.
327 hostPID:
328 type: boolean
329 description: |-
330 Use the host's pid namespace.
331 Optional: Default to false.
332 hostIPC:
333 type: boolean
334 description: |-
335 Use the host's ipc namespace.
336 Optional: Default to false.
337 shareProcessNamespace:
338 type: boolean
339 description: |-
340 Share a single process namespace between all of the containers in a pod.
341 When this is set containers will be able to view and signal processes from other containers
342 in the same pod, and the first process in each container will not be assigned PID 1.
343 HostPID and ShareProcessNamespace cannot both be set.
344 Optional: Default to false.
345 hostname:
346 type: string
347 description: |-
348 Specifies the hostname of the Pod
349 If not specified, the pod's hostname will be set to a system-defined value.
350 subdomain:
351 type: string
352 description: |-
353 If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>".
354 If not specified, the pod will not have a domainname at all.
355 schedulerName:
356 type: string
357 description: |-
358 If specified, the pod will be dispatched by specified scheduler.
359 If not specified, the pod will be dispatched by default scheduler.
360 priorityClassName:
361 type: string
362 description: |-
363 If specified, indicates the pod's priority. "system-node-critical" and
364 "system-cluster-critical" are two special keywords which indicate the
365 highest priorities with the former being the highest priority. Any other
366 name must be defined by creating a PriorityClass object with that name.
367 If not specified, the pod priority will be default or zero if there is no
368 default.
369 priority:
370 type: integer
371 description: |-
372 The priority value. Various system components use this field to find the
373 priority of the pod. When Priority Admission Controller is enabled, it
374 prevents users from setting this field. The admission controller populates
375 this field from PriorityClassName.
376 The higher the value, the higher the priority.
377 format: int32
378 runtimeClassName:
379 type: string
380 description: |-
381 RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
382 to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.
383 If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an
384 empty definition that uses the default runtime handler.
385 More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class
386 enableServiceLinks:
387 type: boolean
388 description: |-
389 EnableServiceLinks indicates whether information about services should be injected into pod's
390 environment variables, matching the syntax of Docker links.
391 Optional: Defaults to true.
392 nodeSelector:
393 type: object
394 additionalProperties:
395 type: string
396 description: |-
397 NodeSelector is a selector which must be true for the pod to fit on a node.
398 Selector which must match a node's labels for the pod to be scheduled on that node.
399 More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
400 x-kubernetes-map-type: atomic
401 hostAliases:
402 type: array
403 description: |-
404 HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
405 file if specified.
406 items:
407 type: object
408 description: |-
409 HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
410 pod's hosts file.
411 properties:
412 hostnames:
413 type: array
414 description: Hostnames for the above IP address.
415 items:
416 type: string
417 x-kubernetes-list-type: atomic
418 ip:
419 type: string
420 description: IP address of the host file entry.
421 required:
422 - ip
423 x-kubernetes-list-map-keys:
424 - ip
425 x-kubernetes-list-type: map
426 initContainers:
427 type: array
428 description: |-
429 List of initialization containers belonging to the pod.
430 Init containers are executed in order prior to containers being started. If any
431 init container fails, the pod is considered to have failed and is handled according
432 to its restartPolicy. The name for an init container or normal container must be
433 unique among all containers.
434 Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
435 The resourceRequirements of an init container are taken into account during scheduling
436 by finding the highest request/limit for each resource type, and then using the max of
437 of that value or the sum of the normal containers. Limits are applied to init containers
438 in a similar fashion.
439 Init containers cannot currently be added or removed.
440 Cannot be updated.
441 More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
442 items:
443 type: object
444 description: A single application container that you want to run within a pod.
445 properties:
446 name:
447 type: string
448 description: |-
449 Name of the container specified as a DNS_LABEL.
450 Each container in a pod must have a unique name (DNS_LABEL).
451 Cannot be updated.
452 restartPolicy:
453 type: string
454 description: |-
455 RestartPolicy defines the restart behavior of individual containers in a pod.
456 This field may only be set for init containers, and the only allowed value is "Always".
457 For non-init containers or when this field is not specified,
458 the restart behavior is defined by the Pod's restart policy and the container type.
459 Setting the RestartPolicy as "Always" for the init container will have the following effect:
460 this init container will be continually restarted on
461 exit until all regular containers have terminated. Once all regular
462 containers have completed, all init containers with restartPolicy "Always"
463 will be shut down. This lifecycle differs from normal init containers and
464 is often referred to as a "sidecar" container. Although this init
465 container still starts in the init container sequence, it does not wait
466 for the container to complete before proceeding to the next init
467 container. Instead, the next init container starts immediately after this
468 init container is started, or after any startupProbe has successfully
469 completed.
470 image:
471 type: string
472 description: |-
473 Container image name.
474 More info: https://kubernetes.io/docs/concepts/containers/images
475 This field is optional to allow higher level config management to default or override
476 container images in workload controllers like Deployments and StatefulSets.
477 command:
478 type: array
479 description: |-
480 Entrypoint array. Not executed within a shell.
481 The container image's ENTRYPOINT is used if this is not provided.
482 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
483 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
484 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
485 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
486 of whether the variable exists or not. Cannot be updated.
487 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
488 items:
489 type: string
490 x-kubernetes-list-type: atomic
491 args:
492 type: array
493 description: |-
494 Arguments to the entrypoint.
495 The container image's CMD is used if this is not provided.
496 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
497 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
498 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
499 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
500 of whether the variable exists or not. Cannot be updated.
501 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
502 items:
503 type: string
504 x-kubernetes-list-type: atomic
505 workingDir:
506 type: string
507 description: |-
508 Container's working directory.
509 If not specified, the container runtime's default will be used, which
510 might be configured in the container image.
511 Cannot be updated.
512 ports:
513 type: array
514 description: |-
515 List of ports to expose from the container. Not specifying a port here
516 DOES NOT prevent that port from being exposed. Any port which is
517 listening on the default "0.0.0.0" address inside a container will be
518 accessible from the network.
519 Modifying this array with strategic merge patch may corrupt the data.
520 For more information See https://github.com/kubernetes/kubernetes/issues/108255.
521 Cannot be updated.
522 items:
523 type: object
524 description: ContainerPort represents a network port in a single container.
525 properties:
526 name:
527 type: string
528 description: |-
529 If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
530 named port in a pod must have a unique name. Name for the port that can be
531 referred to by services.
532 protocol:
533 type: string
534 default: TCP
535 description: |-
536 Protocol for port. Must be UDP, TCP, or SCTP.
537 Defaults to "TCP".
538 hostPort:
539 type: integer
540 description: |-
541 Number of port to expose on the host.
542 If specified, this must be a valid port number, 0 < x < 65536.
543 If HostNetwork is specified, this must match ContainerPort.
544 Most containers do not need this.
545 format: int32
546 containerPort:
547 type: integer
548 description: |-
549 Number of port to expose on the pod's IP address.
550 This must be a valid port number, 0 < x < 65536.
551 format: int32
552 hostIP:
553 type: string
554 description: What host IP to bind the external port to.
555 required:
556 - containerPort
557 x-kubernetes-list-map-keys:
558 - containerPort
559 - protocol
560 x-kubernetes-list-type: map
561 envFrom:
562 type: array
563 description: |-
564 List of sources to populate environment variables in the container.
565 The keys defined within a source must be a C_IDENTIFIER. All invalid keys
566 will be reported as an event when the container is starting. When a key exists in multiple
567 sources, the value associated with the last source will take precedence.
568 Values defined by an Env with a duplicate key will take precedence.
569 Cannot be updated.
570 items:
571 type: object
572 description: EnvFromSource represents the source of a set of ConfigMaps
573 properties:
574 prefix:
575 type: string
576 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
577 configMapRef:
578 type: object
579 description: The ConfigMap to select from
580 properties:
581 name:
582 type: string
583 default: ""
584 description: |-
585 Name of the referent.
586 This field is effectively required, but due to backwards compatibility is
587 allowed to be empty. Instances of this type with an empty value here are
588 almost certainly wrong.
589 TODO: Add other useful fields. apiVersion, kind, uid?
590 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
591 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
592 optional:
593 type: boolean
594 description: Specify whether the ConfigMap must be defined
595 x-kubernetes-map-type: atomic
596 secretRef:
597 type: object
598 description: The Secret to select from
599 properties:
600 name:
601 type: string
602 default: ""
603 description: |-
604 Name of the referent.
605 This field is effectively required, but due to backwards compatibility is
606 allowed to be empty. Instances of this type with an empty value here are
607 almost certainly wrong.
608 TODO: Add other useful fields. apiVersion, kind, uid?
609 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
610 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
611 optional:
612 type: boolean
613 description: Specify whether the Secret must be defined
614 x-kubernetes-map-type: atomic
615 x-kubernetes-list-type: atomic
616 env:
617 type: array
618 description: |-
619 List of environment variables to set in the container.
620 Cannot be updated.
621 items:
622 type: object
623 description: EnvVar represents an environment variable present in a Container.
624 properties:
625 name:
626 type: string
627 description: Name of the environment variable. Must be a C_IDENTIFIER.
628 value:
629 type: string
630 description: |-
631 Variable references $(VAR_NAME) are expanded
632 using the previously defined environment variables in the container and
633 any service environment variables. If a variable cannot be resolved,
634 the reference in the input string will be unchanged. Double $$ are reduced
635 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
636 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
637 Escaped references will never be expanded, regardless of whether the variable
638 exists or not.
639 Defaults to "".
640 valueFrom:
641 type: object
642 description: Source for the environment variable's value. Cannot be used if value is not empty.
643 properties:
644 fieldRef:
645 type: object
646 description: |-
647 Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
648 spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
649 properties:
650 apiVersion:
651 type: string
652 description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
653 fieldPath:
654 type: string
655 description: Path of the field to select in the specified API version.
656 required:
657 - fieldPath
658 x-kubernetes-map-type: atomic
659 resourceFieldRef:
660 type: object
661 description: |-
662 Selects a resource of the container: only resources limits and requests
663 (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
664 properties:
665 containerName:
666 type: string
667 description: 'Container name: required for volumes, optional for env vars'
668 divisor:
669 anyOf:
670 - type: integer
671 - type: string
672 description: Specifies the output format of the exposed resources, defaults to "1"
673 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
674 x-kubernetes-int-or-string: true
675 resource:
676 type: string
677 description: 'Required: resource to select'
678 required:
679 - resource
680 x-kubernetes-map-type: atomic
681 configMapKeyRef:
682 type: object
683 description: Selects a key of a ConfigMap.
684 properties:
685 name:
686 type: string
687 default: ""
688 description: |-
689 Name of the referent.
690 This field is effectively required, but due to backwards compatibility is
691 allowed to be empty. Instances of this type with an empty value here are
692 almost certainly wrong.
693 TODO: Add other useful fields. apiVersion, kind, uid?
694 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
695 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
696 key:
697 type: string
698 description: The key to select.
699 optional:
700 type: boolean
701 description: Specify whether the ConfigMap or its key must be defined
702 required:
703 - key
704 x-kubernetes-map-type: atomic
705 secretKeyRef:
706 type: object
707 description: Selects a key of a secret in the pod's namespace
708 properties:
709 name:
710 type: string
711 default: ""
712 description: |-
713 Name of the referent.
714 This field is effectively required, but due to backwards compatibility is
715 allowed to be empty. Instances of this type with an empty value here are
716 almost certainly wrong.
717 TODO: Add other useful fields. apiVersion, kind, uid?
718 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
719 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
720 key:
721 type: string
722 description: The key of the secret to select from. Must be a valid secret key.
723 optional:
724 type: boolean
725 description: Specify whether the Secret or its key must be defined
726 required:
727 - key
728 x-kubernetes-map-type: atomic
729 required:
730 - name
731 x-kubernetes-list-map-keys:
732 - name
733 x-kubernetes-list-type: map
734 resources:
735 type: object
736 description: |-
737 Compute Resources required by this container.
738 Cannot be updated.
739 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
740 properties:
741 claims:
742 type: array
743 description: |-
744 Claims lists the names of resources, defined in spec.resourceClaims,
745 that are used by this container.
746
747
748 This is an alpha field and requires enabling the
749 DynamicResourceAllocation feature gate.
750
751
752 This field is immutable. It can only be set for containers.
753 items:
754 type: object
755 description: ResourceClaim references one entry in PodSpec.ResourceClaims.
756 properties:
757 name:
758 type: string
759 description: |-
760 Name must match the name of one entry in pod.spec.resourceClaims of
761 the Pod where this field is used. It makes that resource available
762 inside a container.
763 required:
764 - name
765 x-kubernetes-list-map-keys:
766 - name
767 x-kubernetes-list-type: map
768 limits:
769 type: object
770 additionalProperties:
771 anyOf:
772 - type: integer
773 - type: string
774 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
775 x-kubernetes-int-or-string: true
776 description: |-
777 Limits describes the maximum amount of compute resources allowed.
778 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
779 requests:
780 type: object
781 additionalProperties:
782 anyOf:
783 - type: integer
784 - type: string
785 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
786 x-kubernetes-int-or-string: true
787 description: |-
788 Requests describes the minimum amount of compute resources required.
789 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
790 otherwise to an implementation-defined value. Requests cannot exceed Limits.
791 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
792 volumeMounts:
793 type: array
794 description: |-
795 Pod volumes to mount into the container's filesystem.
796 Cannot be updated.
797 items:
798 type: object
799 description: VolumeMount describes a mounting of a Volume within a container.
800 properties:
801 name:
802 type: string
803 description: This must match the Name of a Volume.
804 readOnly:
805 type: boolean
806 description: |-
807 Mounted read-only if true, read-write otherwise (false or unspecified).
808 Defaults to false.
809 mountPath:
810 type: string
811 description: |-
812 Path within the container at which the volume should be mounted. Must
813 not contain ':'.
814 subPath:
815 type: string
816 description: |-
817 Path within the volume from which the container's volume should be mounted.
818 Defaults to "" (volume's root).
819 subPathExpr:
820 type: string
821 description: |-
822 Expanded path within the volume from which the container's volume should be mounted.
823 Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
824 Defaults to "" (volume's root).
825 SubPathExpr and SubPath are mutually exclusive.
826 mountPropagation:
827 type: string
828 description: |-
829 mountPropagation determines how mounts are propagated from the host
830 to container and the other way around.
831 When not set, MountPropagationNone is used.
832 This field is beta in 1.10.
833 When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
834 (which defaults to None).
835 recursiveReadOnly:
836 type: string
837 description: |-
838 RecursiveReadOnly specifies whether read-only mounts should be handled
839 recursively.
840
841
842 If ReadOnly is false, this field has no meaning and must be unspecified.
843
844
845 If ReadOnly is true, and this field is set to Disabled, the mount is not made
846 recursively read-only. If this field is set to IfPossible, the mount is made
847 recursively read-only, if it is supported by the container runtime. If this
848 field is set to Enabled, the mount is made recursively read-only if it is
849 supported by the container runtime, otherwise the pod will not be started and
850 an error will be generated to indicate the reason.
851
852
853 If this field is set to IfPossible or Enabled, MountPropagation must be set to
854 None (or be unspecified, which defaults to None).
855
856
857 If this field is not specified, it is treated as an equivalent of Disabled.
858 required:
859 - mountPath
860 - name
861 x-kubernetes-list-map-keys:
862 - mountPath
863 x-kubernetes-list-type: map
864 volumeDevices:
865 type: array
866 description: volumeDevices is the list of block devices to be used by the container.
867 items:
868 type: object
869 description: volumeDevice describes a mapping of a raw block device within a container.
870 properties:
871 name:
872 type: string
873 description: name must match the name of a persistentVolumeClaim in the pod
874 devicePath:
875 type: string
876 description: devicePath is the path inside of the container that the device will be mapped to.
877 required:
878 - devicePath
879 - name
880 x-kubernetes-list-map-keys:
881 - devicePath
882 x-kubernetes-list-type: map
883 livenessProbe:
884 type: object
885 description: |-
886 Periodic probe of container liveness.
887 Container will be restarted if the probe fails.
888 Cannot be updated.
889 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
890 properties:
891 terminationGracePeriodSeconds:
892 type: integer
893 description: |-
894 Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
895 The grace period is the duration in seconds after the processes running in the pod are sent
896 a termination signal and the time when the processes are forcibly halted with a kill signal.
897 Set this value longer than the expected cleanup time for your process.
898 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
899 value overrides the value provided by the pod spec.
900 Value must be non-negative integer. The value zero indicates stop immediately via
901 the kill signal (no opportunity to shut down).
902 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
903 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
904 format: int64
905 exec:
906 type: object
907 description: Exec specifies the action to take.
908 properties:
909 command:
910 type: array
911 description: |-
912 Command is the command line to execute inside the container, the working directory for the
913 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
914 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
915 a shell, you need to explicitly call out to that shell.
916 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
917 items:
918 type: string
919 x-kubernetes-list-type: atomic
920 failureThreshold:
921 type: integer
922 description: |-
923 Minimum consecutive failures for the probe to be considered failed after having succeeded.
924 Defaults to 3. Minimum value is 1.
925 format: int32
926 grpc:
927 type: object
928 description: GRPC specifies an action involving a GRPC port.
929 properties:
930 service:
931 type: string
932 description: |-
933 Service is the name of the service to place in the gRPC HealthCheckRequest
934 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
935
936
937 If this is not specified, the default behavior is defined by gRPC.
938 port:
939 type: integer
940 description: Port number of the gRPC service. Number must be in the range 1 to 65535.
941 format: int32
942 required:
943 - port
944 httpGet:
945 type: object
946 description: HTTPGet specifies the http request to perform.
947 properties:
948 port:
949 anyOf:
950 - type: integer
951 - type: string
952 description: |-
953 Name or number of the port to access on the container.
954 Number must be in the range 1 to 65535.
955 Name must be an IANA_SVC_NAME.
956 x-kubernetes-int-or-string: true
957 host:
958 type: string
959 description: |-
960 Host name to connect to, defaults to the pod IP. You probably want to set
961 "Host" in httpHeaders instead.
962 httpHeaders:
963 type: array
964 description: Custom headers to set in the request. HTTP allows repeated headers.
965 items:
966 type: object
967 description: HTTPHeader describes a custom header to be used in HTTP probes
968 properties:
969 name:
970 type: string
971 description: |-
972 The header field name.
973 This will be canonicalized upon output, so case-variant names will be understood as the same header.
974 value:
975 type: string
976 description: The header field value
977 required:
978 - name
979 - value
980 x-kubernetes-list-type: atomic
981 path:
982 type: string
983 description: Path to access on the HTTP server.
984 scheme:
985 type: string
986 description: |-
987 Scheme to use for connecting to the host.
988 Defaults to HTTP.
989 required:
990 - port
991 initialDelaySeconds:
992 type: integer
993 description: |-
994 Number of seconds after the container has started before liveness probes are initiated.
995 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
996 format: int32
997 periodSeconds:
998 type: integer
999 description: |-
1000 How often (in seconds) to perform the probe.
1001 Default to 10 seconds. Minimum value is 1.
1002 format: int32
1003 successThreshold:
1004 type: integer
1005 description: |-
1006 Minimum consecutive successes for the probe to be considered successful after having failed.
1007 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
1008 format: int32
1009 tcpSocket:
1010 type: object
1011 description: TCPSocket specifies an action involving a TCP port.
1012 properties:
1013 port:
1014 anyOf:
1015 - type: integer
1016 - type: string
1017 description: |-
1018 Number or name of the port to access on the container.
1019 Number must be in the range 1 to 65535.
1020 Name must be an IANA_SVC_NAME.
1021 x-kubernetes-int-or-string: true
1022 host:
1023 type: string
1024 description: 'Optional: Host name to connect to, defaults to the pod IP.'
1025 required:
1026 - port
1027 timeoutSeconds:
1028 type: integer
1029 description: |-
1030 Number of seconds after which the probe times out.
1031 Defaults to 1 second. Minimum value is 1.
1032 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
1033 format: int32
1034 readinessProbe:
1035 type: object
1036 description: |-
1037 Periodic probe of container service readiness.
1038 Container will be removed from service endpoints if the probe fails.
1039 Cannot be updated.
1040 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
1041 properties:
1042 terminationGracePeriodSeconds:
1043 type: integer
1044 description: |-
1045 Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
1046 The grace period is the duration in seconds after the processes running in the pod are sent
1047 a termination signal and the time when the processes are forcibly halted with a kill signal.
1048 Set this value longer than the expected cleanup time for your process.
1049 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
1050 value overrides the value provided by the pod spec.
1051 Value must be non-negative integer. The value zero indicates stop immediately via
1052 the kill signal (no opportunity to shut down).
1053 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
1054 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
1055 format: int64
1056 exec:
1057 type: object
1058 description: Exec specifies the action to take.
1059 properties:
1060 command:
1061 type: array
1062 description: |-
1063 Command is the command line to execute inside the container, the working directory for the
1064 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
1065 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
1066 a shell, you need to explicitly call out to that shell.
1067 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
1068 items:
1069 type: string
1070 x-kubernetes-list-type: atomic
1071 failureThreshold:
1072 type: integer
1073 description: |-
1074 Minimum consecutive failures for the probe to be considered failed after having succeeded.
1075 Defaults to 3. Minimum value is 1.
1076 format: int32
1077 grpc:
1078 type: object
1079 description: GRPC specifies an action involving a GRPC port.
1080 properties:
1081 service:
1082 type: string
1083 description: |-
1084 Service is the name of the service to place in the gRPC HealthCheckRequest
1085 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
1086
1087
1088 If this is not specified, the default behavior is defined by gRPC.
1089 port:
1090 type: integer
1091 description: Port number of the gRPC service. Number must be in the range 1 to 65535.
1092 format: int32
1093 required:
1094 - port
1095 httpGet:
1096 type: object
1097 description: HTTPGet specifies the http request to perform.
1098 properties:
1099 port:
1100 anyOf:
1101 - type: integer
1102 - type: string
1103 description: |-
1104 Name or number of the port to access on the container.
1105 Number must be in the range 1 to 65535.
1106 Name must be an IANA_SVC_NAME.
1107 x-kubernetes-int-or-string: true
1108 host:
1109 type: string
1110 description: |-
1111 Host name to connect to, defaults to the pod IP. You probably want to set
1112 "Host" in httpHeaders instead.
1113 httpHeaders:
1114 type: array
1115 description: Custom headers to set in the request. HTTP allows repeated headers.
1116 items:
1117 type: object
1118 description: HTTPHeader describes a custom header to be used in HTTP probes
1119 properties:
1120 name:
1121 type: string
1122 description: |-
1123 The header field name.
1124 This will be canonicalized upon output, so case-variant names will be understood as the same header.
1125 value:
1126 type: string
1127 description: The header field value
1128 required:
1129 - name
1130 - value
1131 x-kubernetes-list-type: atomic
1132 path:
1133 type: string
1134 description: Path to access on the HTTP server.
1135 scheme:
1136 type: string
1137 description: |-
1138 Scheme to use for connecting to the host.
1139 Defaults to HTTP.
1140 required:
1141 - port
1142 initialDelaySeconds:
1143 type: integer
1144 description: |-
1145 Number of seconds after the container has started before liveness probes are initiated.
1146 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
1147 format: int32
1148 periodSeconds:
1149 type: integer
1150 description: |-
1151 How often (in seconds) to perform the probe.
1152 Default to 10 seconds. Minimum value is 1.
1153 format: int32
1154 successThreshold:
1155 type: integer
1156 description: |-
1157 Minimum consecutive successes for the probe to be considered successful after having failed.
1158 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
1159 format: int32
1160 tcpSocket:
1161 type: object
1162 description: TCPSocket specifies an action involving a TCP port.
1163 properties:
1164 port:
1165 anyOf:
1166 - type: integer
1167 - type: string
1168 description: |-
1169 Number or name of the port to access on the container.
1170 Number must be in the range 1 to 65535.
1171 Name must be an IANA_SVC_NAME.
1172 x-kubernetes-int-or-string: true
1173 host:
1174 type: string
1175 description: 'Optional: Host name to connect to, defaults to the pod IP.'
1176 required:
1177 - port
1178 timeoutSeconds:
1179 type: integer
1180 description: |-
1181 Number of seconds after which the probe times out.
1182 Defaults to 1 second. Minimum value is 1.
1183 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
1184 format: int32
1185 lifecycle:
1186 type: object
1187 description: |-
1188 Actions that the management system should take in response to container lifecycle events.
1189 Cannot be updated.
1190 properties:
1191 postStart:
1192 type: object
1193 description: |-
1194 PostStart is called immediately after a container is created. If the handler fails,
1195 the container is terminated and restarted according to its restart policy.
1196 Other management of the container blocks until the hook completes.
1197 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
1198 properties:
1199 exec:
1200 type: object
1201 description: Exec specifies the action to take.
1202 properties:
1203 command:
1204 type: array
1205 description: |-
1206 Command is the command line to execute inside the container, the working directory for the
1207 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
1208 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
1209 a shell, you need to explicitly call out to that shell.
1210 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
1211 items:
1212 type: string
1213 x-kubernetes-list-type: atomic
1214 httpGet:
1215 type: object
1216 description: HTTPGet specifies the http request to perform.
1217 properties:
1218 port:
1219 anyOf:
1220 - type: integer
1221 - type: string
1222 description: |-
1223 Name or number of the port to access on the container.
1224 Number must be in the range 1 to 65535.
1225 Name must be an IANA_SVC_NAME.
1226 x-kubernetes-int-or-string: true
1227 host:
1228 type: string
1229 description: |-
1230 Host name to connect to, defaults to the pod IP. You probably want to set
1231 "Host" in httpHeaders instead.
1232 httpHeaders:
1233 type: array
1234 description: Custom headers to set in the request. HTTP allows repeated headers.
1235 items:
1236 type: object
1237 description: HTTPHeader describes a custom header to be used in HTTP probes
1238 properties:
1239 name:
1240 type: string
1241 description: |-
1242 The header field name.
1243 This will be canonicalized upon output, so case-variant names will be understood as the same header.
1244 value:
1245 type: string
1246 description: The header field value
1247 required:
1248 - name
1249 - value
1250 x-kubernetes-list-type: atomic
1251 path:
1252 type: string
1253 description: Path to access on the HTTP server.
1254 scheme:
1255 type: string
1256 description: |-
1257 Scheme to use for connecting to the host.
1258 Defaults to HTTP.
1259 required:
1260 - port
1261 sleep:
1262 type: object
1263 description: Sleep represents the duration that the container should sleep before being terminated.
1264 properties:
1265 seconds:
1266 type: integer
1267 description: Seconds is the number of seconds to sleep.
1268 format: int64
1269 required:
1270 - seconds
1271 tcpSocket:
1272 type: object
1273 description: |-
1274 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
1275 for the backward compatibility. There are no validation of this field and
1276 lifecycle hooks will fail in runtime when tcp handler is specified.
1277 properties:
1278 port:
1279 anyOf:
1280 - type: integer
1281 - type: string
1282 description: |-
1283 Number or name of the port to access on the container.
1284 Number must be in the range 1 to 65535.
1285 Name must be an IANA_SVC_NAME.
1286 x-kubernetes-int-or-string: true
1287 host:
1288 type: string
1289 description: 'Optional: Host name to connect to, defaults to the pod IP.'
1290 required:
1291 - port
1292 preStop:
1293 type: object
1294 description: |-
1295 PreStop is called immediately before a container is terminated due to an
1296 API request or management event such as liveness/startup probe failure,
1297 preemption, resource contention, etc. The handler is not called if the
1298 container crashes or exits. The Pod's termination grace period countdown begins before the
1299 PreStop hook is executed. Regardless of the outcome of the handler, the
1300 container will eventually terminate within the Pod's termination grace
1301 period (unless delayed by finalizers). Other management of the container blocks until the hook completes
1302 or until the termination grace period is reached.
1303 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
1304 properties:
1305 exec:
1306 type: object
1307 description: Exec specifies the action to take.
1308 properties:
1309 command:
1310 type: array
1311 description: |-
1312 Command is the command line to execute inside the container, the working directory for the
1313 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
1314 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
1315 a shell, you need to explicitly call out to that shell.
1316 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
1317 items:
1318 type: string
1319 x-kubernetes-list-type: atomic
1320 httpGet:
1321 type: object
1322 description: HTTPGet specifies the http request to perform.
1323 properties:
1324 port:
1325 anyOf:
1326 - type: integer
1327 - type: string
1328 description: |-
1329 Name or number of the port to access on the container.
1330 Number must be in the range 1 to 65535.
1331 Name must be an IANA_SVC_NAME.
1332 x-kubernetes-int-or-string: true
1333 host:
1334 type: string
1335 description: |-
1336 Host name to connect to, defaults to the pod IP. You probably want to set
1337 "Host" in httpHeaders instead.
1338 httpHeaders:
1339 type: array
1340 description: Custom headers to set in the request. HTTP allows repeated headers.
1341 items:
1342 type: object
1343 description: HTTPHeader describes a custom header to be used in HTTP probes
1344 properties:
1345 name:
1346 type: string
1347 description: |-
1348 The header field name.
1349 This will be canonicalized upon output, so case-variant names will be understood as the same header.
1350 value:
1351 type: string
1352 description: The header field value
1353 required:
1354 - name
1355 - value
1356 x-kubernetes-list-type: atomic
1357 path:
1358 type: string
1359 description: Path to access on the HTTP server.
1360 scheme:
1361 type: string
1362 description: |-
1363 Scheme to use for connecting to the host.
1364 Defaults to HTTP.
1365 required:
1366 - port
1367 sleep:
1368 type: object
1369 description: Sleep represents the duration that the container should sleep before being terminated.
1370 properties:
1371 seconds:
1372 type: integer
1373 description: Seconds is the number of seconds to sleep.
1374 format: int64
1375 required:
1376 - seconds
1377 tcpSocket:
1378 type: object
1379 description: |-
1380 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
1381 for the backward compatibility. There are no validation of this field and
1382 lifecycle hooks will fail in runtime when tcp handler is specified.
1383 properties:
1384 port:
1385 anyOf:
1386 - type: integer
1387 - type: string
1388 description: |-
1389 Number or name of the port to access on the container.
1390 Number must be in the range 1 to 65535.
1391 Name must be an IANA_SVC_NAME.
1392 x-kubernetes-int-or-string: true
1393 host:
1394 type: string
1395 description: 'Optional: Host name to connect to, defaults to the pod IP.'
1396 required:
1397 - port
1398 terminationMessagePath:
1399 type: string
1400 description: |-
1401 Optional: Path at which the file to which the container's termination message
1402 will be written is mounted into the container's filesystem.
1403 Message written is intended to be brief final status, such as an assertion failure message.
1404 Will be truncated by the node if greater than 4096 bytes. The total message length across
1405 all containers will be limited to 12kb.
1406 Defaults to /dev/termination-log.
1407 Cannot be updated.
1408 terminationMessagePolicy:
1409 type: string
1410 description: |-
1411 Indicate how the termination message should be populated. File will use the contents of
1412 terminationMessagePath to populate the container status message on both success and failure.
1413 FallbackToLogsOnError will use the last chunk of container log output if the termination
1414 message file is empty and the container exited with an error.
1415 The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
1416 Defaults to File.
1417 Cannot be updated.
1418 imagePullPolicy:
1419 type: string
1420 description: |-
1421 Image pull policy.
1422 One of Always, Never, IfNotPresent.
1423 Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
1424 Cannot be updated.
1425 More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
1426 securityContext:
1427 type: object
1428 description: |-
1429 SecurityContext defines the security options the container should be run with.
1430 If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
1431 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
1432 properties:
1433 allowPrivilegeEscalation:
1434 type: boolean
1435 description: |-
1436 AllowPrivilegeEscalation controls whether a process can gain more
1437 privileges than its parent process. This bool directly controls if
1438 the no_new_privs flag will be set on the container process.
1439 AllowPrivilegeEscalation is true always when the container is:
1440 1) run as Privileged
1441 2) has CAP_SYS_ADMIN
1442 Note that this field cannot be set when spec.os.name is windows.
1443 appArmorProfile:
1444 type: object
1445 description: |-
1446 appArmorProfile is the AppArmor options to use by this container. If set, this profile
1447 overrides the pod's appArmorProfile.
1448 Note that this field cannot be set when spec.os.name is windows.
1449 properties:
1450 type:
1451 type: string
1452 description: |-
1453 type indicates which kind of AppArmor profile will be applied.
1454 Valid options are:
1455 Localhost - a profile pre-loaded on the node.
1456 RuntimeDefault - the container runtime's default profile.
1457 Unconfined - no AppArmor enforcement.
1458 localhostProfile:
1459 type: string
1460 description: |-
1461 localhostProfile indicates a profile loaded on the node that should be used.
1462 The profile must be preconfigured on the node to work.
1463 Must match the loaded name of the profile.
1464 Must be set if and only if type is "Localhost".
1465 required:
1466 - type
1467 capabilities:
1468 type: object
1469 description: |-
1470 The capabilities to add/drop when running containers.
1471 Defaults to the default set of capabilities granted by the container runtime.
1472 Note that this field cannot be set when spec.os.name is windows.
1473 properties:
1474 add:
1475 type: array
1476 description: Added capabilities
1477 items:
1478 type: string
1479 description: Capability represent POSIX capabilities type
1480 x-kubernetes-list-type: atomic
1481 drop:
1482 type: array
1483 description: Removed capabilities
1484 items:
1485 type: string
1486 description: Capability represent POSIX capabilities type
1487 x-kubernetes-list-type: atomic
1488 privileged:
1489 type: boolean
1490 description: |-
1491 Run container in privileged mode.
1492 Processes in privileged containers are essentially equivalent to root on the host.
1493 Defaults to false.
1494 Note that this field cannot be set when spec.os.name is windows.
1495 procMount:
1496 type: string
1497 description: |-
1498 procMount denotes the type of proc mount to use for the containers.
1499 The default is DefaultProcMount which uses the container runtime defaults for
1500 readonly paths and masked paths.
1501 This requires the ProcMountType feature flag to be enabled.
1502 Note that this field cannot be set when spec.os.name is windows.
1503 readOnlyRootFilesystem:
1504 type: boolean
1505 description: |-
1506 Whether this container has a read-only root filesystem.
1507 Default is false.
1508 Note that this field cannot be set when spec.os.name is windows.
1509 runAsGroup:
1510 type: integer
1511 description: |-
1512 The GID to run the entrypoint of the container process.
1513 Uses runtime default if unset.
1514 May also be set in PodSecurityContext. If set in both SecurityContext and
1515 PodSecurityContext, the value specified in SecurityContext takes precedence.
1516 Note that this field cannot be set when spec.os.name is windows.
1517 format: int64
1518 runAsNonRoot:
1519 type: boolean
1520 description: |-
1521 Indicates that the container must run as a non-root user.
1522 If true, the Kubelet will validate the image at runtime to ensure that it
1523 does not run as UID 0 (root) and fail to start the container if it does.
1524 If unset or false, no such validation will be performed.
1525 May also be set in PodSecurityContext. If set in both SecurityContext and
1526 PodSecurityContext, the value specified in SecurityContext takes precedence.
1527 runAsUser:
1528 type: integer
1529 description: |-
1530 The UID to run the entrypoint of the container process.
1531 Defaults to user specified in image metadata if unspecified.
1532 May also be set in PodSecurityContext. If set in both SecurityContext and
1533 PodSecurityContext, the value specified in SecurityContext takes precedence.
1534 Note that this field cannot be set when spec.os.name is windows.
1535 format: int64
1536 seLinuxOptions:
1537 type: object
1538 description: |-
1539 The SELinux context to be applied to the container.
1540 If unspecified, the container runtime will allocate a random SELinux context for each
1541 container. May also be set in PodSecurityContext. If set in both SecurityContext and
1542 PodSecurityContext, the value specified in SecurityContext takes precedence.
1543 Note that this field cannot be set when spec.os.name is windows.
1544 properties:
1545 type:
1546 type: string
1547 description: Type is a SELinux type label that applies to the container.
1548 level:
1549 type: string
1550 description: Level is SELinux level label that applies to the container.
1551 role:
1552 type: string
1553 description: Role is a SELinux role label that applies to the container.
1554 user:
1555 type: string
1556 description: User is a SELinux user label that applies to the container.
1557 seccompProfile:
1558 type: object
1559 description: |-
1560 The seccomp options to use by this container. If seccomp options are
1561 provided at both the pod & container level, the container options
1562 override the pod options.
1563 Note that this field cannot be set when spec.os.name is windows.
1564 properties:
1565 type:
1566 type: string
1567 description: |-
1568 type indicates which kind of seccomp profile will be applied.
1569 Valid options are:
1570
1571
1572 Localhost - a profile defined in a file on the node should be used.
1573 RuntimeDefault - the container runtime default profile should be used.
1574 Unconfined - no profile should be applied.
1575 localhostProfile:
1576 type: string
1577 description: |-
1578 localhostProfile indicates a profile defined in a file on the node should be used.
1579 The profile must be preconfigured on the node to work.
1580 Must be a descending path, relative to the kubelet's configured seccomp profile location.
1581 Must be set if type is "Localhost". Must NOT be set for any other type.
1582 required:
1583 - type
1584 windowsOptions:
1585 type: object
1586 description: |-
1587 The Windows specific settings applied to all containers.
1588 If unspecified, the options from the PodSecurityContext will be used.
1589 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
1590 Note that this field cannot be set when spec.os.name is linux.
1591 properties:
1592 gmsaCredentialSpec:
1593 type: string
1594 description: |-
1595 GMSACredentialSpec is where the GMSA admission webhook
1596 (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
1597 GMSA credential spec named by the GMSACredentialSpecName field.
1598 gmsaCredentialSpecName:
1599 type: string
1600 description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
1601 hostProcess:
1602 type: boolean
1603 description: |-
1604 HostProcess determines if a container should be run as a 'Host Process' container.
1605 All of a Pod's containers must have the same effective HostProcess value
1606 (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
1607 In addition, if HostProcess is true then HostNetwork must also be set to true.
1608 runAsUserName:
1609 type: string
1610 description: |-
1611 The UserName in Windows to run the entrypoint of the container process.
1612 Defaults to the user specified in image metadata if unspecified.
1613 May also be set in PodSecurityContext. If set in both SecurityContext and
1614 PodSecurityContext, the value specified in SecurityContext takes precedence.
1615 stdin:
1616 type: boolean
1617 description: |-
1618 Whether this container should allocate a buffer for stdin in the container runtime. If this
1619 is not set, reads from stdin in the container will always result in EOF.
1620 Default is false.
1621 stdinOnce:
1622 type: boolean
1623 description: |-
1624 Whether the container runtime should close the stdin channel after it has been opened by
1625 a single attach. When stdin is true the stdin stream will remain open across multiple attach
1626 sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
1627 first client attaches to stdin, and then remains open and accepts data until the client disconnects,
1628 at which time stdin is closed and remains closed until the container is restarted. If this
1629 flag is false, a container processes that reads from stdin will never receive an EOF.
1630 Default is false
1631 tty:
1632 type: boolean
1633 description: |-
1634 Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
1635 Default is false.
1636 resizePolicy:
1637 type: array
1638 description: Resources resize policy for the container.
1639 items:
1640 type: object
1641 description: ContainerResizePolicy represents resource resize policy for the container.
1642 properties:
1643 restartPolicy:
1644 type: string
1645 description: |-
1646 Restart policy to apply when specified resource is resized.
1647 If not specified, it defaults to NotRequired.
1648 resourceName:
1649 type: string
1650 description: |-
1651 Name of the resource to which this resource resize policy applies.
1652 Supported values: cpu, memory.
1653 required:
1654 - resourceName
1655 - restartPolicy
1656 x-kubernetes-list-type: atomic
1657 startupProbe:
1658 type: object
1659 description: |-
1660 StartupProbe indicates that the Pod has successfully initialized.
1661 If specified, no other probes are executed until this completes successfully.
1662 If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
1663 This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
1664 when it might take a long time to load data or warm a cache, than during steady-state operation.
1665 This cannot be updated.
1666 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
1667 properties:
1668 terminationGracePeriodSeconds:
1669 type: integer
1670 description: |-
1671 Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
1672 The grace period is the duration in seconds after the processes running in the pod are sent
1673 a termination signal and the time when the processes are forcibly halted with a kill signal.
1674 Set this value longer than the expected cleanup time for your process.
1675 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
1676 value overrides the value provided by the pod spec.
1677 Value must be non-negative integer. The value zero indicates stop immediately via
1678 the kill signal (no opportunity to shut down).
1679 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
1680 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
1681 format: int64
1682 exec:
1683 type: object
1684 description: Exec specifies the action to take.
1685 properties:
1686 command:
1687 type: array
1688 description: |-
1689 Command is the command line to execute inside the container, the working directory for the
1690 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
1691 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
1692 a shell, you need to explicitly call out to that shell.
1693 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
1694 items:
1695 type: string
1696 x-kubernetes-list-type: atomic
1697 failureThreshold:
1698 type: integer
1699 description: |-
1700 Minimum consecutive failures for the probe to be considered failed after having succeeded.
1701 Defaults to 3. Minimum value is 1.
1702 format: int32
1703 grpc:
1704 type: object
1705 description: GRPC specifies an action involving a GRPC port.
1706 properties:
1707 service:
1708 type: string
1709 description: |-
1710 Service is the name of the service to place in the gRPC HealthCheckRequest
1711 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
1712
1713
1714 If this is not specified, the default behavior is defined by gRPC.
1715 port:
1716 type: integer
1717 description: Port number of the gRPC service. Number must be in the range 1 to 65535.
1718 format: int32
1719 required:
1720 - port
1721 httpGet:
1722 type: object
1723 description: HTTPGet specifies the http request to perform.
1724 properties:
1725 port:
1726 anyOf:
1727 - type: integer
1728 - type: string
1729 description: |-
1730 Name or number of the port to access on the container.
1731 Number must be in the range 1 to 65535.
1732 Name must be an IANA_SVC_NAME.
1733 x-kubernetes-int-or-string: true
1734 host:
1735 type: string
1736 description: |-
1737 Host name to connect to, defaults to the pod IP. You probably want to set
1738 "Host" in httpHeaders instead.
1739 httpHeaders:
1740 type: array
1741 description: Custom headers to set in the request. HTTP allows repeated headers.
1742 items:
1743 type: object
1744 description: HTTPHeader describes a custom header to be used in HTTP probes
1745 properties:
1746 name:
1747 type: string
1748 description: |-
1749 The header field name.
1750 This will be canonicalized upon output, so case-variant names will be understood as the same header.
1751 value:
1752 type: string
1753 description: The header field value
1754 required:
1755 - name
1756 - value
1757 x-kubernetes-list-type: atomic
1758 path:
1759 type: string
1760 description: Path to access on the HTTP server.
1761 scheme:
1762 type: string
1763 description: |-
1764 Scheme to use for connecting to the host.
1765 Defaults to HTTP.
1766 required:
1767 - port
1768 initialDelaySeconds:
1769 type: integer
1770 description: |-
1771 Number of seconds after the container has started before liveness probes are initiated.
1772 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
1773 format: int32
1774 periodSeconds:
1775 type: integer
1776 description: |-
1777 How often (in seconds) to perform the probe.
1778 Default to 10 seconds. Minimum value is 1.
1779 format: int32
1780 successThreshold:
1781 type: integer
1782 description: |-
1783 Minimum consecutive successes for the probe to be considered successful after having failed.
1784 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
1785 format: int32
1786 tcpSocket:
1787 type: object
1788 description: TCPSocket specifies an action involving a TCP port.
1789 properties:
1790 port:
1791 anyOf:
1792 - type: integer
1793 - type: string
1794 description: |-
1795 Number or name of the port to access on the container.
1796 Number must be in the range 1 to 65535.
1797 Name must be an IANA_SVC_NAME.
1798 x-kubernetes-int-or-string: true
1799 host:
1800 type: string
1801 description: 'Optional: Host name to connect to, defaults to the pod IP.'
1802 required:
1803 - port
1804 timeoutSeconds:
1805 type: integer
1806 description: |-
1807 Number of seconds after which the probe times out.
1808 Defaults to 1 second. Minimum value is 1.
1809 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
1810 format: int32
1811 required:
1812 - name
1813 x-kubernetes-list-map-keys:
1814 - name
1815 x-kubernetes-list-type: map
1816 containers:
1817 type: array
1818 description: |-
1819 List of containers belonging to the pod.
1820 Containers cannot currently be added or removed.
1821 There must be at least one container in a Pod.
1822 Cannot be updated.
1823 items:
1824 type: object
1825 description: A single application container that you want to run within a pod.
1826 properties:
1827 name:
1828 type: string
1829 description: |-
1830 Name of the container specified as a DNS_LABEL.
1831 Each container in a pod must have a unique name (DNS_LABEL).
1832 Cannot be updated.
1833 restartPolicy:
1834 type: string
1835 description: |-
1836 RestartPolicy defines the restart behavior of individual containers in a pod.
1837 This field may only be set for init containers, and the only allowed value is "Always".
1838 For non-init containers or when this field is not specified,
1839 the restart behavior is defined by the Pod's restart policy and the container type.
1840 Setting the RestartPolicy as "Always" for the init container will have the following effect:
1841 this init container will be continually restarted on
1842 exit until all regular containers have terminated. Once all regular
1843 containers have completed, all init containers with restartPolicy "Always"
1844 will be shut down. This lifecycle differs from normal init containers and
1845 is often referred to as a "sidecar" container. Although this init
1846 container still starts in the init container sequence, it does not wait
1847 for the container to complete before proceeding to the next init
1848 container. Instead, the next init container starts immediately after this
1849 init container is started, or after any startupProbe has successfully
1850 completed.
1851 image:
1852 type: string
1853 description: |-
1854 Container image name.
1855 More info: https://kubernetes.io/docs/concepts/containers/images
1856 This field is optional to allow higher level config management to default or override
1857 container images in workload controllers like Deployments and StatefulSets.
1858 command:
1859 type: array
1860 description: |-
1861 Entrypoint array. Not executed within a shell.
1862 The container image's ENTRYPOINT is used if this is not provided.
1863 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
1864 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
1865 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
1866 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
1867 of whether the variable exists or not. Cannot be updated.
1868 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
1869 items:
1870 type: string
1871 x-kubernetes-list-type: atomic
1872 args:
1873 type: array
1874 description: |-
1875 Arguments to the entrypoint.
1876 The container image's CMD is used if this is not provided.
1877 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
1878 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
1879 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
1880 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
1881 of whether the variable exists or not. Cannot be updated.
1882 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
1883 items:
1884 type: string
1885 x-kubernetes-list-type: atomic
1886 workingDir:
1887 type: string
1888 description: |-
1889 Container's working directory.
1890 If not specified, the container runtime's default will be used, which
1891 might be configured in the container image.
1892 Cannot be updated.
1893 ports:
1894 type: array
1895 description: |-
1896 List of ports to expose from the container. Not specifying a port here
1897 DOES NOT prevent that port from being exposed. Any port which is
1898 listening on the default "0.0.0.0" address inside a container will be
1899 accessible from the network.
1900 Modifying this array with strategic merge patch may corrupt the data.
1901 For more information See https://github.com/kubernetes/kubernetes/issues/108255.
1902 Cannot be updated.
1903 items:
1904 type: object
1905 description: ContainerPort represents a network port in a single container.
1906 properties:
1907 name:
1908 type: string
1909 description: |-
1910 If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
1911 named port in a pod must have a unique name. Name for the port that can be
1912 referred to by services.
1913 protocol:
1914 type: string
1915 default: TCP
1916 description: |-
1917 Protocol for port. Must be UDP, TCP, or SCTP.
1918 Defaults to "TCP".
1919 hostPort:
1920 type: integer
1921 description: |-
1922 Number of port to expose on the host.
1923 If specified, this must be a valid port number, 0 < x < 65536.
1924 If HostNetwork is specified, this must match ContainerPort.
1925 Most containers do not need this.
1926 format: int32
1927 containerPort:
1928 type: integer
1929 description: |-
1930 Number of port to expose on the pod's IP address.
1931 This must be a valid port number, 0 < x < 65536.
1932 format: int32
1933 hostIP:
1934 type: string
1935 description: What host IP to bind the external port to.
1936 required:
1937 - containerPort
1938 x-kubernetes-list-map-keys:
1939 - containerPort
1940 - protocol
1941 x-kubernetes-list-type: map
1942 envFrom:
1943 type: array
1944 description: |-
1945 List of sources to populate environment variables in the container.
1946 The keys defined within a source must be a C_IDENTIFIER. All invalid keys
1947 will be reported as an event when the container is starting. When a key exists in multiple
1948 sources, the value associated with the last source will take precedence.
1949 Values defined by an Env with a duplicate key will take precedence.
1950 Cannot be updated.
1951 items:
1952 type: object
1953 description: EnvFromSource represents the source of a set of ConfigMaps
1954 properties:
1955 prefix:
1956 type: string
1957 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
1958 configMapRef:
1959 type: object
1960 description: The ConfigMap to select from
1961 properties:
1962 name:
1963 type: string
1964 default: ""
1965 description: |-
1966 Name of the referent.
1967 This field is effectively required, but due to backwards compatibility is
1968 allowed to be empty. Instances of this type with an empty value here are
1969 almost certainly wrong.
1970 TODO: Add other useful fields. apiVersion, kind, uid?
1971 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
1972 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
1973 optional:
1974 type: boolean
1975 description: Specify whether the ConfigMap must be defined
1976 x-kubernetes-map-type: atomic
1977 secretRef:
1978 type: object
1979 description: The Secret to select from
1980 properties:
1981 name:
1982 type: string
1983 default: ""
1984 description: |-
1985 Name of the referent.
1986 This field is effectively required, but due to backwards compatibility is
1987 allowed to be empty. Instances of this type with an empty value here are
1988 almost certainly wrong.
1989 TODO: Add other useful fields. apiVersion, kind, uid?
1990 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
1991 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
1992 optional:
1993 type: boolean
1994 description: Specify whether the Secret must be defined
1995 x-kubernetes-map-type: atomic
1996 x-kubernetes-list-type: atomic
1997 env:
1998 type: array
1999 description: |-
2000 List of environment variables to set in the container.
2001 Cannot be updated.
2002 items:
2003 type: object
2004 description: EnvVar represents an environment variable present in a Container.
2005 properties:
2006 name:
2007 type: string
2008 description: Name of the environment variable. Must be a C_IDENTIFIER.
2009 value:
2010 type: string
2011 description: |-
2012 Variable references $(VAR_NAME) are expanded
2013 using the previously defined environment variables in the container and
2014 any service environment variables. If a variable cannot be resolved,
2015 the reference in the input string will be unchanged. Double $$ are reduced
2016 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
2017 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
2018 Escaped references will never be expanded, regardless of whether the variable
2019 exists or not.
2020 Defaults to "".
2021 valueFrom:
2022 type: object
2023 description: Source for the environment variable's value. Cannot be used if value is not empty.
2024 properties:
2025 fieldRef:
2026 type: object
2027 description: |-
2028 Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
2029 spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
2030 properties:
2031 apiVersion:
2032 type: string
2033 description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
2034 fieldPath:
2035 type: string
2036 description: Path of the field to select in the specified API version.
2037 required:
2038 - fieldPath
2039 x-kubernetes-map-type: atomic
2040 resourceFieldRef:
2041 type: object
2042 description: |-
2043 Selects a resource of the container: only resources limits and requests
2044 (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
2045 properties:
2046 containerName:
2047 type: string
2048 description: 'Container name: required for volumes, optional for env vars'
2049 divisor:
2050 anyOf:
2051 - type: integer
2052 - type: string
2053 description: Specifies the output format of the exposed resources, defaults to "1"
2054 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
2055 x-kubernetes-int-or-string: true
2056 resource:
2057 type: string
2058 description: 'Required: resource to select'
2059 required:
2060 - resource
2061 x-kubernetes-map-type: atomic
2062 configMapKeyRef:
2063 type: object
2064 description: Selects a key of a ConfigMap.
2065 properties:
2066 name:
2067 type: string
2068 default: ""
2069 description: |-
2070 Name of the referent.
2071 This field is effectively required, but due to backwards compatibility is
2072 allowed to be empty. Instances of this type with an empty value here are
2073 almost certainly wrong.
2074 TODO: Add other useful fields. apiVersion, kind, uid?
2075 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
2076 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
2077 key:
2078 type: string
2079 description: The key to select.
2080 optional:
2081 type: boolean
2082 description: Specify whether the ConfigMap or its key must be defined
2083 required:
2084 - key
2085 x-kubernetes-map-type: atomic
2086 secretKeyRef:
2087 type: object
2088 description: Selects a key of a secret in the pod's namespace
2089 properties:
2090 name:
2091 type: string
2092 default: ""
2093 description: |-
2094 Name of the referent.
2095 This field is effectively required, but due to backwards compatibility is
2096 allowed to be empty. Instances of this type with an empty value here are
2097 almost certainly wrong.
2098 TODO: Add other useful fields. apiVersion, kind, uid?
2099 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
2100 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
2101 key:
2102 type: string
2103 description: The key of the secret to select from. Must be a valid secret key.
2104 optional:
2105 type: boolean
2106 description: Specify whether the Secret or its key must be defined
2107 required:
2108 - key
2109 x-kubernetes-map-type: atomic
2110 required:
2111 - name
2112 x-kubernetes-list-map-keys:
2113 - name
2114 x-kubernetes-list-type: map
2115 resources:
2116 type: object
2117 description: |-
2118 Compute Resources required by this container.
2119 Cannot be updated.
2120 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
2121 properties:
2122 claims:
2123 type: array
2124 description: |-
2125 Claims lists the names of resources, defined in spec.resourceClaims,
2126 that are used by this container.
2127
2128
2129 This is an alpha field and requires enabling the
2130 DynamicResourceAllocation feature gate.
2131
2132
2133 This field is immutable. It can only be set for containers.
2134 items:
2135 type: object
2136 description: ResourceClaim references one entry in PodSpec.ResourceClaims.
2137 properties:
2138 name:
2139 type: string
2140 description: |-
2141 Name must match the name of one entry in pod.spec.resourceClaims of
2142 the Pod where this field is used. It makes that resource available
2143 inside a container.
2144 required:
2145 - name
2146 x-kubernetes-list-map-keys:
2147 - name
2148 x-kubernetes-list-type: map
2149 limits:
2150 type: object
2151 additionalProperties:
2152 anyOf:
2153 - type: integer
2154 - type: string
2155 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
2156 x-kubernetes-int-or-string: true
2157 description: |-
2158 Limits describes the maximum amount of compute resources allowed.
2159 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
2160 requests:
2161 type: object
2162 additionalProperties:
2163 anyOf:
2164 - type: integer
2165 - type: string
2166 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
2167 x-kubernetes-int-or-string: true
2168 description: |-
2169 Requests describes the minimum amount of compute resources required.
2170 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
2171 otherwise to an implementation-defined value. Requests cannot exceed Limits.
2172 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
2173 volumeMounts:
2174 type: array
2175 description: |-
2176 Pod volumes to mount into the container's filesystem.
2177 Cannot be updated.
2178 items:
2179 type: object
2180 description: VolumeMount describes a mounting of a Volume within a container.
2181 properties:
2182 name:
2183 type: string
2184 description: This must match the Name of a Volume.
2185 readOnly:
2186 type: boolean
2187 description: |-
2188 Mounted read-only if true, read-write otherwise (false or unspecified).
2189 Defaults to false.
2190 mountPath:
2191 type: string
2192 description: |-
2193 Path within the container at which the volume should be mounted. Must
2194 not contain ':'.
2195 subPath:
2196 type: string
2197 description: |-
2198 Path within the volume from which the container's volume should be mounted.
2199 Defaults to "" (volume's root).
2200 subPathExpr:
2201 type: string
2202 description: |-
2203 Expanded path within the volume from which the container's volume should be mounted.
2204 Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
2205 Defaults to "" (volume's root).
2206 SubPathExpr and SubPath are mutually exclusive.
2207 mountPropagation:
2208 type: string
2209 description: |-
2210 mountPropagation determines how mounts are propagated from the host
2211 to container and the other way around.
2212 When not set, MountPropagationNone is used.
2213 This field is beta in 1.10.
2214 When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
2215 (which defaults to None).
2216 recursiveReadOnly:
2217 type: string
2218 description: |-
2219 RecursiveReadOnly specifies whether read-only mounts should be handled
2220 recursively.
2221
2222
2223 If ReadOnly is false, this field has no meaning and must be unspecified.
2224
2225
2226 If ReadOnly is true, and this field is set to Disabled, the mount is not made
2227 recursively read-only. If this field is set to IfPossible, the mount is made
2228 recursively read-only, if it is supported by the container runtime. If this
2229 field is set to Enabled, the mount is made recursively read-only if it is
2230 supported by the container runtime, otherwise the pod will not be started and
2231 an error will be generated to indicate the reason.
2232
2233
2234 If this field is set to IfPossible or Enabled, MountPropagation must be set to
2235 None (or be unspecified, which defaults to None).
2236
2237
2238 If this field is not specified, it is treated as an equivalent of Disabled.
2239 required:
2240 - mountPath
2241 - name
2242 x-kubernetes-list-map-keys:
2243 - mountPath
2244 x-kubernetes-list-type: map
2245 volumeDevices:
2246 type: array
2247 description: volumeDevices is the list of block devices to be used by the container.
2248 items:
2249 type: object
2250 description: volumeDevice describes a mapping of a raw block device within a container.
2251 properties:
2252 name:
2253 type: string
2254 description: name must match the name of a persistentVolumeClaim in the pod
2255 devicePath:
2256 type: string
2257 description: devicePath is the path inside of the container that the device will be mapped to.
2258 required:
2259 - devicePath
2260 - name
2261 x-kubernetes-list-map-keys:
2262 - devicePath
2263 x-kubernetes-list-type: map
2264 livenessProbe:
2265 type: object
2266 description: |-
2267 Periodic probe of container liveness.
2268 Container will be restarted if the probe fails.
2269 Cannot be updated.
2270 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
2271 properties:
2272 terminationGracePeriodSeconds:
2273 type: integer
2274 description: |-
2275 Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
2276 The grace period is the duration in seconds after the processes running in the pod are sent
2277 a termination signal and the time when the processes are forcibly halted with a kill signal.
2278 Set this value longer than the expected cleanup time for your process.
2279 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
2280 value overrides the value provided by the pod spec.
2281 Value must be non-negative integer. The value zero indicates stop immediately via
2282 the kill signal (no opportunity to shut down).
2283 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
2284 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
2285 format: int64
2286 exec:
2287 type: object
2288 description: Exec specifies the action to take.
2289 properties:
2290 command:
2291 type: array
2292 description: |-
2293 Command is the command line to execute inside the container, the working directory for the
2294 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
2295 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
2296 a shell, you need to explicitly call out to that shell.
2297 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
2298 items:
2299 type: string
2300 x-kubernetes-list-type: atomic
2301 failureThreshold:
2302 type: integer
2303 description: |-
2304 Minimum consecutive failures for the probe to be considered failed after having succeeded.
2305 Defaults to 3. Minimum value is 1.
2306 format: int32
2307 grpc:
2308 type: object
2309 description: GRPC specifies an action involving a GRPC port.
2310 properties:
2311 service:
2312 type: string
2313 description: |-
2314 Service is the name of the service to place in the gRPC HealthCheckRequest
2315 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
2316
2317
2318 If this is not specified, the default behavior is defined by gRPC.
2319 port:
2320 type: integer
2321 description: Port number of the gRPC service. Number must be in the range 1 to 65535.
2322 format: int32
2323 required:
2324 - port
2325 httpGet:
2326 type: object
2327 description: HTTPGet specifies the http request to perform.
2328 properties:
2329 port:
2330 anyOf:
2331 - type: integer
2332 - type: string
2333 description: |-
2334 Name or number of the port to access on the container.
2335 Number must be in the range 1 to 65535.
2336 Name must be an IANA_SVC_NAME.
2337 x-kubernetes-int-or-string: true
2338 host:
2339 type: string
2340 description: |-
2341 Host name to connect to, defaults to the pod IP. You probably want to set
2342 "Host" in httpHeaders instead.
2343 httpHeaders:
2344 type: array
2345 description: Custom headers to set in the request. HTTP allows repeated headers.
2346 items:
2347 type: object
2348 description: HTTPHeader describes a custom header to be used in HTTP probes
2349 properties:
2350 name:
2351 type: string
2352 description: |-
2353 The header field name.
2354 This will be canonicalized upon output, so case-variant names will be understood as the same header.
2355 value:
2356 type: string
2357 description: The header field value
2358 required:
2359 - name
2360 - value
2361 x-kubernetes-list-type: atomic
2362 path:
2363 type: string
2364 description: Path to access on the HTTP server.
2365 scheme:
2366 type: string
2367 description: |-
2368 Scheme to use for connecting to the host.
2369 Defaults to HTTP.
2370 required:
2371 - port
2372 initialDelaySeconds:
2373 type: integer
2374 description: |-
2375 Number of seconds after the container has started before liveness probes are initiated.
2376 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
2377 format: int32
2378 periodSeconds:
2379 type: integer
2380 description: |-
2381 How often (in seconds) to perform the probe.
2382 Default to 10 seconds. Minimum value is 1.
2383 format: int32
2384 successThreshold:
2385 type: integer
2386 description: |-
2387 Minimum consecutive successes for the probe to be considered successful after having failed.
2388 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
2389 format: int32
2390 tcpSocket:
2391 type: object
2392 description: TCPSocket specifies an action involving a TCP port.
2393 properties:
2394 port:
2395 anyOf:
2396 - type: integer
2397 - type: string
2398 description: |-
2399 Number or name of the port to access on the container.
2400 Number must be in the range 1 to 65535.
2401 Name must be an IANA_SVC_NAME.
2402 x-kubernetes-int-or-string: true
2403 host:
2404 type: string
2405 description: 'Optional: Host name to connect to, defaults to the pod IP.'
2406 required:
2407 - port
2408 timeoutSeconds:
2409 type: integer
2410 description: |-
2411 Number of seconds after which the probe times out.
2412 Defaults to 1 second. Minimum value is 1.
2413 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
2414 format: int32
2415 readinessProbe:
2416 type: object
2417 description: |-
2418 Periodic probe of container service readiness.
2419 Container will be removed from service endpoints if the probe fails.
2420 Cannot be updated.
2421 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
2422 properties:
2423 terminationGracePeriodSeconds:
2424 type: integer
2425 description: |-
2426 Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
2427 The grace period is the duration in seconds after the processes running in the pod are sent
2428 a termination signal and the time when the processes are forcibly halted with a kill signal.
2429 Set this value longer than the expected cleanup time for your process.
2430 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
2431 value overrides the value provided by the pod spec.
2432 Value must be non-negative integer. The value zero indicates stop immediately via
2433 the kill signal (no opportunity to shut down).
2434 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
2435 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
2436 format: int64
2437 exec:
2438 type: object
2439 description: Exec specifies the action to take.
2440 properties:
2441 command:
2442 type: array
2443 description: |-
2444 Command is the command line to execute inside the container, the working directory for the
2445 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
2446 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
2447 a shell, you need to explicitly call out to that shell.
2448 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
2449 items:
2450 type: string
2451 x-kubernetes-list-type: atomic
2452 failureThreshold:
2453 type: integer
2454 description: |-
2455 Minimum consecutive failures for the probe to be considered failed after having succeeded.
2456 Defaults to 3. Minimum value is 1.
2457 format: int32
2458 grpc:
2459 type: object
2460 description: GRPC specifies an action involving a GRPC port.
2461 properties:
2462 service:
2463 type: string
2464 description: |-
2465 Service is the name of the service to place in the gRPC HealthCheckRequest
2466 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
2467
2468
2469 If this is not specified, the default behavior is defined by gRPC.
2470 port:
2471 type: integer
2472 description: Port number of the gRPC service. Number must be in the range 1 to 65535.
2473 format: int32
2474 required:
2475 - port
2476 httpGet:
2477 type: object
2478 description: HTTPGet specifies the http request to perform.
2479 properties:
2480 port:
2481 anyOf:
2482 - type: integer
2483 - type: string
2484 description: |-
2485 Name or number of the port to access on the container.
2486 Number must be in the range 1 to 65535.
2487 Name must be an IANA_SVC_NAME.
2488 x-kubernetes-int-or-string: true
2489 host:
2490 type: string
2491 description: |-
2492 Host name to connect to, defaults to the pod IP. You probably want to set
2493 "Host" in httpHeaders instead.
2494 httpHeaders:
2495 type: array
2496 description: Custom headers to set in the request. HTTP allows repeated headers.
2497 items:
2498 type: object
2499 description: HTTPHeader describes a custom header to be used in HTTP probes
2500 properties:
2501 name:
2502 type: string
2503 description: |-
2504 The header field name.
2505 This will be canonicalized upon output, so case-variant names will be understood as the same header.
2506 value:
2507 type: string
2508 description: The header field value
2509 required:
2510 - name
2511 - value
2512 x-kubernetes-list-type: atomic
2513 path:
2514 type: string
2515 description: Path to access on the HTTP server.
2516 scheme:
2517 type: string
2518 description: |-
2519 Scheme to use for connecting to the host.
2520 Defaults to HTTP.
2521 required:
2522 - port
2523 initialDelaySeconds:
2524 type: integer
2525 description: |-
2526 Number of seconds after the container has started before liveness probes are initiated.
2527 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
2528 format: int32
2529 periodSeconds:
2530 type: integer
2531 description: |-
2532 How often (in seconds) to perform the probe.
2533 Default to 10 seconds. Minimum value is 1.
2534 format: int32
2535 successThreshold:
2536 type: integer
2537 description: |-
2538 Minimum consecutive successes for the probe to be considered successful after having failed.
2539 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
2540 format: int32
2541 tcpSocket:
2542 type: object
2543 description: TCPSocket specifies an action involving a TCP port.
2544 properties:
2545 port:
2546 anyOf:
2547 - type: integer
2548 - type: string
2549 description: |-
2550 Number or name of the port to access on the container.
2551 Number must be in the range 1 to 65535.
2552 Name must be an IANA_SVC_NAME.
2553 x-kubernetes-int-or-string: true
2554 host:
2555 type: string
2556 description: 'Optional: Host name to connect to, defaults to the pod IP.'
2557 required:
2558 - port
2559 timeoutSeconds:
2560 type: integer
2561 description: |-
2562 Number of seconds after which the probe times out.
2563 Defaults to 1 second. Minimum value is 1.
2564 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
2565 format: int32
2566 lifecycle:
2567 type: object
2568 description: |-
2569 Actions that the management system should take in response to container lifecycle events.
2570 Cannot be updated.
2571 properties:
2572 postStart:
2573 type: object
2574 description: |-
2575 PostStart is called immediately after a container is created. If the handler fails,
2576 the container is terminated and restarted according to its restart policy.
2577 Other management of the container blocks until the hook completes.
2578 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
2579 properties:
2580 exec:
2581 type: object
2582 description: Exec specifies the action to take.
2583 properties:
2584 command:
2585 type: array
2586 description: |-
2587 Command is the command line to execute inside the container, the working directory for the
2588 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
2589 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
2590 a shell, you need to explicitly call out to that shell.
2591 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
2592 items:
2593 type: string
2594 x-kubernetes-list-type: atomic
2595 httpGet:
2596 type: object
2597 description: HTTPGet specifies the http request to perform.
2598 properties:
2599 port:
2600 anyOf:
2601 - type: integer
2602 - type: string
2603 description: |-
2604 Name or number of the port to access on the container.
2605 Number must be in the range 1 to 65535.
2606 Name must be an IANA_SVC_NAME.
2607 x-kubernetes-int-or-string: true
2608 host:
2609 type: string
2610 description: |-
2611 Host name to connect to, defaults to the pod IP. You probably want to set
2612 "Host" in httpHeaders instead.
2613 httpHeaders:
2614 type: array
2615 description: Custom headers to set in the request. HTTP allows repeated headers.
2616 items:
2617 type: object
2618 description: HTTPHeader describes a custom header to be used in HTTP probes
2619 properties:
2620 name:
2621 type: string
2622 description: |-
2623 The header field name.
2624 This will be canonicalized upon output, so case-variant names will be understood as the same header.
2625 value:
2626 type: string
2627 description: The header field value
2628 required:
2629 - name
2630 - value
2631 x-kubernetes-list-type: atomic
2632 path:
2633 type: string
2634 description: Path to access on the HTTP server.
2635 scheme:
2636 type: string
2637 description: |-
2638 Scheme to use for connecting to the host.
2639 Defaults to HTTP.
2640 required:
2641 - port
2642 sleep:
2643 type: object
2644 description: Sleep represents the duration that the container should sleep before being terminated.
2645 properties:
2646 seconds:
2647 type: integer
2648 description: Seconds is the number of seconds to sleep.
2649 format: int64
2650 required:
2651 - seconds
2652 tcpSocket:
2653 type: object
2654 description: |-
2655 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
2656 for the backward compatibility. There are no validation of this field and
2657 lifecycle hooks will fail in runtime when tcp handler is specified.
2658 properties:
2659 port:
2660 anyOf:
2661 - type: integer
2662 - type: string
2663 description: |-
2664 Number or name of the port to access on the container.
2665 Number must be in the range 1 to 65535.
2666 Name must be an IANA_SVC_NAME.
2667 x-kubernetes-int-or-string: true
2668 host:
2669 type: string
2670 description: 'Optional: Host name to connect to, defaults to the pod IP.'
2671 required:
2672 - port
2673 preStop:
2674 type: object
2675 description: |-
2676 PreStop is called immediately before a container is terminated due to an
2677 API request or management event such as liveness/startup probe failure,
2678 preemption, resource contention, etc. The handler is not called if the
2679 container crashes or exits. The Pod's termination grace period countdown begins before the
2680 PreStop hook is executed. Regardless of the outcome of the handler, the
2681 container will eventually terminate within the Pod's termination grace
2682 period (unless delayed by finalizers). Other management of the container blocks until the hook completes
2683 or until the termination grace period is reached.
2684 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
2685 properties:
2686 exec:
2687 type: object
2688 description: Exec specifies the action to take.
2689 properties:
2690 command:
2691 type: array
2692 description: |-
2693 Command is the command line to execute inside the container, the working directory for the
2694 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
2695 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
2696 a shell, you need to explicitly call out to that shell.
2697 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
2698 items:
2699 type: string
2700 x-kubernetes-list-type: atomic
2701 httpGet:
2702 type: object
2703 description: HTTPGet specifies the http request to perform.
2704 properties:
2705 port:
2706 anyOf:
2707 - type: integer
2708 - type: string
2709 description: |-
2710 Name or number of the port to access on the container.
2711 Number must be in the range 1 to 65535.
2712 Name must be an IANA_SVC_NAME.
2713 x-kubernetes-int-or-string: true
2714 host:
2715 type: string
2716 description: |-
2717 Host name to connect to, defaults to the pod IP. You probably want to set
2718 "Host" in httpHeaders instead.
2719 httpHeaders:
2720 type: array
2721 description: Custom headers to set in the request. HTTP allows repeated headers.
2722 items:
2723 type: object
2724 description: HTTPHeader describes a custom header to be used in HTTP probes
2725 properties:
2726 name:
2727 type: string
2728 description: |-
2729 The header field name.
2730 This will be canonicalized upon output, so case-variant names will be understood as the same header.
2731 value:
2732 type: string
2733 description: The header field value
2734 required:
2735 - name
2736 - value
2737 x-kubernetes-list-type: atomic
2738 path:
2739 type: string
2740 description: Path to access on the HTTP server.
2741 scheme:
2742 type: string
2743 description: |-
2744 Scheme to use for connecting to the host.
2745 Defaults to HTTP.
2746 required:
2747 - port
2748 sleep:
2749 type: object
2750 description: Sleep represents the duration that the container should sleep before being terminated.
2751 properties:
2752 seconds:
2753 type: integer
2754 description: Seconds is the number of seconds to sleep.
2755 format: int64
2756 required:
2757 - seconds
2758 tcpSocket:
2759 type: object
2760 description: |-
2761 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
2762 for the backward compatibility. There are no validation of this field and
2763 lifecycle hooks will fail in runtime when tcp handler is specified.
2764 properties:
2765 port:
2766 anyOf:
2767 - type: integer
2768 - type: string
2769 description: |-
2770 Number or name of the port to access on the container.
2771 Number must be in the range 1 to 65535.
2772 Name must be an IANA_SVC_NAME.
2773 x-kubernetes-int-or-string: true
2774 host:
2775 type: string
2776 description: 'Optional: Host name to connect to, defaults to the pod IP.'
2777 required:
2778 - port
2779 terminationMessagePath:
2780 type: string
2781 description: |-
2782 Optional: Path at which the file to which the container's termination message
2783 will be written is mounted into the container's filesystem.
2784 Message written is intended to be brief final status, such as an assertion failure message.
2785 Will be truncated by the node if greater than 4096 bytes. The total message length across
2786 all containers will be limited to 12kb.
2787 Defaults to /dev/termination-log.
2788 Cannot be updated.
2789 terminationMessagePolicy:
2790 type: string
2791 description: |-
2792 Indicate how the termination message should be populated. File will use the contents of
2793 terminationMessagePath to populate the container status message on both success and failure.
2794 FallbackToLogsOnError will use the last chunk of container log output if the termination
2795 message file is empty and the container exited with an error.
2796 The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
2797 Defaults to File.
2798 Cannot be updated.
2799 imagePullPolicy:
2800 type: string
2801 description: |-
2802 Image pull policy.
2803 One of Always, Never, IfNotPresent.
2804 Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
2805 Cannot be updated.
2806 More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
2807 securityContext:
2808 type: object
2809 description: |-
2810 SecurityContext defines the security options the container should be run with.
2811 If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
2812 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
2813 properties:
2814 allowPrivilegeEscalation:
2815 type: boolean
2816 description: |-
2817 AllowPrivilegeEscalation controls whether a process can gain more
2818 privileges than its parent process. This bool directly controls if
2819 the no_new_privs flag will be set on the container process.
2820 AllowPrivilegeEscalation is true always when the container is:
2821 1) run as Privileged
2822 2) has CAP_SYS_ADMIN
2823 Note that this field cannot be set when spec.os.name is windows.
2824 appArmorProfile:
2825 type: object
2826 description: |-
2827 appArmorProfile is the AppArmor options to use by this container. If set, this profile
2828 overrides the pod's appArmorProfile.
2829 Note that this field cannot be set when spec.os.name is windows.
2830 properties:
2831 type:
2832 type: string
2833 description: |-
2834 type indicates which kind of AppArmor profile will be applied.
2835 Valid options are:
2836 Localhost - a profile pre-loaded on the node.
2837 RuntimeDefault - the container runtime's default profile.
2838 Unconfined - no AppArmor enforcement.
2839 localhostProfile:
2840 type: string
2841 description: |-
2842 localhostProfile indicates a profile loaded on the node that should be used.
2843 The profile must be preconfigured on the node to work.
2844 Must match the loaded name of the profile.
2845 Must be set if and only if type is "Localhost".
2846 required:
2847 - type
2848 capabilities:
2849 type: object
2850 description: |-
2851 The capabilities to add/drop when running containers.
2852 Defaults to the default set of capabilities granted by the container runtime.
2853 Note that this field cannot be set when spec.os.name is windows.
2854 properties:
2855 add:
2856 type: array
2857 description: Added capabilities
2858 items:
2859 type: string
2860 description: Capability represent POSIX capabilities type
2861 x-kubernetes-list-type: atomic
2862 drop:
2863 type: array
2864 description: Removed capabilities
2865 items:
2866 type: string
2867 description: Capability represent POSIX capabilities type
2868 x-kubernetes-list-type: atomic
2869 privileged:
2870 type: boolean
2871 description: |-
2872 Run container in privileged mode.
2873 Processes in privileged containers are essentially equivalent to root on the host.
2874 Defaults to false.
2875 Note that this field cannot be set when spec.os.name is windows.
2876 procMount:
2877 type: string
2878 description: |-
2879 procMount denotes the type of proc mount to use for the containers.
2880 The default is DefaultProcMount which uses the container runtime defaults for
2881 readonly paths and masked paths.
2882 This requires the ProcMountType feature flag to be enabled.
2883 Note that this field cannot be set when spec.os.name is windows.
2884 readOnlyRootFilesystem:
2885 type: boolean
2886 description: |-
2887 Whether this container has a read-only root filesystem.
2888 Default is false.
2889 Note that this field cannot be set when spec.os.name is windows.
2890 runAsGroup:
2891 type: integer
2892 description: |-
2893 The GID to run the entrypoint of the container process.
2894 Uses runtime default if unset.
2895 May also be set in PodSecurityContext. If set in both SecurityContext and
2896 PodSecurityContext, the value specified in SecurityContext takes precedence.
2897 Note that this field cannot be set when spec.os.name is windows.
2898 format: int64
2899 runAsNonRoot:
2900 type: boolean
2901 description: |-
2902 Indicates that the container must run as a non-root user.
2903 If true, the Kubelet will validate the image at runtime to ensure that it
2904 does not run as UID 0 (root) and fail to start the container if it does.
2905 If unset or false, no such validation will be performed.
2906 May also be set in PodSecurityContext. If set in both SecurityContext and
2907 PodSecurityContext, the value specified in SecurityContext takes precedence.
2908 runAsUser:
2909 type: integer
2910 description: |-
2911 The UID to run the entrypoint of the container process.
2912 Defaults to user specified in image metadata if unspecified.
2913 May also be set in PodSecurityContext. If set in both SecurityContext and
2914 PodSecurityContext, the value specified in SecurityContext takes precedence.
2915 Note that this field cannot be set when spec.os.name is windows.
2916 format: int64
2917 seLinuxOptions:
2918 type: object
2919 description: |-
2920 The SELinux context to be applied to the container.
2921 If unspecified, the container runtime will allocate a random SELinux context for each
2922 container. May also be set in PodSecurityContext. If set in both SecurityContext and
2923 PodSecurityContext, the value specified in SecurityContext takes precedence.
2924 Note that this field cannot be set when spec.os.name is windows.
2925 properties:
2926 type:
2927 type: string
2928 description: Type is a SELinux type label that applies to the container.
2929 level:
2930 type: string
2931 description: Level is SELinux level label that applies to the container.
2932 role:
2933 type: string
2934 description: Role is a SELinux role label that applies to the container.
2935 user:
2936 type: string
2937 description: User is a SELinux user label that applies to the container.
2938 seccompProfile:
2939 type: object
2940 description: |-
2941 The seccomp options to use by this container. If seccomp options are
2942 provided at both the pod & container level, the container options
2943 override the pod options.
2944 Note that this field cannot be set when spec.os.name is windows.
2945 properties:
2946 type:
2947 type: string
2948 description: |-
2949 type indicates which kind of seccomp profile will be applied.
2950 Valid options are:
2951
2952
2953 Localhost - a profile defined in a file on the node should be used.
2954 RuntimeDefault - the container runtime default profile should be used.
2955 Unconfined - no profile should be applied.
2956 localhostProfile:
2957 type: string
2958 description: |-
2959 localhostProfile indicates a profile defined in a file on the node should be used.
2960 The profile must be preconfigured on the node to work.
2961 Must be a descending path, relative to the kubelet's configured seccomp profile location.
2962 Must be set if type is "Localhost". Must NOT be set for any other type.
2963 required:
2964 - type
2965 windowsOptions:
2966 type: object
2967 description: |-
2968 The Windows specific settings applied to all containers.
2969 If unspecified, the options from the PodSecurityContext will be used.
2970 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
2971 Note that this field cannot be set when spec.os.name is linux.
2972 properties:
2973 gmsaCredentialSpec:
2974 type: string
2975 description: |-
2976 GMSACredentialSpec is where the GMSA admission webhook
2977 (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
2978 GMSA credential spec named by the GMSACredentialSpecName field.
2979 gmsaCredentialSpecName:
2980 type: string
2981 description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
2982 hostProcess:
2983 type: boolean
2984 description: |-
2985 HostProcess determines if a container should be run as a 'Host Process' container.
2986 All of a Pod's containers must have the same effective HostProcess value
2987 (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
2988 In addition, if HostProcess is true then HostNetwork must also be set to true.
2989 runAsUserName:
2990 type: string
2991 description: |-
2992 The UserName in Windows to run the entrypoint of the container process.
2993 Defaults to the user specified in image metadata if unspecified.
2994 May also be set in PodSecurityContext. If set in both SecurityContext and
2995 PodSecurityContext, the value specified in SecurityContext takes precedence.
2996 stdin:
2997 type: boolean
2998 description: |-
2999 Whether this container should allocate a buffer for stdin in the container runtime. If this
3000 is not set, reads from stdin in the container will always result in EOF.
3001 Default is false.
3002 stdinOnce:
3003 type: boolean
3004 description: |-
3005 Whether the container runtime should close the stdin channel after it has been opened by
3006 a single attach. When stdin is true the stdin stream will remain open across multiple attach
3007 sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
3008 first client attaches to stdin, and then remains open and accepts data until the client disconnects,
3009 at which time stdin is closed and remains closed until the container is restarted. If this
3010 flag is false, a container processes that reads from stdin will never receive an EOF.
3011 Default is false
3012 tty:
3013 type: boolean
3014 description: |-
3015 Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
3016 Default is false.
3017 resizePolicy:
3018 type: array
3019 description: Resources resize policy for the container.
3020 items:
3021 type: object
3022 description: ContainerResizePolicy represents resource resize policy for the container.
3023 properties:
3024 restartPolicy:
3025 type: string
3026 description: |-
3027 Restart policy to apply when specified resource is resized.
3028 If not specified, it defaults to NotRequired.
3029 resourceName:
3030 type: string
3031 description: |-
3032 Name of the resource to which this resource resize policy applies.
3033 Supported values: cpu, memory.
3034 required:
3035 - resourceName
3036 - restartPolicy
3037 x-kubernetes-list-type: atomic
3038 startupProbe:
3039 type: object
3040 description: |-
3041 StartupProbe indicates that the Pod has successfully initialized.
3042 If specified, no other probes are executed until this completes successfully.
3043 If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
3044 This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
3045 when it might take a long time to load data or warm a cache, than during steady-state operation.
3046 This cannot be updated.
3047 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
3048 properties:
3049 terminationGracePeriodSeconds:
3050 type: integer
3051 description: |-
3052 Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
3053 The grace period is the duration in seconds after the processes running in the pod are sent
3054 a termination signal and the time when the processes are forcibly halted with a kill signal.
3055 Set this value longer than the expected cleanup time for your process.
3056 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
3057 value overrides the value provided by the pod spec.
3058 Value must be non-negative integer. The value zero indicates stop immediately via
3059 the kill signal (no opportunity to shut down).
3060 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
3061 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
3062 format: int64
3063 exec:
3064 type: object
3065 description: Exec specifies the action to take.
3066 properties:
3067 command:
3068 type: array
3069 description: |-
3070 Command is the command line to execute inside the container, the working directory for the
3071 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
3072 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
3073 a shell, you need to explicitly call out to that shell.
3074 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
3075 items:
3076 type: string
3077 x-kubernetes-list-type: atomic
3078 failureThreshold:
3079 type: integer
3080 description: |-
3081 Minimum consecutive failures for the probe to be considered failed after having succeeded.
3082 Defaults to 3. Minimum value is 1.
3083 format: int32
3084 grpc:
3085 type: object
3086 description: GRPC specifies an action involving a GRPC port.
3087 properties:
3088 service:
3089 type: string
3090 description: |-
3091 Service is the name of the service to place in the gRPC HealthCheckRequest
3092 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
3093
3094
3095 If this is not specified, the default behavior is defined by gRPC.
3096 port:
3097 type: integer
3098 description: Port number of the gRPC service. Number must be in the range 1 to 65535.
3099 format: int32
3100 required:
3101 - port
3102 httpGet:
3103 type: object
3104 description: HTTPGet specifies the http request to perform.
3105 properties:
3106 port:
3107 anyOf:
3108 - type: integer
3109 - type: string
3110 description: |-
3111 Name or number of the port to access on the container.
3112 Number must be in the range 1 to 65535.
3113 Name must be an IANA_SVC_NAME.
3114 x-kubernetes-int-or-string: true
3115 host:
3116 type: string
3117 description: |-
3118 Host name to connect to, defaults to the pod IP. You probably want to set
3119 "Host" in httpHeaders instead.
3120 httpHeaders:
3121 type: array
3122 description: Custom headers to set in the request. HTTP allows repeated headers.
3123 items:
3124 type: object
3125 description: HTTPHeader describes a custom header to be used in HTTP probes
3126 properties:
3127 name:
3128 type: string
3129 description: |-
3130 The header field name.
3131 This will be canonicalized upon output, so case-variant names will be understood as the same header.
3132 value:
3133 type: string
3134 description: The header field value
3135 required:
3136 - name
3137 - value
3138 x-kubernetes-list-type: atomic
3139 path:
3140 type: string
3141 description: Path to access on the HTTP server.
3142 scheme:
3143 type: string
3144 description: |-
3145 Scheme to use for connecting to the host.
3146 Defaults to HTTP.
3147 required:
3148 - port
3149 initialDelaySeconds:
3150 type: integer
3151 description: |-
3152 Number of seconds after the container has started before liveness probes are initiated.
3153 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
3154 format: int32
3155 periodSeconds:
3156 type: integer
3157 description: |-
3158 How often (in seconds) to perform the probe.
3159 Default to 10 seconds. Minimum value is 1.
3160 format: int32
3161 successThreshold:
3162 type: integer
3163 description: |-
3164 Minimum consecutive successes for the probe to be considered successful after having failed.
3165 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
3166 format: int32
3167 tcpSocket:
3168 type: object
3169 description: TCPSocket specifies an action involving a TCP port.
3170 properties:
3171 port:
3172 anyOf:
3173 - type: integer
3174 - type: string
3175 description: |-
3176 Number or name of the port to access on the container.
3177 Number must be in the range 1 to 65535.
3178 Name must be an IANA_SVC_NAME.
3179 x-kubernetes-int-or-string: true
3180 host:
3181 type: string
3182 description: 'Optional: Host name to connect to, defaults to the pod IP.'
3183 required:
3184 - port
3185 timeoutSeconds:
3186 type: integer
3187 description: |-
3188 Number of seconds after which the probe times out.
3189 Defaults to 1 second. Minimum value is 1.
3190 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
3191 format: int32
3192 required:
3193 - name
3194 x-kubernetes-list-map-keys:
3195 - name
3196 x-kubernetes-list-type: map
3197 volumes:
3198 type: array
3199 description: |-
3200 List of volumes that can be mounted by containers belonging to the pod.
3201 More info: https://kubernetes.io/docs/concepts/storage/volumes
3202 items:
3203 type: object
3204 description: Volume represents a named volume in a pod that may be accessed by any container in the pod.
3205 properties:
3206 name:
3207 type: string
3208 description: |-
3209 name of the volume.
3210 Must be a DNS_LABEL and unique within the pod.
3211 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
3212 awsElasticBlockStore:
3213 type: object
3214 description: |-
3215 awsElasticBlockStore represents an AWS Disk resource that is attached to a
3216 kubelet's host machine and then exposed to the pod.
3217 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
3218 properties:
3219 readOnly:
3220 type: boolean
3221 description: |-
3222 readOnly value true will force the readOnly setting in VolumeMounts.
3223 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
3224 fsType:
3225 type: string
3226 description: |-
3227 fsType is the filesystem type of the volume that you want to mount.
3228 Tip: Ensure that the filesystem type is supported by the host operating system.
3229 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
3230 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
3231 TODO: how do we prevent errors in the filesystem from compromising the machine
3232 partition:
3233 type: integer
3234 description: |-
3235 partition is the partition in the volume that you want to mount.
3236 If omitted, the default is to mount by volume name.
3237 Examples: For volume /dev/sda1, you specify the partition as "1".
3238 Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
3239 format: int32
3240 volumeID:
3241 type: string
3242 description: |-
3243 volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
3244 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
3245 required:
3246 - volumeID
3247 azureDisk:
3248 type: object
3249 description: azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
3250 properties:
3251 kind:
3252 type: string
3253 description: 'kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared'
3254 readOnly:
3255 type: boolean
3256 description: |-
3257 readOnly Defaults to false (read/write). ReadOnly here will force
3258 the ReadOnly setting in VolumeMounts.
3259 cachingMode:
3260 type: string
3261 description: 'cachingMode is the Host Caching mode: None, Read Only, Read Write.'
3262 diskName:
3263 type: string
3264 description: diskName is the Name of the data disk in the blob storage
3265 diskURI:
3266 type: string
3267 description: diskURI is the URI of data disk in the blob storage
3268 fsType:
3269 type: string
3270 description: |-
3271 fsType is Filesystem type to mount.
3272 Must be a filesystem type supported by the host operating system.
3273 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
3274 required:
3275 - diskName
3276 - diskURI
3277 azureFile:
3278 type: object
3279 description: azureFile represents an Azure File Service mount on the host and bind mount to the pod.
3280 properties:
3281 readOnly:
3282 type: boolean
3283 description: |-
3284 readOnly defaults to false (read/write). ReadOnly here will force
3285 the ReadOnly setting in VolumeMounts.
3286 secretName:
3287 type: string
3288 description: secretName is the name of secret that contains Azure Storage Account Name and Key
3289 shareName:
3290 type: string
3291 description: shareName is the azure share Name
3292 required:
3293 - secretName
3294 - shareName
3295 cephfs:
3296 type: object
3297 description: cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
3298 properties:
3299 readOnly:
3300 type: boolean
3301 description: |-
3302 readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
3303 the ReadOnly setting in VolumeMounts.
3304 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
3305 secretRef:
3306 type: object
3307 description: |-
3308 secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
3309 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
3310 properties:
3311 name:
3312 type: string
3313 default: ""
3314 description: |-
3315 Name of the referent.
3316 This field is effectively required, but due to backwards compatibility is
3317 allowed to be empty. Instances of this type with an empty value here are
3318 almost certainly wrong.
3319 TODO: Add other useful fields. apiVersion, kind, uid?
3320 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
3321 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
3322 x-kubernetes-map-type: atomic
3323 monitors:
3324 type: array
3325 description: |-
3326 monitors is Required: Monitors is a collection of Ceph monitors
3327 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
3328 items:
3329 type: string
3330 x-kubernetes-list-type: atomic
3331 path:
3332 type: string
3333 description: 'path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /'
3334 secretFile:
3335 type: string
3336 description: |-
3337 secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
3338 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
3339 user:
3340 type: string
3341 description: |-
3342 user is optional: User is the rados user name, default is admin
3343 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
3344 required:
3345 - monitors
3346 cinder:
3347 type: object
3348 description: |-
3349 cinder represents a cinder volume attached and mounted on kubelets host machine.
3350 More info: https://examples.k8s.io/mysql-cinder-pd/README.md
3351 properties:
3352 readOnly:
3353 type: boolean
3354 description: |-
3355 readOnly defaults to false (read/write). ReadOnly here will force
3356 the ReadOnly setting in VolumeMounts.
3357 More info: https://examples.k8s.io/mysql-cinder-pd/README.md
3358 secretRef:
3359 type: object
3360 description: |-
3361 secretRef is optional: points to a secret object containing parameters used to connect
3362 to OpenStack.
3363 properties:
3364 name:
3365 type: string
3366 default: ""
3367 description: |-
3368 Name of the referent.
3369 This field is effectively required, but due to backwards compatibility is
3370 allowed to be empty. Instances of this type with an empty value here are
3371 almost certainly wrong.
3372 TODO: Add other useful fields. apiVersion, kind, uid?
3373 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
3374 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
3375 x-kubernetes-map-type: atomic
3376 fsType:
3377 type: string
3378 description: |-
3379 fsType is the filesystem type to mount.
3380 Must be a filesystem type supported by the host operating system.
3381 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
3382 More info: https://examples.k8s.io/mysql-cinder-pd/README.md
3383 volumeID:
3384 type: string
3385 description: |-
3386 volumeID used to identify the volume in cinder.
3387 More info: https://examples.k8s.io/mysql-cinder-pd/README.md
3388 required:
3389 - volumeID
3390 configMap:
3391 type: object
3392 description: configMap represents a configMap that should populate this volume
3393 properties:
3394 name:
3395 type: string
3396 default: ""
3397 description: |-
3398 Name of the referent.
3399 This field is effectively required, but due to backwards compatibility is
3400 allowed to be empty. Instances of this type with an empty value here are
3401 almost certainly wrong.
3402 TODO: Add other useful fields. apiVersion, kind, uid?
3403 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
3404 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
3405 defaultMode:
3406 type: integer
3407 description: |-
3408 defaultMode is optional: mode bits used to set permissions on created files by default.
3409 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
3410 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
3411 Defaults to 0644.
3412 Directories within the path are not affected by this setting.
3413 This might be in conflict with other options that affect the file
3414 mode, like fsGroup, and the result can be other mode bits set.
3415 format: int32
3416 items:
3417 type: array
3418 description: |-
3419 items if unspecified, each key-value pair in the Data field of the referenced
3420 ConfigMap will be projected into the volume as a file whose name is the
3421 key and content is the value. If specified, the listed keys will be
3422 projected into the specified paths, and unlisted keys will not be
3423 present. If a key is specified which is not present in the ConfigMap,
3424 the volume setup will error unless it is marked optional. Paths must be
3425 relative and may not contain the '..' path or start with '..'.
3426 items:
3427 type: object
3428 description: Maps a string key to a path within a volume.
3429 properties:
3430 key:
3431 type: string
3432 description: key is the key to project.
3433 mode:
3434 type: integer
3435 description: |-
3436 mode is Optional: mode bits used to set permissions on this file.
3437 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
3438 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
3439 If not specified, the volume defaultMode will be used.
3440 This might be in conflict with other options that affect the file
3441 mode, like fsGroup, and the result can be other mode bits set.
3442 format: int32
3443 path:
3444 type: string
3445 description: |-
3446 path is the relative path of the file to map the key to.
3447 May not be an absolute path.
3448 May not contain the path element '..'.
3449 May not start with the string '..'.
3450 required:
3451 - key
3452 - path
3453 x-kubernetes-list-type: atomic
3454 optional:
3455 type: boolean
3456 description: optional specify whether the ConfigMap or its keys must be defined
3457 x-kubernetes-map-type: atomic
3458 csi:
3459 type: object
3460 description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
3461 properties:
3462 readOnly:
3463 type: boolean
3464 description: |-
3465 readOnly specifies a read-only configuration for the volume.
3466 Defaults to false (read/write).
3467 driver:
3468 type: string
3469 description: |-
3470 driver is the name of the CSI driver that handles this volume.
3471 Consult with your admin for the correct name as registered in the cluster.
3472 fsType:
3473 type: string
3474 description: |-
3475 fsType to mount. Ex. "ext4", "xfs", "ntfs".
3476 If not provided, the empty value is passed to the associated CSI driver
3477 which will determine the default filesystem to apply.
3478 nodePublishSecretRef:
3479 type: object
3480 description: |-
3481 nodePublishSecretRef is a reference to the secret object containing
3482 sensitive information to pass to the CSI driver to complete the CSI
3483 NodePublishVolume and NodeUnpublishVolume calls.
3484 This field is optional, and may be empty if no secret is required. If the
3485 secret object contains more than one secret, all secret references are passed.
3486 properties:
3487 name:
3488 type: string
3489 default: ""
3490 description: |-
3491 Name of the referent.
3492 This field is effectively required, but due to backwards compatibility is
3493 allowed to be empty. Instances of this type with an empty value here are
3494 almost certainly wrong.
3495 TODO: Add other useful fields. apiVersion, kind, uid?
3496 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
3497 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
3498 x-kubernetes-map-type: atomic
3499 volumeAttributes:
3500 type: object
3501 additionalProperties:
3502 type: string
3503 description: |-
3504 volumeAttributes stores driver-specific properties that are passed to the CSI
3505 driver. Consult your driver's documentation for supported values.
3506 required:
3507 - driver
3508 downwardAPI:
3509 type: object
3510 description: downwardAPI represents downward API about the pod that should populate this volume
3511 properties:
3512 defaultMode:
3513 type: integer
3514 description: |-
3515 Optional: mode bits to use on created files by default. Must be a
3516 Optional: mode bits used to set permissions on created files by default.
3517 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
3518 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
3519 Defaults to 0644.
3520 Directories within the path are not affected by this setting.
3521 This might be in conflict with other options that affect the file
3522 mode, like fsGroup, and the result can be other mode bits set.
3523 format: int32
3524 items:
3525 type: array
3526 description: Items is a list of downward API volume file
3527 items:
3528 type: object
3529 description: DownwardAPIVolumeFile represents information to create the file containing the pod field
3530 properties:
3531 fieldRef:
3532 type: object
3533 description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.'
3534 properties:
3535 apiVersion:
3536 type: string
3537 description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
3538 fieldPath:
3539 type: string
3540 description: Path of the field to select in the specified API version.
3541 required:
3542 - fieldPath
3543 x-kubernetes-map-type: atomic
3544 resourceFieldRef:
3545 type: object
3546 description: |-
3547 Selects a resource of the container: only resources limits and requests
3548 (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
3549 properties:
3550 containerName:
3551 type: string
3552 description: 'Container name: required for volumes, optional for env vars'
3553 divisor:
3554 anyOf:
3555 - type: integer
3556 - type: string
3557 description: Specifies the output format of the exposed resources, defaults to "1"
3558 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
3559 x-kubernetes-int-or-string: true
3560 resource:
3561 type: string
3562 description: 'Required: resource to select'
3563 required:
3564 - resource
3565 x-kubernetes-map-type: atomic
3566 mode:
3567 type: integer
3568 description: |-
3569 Optional: mode bits used to set permissions on this file, must be an octal value
3570 between 0000 and 0777 or a decimal value between 0 and 511.
3571 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
3572 If not specified, the volume defaultMode will be used.
3573 This might be in conflict with other options that affect the file
3574 mode, like fsGroup, and the result can be other mode bits set.
3575 format: int32
3576 path:
3577 type: string
3578 description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..'''
3579 required:
3580 - path
3581 x-kubernetes-list-type: atomic
3582 emptyDir:
3583 type: object
3584 description: |-
3585 emptyDir represents a temporary directory that shares a pod's lifetime.
3586 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
3587 properties:
3588 medium:
3589 type: string
3590 description: |-
3591 medium represents what type of storage medium should back this directory.
3592 The default is "" which means to use the node's default medium.
3593 Must be an empty string (default) or Memory.
3594 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
3595 sizeLimit:
3596 anyOf:
3597 - type: integer
3598 - type: string
3599 description: |-
3600 sizeLimit is the total amount of local storage required for this EmptyDir volume.
3601 The size limit is also applicable for memory medium.
3602 The maximum usage on memory medium EmptyDir would be the minimum value between
3603 the SizeLimit specified here and the sum of memory limits of all containers in a pod.
3604 The default is nil which means that the limit is undefined.
3605 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
3606 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
3607 x-kubernetes-int-or-string: true
3608 ephemeral:
3609 type: object
3610 description: |-
3611 ephemeral represents a volume that is handled by a cluster storage driver.
3612 The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
3613 and deleted when the pod is removed.
3614
3615
3616 Use this if:
3617 a) the volume is only needed while the pod runs,
3618 b) features of normal volumes like restoring from snapshot or capacity
3619 tracking are needed,
3620 c) the storage driver is specified through a storage class, and
3621 d) the storage driver supports dynamic volume provisioning through
3622 a PersistentVolumeClaim (see EphemeralVolumeSource for more
3623 information on the connection between this volume type
3624 and PersistentVolumeClaim).
3625
3626
3627 Use PersistentVolumeClaim or one of the vendor-specific
3628 APIs for volumes that persist for longer than the lifecycle
3629 of an individual pod.
3630
3631
3632 Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
3633 be used that way - see the documentation of the driver for
3634 more information.
3635
3636
3637 A pod can use both types of ephemeral volumes and
3638 persistent volumes at the same time.
3639 properties:
3640 volumeClaimTemplate:
3641 type: object
3642 description: |-
3643 Will be used to create a stand-alone PVC to provision the volume.
3644 The pod in which this EphemeralVolumeSource is embedded will be the
3645 owner of the PVC, i.e. the PVC will be deleted together with the
3646 pod. The name of the PVC will be `<pod name>-<volume name>` where
3647 `<volume name>` is the name from the `PodSpec.Volumes` array
3648 entry. Pod validation will reject the pod if the concatenated name
3649 is not valid for a PVC (for example, too long).
3650
3651
3652 An existing PVC with that name that is not owned by the pod
3653 will *not* be used for the pod to avoid using an unrelated
3654 volume by mistake. Starting the pod is then blocked until
3655 the unrelated PVC is removed. If such a pre-created PVC is
3656 meant to be used by the pod, the PVC has to updated with an
3657 owner reference to the pod once the pod exists. Normally
3658 this should not be necessary, but it may be useful when
3659 manually reconstructing a broken cluster.
3660
3661
3662 This field is read-only and no changes will be made by Kubernetes
3663 to the PVC after it has been created.
3664
3665
3666 Required, must not be nil.
3667 properties:
3668 metadata:
3669 type: object
3670 description: |-
3671 May contain labels and annotations that will be copied into the PVC
3672 when creating it. No other fields are allowed and will be rejected during
3673 validation.
3674 properties:
3675 name:
3676 type: string
3677 namespace:
3678 type: string
3679 labels:
3680 type: object
3681 additionalProperties:
3682 type: string
3683 annotations:
3684 type: object
3685 additionalProperties:
3686 type: string
3687 finalizers:
3688 type: array
3689 items:
3690 type: string
3691 spec:
3692 type: object
3693 description: |-
3694 The specification for the PersistentVolumeClaim. The entire content is
3695 copied unchanged into the PVC that gets created from this
3696 template. The same fields as in a PersistentVolumeClaim
3697 are also valid here.
3698 properties:
3699 selector:
3700 type: object
3701 description: selector is a label query over volumes to consider for binding.
3702 properties:
3703 matchExpressions:
3704 type: array
3705 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
3706 items:
3707 type: object
3708 description: |-
3709 A label selector requirement is a selector that contains values, a key, and an operator that
3710 relates the key and values.
3711 properties:
3712 key:
3713 type: string
3714 description: key is the label key that the selector applies to.
3715 operator:
3716 type: string
3717 description: |-
3718 operator represents a key's relationship to a set of values.
3719 Valid operators are In, NotIn, Exists and DoesNotExist.
3720 values:
3721 type: array
3722 description: |-
3723 values is an array of string values. If the operator is In or NotIn,
3724 the values array must be non-empty. If the operator is Exists or DoesNotExist,
3725 the values array must be empty. This array is replaced during a strategic
3726 merge patch.
3727 items:
3728 type: string
3729 x-kubernetes-list-type: atomic
3730 required:
3731 - key
3732 - operator
3733 x-kubernetes-list-type: atomic
3734 matchLabels:
3735 type: object
3736 additionalProperties:
3737 type: string
3738 description: |-
3739 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
3740 map is equivalent to an element of matchExpressions, whose key field is "key", the
3741 operator is "In", and the values array contains only "value". The requirements are ANDed.
3742 x-kubernetes-map-type: atomic
3743 resources:
3744 type: object
3745 description: |-
3746 resources represents the minimum resources the volume should have.
3747 If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
3748 that are lower than previous value but must still be higher than capacity recorded in the
3749 status field of the claim.
3750 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
3751 properties:
3752 limits:
3753 type: object
3754 additionalProperties:
3755 anyOf:
3756 - type: integer
3757 - type: string
3758 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
3759 x-kubernetes-int-or-string: true
3760 description: |-
3761 Limits describes the maximum amount of compute resources allowed.
3762 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
3763 requests:
3764 type: object
3765 additionalProperties:
3766 anyOf:
3767 - type: integer
3768 - type: string
3769 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
3770 x-kubernetes-int-or-string: true
3771 description: |-
3772 Requests describes the minimum amount of compute resources required.
3773 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
3774 otherwise to an implementation-defined value. Requests cannot exceed Limits.
3775 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
3776 accessModes:
3777 type: array
3778 description: |-
3779 accessModes contains the desired access modes the volume should have.
3780 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
3781 items:
3782 type: string
3783 x-kubernetes-list-type: atomic
3784 dataSource:
3785 type: object
3786 description: |-
3787 dataSource field can be used to specify either:
3788 * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
3789 * An existing PVC (PersistentVolumeClaim)
3790 If the provisioner or an external controller can support the specified data source,
3791 it will create a new volume based on the contents of the specified data source.
3792 When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
3793 and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
3794 If the namespace is specified, then dataSourceRef will not be copied to dataSource.
3795 properties:
3796 name:
3797 type: string
3798 description: Name is the name of resource being referenced
3799 kind:
3800 type: string
3801 description: Kind is the type of resource being referenced
3802 apiGroup:
3803 type: string
3804 description: |-
3805 APIGroup is the group for the resource being referenced.
3806 If APIGroup is not specified, the specified Kind must be in the core API group.
3807 For any other third-party types, APIGroup is required.
3808 required:
3809 - kind
3810 - name
3811 x-kubernetes-map-type: atomic
3812 dataSourceRef:
3813 type: object
3814 description: |-
3815 dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
3816 volume is desired. This may be any object from a non-empty API group (non
3817 core object) or a PersistentVolumeClaim object.
3818 When this field is specified, volume binding will only succeed if the type of
3819 the specified object matches some installed volume populator or dynamic
3820 provisioner.
3821 This field will replace the functionality of the dataSource field and as such
3822 if both fields are non-empty, they must have the same value. For backwards
3823 compatibility, when namespace isn't specified in dataSourceRef,
3824 both fields (dataSource and dataSourceRef) will be set to the same
3825 value automatically if one of them is empty and the other is non-empty.
3826 When namespace is specified in dataSourceRef,
3827 dataSource isn't set to the same value and must be empty.
3828 There are three important differences between dataSource and dataSourceRef:
3829 * While dataSource only allows two specific types of objects, dataSourceRef
3830 allows any non-core object, as well as PersistentVolumeClaim objects.
3831 * While dataSource ignores disallowed values (dropping them), dataSourceRef
3832 preserves all values, and generates an error if a disallowed value is
3833 specified.
3834 * While dataSource only allows local objects, dataSourceRef allows objects
3835 in any namespaces.
3836 (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
3837 (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
3838 properties:
3839 name:
3840 type: string
3841 description: Name is the name of resource being referenced
3842 namespace:
3843 type: string
3844 description: |-
3845 Namespace is the namespace of resource being referenced
3846 Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
3847 (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
3848 kind:
3849 type: string
3850 description: Kind is the type of resource being referenced
3851 apiGroup:
3852 type: string
3853 description: |-
3854 APIGroup is the group for the resource being referenced.
3855 If APIGroup is not specified, the specified Kind must be in the core API group.
3856 For any other third-party types, APIGroup is required.
3857 required:
3858 - kind
3859 - name
3860 storageClassName:
3861 type: string
3862 description: |-
3863 storageClassName is the name of the StorageClass required by the claim.
3864 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
3865 volumeAttributesClassName:
3866 type: string
3867 description: |-
3868 volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
3869 If specified, the CSI driver will create or update the volume with the attributes defined
3870 in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
3871 it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
3872 will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
3873 If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
3874 will be set by the persistentvolume controller if it exists.
3875 If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
3876 set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
3877 exists.
3878 More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
3879 (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
3880 volumeMode:
3881 type: string
3882 description: |-
3883 volumeMode defines what type of volume is required by the claim.
3884 Value of Filesystem is implied when not included in claim spec.
3885 volumeName:
3886 type: string
3887 description: volumeName is the binding reference to the PersistentVolume backing this claim.
3888 required:
3889 - spec
3890 fc:
3891 type: object
3892 description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
3893 properties:
3894 readOnly:
3895 type: boolean
3896 description: |-
3897 readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
3898 the ReadOnly setting in VolumeMounts.
3899 fsType:
3900 type: string
3901 description: |-
3902 fsType is the filesystem type to mount.
3903 Must be a filesystem type supported by the host operating system.
3904 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
3905 TODO: how do we prevent errors in the filesystem from compromising the machine
3906 lun:
3907 type: integer
3908 description: 'lun is Optional: FC target lun number'
3909 format: int32
3910 targetWWNs:
3911 type: array
3912 description: 'targetWWNs is Optional: FC target worldwide names (WWNs)'
3913 items:
3914 type: string
3915 x-kubernetes-list-type: atomic
3916 wwids:
3917 type: array
3918 description: |-
3919 wwids Optional: FC volume world wide identifiers (wwids)
3920 Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
3921 items:
3922 type: string
3923 x-kubernetes-list-type: atomic
3924 flexVolume:
3925 type: object
3926 description: |-
3927 flexVolume represents a generic volume resource that is
3928 provisioned/attached using an exec based plugin.
3929 properties:
3930 readOnly:
3931 type: boolean
3932 description: |-
3933 readOnly is Optional: defaults to false (read/write). ReadOnly here will force
3934 the ReadOnly setting in VolumeMounts.
3935 secretRef:
3936 type: object
3937 description: |-
3938 secretRef is Optional: secretRef is reference to the secret object containing
3939 sensitive information to pass to the plugin scripts. This may be
3940 empty if no secret object is specified. If the secret object
3941 contains more than one secret, all secrets are passed to the plugin
3942 scripts.
3943 properties:
3944 name:
3945 type: string
3946 default: ""
3947 description: |-
3948 Name of the referent.
3949 This field is effectively required, but due to backwards compatibility is
3950 allowed to be empty. Instances of this type with an empty value here are
3951 almost certainly wrong.
3952 TODO: Add other useful fields. apiVersion, kind, uid?
3953 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
3954 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
3955 x-kubernetes-map-type: atomic
3956 driver:
3957 type: string
3958 description: driver is the name of the driver to use for this volume.
3959 fsType:
3960 type: string
3961 description: |-
3962 fsType is the filesystem type to mount.
3963 Must be a filesystem type supported by the host operating system.
3964 Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
3965 options:
3966 type: object
3967 additionalProperties:
3968 type: string
3969 description: 'options is Optional: this field holds extra command options if any.'
3970 required:
3971 - driver
3972 flocker:
3973 type: object
3974 description: flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running
3975 properties:
3976 datasetName:
3977 type: string
3978 description: |-
3979 datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
3980 should be considered as deprecated
3981 datasetUUID:
3982 type: string
3983 description: datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
3984 gcePersistentDisk:
3985 type: object
3986 description: |-
3987 gcePersistentDisk represents a GCE Disk resource that is attached to a
3988 kubelet's host machine and then exposed to the pod.
3989 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
3990 properties:
3991 readOnly:
3992 type: boolean
3993 description: |-
3994 readOnly here will force the ReadOnly setting in VolumeMounts.
3995 Defaults to false.
3996 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
3997 fsType:
3998 type: string
3999 description: |-
4000 fsType is filesystem type of the volume that you want to mount.
4001 Tip: Ensure that the filesystem type is supported by the host operating system.
4002 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
4003 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
4004 TODO: how do we prevent errors in the filesystem from compromising the machine
4005 partition:
4006 type: integer
4007 description: |-
4008 partition is the partition in the volume that you want to mount.
4009 If omitted, the default is to mount by volume name.
4010 Examples: For volume /dev/sda1, you specify the partition as "1".
4011 Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
4012 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
4013 format: int32
4014 pdName:
4015 type: string
4016 description: |-
4017 pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
4018 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
4019 required:
4020 - pdName
4021 gitRepo:
4022 type: object
4023 description: |-
4024 gitRepo represents a git repository at a particular revision.
4025 DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
4026 EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
4027 into the Pod's container.
4028 properties:
4029 revision:
4030 type: string
4031 description: revision is the commit hash for the specified revision.
4032 directory:
4033 type: string
4034 description: |-
4035 directory is the target directory name.
4036 Must not contain or start with '..'. If '.' is supplied, the volume directory will be the
4037 git repository. Otherwise, if specified, the volume will contain the git repository in
4038 the subdirectory with the given name.
4039 repository:
4040 type: string
4041 description: repository is the URL
4042 required:
4043 - repository
4044 glusterfs:
4045 type: object
4046 description: |-
4047 glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
4048 More info: https://examples.k8s.io/volumes/glusterfs/README.md
4049 properties:
4050 readOnly:
4051 type: boolean
4052 description: |-
4053 readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
4054 Defaults to false.
4055 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
4056 endpoints:
4057 type: string
4058 description: |-
4059 endpoints is the endpoint name that details Glusterfs topology.
4060 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
4061 path:
4062 type: string
4063 description: |-
4064 path is the Glusterfs volume path.
4065 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
4066 required:
4067 - endpoints
4068 - path
4069 hostPath:
4070 type: object
4071 description: |-
4072 hostPath represents a pre-existing file or directory on the host
4073 machine that is directly exposed to the container. This is generally
4074 used for system agents or other privileged things that are allowed
4075 to see the host machine. Most containers will NOT need this.
4076 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
4077 ---
4078 TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
4079 mount host directories as read/write.
4080 properties:
4081 type:
4082 type: string
4083 description: |-
4084 type for HostPath Volume
4085 Defaults to ""
4086 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
4087 path:
4088 type: string
4089 description: |-
4090 path of the directory on the host.
4091 If the path is a symlink, it will follow the link to the real path.
4092 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
4093 required:
4094 - path
4095 iscsi:
4096 type: object
4097 description: |-
4098 iscsi represents an ISCSI Disk resource that is attached to a
4099 kubelet's host machine and then exposed to the pod.
4100 More info: https://examples.k8s.io/volumes/iscsi/README.md
4101 properties:
4102 readOnly:
4103 type: boolean
4104 description: |-
4105 readOnly here will force the ReadOnly setting in VolumeMounts.
4106 Defaults to false.
4107 secretRef:
4108 type: object
4109 description: secretRef is the CHAP Secret for iSCSI target and initiator authentication
4110 properties:
4111 name:
4112 type: string
4113 default: ""
4114 description: |-
4115 Name of the referent.
4116 This field is effectively required, but due to backwards compatibility is
4117 allowed to be empty. Instances of this type with an empty value here are
4118 almost certainly wrong.
4119 TODO: Add other useful fields. apiVersion, kind, uid?
4120 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
4121 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
4122 x-kubernetes-map-type: atomic
4123 chapAuthDiscovery:
4124 type: boolean
4125 description: chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
4126 chapAuthSession:
4127 type: boolean
4128 description: chapAuthSession defines whether support iSCSI Session CHAP authentication
4129 fsType:
4130 type: string
4131 description: |-
4132 fsType is the filesystem type of the volume that you want to mount.
4133 Tip: Ensure that the filesystem type is supported by the host operating system.
4134 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
4135 More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
4136 TODO: how do we prevent errors in the filesystem from compromising the machine
4137 initiatorName:
4138 type: string
4139 description: |-
4140 initiatorName is the custom iSCSI Initiator Name.
4141 If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
4142 <target portal>:<volume name> will be created for the connection.
4143 iqn:
4144 type: string
4145 description: iqn is the target iSCSI Qualified Name.
4146 iscsiInterface:
4147 type: string
4148 description: |-
4149 iscsiInterface is the interface Name that uses an iSCSI transport.
4150 Defaults to 'default' (tcp).
4151 lun:
4152 type: integer
4153 description: lun represents iSCSI Target Lun number.
4154 format: int32
4155 portals:
4156 type: array
4157 description: |-
4158 portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
4159 is other than default (typically TCP ports 860 and 3260).
4160 items:
4161 type: string
4162 x-kubernetes-list-type: atomic
4163 targetPortal:
4164 type: string
4165 description: |-
4166 targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
4167 is other than default (typically TCP ports 860 and 3260).
4168 required:
4169 - iqn
4170 - lun
4171 - targetPortal
4172 nfs:
4173 type: object
4174 description: |-
4175 nfs represents an NFS mount on the host that shares a pod's lifetime
4176 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
4177 properties:
4178 readOnly:
4179 type: boolean
4180 description: |-
4181 readOnly here will force the NFS export to be mounted with read-only permissions.
4182 Defaults to false.
4183 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
4184 path:
4185 type: string
4186 description: |-
4187 path that is exported by the NFS server.
4188 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
4189 server:
4190 type: string
4191 description: |-
4192 server is the hostname or IP address of the NFS server.
4193 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
4194 required:
4195 - path
4196 - server
4197 persistentVolumeClaim:
4198 type: object
4199 description: |-
4200 persistentVolumeClaimVolumeSource represents a reference to a
4201 PersistentVolumeClaim in the same namespace.
4202 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
4203 properties:
4204 readOnly:
4205 type: boolean
4206 description: |-
4207 readOnly Will force the ReadOnly setting in VolumeMounts.
4208 Default false.
4209 claimName:
4210 type: string
4211 description: |-
4212 claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
4213 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
4214 required:
4215 - claimName
4216 photonPersistentDisk:
4217 type: object
4218 description: photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
4219 properties:
4220 fsType:
4221 type: string
4222 description: |-
4223 fsType is the filesystem type to mount.
4224 Must be a filesystem type supported by the host operating system.
4225 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
4226 pdID:
4227 type: string
4228 description: pdID is the ID that identifies Photon Controller persistent disk
4229 required:
4230 - pdID
4231 portworxVolume:
4232 type: object
4233 description: portworxVolume represents a portworx volume attached and mounted on kubelets host machine
4234 properties:
4235 readOnly:
4236 type: boolean
4237 description: |-
4238 readOnly defaults to false (read/write). ReadOnly here will force
4239 the ReadOnly setting in VolumeMounts.
4240 fsType:
4241 type: string
4242 description: |-
4243 fSType represents the filesystem type to mount
4244 Must be a filesystem type supported by the host operating system.
4245 Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
4246 volumeID:
4247 type: string
4248 description: volumeID uniquely identifies a Portworx volume
4249 required:
4250 - volumeID
4251 projected:
4252 type: object
4253 description: projected items for all in one resources secrets, configmaps, and downward API
4254 properties:
4255 defaultMode:
4256 type: integer
4257 description: |-
4258 defaultMode are the mode bits used to set permissions on created files by default.
4259 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
4260 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
4261 Directories within the path are not affected by this setting.
4262 This might be in conflict with other options that affect the file
4263 mode, like fsGroup, and the result can be other mode bits set.
4264 format: int32
4265 sources:
4266 type: array
4267 description: sources is the list of volume projections
4268 items:
4269 type: object
4270 description: Projection that may be projected along with other supported volume types
4271 properties:
4272 clusterTrustBundle:
4273 type: object
4274 description: |-
4275 ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
4276 of ClusterTrustBundle objects in an auto-updating file.
4277
4278
4279 Alpha, gated by the ClusterTrustBundleProjection feature gate.
4280
4281
4282 ClusterTrustBundle objects can either be selected by name, or by the
4283 combination of signer name and a label selector.
4284
4285
4286 Kubelet performs aggressive normalization of the PEM contents written
4287 into the pod filesystem. Esoteric PEM features such as inter-block
4288 comments and block headers are stripped. Certificates are deduplicated.
4289 The ordering of certificates within the file is arbitrary, and Kubelet
4290 may change the order over time.
4291 properties:
4292 name:
4293 type: string
4294 description: |-
4295 Select a single ClusterTrustBundle by object name. Mutually-exclusive
4296 with signerName and labelSelector.
4297 labelSelector:
4298 type: object
4299 description: |-
4300 Select all ClusterTrustBundles that match this label selector. Only has
4301 effect if signerName is set. Mutually-exclusive with name. If unset,
4302 interpreted as "match nothing". If set but empty, interpreted as "match
4303 everything".
4304 properties:
4305 matchExpressions:
4306 type: array
4307 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
4308 items:
4309 type: object
4310 description: |-
4311 A label selector requirement is a selector that contains values, a key, and an operator that
4312 relates the key and values.
4313 properties:
4314 key:
4315 type: string
4316 description: key is the label key that the selector applies to.
4317 operator:
4318 type: string
4319 description: |-
4320 operator represents a key's relationship to a set of values.
4321 Valid operators are In, NotIn, Exists and DoesNotExist.
4322 values:
4323 type: array
4324 description: |-
4325 values is an array of string values. If the operator is In or NotIn,
4326 the values array must be non-empty. If the operator is Exists or DoesNotExist,
4327 the values array must be empty. This array is replaced during a strategic
4328 merge patch.
4329 items:
4330 type: string
4331 x-kubernetes-list-type: atomic
4332 required:
4333 - key
4334 - operator
4335 x-kubernetes-list-type: atomic
4336 matchLabels:
4337 type: object
4338 additionalProperties:
4339 type: string
4340 description: |-
4341 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
4342 map is equivalent to an element of matchExpressions, whose key field is "key", the
4343 operator is "In", and the values array contains only "value". The requirements are ANDed.
4344 x-kubernetes-map-type: atomic
4345 optional:
4346 type: boolean
4347 description: |-
4348 If true, don't block pod startup if the referenced ClusterTrustBundle(s)
4349 aren't available. If using name, then the named ClusterTrustBundle is
4350 allowed not to exist. If using signerName, then the combination of
4351 signerName and labelSelector is allowed to match zero
4352 ClusterTrustBundles.
4353 path:
4354 type: string
4355 description: Relative path from the volume root to write the bundle.
4356 signerName:
4357 type: string
4358 description: |-
4359 Select all ClusterTrustBundles that match this signer name.
4360 Mutually-exclusive with name. The contents of all selected
4361 ClusterTrustBundles will be unified and deduplicated.
4362 required:
4363 - path
4364 configMap:
4365 type: object
4366 description: configMap information about the configMap data to project
4367 properties:
4368 name:
4369 type: string
4370 default: ""
4371 description: |-
4372 Name of the referent.
4373 This field is effectively required, but due to backwards compatibility is
4374 allowed to be empty. Instances of this type with an empty value here are
4375 almost certainly wrong.
4376 TODO: Add other useful fields. apiVersion, kind, uid?
4377 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
4378 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
4379 items:
4380 type: array
4381 description: |-
4382 items if unspecified, each key-value pair in the Data field of the referenced
4383 ConfigMap will be projected into the volume as a file whose name is the
4384 key and content is the value. If specified, the listed keys will be
4385 projected into the specified paths, and unlisted keys will not be
4386 present. If a key is specified which is not present in the ConfigMap,
4387 the volume setup will error unless it is marked optional. Paths must be
4388 relative and may not contain the '..' path or start with '..'.
4389 items:
4390 type: object
4391 description: Maps a string key to a path within a volume.
4392 properties:
4393 key:
4394 type: string
4395 description: key is the key to project.
4396 mode:
4397 type: integer
4398 description: |-
4399 mode is Optional: mode bits used to set permissions on this file.
4400 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
4401 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
4402 If not specified, the volume defaultMode will be used.
4403 This might be in conflict with other options that affect the file
4404 mode, like fsGroup, and the result can be other mode bits set.
4405 format: int32
4406 path:
4407 type: string
4408 description: |-
4409 path is the relative path of the file to map the key to.
4410 May not be an absolute path.
4411 May not contain the path element '..'.
4412 May not start with the string '..'.
4413 required:
4414 - key
4415 - path
4416 x-kubernetes-list-type: atomic
4417 optional:
4418 type: boolean
4419 description: optional specify whether the ConfigMap or its keys must be defined
4420 x-kubernetes-map-type: atomic
4421 downwardAPI:
4422 type: object
4423 description: downwardAPI information about the downwardAPI data to project
4424 properties:
4425 items:
4426 type: array
4427 description: Items is a list of DownwardAPIVolume file
4428 items:
4429 type: object
4430 description: DownwardAPIVolumeFile represents information to create the file containing the pod field
4431 properties:
4432 fieldRef:
4433 type: object
4434 description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.'
4435 properties:
4436 apiVersion:
4437 type: string
4438 description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
4439 fieldPath:
4440 type: string
4441 description: Path of the field to select in the specified API version.
4442 required:
4443 - fieldPath
4444 x-kubernetes-map-type: atomic
4445 resourceFieldRef:
4446 type: object
4447 description: |-
4448 Selects a resource of the container: only resources limits and requests
4449 (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
4450 properties:
4451 containerName:
4452 type: string
4453 description: 'Container name: required for volumes, optional for env vars'
4454 divisor:
4455 anyOf:
4456 - type: integer
4457 - type: string
4458 description: Specifies the output format of the exposed resources, defaults to "1"
4459 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
4460 x-kubernetes-int-or-string: true
4461 resource:
4462 type: string
4463 description: 'Required: resource to select'
4464 required:
4465 - resource
4466 x-kubernetes-map-type: atomic
4467 mode:
4468 type: integer
4469 description: |-
4470 Optional: mode bits used to set permissions on this file, must be an octal value
4471 between 0000 and 0777 or a decimal value between 0 and 511.
4472 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
4473 If not specified, the volume defaultMode will be used.
4474 This might be in conflict with other options that affect the file
4475 mode, like fsGroup, and the result can be other mode bits set.
4476 format: int32
4477 path:
4478 type: string
4479 description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..'''
4480 required:
4481 - path
4482 x-kubernetes-list-type: atomic
4483 secret:
4484 type: object
4485 description: secret information about the secret data to project
4486 properties:
4487 name:
4488 type: string
4489 default: ""
4490 description: |-
4491 Name of the referent.
4492 This field is effectively required, but due to backwards compatibility is
4493 allowed to be empty. Instances of this type with an empty value here are
4494 almost certainly wrong.
4495 TODO: Add other useful fields. apiVersion, kind, uid?
4496 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
4497 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
4498 items:
4499 type: array
4500 description: |-
4501 items if unspecified, each key-value pair in the Data field of the referenced
4502 Secret will be projected into the volume as a file whose name is the
4503 key and content is the value. If specified, the listed keys will be
4504 projected into the specified paths, and unlisted keys will not be
4505 present. If a key is specified which is not present in the Secret,
4506 the volume setup will error unless it is marked optional. Paths must be
4507 relative and may not contain the '..' path or start with '..'.
4508 items:
4509 type: object
4510 description: Maps a string key to a path within a volume.
4511 properties:
4512 key:
4513 type: string
4514 description: key is the key to project.
4515 mode:
4516 type: integer
4517 description: |-
4518 mode is Optional: mode bits used to set permissions on this file.
4519 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
4520 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
4521 If not specified, the volume defaultMode will be used.
4522 This might be in conflict with other options that affect the file
4523 mode, like fsGroup, and the result can be other mode bits set.
4524 format: int32
4525 path:
4526 type: string
4527 description: |-
4528 path is the relative path of the file to map the key to.
4529 May not be an absolute path.
4530 May not contain the path element '..'.
4531 May not start with the string '..'.
4532 required:
4533 - key
4534 - path
4535 x-kubernetes-list-type: atomic
4536 optional:
4537 type: boolean
4538 description: optional field specify whether the Secret or its key must be defined
4539 x-kubernetes-map-type: atomic
4540 serviceAccountToken:
4541 type: object
4542 description: serviceAccountToken is information about the serviceAccountToken data to project
4543 properties:
4544 audience:
4545 type: string
4546 description: |-
4547 audience is the intended audience of the token. A recipient of a token
4548 must identify itself with an identifier specified in the audience of the
4549 token, and otherwise should reject the token. The audience defaults to the
4550 identifier of the apiserver.
4551 expirationSeconds:
4552 type: integer
4553 description: |-
4554 expirationSeconds is the requested duration of validity of the service
4555 account token. As the token approaches expiration, the kubelet volume
4556 plugin will proactively rotate the service account token. The kubelet will
4557 start trying to rotate the token if the token is older than 80 percent of
4558 its time to live or if the token is older than 24 hours.Defaults to 1 hour
4559 and must be at least 10 minutes.
4560 format: int64
4561 path:
4562 type: string
4563 description: |-
4564 path is the path relative to the mount point of the file to project the
4565 token into.
4566 required:
4567 - path
4568 x-kubernetes-list-type: atomic
4569 quobyte:
4570 type: object
4571 description: quobyte represents a Quobyte mount on the host that shares a pod's lifetime
4572 properties:
4573 readOnly:
4574 type: boolean
4575 description: |-
4576 readOnly here will force the Quobyte volume to be mounted with read-only permissions.
4577 Defaults to false.
4578 group:
4579 type: string
4580 description: |-
4581 group to map volume access to
4582 Default is no group
4583 registry:
4584 type: string
4585 description: |-
4586 registry represents a single or multiple Quobyte Registry services
4587 specified as a string as host:port pair (multiple entries are separated with commas)
4588 which acts as the central registry for volumes
4589 tenant:
4590 type: string
4591 description: |-
4592 tenant owning the given Quobyte volume in the Backend
4593 Used with dynamically provisioned Quobyte volumes, value is set by the plugin
4594 user:
4595 type: string
4596 description: |-
4597 user to map volume access to
4598 Defaults to serivceaccount user
4599 volume:
4600 type: string
4601 description: volume is a string that references an already created Quobyte volume by name.
4602 required:
4603 - registry
4604 - volume
4605 rbd:
4606 type: object
4607 description: |-
4608 rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
4609 More info: https://examples.k8s.io/volumes/rbd/README.md
4610 properties:
4611 image:
4612 type: string
4613 description: |-
4614 image is the rados image name.
4615 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
4616 readOnly:
4617 type: boolean
4618 description: |-
4619 readOnly here will force the ReadOnly setting in VolumeMounts.
4620 Defaults to false.
4621 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
4622 secretRef:
4623 type: object
4624 description: |-
4625 secretRef is name of the authentication secret for RBDUser. If provided
4626 overrides keyring.
4627 Default is nil.
4628 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
4629 properties:
4630 name:
4631 type: string
4632 default: ""
4633 description: |-
4634 Name of the referent.
4635 This field is effectively required, but due to backwards compatibility is
4636 allowed to be empty. Instances of this type with an empty value here are
4637 almost certainly wrong.
4638 TODO: Add other useful fields. apiVersion, kind, uid?
4639 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
4640 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
4641 x-kubernetes-map-type: atomic
4642 fsType:
4643 type: string
4644 description: |-
4645 fsType is the filesystem type of the volume that you want to mount.
4646 Tip: Ensure that the filesystem type is supported by the host operating system.
4647 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
4648 More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
4649 TODO: how do we prevent errors in the filesystem from compromising the machine
4650 keyring:
4651 type: string
4652 description: |-
4653 keyring is the path to key ring for RBDUser.
4654 Default is /etc/ceph/keyring.
4655 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
4656 monitors:
4657 type: array
4658 description: |-
4659 monitors is a collection of Ceph monitors.
4660 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
4661 items:
4662 type: string
4663 x-kubernetes-list-type: atomic
4664 pool:
4665 type: string
4666 description: |-
4667 pool is the rados pool name.
4668 Default is rbd.
4669 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
4670 user:
4671 type: string
4672 description: |-
4673 user is the rados user name.
4674 Default is admin.
4675 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
4676 required:
4677 - image
4678 - monitors
4679 scaleIO:
4680 type: object
4681 description: scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
4682 properties:
4683 readOnly:
4684 type: boolean
4685 description: |-
4686 readOnly Defaults to false (read/write). ReadOnly here will force
4687 the ReadOnly setting in VolumeMounts.
4688 secretRef:
4689 type: object
4690 description: |-
4691 secretRef references to the secret for ScaleIO user and other
4692 sensitive information. If this is not provided, Login operation will fail.
4693 properties:
4694 name:
4695 type: string
4696 default: ""
4697 description: |-
4698 Name of the referent.
4699 This field is effectively required, but due to backwards compatibility is
4700 allowed to be empty. Instances of this type with an empty value here are
4701 almost certainly wrong.
4702 TODO: Add other useful fields. apiVersion, kind, uid?
4703 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
4704 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
4705 x-kubernetes-map-type: atomic
4706 fsType:
4707 type: string
4708 description: |-
4709 fsType is the filesystem type to mount.
4710 Must be a filesystem type supported by the host operating system.
4711 Ex. "ext4", "xfs", "ntfs".
4712 Default is "xfs".
4713 gateway:
4714 type: string
4715 description: gateway is the host address of the ScaleIO API Gateway.
4716 protectionDomain:
4717 type: string
4718 description: protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
4719 sslEnabled:
4720 type: boolean
4721 description: sslEnabled Flag enable/disable SSL communication with Gateway, default false
4722 storageMode:
4723 type: string
4724 description: |-
4725 storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
4726 Default is ThinProvisioned.
4727 storagePool:
4728 type: string
4729 description: storagePool is the ScaleIO Storage Pool associated with the protection domain.
4730 system:
4731 type: string
4732 description: system is the name of the storage system as configured in ScaleIO.
4733 volumeName:
4734 type: string
4735 description: |-
4736 volumeName is the name of a volume already created in the ScaleIO system
4737 that is associated with this volume source.
4738 required:
4739 - gateway
4740 - secretRef
4741 - system
4742 secret:
4743 type: object
4744 description: |-
4745 secret represents a secret that should populate this volume.
4746 More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
4747 properties:
4748 defaultMode:
4749 type: integer
4750 description: |-
4751 defaultMode is Optional: mode bits used to set permissions on created files by default.
4752 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
4753 YAML accepts both octal and decimal values, JSON requires decimal values
4754 for mode bits. Defaults to 0644.
4755 Directories within the path are not affected by this setting.
4756 This might be in conflict with other options that affect the file
4757 mode, like fsGroup, and the result can be other mode bits set.
4758 format: int32
4759 items:
4760 type: array
4761 description: |-
4762 items If unspecified, each key-value pair in the Data field of the referenced
4763 Secret will be projected into the volume as a file whose name is the
4764 key and content is the value. If specified, the listed keys will be
4765 projected into the specified paths, and unlisted keys will not be
4766 present. If a key is specified which is not present in the Secret,
4767 the volume setup will error unless it is marked optional. Paths must be
4768 relative and may not contain the '..' path or start with '..'.
4769 items:
4770 type: object
4771 description: Maps a string key to a path within a volume.
4772 properties:
4773 key:
4774 type: string
4775 description: key is the key to project.
4776 mode:
4777 type: integer
4778 description: |-
4779 mode is Optional: mode bits used to set permissions on this file.
4780 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
4781 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
4782 If not specified, the volume defaultMode will be used.
4783 This might be in conflict with other options that affect the file
4784 mode, like fsGroup, and the result can be other mode bits set.
4785 format: int32
4786 path:
4787 type: string
4788 description: |-
4789 path is the relative path of the file to map the key to.
4790 May not be an absolute path.
4791 May not contain the path element '..'.
4792 May not start with the string '..'.
4793 required:
4794 - key
4795 - path
4796 x-kubernetes-list-type: atomic
4797 optional:
4798 type: boolean
4799 description: optional field specify whether the Secret or its keys must be defined
4800 secretName:
4801 type: string
4802 description: |-
4803 secretName is the name of the secret in the pod's namespace to use.
4804 More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
4805 storageos:
4806 type: object
4807 description: storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
4808 properties:
4809 readOnly:
4810 type: boolean
4811 description: |-
4812 readOnly defaults to false (read/write). ReadOnly here will force
4813 the ReadOnly setting in VolumeMounts.
4814 secretRef:
4815 type: object
4816 description: |-
4817 secretRef specifies the secret to use for obtaining the StorageOS API
4818 credentials. If not specified, default values will be attempted.
4819 properties:
4820 name:
4821 type: string
4822 default: ""
4823 description: |-
4824 Name of the referent.
4825 This field is effectively required, but due to backwards compatibility is
4826 allowed to be empty. Instances of this type with an empty value here are
4827 almost certainly wrong.
4828 TODO: Add other useful fields. apiVersion, kind, uid?
4829 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
4830 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
4831 x-kubernetes-map-type: atomic
4832 fsType:
4833 type: string
4834 description: |-
4835 fsType is the filesystem type to mount.
4836 Must be a filesystem type supported by the host operating system.
4837 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
4838 volumeName:
4839 type: string
4840 description: |-
4841 volumeName is the human-readable name of the StorageOS volume. Volume
4842 names are only unique within a namespace.
4843 volumeNamespace:
4844 type: string
4845 description: |-
4846 volumeNamespace specifies the scope of the volume within StorageOS. If no
4847 namespace is specified then the Pod's namespace will be used. This allows the
4848 Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
4849 Set VolumeName to any name to override the default behaviour.
4850 Set to "default" if you are not using namespaces within StorageOS.
4851 Namespaces that do not pre-exist within StorageOS will be created.
4852 vsphereVolume:
4853 type: object
4854 description: vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
4855 properties:
4856 fsType:
4857 type: string
4858 description: |-
4859 fsType is filesystem type to mount.
4860 Must be a filesystem type supported by the host operating system.
4861 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
4862 storagePolicyID:
4863 type: string
4864 description: storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
4865 storagePolicyName:
4866 type: string
4867 description: storagePolicyName is the storage Policy Based Management (SPBM) profile name.
4868 volumePath:
4869 type: string
4870 description: volumePath is the path that identifies vSphere volume vmdk
4871 required:
4872 - volumePath
4873 required:
4874 - name
4875 x-kubernetes-list-map-keys:
4876 - name
4877 x-kubernetes-list-type: map
4878 imagePullSecrets:
4879 type: array
4880 description: |-
4881 ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
4882 If specified, these secrets will be passed to individual puller implementations for them to use.
4883 More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
4884 items:
4885 type: object
4886 description: |-
4887 LocalObjectReference contains enough information to let you locate the
4888 referenced object inside the same namespace.
4889 properties:
4890 name:
4891 type: string
4892 default: ""
4893 description: |-
4894 Name of the referent.
4895 This field is effectively required, but due to backwards compatibility is
4896 allowed to be empty. Instances of this type with an empty value here are
4897 almost certainly wrong.
4898 TODO: Add other useful fields. apiVersion, kind, uid?
4899 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
4900 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
4901 x-kubernetes-map-type: atomic
4902 x-kubernetes-list-map-keys:
4903 - name
4904 x-kubernetes-list-type: map
4905 affinity:
4906 type: object
4907 description: If specified, the pod's scheduling constraints
4908 properties:
4909 nodeAffinity:
4910 type: object
4911 description: Describes node affinity scheduling rules for the pod.
4912 properties:
4913 preferredDuringSchedulingIgnoredDuringExecution:
4914 type: array
4915 description: |-
4916 The scheduler will prefer to schedule pods to nodes that satisfy
4917 the affinity expressions specified by this field, but it may choose
4918 a node that violates one or more of the expressions. The node that is
4919 most preferred is the one with the greatest sum of weights, i.e.
4920 for each node that meets all of the scheduling requirements (resource
4921 request, requiredDuringScheduling affinity expressions, etc.),
4922 compute a sum by iterating through the elements of this field and adding
4923 "weight" to the sum if the node matches the corresponding matchExpressions; the
4924 node(s) with the highest sum are the most preferred.
4925 items:
4926 type: object
4927 description: |-
4928 An empty preferred scheduling term matches all objects with implicit weight 0
4929 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
4930 properties:
4931 preference:
4932 type: object
4933 description: A node selector term, associated with the corresponding weight.
4934 properties:
4935 matchExpressions:
4936 type: array
4937 description: A list of node selector requirements by node's labels.
4938 items:
4939 type: object
4940 description: |-
4941 A node selector requirement is a selector that contains values, a key, and an operator
4942 that relates the key and values.
4943 properties:
4944 key:
4945 type: string
4946 description: The label key that the selector applies to.
4947 operator:
4948 type: string
4949 description: |-
4950 Represents a key's relationship to a set of values.
4951 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
4952 values:
4953 type: array
4954 description: |-
4955 An array of string values. If the operator is In or NotIn,
4956 the values array must be non-empty. If the operator is Exists or DoesNotExist,
4957 the values array must be empty. If the operator is Gt or Lt, the values
4958 array must have a single element, which will be interpreted as an integer.
4959 This array is replaced during a strategic merge patch.
4960 items:
4961 type: string
4962 x-kubernetes-list-type: atomic
4963 required:
4964 - key
4965 - operator
4966 x-kubernetes-list-type: atomic
4967 matchFields:
4968 type: array
4969 description: A list of node selector requirements by node's fields.
4970 items:
4971 type: object
4972 description: |-
4973 A node selector requirement is a selector that contains values, a key, and an operator
4974 that relates the key and values.
4975 properties:
4976 key:
4977 type: string
4978 description: The label key that the selector applies to.
4979 operator:
4980 type: string
4981 description: |-
4982 Represents a key's relationship to a set of values.
4983 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
4984 values:
4985 type: array
4986 description: |-
4987 An array of string values. If the operator is In or NotIn,
4988 the values array must be non-empty. If the operator is Exists or DoesNotExist,
4989 the values array must be empty. If the operator is Gt or Lt, the values
4990 array must have a single element, which will be interpreted as an integer.
4991 This array is replaced during a strategic merge patch.
4992 items:
4993 type: string
4994 x-kubernetes-list-type: atomic
4995 required:
4996 - key
4997 - operator
4998 x-kubernetes-list-type: atomic
4999 x-kubernetes-map-type: atomic
5000 weight:
5001 type: integer
5002 description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
5003 format: int32
5004 required:
5005 - preference
5006 - weight
5007 x-kubernetes-list-type: atomic
5008 requiredDuringSchedulingIgnoredDuringExecution:
5009 type: object
5010 description: |-
5011 If the affinity requirements specified by this field are not met at
5012 scheduling time, the pod will not be scheduled onto the node.
5013 If the affinity requirements specified by this field cease to be met
5014 at some point during pod execution (e.g. due to an update), the system
5015 may or may not try to eventually evict the pod from its node.
5016 properties:
5017 nodeSelectorTerms:
5018 type: array
5019 description: Required. A list of node selector terms. The terms are ORed.
5020 items:
5021 type: object
5022 description: |-
5023 A null or empty node selector term matches no objects. The requirements of
5024 them are ANDed.
5025 The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
5026 properties:
5027 matchExpressions:
5028 type: array
5029 description: A list of node selector requirements by node's labels.
5030 items:
5031 type: object
5032 description: |-
5033 A node selector requirement is a selector that contains values, a key, and an operator
5034 that relates the key and values.
5035 properties:
5036 key:
5037 type: string
5038 description: The label key that the selector applies to.
5039 operator:
5040 type: string
5041 description: |-
5042 Represents a key's relationship to a set of values.
5043 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
5044 values:
5045 type: array
5046 description: |-
5047 An array of string values. If the operator is In or NotIn,
5048 the values array must be non-empty. If the operator is Exists or DoesNotExist,
5049 the values array must be empty. If the operator is Gt or Lt, the values
5050 array must have a single element, which will be interpreted as an integer.
5051 This array is replaced during a strategic merge patch.
5052 items:
5053 type: string
5054 x-kubernetes-list-type: atomic
5055 required:
5056 - key
5057 - operator
5058 x-kubernetes-list-type: atomic
5059 matchFields:
5060 type: array
5061 description: A list of node selector requirements by node's fields.
5062 items:
5063 type: object
5064 description: |-
5065 A node selector requirement is a selector that contains values, a key, and an operator
5066 that relates the key and values.
5067 properties:
5068 key:
5069 type: string
5070 description: The label key that the selector applies to.
5071 operator:
5072 type: string
5073 description: |-
5074 Represents a key's relationship to a set of values.
5075 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
5076 values:
5077 type: array
5078 description: |-
5079 An array of string values. If the operator is In or NotIn,
5080 the values array must be non-empty. If the operator is Exists or DoesNotExist,
5081 the values array must be empty. If the operator is Gt or Lt, the values
5082 array must have a single element, which will be interpreted as an integer.
5083 This array is replaced during a strategic merge patch.
5084 items:
5085 type: string
5086 x-kubernetes-list-type: atomic
5087 required:
5088 - key
5089 - operator
5090 x-kubernetes-list-type: atomic
5091 x-kubernetes-map-type: atomic
5092 x-kubernetes-list-type: atomic
5093 required:
5094 - nodeSelectorTerms
5095 x-kubernetes-map-type: atomic
5096 podAffinity:
5097 type: object
5098 description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
5099 properties:
5100 preferredDuringSchedulingIgnoredDuringExecution:
5101 type: array
5102 description: |-
5103 The scheduler will prefer to schedule pods to nodes that satisfy
5104 the affinity expressions specified by this field, but it may choose
5105 a node that violates one or more of the expressions. The node that is
5106 most preferred is the one with the greatest sum of weights, i.e.
5107 for each node that meets all of the scheduling requirements (resource
5108 request, requiredDuringScheduling affinity expressions, etc.),
5109 compute a sum by iterating through the elements of this field and adding
5110 "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
5111 node(s) with the highest sum are the most preferred.
5112 items:
5113 type: object
5114 description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
5115 properties:
5116 podAffinityTerm:
5117 type: object
5118 description: Required. A pod affinity term, associated with the corresponding weight.
5119 properties:
5120 labelSelector:
5121 type: object
5122 description: |-
5123 A label query over a set of resources, in this case pods.
5124 If it's null, this PodAffinityTerm matches with no Pods.
5125 properties:
5126 matchExpressions:
5127 type: array
5128 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
5129 items:
5130 type: object
5131 description: |-
5132 A label selector requirement is a selector that contains values, a key, and an operator that
5133 relates the key and values.
5134 properties:
5135 key:
5136 type: string
5137 description: key is the label key that the selector applies to.
5138 operator:
5139 type: string
5140 description: |-
5141 operator represents a key's relationship to a set of values.
5142 Valid operators are In, NotIn, Exists and DoesNotExist.
5143 values:
5144 type: array
5145 description: |-
5146 values is an array of string values. If the operator is In or NotIn,
5147 the values array must be non-empty. If the operator is Exists or DoesNotExist,
5148 the values array must be empty. This array is replaced during a strategic
5149 merge patch.
5150 items:
5151 type: string
5152 x-kubernetes-list-type: atomic
5153 required:
5154 - key
5155 - operator
5156 x-kubernetes-list-type: atomic
5157 matchLabels:
5158 type: object
5159 additionalProperties:
5160 type: string
5161 description: |-
5162 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
5163 map is equivalent to an element of matchExpressions, whose key field is "key", the
5164 operator is "In", and the values array contains only "value". The requirements are ANDed.
5165 x-kubernetes-map-type: atomic
5166 matchLabelKeys:
5167 type: array
5168 description: |-
5169 MatchLabelKeys is a set of pod label keys to select which pods will
5170 be taken into consideration. The keys are used to lookup values from the
5171 incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
5172 to select the group of existing pods which pods will be taken into consideration
5173 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
5174 pod labels will be ignored. The default value is empty.
5175 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
5176 Also, matchLabelKeys cannot be set when labelSelector isn't set.
5177 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
5178 items:
5179 type: string
5180 x-kubernetes-list-type: atomic
5181 mismatchLabelKeys:
5182 type: array
5183 description: |-
5184 MismatchLabelKeys is a set of pod label keys to select which pods will
5185 be taken into consideration. The keys are used to lookup values from the
5186 incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
5187 to select the group of existing pods which pods will be taken into consideration
5188 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
5189 pod labels will be ignored. The default value is empty.
5190 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
5191 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
5192 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
5193 items:
5194 type: string
5195 x-kubernetes-list-type: atomic
5196 namespaceSelector:
5197 type: object
5198 description: |-
5199 A label query over the set of namespaces that the term applies to.
5200 The term is applied to the union of the namespaces selected by this field
5201 and the ones listed in the namespaces field.
5202 null selector and null or empty namespaces list means "this pod's namespace".
5203 An empty selector ({}) matches all namespaces.
5204 properties:
5205 matchExpressions:
5206 type: array
5207 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
5208 items:
5209 type: object
5210 description: |-
5211 A label selector requirement is a selector that contains values, a key, and an operator that
5212 relates the key and values.
5213 properties:
5214 key:
5215 type: string
5216 description: key is the label key that the selector applies to.
5217 operator:
5218 type: string
5219 description: |-
5220 operator represents a key's relationship to a set of values.
5221 Valid operators are In, NotIn, Exists and DoesNotExist.
5222 values:
5223 type: array
5224 description: |-
5225 values is an array of string values. If the operator is In or NotIn,
5226 the values array must be non-empty. If the operator is Exists or DoesNotExist,
5227 the values array must be empty. This array is replaced during a strategic
5228 merge patch.
5229 items:
5230 type: string
5231 x-kubernetes-list-type: atomic
5232 required:
5233 - key
5234 - operator
5235 x-kubernetes-list-type: atomic
5236 matchLabels:
5237 type: object
5238 additionalProperties:
5239 type: string
5240 description: |-
5241 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
5242 map is equivalent to an element of matchExpressions, whose key field is "key", the
5243 operator is "In", and the values array contains only "value". The requirements are ANDed.
5244 x-kubernetes-map-type: atomic
5245 namespaces:
5246 type: array
5247 description: |-
5248 namespaces specifies a static list of namespace names that the term applies to.
5249 The term is applied to the union of the namespaces listed in this field
5250 and the ones selected by namespaceSelector.
5251 null or empty namespaces list and null namespaceSelector means "this pod's namespace".
5252 items:
5253 type: string
5254 x-kubernetes-list-type: atomic
5255 topologyKey:
5256 type: string
5257 description: |-
5258 This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
5259 the labelSelector in the specified namespaces, where co-located is defined as running on a node
5260 whose value of the label with key topologyKey matches that of any node on which any of the
5261 selected pods is running.
5262 Empty topologyKey is not allowed.
5263 required:
5264 - topologyKey
5265 weight:
5266 type: integer
5267 description: |-
5268 weight associated with matching the corresponding podAffinityTerm,
5269 in the range 1-100.
5270 format: int32
5271 required:
5272 - podAffinityTerm
5273 - weight
5274 x-kubernetes-list-type: atomic
5275 requiredDuringSchedulingIgnoredDuringExecution:
5276 type: array
5277 description: |-
5278 If the affinity requirements specified by this field are not met at
5279 scheduling time, the pod will not be scheduled onto the node.
5280 If the affinity requirements specified by this field cease to be met
5281 at some point during pod execution (e.g. due to a pod label update), the
5282 system may or may not try to eventually evict the pod from its node.
5283 When there are multiple elements, the lists of nodes corresponding to each
5284 podAffinityTerm are intersected, i.e. all terms must be satisfied.
5285 items:
5286 type: object
5287 description: |-
5288 Defines a set of pods (namely those matching the labelSelector
5289 relative to the given namespace(s)) that this pod should be
5290 co-located (affinity) or not co-located (anti-affinity) with,
5291 where co-located is defined as running on a node whose value of
5292 the label with key <topologyKey> matches that of any node on which
5293 a pod of the set of pods is running
5294 properties:
5295 labelSelector:
5296 type: object
5297 description: |-
5298 A label query over a set of resources, in this case pods.
5299 If it's null, this PodAffinityTerm matches with no Pods.
5300 properties:
5301 matchExpressions:
5302 type: array
5303 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
5304 items:
5305 type: object
5306 description: |-
5307 A label selector requirement is a selector that contains values, a key, and an operator that
5308 relates the key and values.
5309 properties:
5310 key:
5311 type: string
5312 description: key is the label key that the selector applies to.
5313 operator:
5314 type: string
5315 description: |-
5316 operator represents a key's relationship to a set of values.
5317 Valid operators are In, NotIn, Exists and DoesNotExist.
5318 values:
5319 type: array
5320 description: |-
5321 values is an array of string values. If the operator is In or NotIn,
5322 the values array must be non-empty. If the operator is Exists or DoesNotExist,
5323 the values array must be empty. This array is replaced during a strategic
5324 merge patch.
5325 items:
5326 type: string
5327 x-kubernetes-list-type: atomic
5328 required:
5329 - key
5330 - operator
5331 x-kubernetes-list-type: atomic
5332 matchLabels:
5333 type: object
5334 additionalProperties:
5335 type: string
5336 description: |-
5337 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
5338 map is equivalent to an element of matchExpressions, whose key field is "key", the
5339 operator is "In", and the values array contains only "value". The requirements are ANDed.
5340 x-kubernetes-map-type: atomic
5341 matchLabelKeys:
5342 type: array
5343 description: |-
5344 MatchLabelKeys is a set of pod label keys to select which pods will
5345 be taken into consideration. The keys are used to lookup values from the
5346 incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
5347 to select the group of existing pods which pods will be taken into consideration
5348 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
5349 pod labels will be ignored. The default value is empty.
5350 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
5351 Also, matchLabelKeys cannot be set when labelSelector isn't set.
5352 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
5353 items:
5354 type: string
5355 x-kubernetes-list-type: atomic
5356 mismatchLabelKeys:
5357 type: array
5358 description: |-
5359 MismatchLabelKeys is a set of pod label keys to select which pods will
5360 be taken into consideration. The keys are used to lookup values from the
5361 incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
5362 to select the group of existing pods which pods will be taken into consideration
5363 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
5364 pod labels will be ignored. The default value is empty.
5365 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
5366 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
5367 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
5368 items:
5369 type: string
5370 x-kubernetes-list-type: atomic
5371 namespaceSelector:
5372 type: object
5373 description: |-
5374 A label query over the set of namespaces that the term applies to.
5375 The term is applied to the union of the namespaces selected by this field
5376 and the ones listed in the namespaces field.
5377 null selector and null or empty namespaces list means "this pod's namespace".
5378 An empty selector ({}) matches all namespaces.
5379 properties:
5380 matchExpressions:
5381 type: array
5382 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
5383 items:
5384 type: object
5385 description: |-
5386 A label selector requirement is a selector that contains values, a key, and an operator that
5387 relates the key and values.
5388 properties:
5389 key:
5390 type: string
5391 description: key is the label key that the selector applies to.
5392 operator:
5393 type: string
5394 description: |-
5395 operator represents a key's relationship to a set of values.
5396 Valid operators are In, NotIn, Exists and DoesNotExist.
5397 values:
5398 type: array
5399 description: |-
5400 values is an array of string values. If the operator is In or NotIn,
5401 the values array must be non-empty. If the operator is Exists or DoesNotExist,
5402 the values array must be empty. This array is replaced during a strategic
5403 merge patch.
5404 items:
5405 type: string
5406 x-kubernetes-list-type: atomic
5407 required:
5408 - key
5409 - operator
5410 x-kubernetes-list-type: atomic
5411 matchLabels:
5412 type: object
5413 additionalProperties:
5414 type: string
5415 description: |-
5416 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
5417 map is equivalent to an element of matchExpressions, whose key field is "key", the
5418 operator is "In", and the values array contains only "value". The requirements are ANDed.
5419 x-kubernetes-map-type: atomic
5420 namespaces:
5421 type: array
5422 description: |-
5423 namespaces specifies a static list of namespace names that the term applies to.
5424 The term is applied to the union of the namespaces listed in this field
5425 and the ones selected by namespaceSelector.
5426 null or empty namespaces list and null namespaceSelector means "this pod's namespace".
5427 items:
5428 type: string
5429 x-kubernetes-list-type: atomic
5430 topologyKey:
5431 type: string
5432 description: |-
5433 This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
5434 the labelSelector in the specified namespaces, where co-located is defined as running on a node
5435 whose value of the label with key topologyKey matches that of any node on which any of the
5436 selected pods is running.
5437 Empty topologyKey is not allowed.
5438 required:
5439 - topologyKey
5440 x-kubernetes-list-type: atomic
5441 podAntiAffinity:
5442 type: object
5443 description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
5444 properties:
5445 preferredDuringSchedulingIgnoredDuringExecution:
5446 type: array
5447 description: |-
5448 The scheduler will prefer to schedule pods to nodes that satisfy
5449 the anti-affinity expressions specified by this field, but it may choose
5450 a node that violates one or more of the expressions. The node that is
5451 most preferred is the one with the greatest sum of weights, i.e.
5452 for each node that meets all of the scheduling requirements (resource
5453 request, requiredDuringScheduling anti-affinity expressions, etc.),
5454 compute a sum by iterating through the elements of this field and adding
5455 "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
5456 node(s) with the highest sum are the most preferred.
5457 items:
5458 type: object
5459 description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
5460 properties:
5461 podAffinityTerm:
5462 type: object
5463 description: Required. A pod affinity term, associated with the corresponding weight.
5464 properties:
5465 labelSelector:
5466 type: object
5467 description: |-
5468 A label query over a set of resources, in this case pods.
5469 If it's null, this PodAffinityTerm matches with no Pods.
5470 properties:
5471 matchExpressions:
5472 type: array
5473 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
5474 items:
5475 type: object
5476 description: |-
5477 A label selector requirement is a selector that contains values, a key, and an operator that
5478 relates the key and values.
5479 properties:
5480 key:
5481 type: string
5482 description: key is the label key that the selector applies to.
5483 operator:
5484 type: string
5485 description: |-
5486 operator represents a key's relationship to a set of values.
5487 Valid operators are In, NotIn, Exists and DoesNotExist.
5488 values:
5489 type: array
5490 description: |-
5491 values is an array of string values. If the operator is In or NotIn,
5492 the values array must be non-empty. If the operator is Exists or DoesNotExist,
5493 the values array must be empty. This array is replaced during a strategic
5494 merge patch.
5495 items:
5496 type: string
5497 x-kubernetes-list-type: atomic
5498 required:
5499 - key
5500 - operator
5501 x-kubernetes-list-type: atomic
5502 matchLabels:
5503 type: object
5504 additionalProperties:
5505 type: string
5506 description: |-
5507 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
5508 map is equivalent to an element of matchExpressions, whose key field is "key", the
5509 operator is "In", and the values array contains only "value". The requirements are ANDed.
5510 x-kubernetes-map-type: atomic
5511 matchLabelKeys:
5512 type: array
5513 description: |-
5514 MatchLabelKeys is a set of pod label keys to select which pods will
5515 be taken into consideration. The keys are used to lookup values from the
5516 incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
5517 to select the group of existing pods which pods will be taken into consideration
5518 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
5519 pod labels will be ignored. The default value is empty.
5520 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
5521 Also, matchLabelKeys cannot be set when labelSelector isn't set.
5522 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
5523 items:
5524 type: string
5525 x-kubernetes-list-type: atomic
5526 mismatchLabelKeys:
5527 type: array
5528 description: |-
5529 MismatchLabelKeys is a set of pod label keys to select which pods will
5530 be taken into consideration. The keys are used to lookup values from the
5531 incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
5532 to select the group of existing pods which pods will be taken into consideration
5533 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
5534 pod labels will be ignored. The default value is empty.
5535 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
5536 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
5537 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
5538 items:
5539 type: string
5540 x-kubernetes-list-type: atomic
5541 namespaceSelector:
5542 type: object
5543 description: |-
5544 A label query over the set of namespaces that the term applies to.
5545 The term is applied to the union of the namespaces selected by this field
5546 and the ones listed in the namespaces field.
5547 null selector and null or empty namespaces list means "this pod's namespace".
5548 An empty selector ({}) matches all namespaces.
5549 properties:
5550 matchExpressions:
5551 type: array
5552 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
5553 items:
5554 type: object
5555 description: |-
5556 A label selector requirement is a selector that contains values, a key, and an operator that
5557 relates the key and values.
5558 properties:
5559 key:
5560 type: string
5561 description: key is the label key that the selector applies to.
5562 operator:
5563 type: string
5564 description: |-
5565 operator represents a key's relationship to a set of values.
5566 Valid operators are In, NotIn, Exists and DoesNotExist.
5567 values:
5568 type: array
5569 description: |-
5570 values is an array of string values. If the operator is In or NotIn,
5571 the values array must be non-empty. If the operator is Exists or DoesNotExist,
5572 the values array must be empty. This array is replaced during a strategic
5573 merge patch.
5574 items:
5575 type: string
5576 x-kubernetes-list-type: atomic
5577 required:
5578 - key
5579 - operator
5580 x-kubernetes-list-type: atomic
5581 matchLabels:
5582 type: object
5583 additionalProperties:
5584 type: string
5585 description: |-
5586 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
5587 map is equivalent to an element of matchExpressions, whose key field is "key", the
5588 operator is "In", and the values array contains only "value". The requirements are ANDed.
5589 x-kubernetes-map-type: atomic
5590 namespaces:
5591 type: array
5592 description: |-
5593 namespaces specifies a static list of namespace names that the term applies to.
5594 The term is applied to the union of the namespaces listed in this field
5595 and the ones selected by namespaceSelector.
5596 null or empty namespaces list and null namespaceSelector means "this pod's namespace".
5597 items:
5598 type: string
5599 x-kubernetes-list-type: atomic
5600 topologyKey:
5601 type: string
5602 description: |-
5603 This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
5604 the labelSelector in the specified namespaces, where co-located is defined as running on a node
5605 whose value of the label with key topologyKey matches that of any node on which any of the
5606 selected pods is running.
5607 Empty topologyKey is not allowed.
5608 required:
5609 - topologyKey
5610 weight:
5611 type: integer
5612 description: |-
5613 weight associated with matching the corresponding podAffinityTerm,
5614 in the range 1-100.
5615 format: int32
5616 required:
5617 - podAffinityTerm
5618 - weight
5619 x-kubernetes-list-type: atomic
5620 requiredDuringSchedulingIgnoredDuringExecution:
5621 type: array
5622 description: |-
5623 If the anti-affinity requirements specified by this field are not met at
5624 scheduling time, the pod will not be scheduled onto the node.
5625 If the anti-affinity requirements specified by this field cease to be met
5626 at some point during pod execution (e.g. due to a pod label update), the
5627 system may or may not try to eventually evict the pod from its node.
5628 When there are multiple elements, the lists of nodes corresponding to each
5629 podAffinityTerm are intersected, i.e. all terms must be satisfied.
5630 items:
5631 type: object
5632 description: |-
5633 Defines a set of pods (namely those matching the labelSelector
5634 relative to the given namespace(s)) that this pod should be
5635 co-located (affinity) or not co-located (anti-affinity) with,
5636 where co-located is defined as running on a node whose value of
5637 the label with key <topologyKey> matches that of any node on which
5638 a pod of the set of pods is running
5639 properties:
5640 labelSelector:
5641 type: object
5642 description: |-
5643 A label query over a set of resources, in this case pods.
5644 If it's null, this PodAffinityTerm matches with no Pods.
5645 properties:
5646 matchExpressions:
5647 type: array
5648 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
5649 items:
5650 type: object
5651 description: |-
5652 A label selector requirement is a selector that contains values, a key, and an operator that
5653 relates the key and values.
5654 properties:
5655 key:
5656 type: string
5657 description: key is the label key that the selector applies to.
5658 operator:
5659 type: string
5660 description: |-
5661 operator represents a key's relationship to a set of values.
5662 Valid operators are In, NotIn, Exists and DoesNotExist.
5663 values:
5664 type: array
5665 description: |-
5666 values is an array of string values. If the operator is In or NotIn,
5667 the values array must be non-empty. If the operator is Exists or DoesNotExist,
5668 the values array must be empty. This array is replaced during a strategic
5669 merge patch.
5670 items:
5671 type: string
5672 x-kubernetes-list-type: atomic
5673 required:
5674 - key
5675 - operator
5676 x-kubernetes-list-type: atomic
5677 matchLabels:
5678 type: object
5679 additionalProperties:
5680 type: string
5681 description: |-
5682 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
5683 map is equivalent to an element of matchExpressions, whose key field is "key", the
5684 operator is "In", and the values array contains only "value". The requirements are ANDed.
5685 x-kubernetes-map-type: atomic
5686 matchLabelKeys:
5687 type: array
5688 description: |-
5689 MatchLabelKeys is a set of pod label keys to select which pods will
5690 be taken into consideration. The keys are used to lookup values from the
5691 incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
5692 to select the group of existing pods which pods will be taken into consideration
5693 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
5694 pod labels will be ignored. The default value is empty.
5695 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
5696 Also, matchLabelKeys cannot be set when labelSelector isn't set.
5697 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
5698 items:
5699 type: string
5700 x-kubernetes-list-type: atomic
5701 mismatchLabelKeys:
5702 type: array
5703 description: |-
5704 MismatchLabelKeys is a set of pod label keys to select which pods will
5705 be taken into consideration. The keys are used to lookup values from the
5706 incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
5707 to select the group of existing pods which pods will be taken into consideration
5708 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
5709 pod labels will be ignored. The default value is empty.
5710 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
5711 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
5712 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
5713 items:
5714 type: string
5715 x-kubernetes-list-type: atomic
5716 namespaceSelector:
5717 type: object
5718 description: |-
5719 A label query over the set of namespaces that the term applies to.
5720 The term is applied to the union of the namespaces selected by this field
5721 and the ones listed in the namespaces field.
5722 null selector and null or empty namespaces list means "this pod's namespace".
5723 An empty selector ({}) matches all namespaces.
5724 properties:
5725 matchExpressions:
5726 type: array
5727 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
5728 items:
5729 type: object
5730 description: |-
5731 A label selector requirement is a selector that contains values, a key, and an operator that
5732 relates the key and values.
5733 properties:
5734 key:
5735 type: string
5736 description: key is the label key that the selector applies to.
5737 operator:
5738 type: string
5739 description: |-
5740 operator represents a key's relationship to a set of values.
5741 Valid operators are In, NotIn, Exists and DoesNotExist.
5742 values:
5743 type: array
5744 description: |-
5745 values is an array of string values. If the operator is In or NotIn,
5746 the values array must be non-empty. If the operator is Exists or DoesNotExist,
5747 the values array must be empty. This array is replaced during a strategic
5748 merge patch.
5749 items:
5750 type: string
5751 x-kubernetes-list-type: atomic
5752 required:
5753 - key
5754 - operator
5755 x-kubernetes-list-type: atomic
5756 matchLabels:
5757 type: object
5758 additionalProperties:
5759 type: string
5760 description: |-
5761 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
5762 map is equivalent to an element of matchExpressions, whose key field is "key", the
5763 operator is "In", and the values array contains only "value". The requirements are ANDed.
5764 x-kubernetes-map-type: atomic
5765 namespaces:
5766 type: array
5767 description: |-
5768 namespaces specifies a static list of namespace names that the term applies to.
5769 The term is applied to the union of the namespaces listed in this field
5770 and the ones selected by namespaceSelector.
5771 null or empty namespaces list and null namespaceSelector means "this pod's namespace".
5772 items:
5773 type: string
5774 x-kubernetes-list-type: atomic
5775 topologyKey:
5776 type: string
5777 description: |-
5778 This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
5779 the labelSelector in the specified namespaces, where co-located is defined as running on a node
5780 whose value of the label with key topologyKey matches that of any node on which any of the
5781 selected pods is running.
5782 Empty topologyKey is not allowed.
5783 required:
5784 - topologyKey
5785 x-kubernetes-list-type: atomic
5786 tolerations:
5787 type: array
5788 description: If specified, the pod's tolerations.
5789 items:
5790 type: object
5791 description: |-
5792 The pod this Toleration is attached to tolerates any taint that matches
5793 the triple <key,value,effect> using the matching operator <operator>.
5794 properties:
5795 value:
5796 type: string
5797 description: |-
5798 Value is the taint value the toleration matches to.
5799 If the operator is Exists, the value should be empty, otherwise just a regular string.
5800 effect:
5801 type: string
5802 description: |-
5803 Effect indicates the taint effect to match. Empty means match all taint effects.
5804 When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
5805 key:
5806 type: string
5807 description: |-
5808 Key is the taint key that the toleration applies to. Empty means match all taint keys.
5809 If the key is empty, operator must be Exists; this combination means to match all values and all keys.
5810 operator:
5811 type: string
5812 description: |-
5813 Operator represents a key's relationship to the value.
5814 Valid operators are Exists and Equal. Defaults to Equal.
5815 Exists is equivalent to wildcard for value, so that a pod can
5816 tolerate all taints of a particular category.
5817 tolerationSeconds:
5818 type: integer
5819 description: |-
5820 TolerationSeconds represents the period of time the toleration (which must be
5821 of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
5822 it is not set, which means tolerate the taint forever (do not evict). Zero and
5823 negative values will be treated as 0 (evict immediately) by the system.
5824 format: int64
5825 x-kubernetes-list-type: atomic
5826 dnsConfig:
5827 type: object
5828 description: |-
5829 Specifies the DNS parameters of a pod.
5830 Parameters specified here will be merged to the generated DNS
5831 configuration based on DNSPolicy.
5832 properties:
5833 nameservers:
5834 type: array
5835 description: |-
5836 A list of DNS name server IP addresses.
5837 This will be appended to the base nameservers generated from DNSPolicy.
5838 Duplicated nameservers will be removed.
5839 items:
5840 type: string
5841 x-kubernetes-list-type: atomic
5842 options:
5843 type: array
5844 description: |-
5845 A list of DNS resolver options.
5846 This will be merged with the base options generated from DNSPolicy.
5847 Duplicated entries will be removed. Resolution options given in Options
5848 will override those that appear in the base DNSPolicy.
5849 items:
5850 type: object
5851 description: PodDNSConfigOption defines DNS resolver options of a pod.
5852 properties:
5853 name:
5854 type: string
5855 description: Required.
5856 value:
5857 type: string
5858 x-kubernetes-list-type: atomic
5859 searches:
5860 type: array
5861 description: |-
5862 A list of DNS search domains for host-name lookup.
5863 This will be appended to the base search paths generated from DNSPolicy.
5864 Duplicated search paths will be removed.
5865 items:
5866 type: string
5867 x-kubernetes-list-type: atomic
5868 readinessGates:
5869 type: array
5870 description: |-
5871 If specified, all readiness gates will be evaluated for pod readiness.
5872 A pod is ready when all its containers are ready AND
5873 all conditions specified in the readiness gates have status equal to "True"
5874 More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
5875 items:
5876 type: object
5877 description: PodReadinessGate contains the reference to a pod condition
5878 properties:
5879 conditionType:
5880 type: string
5881 description: ConditionType refers to a condition in the pod's condition list with matching type.
5882 required:
5883 - conditionType
5884 x-kubernetes-list-type: atomic
5885 securityContext:
5886 type: object
5887 description: |-
5888 SecurityContext holds pod-level security attributes and common container settings.
5889 Optional: Defaults to empty. See type description for default values of each field.
5890 properties:
5891 appArmorProfile:
5892 type: object
5893 description: |-
5894 appArmorProfile is the AppArmor options to use by the containers in this pod.
5895 Note that this field cannot be set when spec.os.name is windows.
5896 properties:
5897 type:
5898 type: string
5899 description: |-
5900 type indicates which kind of AppArmor profile will be applied.
5901 Valid options are:
5902 Localhost - a profile pre-loaded on the node.
5903 RuntimeDefault - the container runtime's default profile.
5904 Unconfined - no AppArmor enforcement.
5905 localhostProfile:
5906 type: string
5907 description: |-
5908 localhostProfile indicates a profile loaded on the node that should be used.
5909 The profile must be preconfigured on the node to work.
5910 Must match the loaded name of the profile.
5911 Must be set if and only if type is "Localhost".
5912 required:
5913 - type
5914 fsGroup:
5915 type: integer
5916 description: |-
5917 A special supplemental group that applies to all containers in a pod.
5918 Some volume types allow the Kubelet to change the ownership of that volume
5919 to be owned by the pod:
5920
5921
5922 1. The owning GID will be the FSGroup
5923 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
5924 3. The permission bits are OR'd with rw-rw----
5925
5926
5927 If unset, the Kubelet will not modify the ownership and permissions of any volume.
5928 Note that this field cannot be set when spec.os.name is windows.
5929 format: int64
5930 fsGroupChangePolicy:
5931 type: string
5932 description: |-
5933 fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
5934 before being exposed inside Pod. This field will only apply to
5935 volume types which support fsGroup based ownership(and permissions).
5936 It will have no effect on ephemeral volume types such as: secret, configmaps
5937 and emptydir.
5938 Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
5939 Note that this field cannot be set when spec.os.name is windows.
5940 runAsGroup:
5941 type: integer
5942 description: |-
5943 The GID to run the entrypoint of the container process.
5944 Uses runtime default if unset.
5945 May also be set in SecurityContext. If set in both SecurityContext and
5946 PodSecurityContext, the value specified in SecurityContext takes precedence
5947 for that container.
5948 Note that this field cannot be set when spec.os.name is windows.
5949 format: int64
5950 runAsNonRoot:
5951 type: boolean
5952 description: |-
5953 Indicates that the container must run as a non-root user.
5954 If true, the Kubelet will validate the image at runtime to ensure that it
5955 does not run as UID 0 (root) and fail to start the container if it does.
5956 If unset or false, no such validation will be performed.
5957 May also be set in SecurityContext. If set in both SecurityContext and
5958 PodSecurityContext, the value specified in SecurityContext takes precedence.
5959 runAsUser:
5960 type: integer
5961 description: |-
5962 The UID to run the entrypoint of the container process.
5963 Defaults to user specified in image metadata if unspecified.
5964 May also be set in SecurityContext. If set in both SecurityContext and
5965 PodSecurityContext, the value specified in SecurityContext takes precedence
5966 for that container.
5967 Note that this field cannot be set when spec.os.name is windows.
5968 format: int64
5969 seLinuxOptions:
5970 type: object
5971 description: |-
5972 The SELinux context to be applied to all containers.
5973 If unspecified, the container runtime will allocate a random SELinux context for each
5974 container. May also be set in SecurityContext. If set in
5975 both SecurityContext and PodSecurityContext, the value specified in SecurityContext
5976 takes precedence for that container.
5977 Note that this field cannot be set when spec.os.name is windows.
5978 properties:
5979 type:
5980 type: string
5981 description: Type is a SELinux type label that applies to the container.
5982 level:
5983 type: string
5984 description: Level is SELinux level label that applies to the container.
5985 role:
5986 type: string
5987 description: Role is a SELinux role label that applies to the container.
5988 user:
5989 type: string
5990 description: User is a SELinux user label that applies to the container.
5991 seccompProfile:
5992 type: object
5993 description: |-
5994 The seccomp options to use by the containers in this pod.
5995 Note that this field cannot be set when spec.os.name is windows.
5996 properties:
5997 type:
5998 type: string
5999 description: |-
6000 type indicates which kind of seccomp profile will be applied.
6001 Valid options are:
6002
6003
6004 Localhost - a profile defined in a file on the node should be used.
6005 RuntimeDefault - the container runtime default profile should be used.
6006 Unconfined - no profile should be applied.
6007 localhostProfile:
6008 type: string
6009 description: |-
6010 localhostProfile indicates a profile defined in a file on the node should be used.
6011 The profile must be preconfigured on the node to work.
6012 Must be a descending path, relative to the kubelet's configured seccomp profile location.
6013 Must be set if type is "Localhost". Must NOT be set for any other type.
6014 required:
6015 - type
6016 supplementalGroups:
6017 type: array
6018 description: |-
6019 A list of groups applied to the first process run in each container, in addition
6020 to the container's primary GID, the fsGroup (if specified), and group memberships
6021 defined in the container image for the uid of the container process. If unspecified,
6022 no additional groups are added to any container. Note that group memberships
6023 defined in the container image for the uid of the container process are still effective,
6024 even if they are not included in this list.
6025 Note that this field cannot be set when spec.os.name is windows.
6026 items:
6027 type: integer
6028 format: int64
6029 x-kubernetes-list-type: atomic
6030 sysctls:
6031 type: array
6032 description: |-
6033 Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
6034 sysctls (by the container runtime) might fail to launch.
6035 Note that this field cannot be set when spec.os.name is windows.
6036 items:
6037 type: object
6038 description: Sysctl defines a kernel parameter to be set
6039 properties:
6040 name:
6041 type: string
6042 description: Name of a property to set
6043 value:
6044 type: string
6045 description: Value of a property to set
6046 required:
6047 - name
6048 - value
6049 x-kubernetes-list-type: atomic
6050 windowsOptions:
6051 type: object
6052 description: |-
6053 The Windows specific settings applied to all containers.
6054 If unspecified, the options within a container's SecurityContext will be used.
6055 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
6056 Note that this field cannot be set when spec.os.name is linux.
6057 properties:
6058 gmsaCredentialSpec:
6059 type: string
6060 description: |-
6061 GMSACredentialSpec is where the GMSA admission webhook
6062 (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
6063 GMSA credential spec named by the GMSACredentialSpecName field.
6064 gmsaCredentialSpecName:
6065 type: string
6066 description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
6067 hostProcess:
6068 type: boolean
6069 description: |-
6070 HostProcess determines if a container should be run as a 'Host Process' container.
6071 All of a Pod's containers must have the same effective HostProcess value
6072 (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
6073 In addition, if HostProcess is true then HostNetwork must also be set to true.
6074 runAsUserName:
6075 type: string
6076 description: |-
6077 The UserName in Windows to run the entrypoint of the container process.
6078 Defaults to the user specified in image metadata if unspecified.
6079 May also be set in PodSecurityContext. If set in both SecurityContext and
6080 PodSecurityContext, the value specified in SecurityContext takes precedence.
6081 ephemeralContainers:
6082 type: array
6083 description: |-
6084 List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing
6085 pod to perform user-initiated actions such as debugging. This list cannot be specified when
6086 creating a pod, and it cannot be modified by updating the pod spec. In order to add an
6087 ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
6088 items:
6089 type: object
6090 description: |-
6091 An EphemeralContainer is a temporary container that you may add to an existing Pod for
6092 user-initiated activities such as debugging. Ephemeral containers have no resource or
6093 scheduling guarantees, and they will not be restarted when they exit or when a Pod is
6094 removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the
6095 Pod to exceed its resource allocation.
6096
6097
6098 To add an ephemeral container, use the ephemeralcontainers subresource of an existing
6099 Pod. Ephemeral containers may not be removed or restarted.
6100 properties:
6101 name:
6102 type: string
6103 description: |-
6104 Name of the ephemeral container specified as a DNS_LABEL.
6105 This name must be unique among all containers, init containers and ephemeral containers.
6106 restartPolicy:
6107 type: string
6108 description: |-
6109 Restart policy for the container to manage the restart behavior of each
6110 container within a pod.
6111 This may only be set for init containers. You cannot set this field on
6112 ephemeral containers.
6113 image:
6114 type: string
6115 description: |-
6116 Container image name.
6117 More info: https://kubernetes.io/docs/concepts/containers/images
6118 command:
6119 type: array
6120 description: |-
6121 Entrypoint array. Not executed within a shell.
6122 The image's ENTRYPOINT is used if this is not provided.
6123 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
6124 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
6125 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
6126 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
6127 of whether the variable exists or not. Cannot be updated.
6128 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
6129 items:
6130 type: string
6131 x-kubernetes-list-type: atomic
6132 args:
6133 type: array
6134 description: |-
6135 Arguments to the entrypoint.
6136 The image's CMD is used if this is not provided.
6137 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
6138 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
6139 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
6140 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
6141 of whether the variable exists or not. Cannot be updated.
6142 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
6143 items:
6144 type: string
6145 x-kubernetes-list-type: atomic
6146 workingDir:
6147 type: string
6148 description: |-
6149 Container's working directory.
6150 If not specified, the container runtime's default will be used, which
6151 might be configured in the container image.
6152 Cannot be updated.
6153 ports:
6154 type: array
6155 description: Ports are not allowed for ephemeral containers.
6156 items:
6157 type: object
6158 description: ContainerPort represents a network port in a single container.
6159 properties:
6160 name:
6161 type: string
6162 description: |-
6163 If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
6164 named port in a pod must have a unique name. Name for the port that can be
6165 referred to by services.
6166 protocol:
6167 type: string
6168 default: TCP
6169 description: |-
6170 Protocol for port. Must be UDP, TCP, or SCTP.
6171 Defaults to "TCP".
6172 hostPort:
6173 type: integer
6174 description: |-
6175 Number of port to expose on the host.
6176 If specified, this must be a valid port number, 0 < x < 65536.
6177 If HostNetwork is specified, this must match ContainerPort.
6178 Most containers do not need this.
6179 format: int32
6180 containerPort:
6181 type: integer
6182 description: |-
6183 Number of port to expose on the pod's IP address.
6184 This must be a valid port number, 0 < x < 65536.
6185 format: int32
6186 hostIP:
6187 type: string
6188 description: What host IP to bind the external port to.
6189 required:
6190 - containerPort
6191 x-kubernetes-list-map-keys:
6192 - containerPort
6193 - protocol
6194 x-kubernetes-list-type: map
6195 envFrom:
6196 type: array
6197 description: |-
6198 List of sources to populate environment variables in the container.
6199 The keys defined within a source must be a C_IDENTIFIER. All invalid keys
6200 will be reported as an event when the container is starting. When a key exists in multiple
6201 sources, the value associated with the last source will take precedence.
6202 Values defined by an Env with a duplicate key will take precedence.
6203 Cannot be updated.
6204 items:
6205 type: object
6206 description: EnvFromSource represents the source of a set of ConfigMaps
6207 properties:
6208 prefix:
6209 type: string
6210 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
6211 configMapRef:
6212 type: object
6213 description: The ConfigMap to select from
6214 properties:
6215 name:
6216 type: string
6217 default: ""
6218 description: |-
6219 Name of the referent.
6220 This field is effectively required, but due to backwards compatibility is
6221 allowed to be empty. Instances of this type with an empty value here are
6222 almost certainly wrong.
6223 TODO: Add other useful fields. apiVersion, kind, uid?
6224 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
6225 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
6226 optional:
6227 type: boolean
6228 description: Specify whether the ConfigMap must be defined
6229 x-kubernetes-map-type: atomic
6230 secretRef:
6231 type: object
6232 description: The Secret to select from
6233 properties:
6234 name:
6235 type: string
6236 default: ""
6237 description: |-
6238 Name of the referent.
6239 This field is effectively required, but due to backwards compatibility is
6240 allowed to be empty. Instances of this type with an empty value here are
6241 almost certainly wrong.
6242 TODO: Add other useful fields. apiVersion, kind, uid?
6243 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
6244 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
6245 optional:
6246 type: boolean
6247 description: Specify whether the Secret must be defined
6248 x-kubernetes-map-type: atomic
6249 x-kubernetes-list-type: atomic
6250 env:
6251 type: array
6252 description: |-
6253 List of environment variables to set in the container.
6254 Cannot be updated.
6255 items:
6256 type: object
6257 description: EnvVar represents an environment variable present in a Container.
6258 properties:
6259 name:
6260 type: string
6261 description: Name of the environment variable. Must be a C_IDENTIFIER.
6262 value:
6263 type: string
6264 description: |-
6265 Variable references $(VAR_NAME) are expanded
6266 using the previously defined environment variables in the container and
6267 any service environment variables. If a variable cannot be resolved,
6268 the reference in the input string will be unchanged. Double $$ are reduced
6269 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
6270 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
6271 Escaped references will never be expanded, regardless of whether the variable
6272 exists or not.
6273 Defaults to "".
6274 valueFrom:
6275 type: object
6276 description: Source for the environment variable's value. Cannot be used if value is not empty.
6277 properties:
6278 fieldRef:
6279 type: object
6280 description: |-
6281 Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
6282 spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
6283 properties:
6284 apiVersion:
6285 type: string
6286 description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
6287 fieldPath:
6288 type: string
6289 description: Path of the field to select in the specified API version.
6290 required:
6291 - fieldPath
6292 x-kubernetes-map-type: atomic
6293 resourceFieldRef:
6294 type: object
6295 description: |-
6296 Selects a resource of the container: only resources limits and requests
6297 (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
6298 properties:
6299 containerName:
6300 type: string
6301 description: 'Container name: required for volumes, optional for env vars'
6302 divisor:
6303 anyOf:
6304 - type: integer
6305 - type: string
6306 description: Specifies the output format of the exposed resources, defaults to "1"
6307 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
6308 x-kubernetes-int-or-string: true
6309 resource:
6310 type: string
6311 description: 'Required: resource to select'
6312 required:
6313 - resource
6314 x-kubernetes-map-type: atomic
6315 configMapKeyRef:
6316 type: object
6317 description: Selects a key of a ConfigMap.
6318 properties:
6319 name:
6320 type: string
6321 default: ""
6322 description: |-
6323 Name of the referent.
6324 This field is effectively required, but due to backwards compatibility is
6325 allowed to be empty. Instances of this type with an empty value here are
6326 almost certainly wrong.
6327 TODO: Add other useful fields. apiVersion, kind, uid?
6328 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
6329 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
6330 key:
6331 type: string
6332 description: The key to select.
6333 optional:
6334 type: boolean
6335 description: Specify whether the ConfigMap or its key must be defined
6336 required:
6337 - key
6338 x-kubernetes-map-type: atomic
6339 secretKeyRef:
6340 type: object
6341 description: Selects a key of a secret in the pod's namespace
6342 properties:
6343 name:
6344 type: string
6345 default: ""
6346 description: |-
6347 Name of the referent.
6348 This field is effectively required, but due to backwards compatibility is
6349 allowed to be empty. Instances of this type with an empty value here are
6350 almost certainly wrong.
6351 TODO: Add other useful fields. apiVersion, kind, uid?
6352 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
6353 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
6354 key:
6355 type: string
6356 description: The key of the secret to select from. Must be a valid secret key.
6357 optional:
6358 type: boolean
6359 description: Specify whether the Secret or its key must be defined
6360 required:
6361 - key
6362 x-kubernetes-map-type: atomic
6363 required:
6364 - name
6365 x-kubernetes-list-map-keys:
6366 - name
6367 x-kubernetes-list-type: map
6368 resources:
6369 type: object
6370 description: |-
6371 Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources
6372 already allocated to the pod.
6373 properties:
6374 claims:
6375 type: array
6376 description: |-
6377 Claims lists the names of resources, defined in spec.resourceClaims,
6378 that are used by this container.
6379
6380
6381 This is an alpha field and requires enabling the
6382 DynamicResourceAllocation feature gate.
6383
6384
6385 This field is immutable. It can only be set for containers.
6386 items:
6387 type: object
6388 description: ResourceClaim references one entry in PodSpec.ResourceClaims.
6389 properties:
6390 name:
6391 type: string
6392 description: |-
6393 Name must match the name of one entry in pod.spec.resourceClaims of
6394 the Pod where this field is used. It makes that resource available
6395 inside a container.
6396 required:
6397 - name
6398 x-kubernetes-list-map-keys:
6399 - name
6400 x-kubernetes-list-type: map
6401 limits:
6402 type: object
6403 additionalProperties:
6404 anyOf:
6405 - type: integer
6406 - type: string
6407 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
6408 x-kubernetes-int-or-string: true
6409 description: |-
6410 Limits describes the maximum amount of compute resources allowed.
6411 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
6412 requests:
6413 type: object
6414 additionalProperties:
6415 anyOf:
6416 - type: integer
6417 - type: string
6418 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
6419 x-kubernetes-int-or-string: true
6420 description: |-
6421 Requests describes the minimum amount of compute resources required.
6422 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
6423 otherwise to an implementation-defined value. Requests cannot exceed Limits.
6424 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
6425 volumeMounts:
6426 type: array
6427 description: |-
6428 Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.
6429 Cannot be updated.
6430 items:
6431 type: object
6432 description: VolumeMount describes a mounting of a Volume within a container.
6433 properties:
6434 name:
6435 type: string
6436 description: This must match the Name of a Volume.
6437 readOnly:
6438 type: boolean
6439 description: |-
6440 Mounted read-only if true, read-write otherwise (false or unspecified).
6441 Defaults to false.
6442 mountPath:
6443 type: string
6444 description: |-
6445 Path within the container at which the volume should be mounted. Must
6446 not contain ':'.
6447 subPath:
6448 type: string
6449 description: |-
6450 Path within the volume from which the container's volume should be mounted.
6451 Defaults to "" (volume's root).
6452 subPathExpr:
6453 type: string
6454 description: |-
6455 Expanded path within the volume from which the container's volume should be mounted.
6456 Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
6457 Defaults to "" (volume's root).
6458 SubPathExpr and SubPath are mutually exclusive.
6459 mountPropagation:
6460 type: string
6461 description: |-
6462 mountPropagation determines how mounts are propagated from the host
6463 to container and the other way around.
6464 When not set, MountPropagationNone is used.
6465 This field is beta in 1.10.
6466 When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
6467 (which defaults to None).
6468 recursiveReadOnly:
6469 type: string
6470 description: |-
6471 RecursiveReadOnly specifies whether read-only mounts should be handled
6472 recursively.
6473
6474
6475 If ReadOnly is false, this field has no meaning and must be unspecified.
6476
6477
6478 If ReadOnly is true, and this field is set to Disabled, the mount is not made
6479 recursively read-only. If this field is set to IfPossible, the mount is made
6480 recursively read-only, if it is supported by the container runtime. If this
6481 field is set to Enabled, the mount is made recursively read-only if it is
6482 supported by the container runtime, otherwise the pod will not be started and
6483 an error will be generated to indicate the reason.
6484
6485
6486 If this field is set to IfPossible or Enabled, MountPropagation must be set to
6487 None (or be unspecified, which defaults to None).
6488
6489
6490 If this field is not specified, it is treated as an equivalent of Disabled.
6491 required:
6492 - mountPath
6493 - name
6494 x-kubernetes-list-map-keys:
6495 - mountPath
6496 x-kubernetes-list-type: map
6497 volumeDevices:
6498 type: array
6499 description: volumeDevices is the list of block devices to be used by the container.
6500 items:
6501 type: object
6502 description: volumeDevice describes a mapping of a raw block device within a container.
6503 properties:
6504 name:
6505 type: string
6506 description: name must match the name of a persistentVolumeClaim in the pod
6507 devicePath:
6508 type: string
6509 description: devicePath is the path inside of the container that the device will be mapped to.
6510 required:
6511 - devicePath
6512 - name
6513 x-kubernetes-list-map-keys:
6514 - devicePath
6515 x-kubernetes-list-type: map
6516 livenessProbe:
6517 type: object
6518 description: Probes are not allowed for ephemeral containers.
6519 properties:
6520 terminationGracePeriodSeconds:
6521 type: integer
6522 description: |-
6523 Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
6524 The grace period is the duration in seconds after the processes running in the pod are sent
6525 a termination signal and the time when the processes are forcibly halted with a kill signal.
6526 Set this value longer than the expected cleanup time for your process.
6527 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
6528 value overrides the value provided by the pod spec.
6529 Value must be non-negative integer. The value zero indicates stop immediately via
6530 the kill signal (no opportunity to shut down).
6531 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
6532 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
6533 format: int64
6534 exec:
6535 type: object
6536 description: Exec specifies the action to take.
6537 properties:
6538 command:
6539 type: array
6540 description: |-
6541 Command is the command line to execute inside the container, the working directory for the
6542 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
6543 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
6544 a shell, you need to explicitly call out to that shell.
6545 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
6546 items:
6547 type: string
6548 x-kubernetes-list-type: atomic
6549 failureThreshold:
6550 type: integer
6551 description: |-
6552 Minimum consecutive failures for the probe to be considered failed after having succeeded.
6553 Defaults to 3. Minimum value is 1.
6554 format: int32
6555 grpc:
6556 type: object
6557 description: GRPC specifies an action involving a GRPC port.
6558 properties:
6559 service:
6560 type: string
6561 description: |-
6562 Service is the name of the service to place in the gRPC HealthCheckRequest
6563 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
6564
6565
6566 If this is not specified, the default behavior is defined by gRPC.
6567 port:
6568 type: integer
6569 description: Port number of the gRPC service. Number must be in the range 1 to 65535.
6570 format: int32
6571 required:
6572 - port
6573 httpGet:
6574 type: object
6575 description: HTTPGet specifies the http request to perform.
6576 properties:
6577 port:
6578 anyOf:
6579 - type: integer
6580 - type: string
6581 description: |-
6582 Name or number of the port to access on the container.
6583 Number must be in the range 1 to 65535.
6584 Name must be an IANA_SVC_NAME.
6585 x-kubernetes-int-or-string: true
6586 host:
6587 type: string
6588 description: |-
6589 Host name to connect to, defaults to the pod IP. You probably want to set
6590 "Host" in httpHeaders instead.
6591 httpHeaders:
6592 type: array
6593 description: Custom headers to set in the request. HTTP allows repeated headers.
6594 items:
6595 type: object
6596 description: HTTPHeader describes a custom header to be used in HTTP probes
6597 properties:
6598 name:
6599 type: string
6600 description: |-
6601 The header field name.
6602 This will be canonicalized upon output, so case-variant names will be understood as the same header.
6603 value:
6604 type: string
6605 description: The header field value
6606 required:
6607 - name
6608 - value
6609 x-kubernetes-list-type: atomic
6610 path:
6611 type: string
6612 description: Path to access on the HTTP server.
6613 scheme:
6614 type: string
6615 description: |-
6616 Scheme to use for connecting to the host.
6617 Defaults to HTTP.
6618 required:
6619 - port
6620 initialDelaySeconds:
6621 type: integer
6622 description: |-
6623 Number of seconds after the container has started before liveness probes are initiated.
6624 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
6625 format: int32
6626 periodSeconds:
6627 type: integer
6628 description: |-
6629 How often (in seconds) to perform the probe.
6630 Default to 10 seconds. Minimum value is 1.
6631 format: int32
6632 successThreshold:
6633 type: integer
6634 description: |-
6635 Minimum consecutive successes for the probe to be considered successful after having failed.
6636 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
6637 format: int32
6638 tcpSocket:
6639 type: object
6640 description: TCPSocket specifies an action involving a TCP port.
6641 properties:
6642 port:
6643 anyOf:
6644 - type: integer
6645 - type: string
6646 description: |-
6647 Number or name of the port to access on the container.
6648 Number must be in the range 1 to 65535.
6649 Name must be an IANA_SVC_NAME.
6650 x-kubernetes-int-or-string: true
6651 host:
6652 type: string
6653 description: 'Optional: Host name to connect to, defaults to the pod IP.'
6654 required:
6655 - port
6656 timeoutSeconds:
6657 type: integer
6658 description: |-
6659 Number of seconds after which the probe times out.
6660 Defaults to 1 second. Minimum value is 1.
6661 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
6662 format: int32
6663 readinessProbe:
6664 type: object
6665 description: Probes are not allowed for ephemeral containers.
6666 properties:
6667 terminationGracePeriodSeconds:
6668 type: integer
6669 description: |-
6670 Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
6671 The grace period is the duration in seconds after the processes running in the pod are sent
6672 a termination signal and the time when the processes are forcibly halted with a kill signal.
6673 Set this value longer than the expected cleanup time for your process.
6674 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
6675 value overrides the value provided by the pod spec.
6676 Value must be non-negative integer. The value zero indicates stop immediately via
6677 the kill signal (no opportunity to shut down).
6678 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
6679 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
6680 format: int64
6681 exec:
6682 type: object
6683 description: Exec specifies the action to take.
6684 properties:
6685 command:
6686 type: array
6687 description: |-
6688 Command is the command line to execute inside the container, the working directory for the
6689 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
6690 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
6691 a shell, you need to explicitly call out to that shell.
6692 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
6693 items:
6694 type: string
6695 x-kubernetes-list-type: atomic
6696 failureThreshold:
6697 type: integer
6698 description: |-
6699 Minimum consecutive failures for the probe to be considered failed after having succeeded.
6700 Defaults to 3. Minimum value is 1.
6701 format: int32
6702 grpc:
6703 type: object
6704 description: GRPC specifies an action involving a GRPC port.
6705 properties:
6706 service:
6707 type: string
6708 description: |-
6709 Service is the name of the service to place in the gRPC HealthCheckRequest
6710 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
6711
6712
6713 If this is not specified, the default behavior is defined by gRPC.
6714 port:
6715 type: integer
6716 description: Port number of the gRPC service. Number must be in the range 1 to 65535.
6717 format: int32
6718 required:
6719 - port
6720 httpGet:
6721 type: object
6722 description: HTTPGet specifies the http request to perform.
6723 properties:
6724 port:
6725 anyOf:
6726 - type: integer
6727 - type: string
6728 description: |-
6729 Name or number of the port to access on the container.
6730 Number must be in the range 1 to 65535.
6731 Name must be an IANA_SVC_NAME.
6732 x-kubernetes-int-or-string: true
6733 host:
6734 type: string
6735 description: |-
6736 Host name to connect to, defaults to the pod IP. You probably want to set
6737 "Host" in httpHeaders instead.
6738 httpHeaders:
6739 type: array
6740 description: Custom headers to set in the request. HTTP allows repeated headers.
6741 items:
6742 type: object
6743 description: HTTPHeader describes a custom header to be used in HTTP probes
6744 properties:
6745 name:
6746 type: string
6747 description: |-
6748 The header field name.
6749 This will be canonicalized upon output, so case-variant names will be understood as the same header.
6750 value:
6751 type: string
6752 description: The header field value
6753 required:
6754 - name
6755 - value
6756 x-kubernetes-list-type: atomic
6757 path:
6758 type: string
6759 description: Path to access on the HTTP server.
6760 scheme:
6761 type: string
6762 description: |-
6763 Scheme to use for connecting to the host.
6764 Defaults to HTTP.
6765 required:
6766 - port
6767 initialDelaySeconds:
6768 type: integer
6769 description: |-
6770 Number of seconds after the container has started before liveness probes are initiated.
6771 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
6772 format: int32
6773 periodSeconds:
6774 type: integer
6775 description: |-
6776 How often (in seconds) to perform the probe.
6777 Default to 10 seconds. Minimum value is 1.
6778 format: int32
6779 successThreshold:
6780 type: integer
6781 description: |-
6782 Minimum consecutive successes for the probe to be considered successful after having failed.
6783 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
6784 format: int32
6785 tcpSocket:
6786 type: object
6787 description: TCPSocket specifies an action involving a TCP port.
6788 properties:
6789 port:
6790 anyOf:
6791 - type: integer
6792 - type: string
6793 description: |-
6794 Number or name of the port to access on the container.
6795 Number must be in the range 1 to 65535.
6796 Name must be an IANA_SVC_NAME.
6797 x-kubernetes-int-or-string: true
6798 host:
6799 type: string
6800 description: 'Optional: Host name to connect to, defaults to the pod IP.'
6801 required:
6802 - port
6803 timeoutSeconds:
6804 type: integer
6805 description: |-
6806 Number of seconds after which the probe times out.
6807 Defaults to 1 second. Minimum value is 1.
6808 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
6809 format: int32
6810 lifecycle:
6811 type: object
6812 description: Lifecycle is not allowed for ephemeral containers.
6813 properties:
6814 postStart:
6815 type: object
6816 description: |-
6817 PostStart is called immediately after a container is created. If the handler fails,
6818 the container is terminated and restarted according to its restart policy.
6819 Other management of the container blocks until the hook completes.
6820 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
6821 properties:
6822 exec:
6823 type: object
6824 description: Exec specifies the action to take.
6825 properties:
6826 command:
6827 type: array
6828 description: |-
6829 Command is the command line to execute inside the container, the working directory for the
6830 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
6831 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
6832 a shell, you need to explicitly call out to that shell.
6833 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
6834 items:
6835 type: string
6836 x-kubernetes-list-type: atomic
6837 httpGet:
6838 type: object
6839 description: HTTPGet specifies the http request to perform.
6840 properties:
6841 port:
6842 anyOf:
6843 - type: integer
6844 - type: string
6845 description: |-
6846 Name or number of the port to access on the container.
6847 Number must be in the range 1 to 65535.
6848 Name must be an IANA_SVC_NAME.
6849 x-kubernetes-int-or-string: true
6850 host:
6851 type: string
6852 description: |-
6853 Host name to connect to, defaults to the pod IP. You probably want to set
6854 "Host" in httpHeaders instead.
6855 httpHeaders:
6856 type: array
6857 description: Custom headers to set in the request. HTTP allows repeated headers.
6858 items:
6859 type: object
6860 description: HTTPHeader describes a custom header to be used in HTTP probes
6861 properties:
6862 name:
6863 type: string
6864 description: |-
6865 The header field name.
6866 This will be canonicalized upon output, so case-variant names will be understood as the same header.
6867 value:
6868 type: string
6869 description: The header field value
6870 required:
6871 - name
6872 - value
6873 x-kubernetes-list-type: atomic
6874 path:
6875 type: string
6876 description: Path to access on the HTTP server.
6877 scheme:
6878 type: string
6879 description: |-
6880 Scheme to use for connecting to the host.
6881 Defaults to HTTP.
6882 required:
6883 - port
6884 sleep:
6885 type: object
6886 description: Sleep represents the duration that the container should sleep before being terminated.
6887 properties:
6888 seconds:
6889 type: integer
6890 description: Seconds is the number of seconds to sleep.
6891 format: int64
6892 required:
6893 - seconds
6894 tcpSocket:
6895 type: object
6896 description: |-
6897 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
6898 for the backward compatibility. There are no validation of this field and
6899 lifecycle hooks will fail in runtime when tcp handler is specified.
6900 properties:
6901 port:
6902 anyOf:
6903 - type: integer
6904 - type: string
6905 description: |-
6906 Number or name of the port to access on the container.
6907 Number must be in the range 1 to 65535.
6908 Name must be an IANA_SVC_NAME.
6909 x-kubernetes-int-or-string: true
6910 host:
6911 type: string
6912 description: 'Optional: Host name to connect to, defaults to the pod IP.'
6913 required:
6914 - port
6915 preStop:
6916 type: object
6917 description: |-
6918 PreStop is called immediately before a container is terminated due to an
6919 API request or management event such as liveness/startup probe failure,
6920 preemption, resource contention, etc. The handler is not called if the
6921 container crashes or exits. The Pod's termination grace period countdown begins before the
6922 PreStop hook is executed. Regardless of the outcome of the handler, the
6923 container will eventually terminate within the Pod's termination grace
6924 period (unless delayed by finalizers). Other management of the container blocks until the hook completes
6925 or until the termination grace period is reached.
6926 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
6927 properties:
6928 exec:
6929 type: object
6930 description: Exec specifies the action to take.
6931 properties:
6932 command:
6933 type: array
6934 description: |-
6935 Command is the command line to execute inside the container, the working directory for the
6936 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
6937 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
6938 a shell, you need to explicitly call out to that shell.
6939 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
6940 items:
6941 type: string
6942 x-kubernetes-list-type: atomic
6943 httpGet:
6944 type: object
6945 description: HTTPGet specifies the http request to perform.
6946 properties:
6947 port:
6948 anyOf:
6949 - type: integer
6950 - type: string
6951 description: |-
6952 Name or number of the port to access on the container.
6953 Number must be in the range 1 to 65535.
6954 Name must be an IANA_SVC_NAME.
6955 x-kubernetes-int-or-string: true
6956 host:
6957 type: string
6958 description: |-
6959 Host name to connect to, defaults to the pod IP. You probably want to set
6960 "Host" in httpHeaders instead.
6961 httpHeaders:
6962 type: array
6963 description: Custom headers to set in the request. HTTP allows repeated headers.
6964 items:
6965 type: object
6966 description: HTTPHeader describes a custom header to be used in HTTP probes
6967 properties:
6968 name:
6969 type: string
6970 description: |-
6971 The header field name.
6972 This will be canonicalized upon output, so case-variant names will be understood as the same header.
6973 value:
6974 type: string
6975 description: The header field value
6976 required:
6977 - name
6978 - value
6979 x-kubernetes-list-type: atomic
6980 path:
6981 type: string
6982 description: Path to access on the HTTP server.
6983 scheme:
6984 type: string
6985 description: |-
6986 Scheme to use for connecting to the host.
6987 Defaults to HTTP.
6988 required:
6989 - port
6990 sleep:
6991 type: object
6992 description: Sleep represents the duration that the container should sleep before being terminated.
6993 properties:
6994 seconds:
6995 type: integer
6996 description: Seconds is the number of seconds to sleep.
6997 format: int64
6998 required:
6999 - seconds
7000 tcpSocket:
7001 type: object
7002 description: |-
7003 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
7004 for the backward compatibility. There are no validation of this field and
7005 lifecycle hooks will fail in runtime when tcp handler is specified.
7006 properties:
7007 port:
7008 anyOf:
7009 - type: integer
7010 - type: string
7011 description: |-
7012 Number or name of the port to access on the container.
7013 Number must be in the range 1 to 65535.
7014 Name must be an IANA_SVC_NAME.
7015 x-kubernetes-int-or-string: true
7016 host:
7017 type: string
7018 description: 'Optional: Host name to connect to, defaults to the pod IP.'
7019 required:
7020 - port
7021 terminationMessagePath:
7022 type: string
7023 description: |-
7024 Optional: Path at which the file to which the container's termination message
7025 will be written is mounted into the container's filesystem.
7026 Message written is intended to be brief final status, such as an assertion failure message.
7027 Will be truncated by the node if greater than 4096 bytes. The total message length across
7028 all containers will be limited to 12kb.
7029 Defaults to /dev/termination-log.
7030 Cannot be updated.
7031 terminationMessagePolicy:
7032 type: string
7033 description: |-
7034 Indicate how the termination message should be populated. File will use the contents of
7035 terminationMessagePath to populate the container status message on both success and failure.
7036 FallbackToLogsOnError will use the last chunk of container log output if the termination
7037 message file is empty and the container exited with an error.
7038 The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
7039 Defaults to File.
7040 Cannot be updated.
7041 imagePullPolicy:
7042 type: string
7043 description: |-
7044 Image pull policy.
7045 One of Always, Never, IfNotPresent.
7046 Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
7047 Cannot be updated.
7048 More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
7049 securityContext:
7050 type: object
7051 description: |-
7052 Optional: SecurityContext defines the security options the ephemeral container should be run with.
7053 If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
7054 properties:
7055 allowPrivilegeEscalation:
7056 type: boolean
7057 description: |-
7058 AllowPrivilegeEscalation controls whether a process can gain more
7059 privileges than its parent process. This bool directly controls if
7060 the no_new_privs flag will be set on the container process.
7061 AllowPrivilegeEscalation is true always when the container is:
7062 1) run as Privileged
7063 2) has CAP_SYS_ADMIN
7064 Note that this field cannot be set when spec.os.name is windows.
7065 appArmorProfile:
7066 type: object
7067 description: |-
7068 appArmorProfile is the AppArmor options to use by this container. If set, this profile
7069 overrides the pod's appArmorProfile.
7070 Note that this field cannot be set when spec.os.name is windows.
7071 properties:
7072 type:
7073 type: string
7074 description: |-
7075 type indicates which kind of AppArmor profile will be applied.
7076 Valid options are:
7077 Localhost - a profile pre-loaded on the node.
7078 RuntimeDefault - the container runtime's default profile.
7079 Unconfined - no AppArmor enforcement.
7080 localhostProfile:
7081 type: string
7082 description: |-
7083 localhostProfile indicates a profile loaded on the node that should be used.
7084 The profile must be preconfigured on the node to work.
7085 Must match the loaded name of the profile.
7086 Must be set if and only if type is "Localhost".
7087 required:
7088 - type
7089 capabilities:
7090 type: object
7091 description: |-
7092 The capabilities to add/drop when running containers.
7093 Defaults to the default set of capabilities granted by the container runtime.
7094 Note that this field cannot be set when spec.os.name is windows.
7095 properties:
7096 add:
7097 type: array
7098 description: Added capabilities
7099 items:
7100 type: string
7101 description: Capability represent POSIX capabilities type
7102 x-kubernetes-list-type: atomic
7103 drop:
7104 type: array
7105 description: Removed capabilities
7106 items:
7107 type: string
7108 description: Capability represent POSIX capabilities type
7109 x-kubernetes-list-type: atomic
7110 privileged:
7111 type: boolean
7112 description: |-
7113 Run container in privileged mode.
7114 Processes in privileged containers are essentially equivalent to root on the host.
7115 Defaults to false.
7116 Note that this field cannot be set when spec.os.name is windows.
7117 procMount:
7118 type: string
7119 description: |-
7120 procMount denotes the type of proc mount to use for the containers.
7121 The default is DefaultProcMount which uses the container runtime defaults for
7122 readonly paths and masked paths.
7123 This requires the ProcMountType feature flag to be enabled.
7124 Note that this field cannot be set when spec.os.name is windows.
7125 readOnlyRootFilesystem:
7126 type: boolean
7127 description: |-
7128 Whether this container has a read-only root filesystem.
7129 Default is false.
7130 Note that this field cannot be set when spec.os.name is windows.
7131 runAsGroup:
7132 type: integer
7133 description: |-
7134 The GID to run the entrypoint of the container process.
7135 Uses runtime default if unset.
7136 May also be set in PodSecurityContext. If set in both SecurityContext and
7137 PodSecurityContext, the value specified in SecurityContext takes precedence.
7138 Note that this field cannot be set when spec.os.name is windows.
7139 format: int64
7140 runAsNonRoot:
7141 type: boolean
7142 description: |-
7143 Indicates that the container must run as a non-root user.
7144 If true, the Kubelet will validate the image at runtime to ensure that it
7145 does not run as UID 0 (root) and fail to start the container if it does.
7146 If unset or false, no such validation will be performed.
7147 May also be set in PodSecurityContext. If set in both SecurityContext and
7148 PodSecurityContext, the value specified in SecurityContext takes precedence.
7149 runAsUser:
7150 type: integer
7151 description: |-
7152 The UID to run the entrypoint of the container process.
7153 Defaults to user specified in image metadata if unspecified.
7154 May also be set in PodSecurityContext. If set in both SecurityContext and
7155 PodSecurityContext, the value specified in SecurityContext takes precedence.
7156 Note that this field cannot be set when spec.os.name is windows.
7157 format: int64
7158 seLinuxOptions:
7159 type: object
7160 description: |-
7161 The SELinux context to be applied to the container.
7162 If unspecified, the container runtime will allocate a random SELinux context for each
7163 container. May also be set in PodSecurityContext. If set in both SecurityContext and
7164 PodSecurityContext, the value specified in SecurityContext takes precedence.
7165 Note that this field cannot be set when spec.os.name is windows.
7166 properties:
7167 type:
7168 type: string
7169 description: Type is a SELinux type label that applies to the container.
7170 level:
7171 type: string
7172 description: Level is SELinux level label that applies to the container.
7173 role:
7174 type: string
7175 description: Role is a SELinux role label that applies to the container.
7176 user:
7177 type: string
7178 description: User is a SELinux user label that applies to the container.
7179 seccompProfile:
7180 type: object
7181 description: |-
7182 The seccomp options to use by this container. If seccomp options are
7183 provided at both the pod & container level, the container options
7184 override the pod options.
7185 Note that this field cannot be set when spec.os.name is windows.
7186 properties:
7187 type:
7188 type: string
7189 description: |-
7190 type indicates which kind of seccomp profile will be applied.
7191 Valid options are:
7192
7193
7194 Localhost - a profile defined in a file on the node should be used.
7195 RuntimeDefault - the container runtime default profile should be used.
7196 Unconfined - no profile should be applied.
7197 localhostProfile:
7198 type: string
7199 description: |-
7200 localhostProfile indicates a profile defined in a file on the node should be used.
7201 The profile must be preconfigured on the node to work.
7202 Must be a descending path, relative to the kubelet's configured seccomp profile location.
7203 Must be set if type is "Localhost". Must NOT be set for any other type.
7204 required:
7205 - type
7206 windowsOptions:
7207 type: object
7208 description: |-
7209 The Windows specific settings applied to all containers.
7210 If unspecified, the options from the PodSecurityContext will be used.
7211 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
7212 Note that this field cannot be set when spec.os.name is linux.
7213 properties:
7214 gmsaCredentialSpec:
7215 type: string
7216 description: |-
7217 GMSACredentialSpec is where the GMSA admission webhook
7218 (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
7219 GMSA credential spec named by the GMSACredentialSpecName field.
7220 gmsaCredentialSpecName:
7221 type: string
7222 description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
7223 hostProcess:
7224 type: boolean
7225 description: |-
7226 HostProcess determines if a container should be run as a 'Host Process' container.
7227 All of a Pod's containers must have the same effective HostProcess value
7228 (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
7229 In addition, if HostProcess is true then HostNetwork must also be set to true.
7230 runAsUserName:
7231 type: string
7232 description: |-
7233 The UserName in Windows to run the entrypoint of the container process.
7234 Defaults to the user specified in image metadata if unspecified.
7235 May also be set in PodSecurityContext. If set in both SecurityContext and
7236 PodSecurityContext, the value specified in SecurityContext takes precedence.
7237 stdin:
7238 type: boolean
7239 description: |-
7240 Whether this container should allocate a buffer for stdin in the container runtime. If this
7241 is not set, reads from stdin in the container will always result in EOF.
7242 Default is false.
7243 stdinOnce:
7244 type: boolean
7245 description: |-
7246 Whether the container runtime should close the stdin channel after it has been opened by
7247 a single attach. When stdin is true the stdin stream will remain open across multiple attach
7248 sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
7249 first client attaches to stdin, and then remains open and accepts data until the client disconnects,
7250 at which time stdin is closed and remains closed until the container is restarted. If this
7251 flag is false, a container processes that reads from stdin will never receive an EOF.
7252 Default is false
7253 tty:
7254 type: boolean
7255 description: |-
7256 Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
7257 Default is false.
7258 resizePolicy:
7259 type: array
7260 description: Resources resize policy for the container.
7261 items:
7262 type: object
7263 description: ContainerResizePolicy represents resource resize policy for the container.
7264 properties:
7265 restartPolicy:
7266 type: string
7267 description: |-
7268 Restart policy to apply when specified resource is resized.
7269 If not specified, it defaults to NotRequired.
7270 resourceName:
7271 type: string
7272 description: |-
7273 Name of the resource to which this resource resize policy applies.
7274 Supported values: cpu, memory.
7275 required:
7276 - resourceName
7277 - restartPolicy
7278 x-kubernetes-list-type: atomic
7279 startupProbe:
7280 type: object
7281 description: Probes are not allowed for ephemeral containers.
7282 properties:
7283 terminationGracePeriodSeconds:
7284 type: integer
7285 description: |-
7286 Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
7287 The grace period is the duration in seconds after the processes running in the pod are sent
7288 a termination signal and the time when the processes are forcibly halted with a kill signal.
7289 Set this value longer than the expected cleanup time for your process.
7290 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
7291 value overrides the value provided by the pod spec.
7292 Value must be non-negative integer. The value zero indicates stop immediately via
7293 the kill signal (no opportunity to shut down).
7294 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
7295 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
7296 format: int64
7297 exec:
7298 type: object
7299 description: Exec specifies the action to take.
7300 properties:
7301 command:
7302 type: array
7303 description: |-
7304 Command is the command line to execute inside the container, the working directory for the
7305 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
7306 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
7307 a shell, you need to explicitly call out to that shell.
7308 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
7309 items:
7310 type: string
7311 x-kubernetes-list-type: atomic
7312 failureThreshold:
7313 type: integer
7314 description: |-
7315 Minimum consecutive failures for the probe to be considered failed after having succeeded.
7316 Defaults to 3. Minimum value is 1.
7317 format: int32
7318 grpc:
7319 type: object
7320 description: GRPC specifies an action involving a GRPC port.
7321 properties:
7322 service:
7323 type: string
7324 description: |-
7325 Service is the name of the service to place in the gRPC HealthCheckRequest
7326 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
7327
7328
7329 If this is not specified, the default behavior is defined by gRPC.
7330 port:
7331 type: integer
7332 description: Port number of the gRPC service. Number must be in the range 1 to 65535.
7333 format: int32
7334 required:
7335 - port
7336 httpGet:
7337 type: object
7338 description: HTTPGet specifies the http request to perform.
7339 properties:
7340 port:
7341 anyOf:
7342 - type: integer
7343 - type: string
7344 description: |-
7345 Name or number of the port to access on the container.
7346 Number must be in the range 1 to 65535.
7347 Name must be an IANA_SVC_NAME.
7348 x-kubernetes-int-or-string: true
7349 host:
7350 type: string
7351 description: |-
7352 Host name to connect to, defaults to the pod IP. You probably want to set
7353 "Host" in httpHeaders instead.
7354 httpHeaders:
7355 type: array
7356 description: Custom headers to set in the request. HTTP allows repeated headers.
7357 items:
7358 type: object
7359 description: HTTPHeader describes a custom header to be used in HTTP probes
7360 properties:
7361 name:
7362 type: string
7363 description: |-
7364 The header field name.
7365 This will be canonicalized upon output, so case-variant names will be understood as the same header.
7366 value:
7367 type: string
7368 description: The header field value
7369 required:
7370 - name
7371 - value
7372 x-kubernetes-list-type: atomic
7373 path:
7374 type: string
7375 description: Path to access on the HTTP server.
7376 scheme:
7377 type: string
7378 description: |-
7379 Scheme to use for connecting to the host.
7380 Defaults to HTTP.
7381 required:
7382 - port
7383 initialDelaySeconds:
7384 type: integer
7385 description: |-
7386 Number of seconds after the container has started before liveness probes are initiated.
7387 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
7388 format: int32
7389 periodSeconds:
7390 type: integer
7391 description: |-
7392 How often (in seconds) to perform the probe.
7393 Default to 10 seconds. Minimum value is 1.
7394 format: int32
7395 successThreshold:
7396 type: integer
7397 description: |-
7398 Minimum consecutive successes for the probe to be considered successful after having failed.
7399 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
7400 format: int32
7401 tcpSocket:
7402 type: object
7403 description: TCPSocket specifies an action involving a TCP port.
7404 properties:
7405 port:
7406 anyOf:
7407 - type: integer
7408 - type: string
7409 description: |-
7410 Number or name of the port to access on the container.
7411 Number must be in the range 1 to 65535.
7412 Name must be an IANA_SVC_NAME.
7413 x-kubernetes-int-or-string: true
7414 host:
7415 type: string
7416 description: 'Optional: Host name to connect to, defaults to the pod IP.'
7417 required:
7418 - port
7419 timeoutSeconds:
7420 type: integer
7421 description: |-
7422 Number of seconds after which the probe times out.
7423 Defaults to 1 second. Minimum value is 1.
7424 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
7425 format: int32
7426 targetContainerName:
7427 type: string
7428 description: |-
7429 If set, the name of the container from PodSpec that this ephemeral container targets.
7430 The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.
7431 If not set then the ephemeral container uses the namespaces configured in the Pod spec.
7432
7433
7434 The container runtime must implement support for this feature. If the runtime does not
7435 support namespace targeting then the result of setting this field is undefined.
7436 required:
7437 - name
7438 x-kubernetes-list-map-keys:
7439 - name
7440 x-kubernetes-list-type: map
7441 hostUsers:
7442 type: boolean
7443 description: |-
7444 Use the host's user namespace.
7445 Optional: Default to true.
7446 If set to true or not present, the pod will be run in the host user namespace, useful
7447 for when the pod needs a feature only available to the host user namespace, such as
7448 loading a kernel module with CAP_SYS_MODULE.
7449 When set to false, a new userns is created for the pod. Setting false is useful for
7450 mitigating container breakout vulnerabilities even allowing users to run their
7451 containers as root without actually having root privileges on the host.
7452 This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
7453 os:
7454 type: object
7455 description: |-
7456 Specifies the OS of the containers in the pod.
7457 Some pod and container fields are restricted if this is set.
7458
7459
7460 If the OS field is set to linux, the following fields must be unset:
7461 -securityContext.windowsOptions
7462
7463
7464 If the OS field is set to windows, following fields must be unset:
7465 - spec.hostPID
7466 - spec.hostIPC
7467 - spec.hostUsers
7468 - spec.securityContext.appArmorProfile
7469 - spec.securityContext.seLinuxOptions
7470 - spec.securityContext.seccompProfile
7471 - spec.securityContext.fsGroup
7472 - spec.securityContext.fsGroupChangePolicy
7473 - spec.securityContext.sysctls
7474 - spec.shareProcessNamespace
7475 - spec.securityContext.runAsUser
7476 - spec.securityContext.runAsGroup
7477 - spec.securityContext.supplementalGroups
7478 - spec.containers[*].securityContext.appArmorProfile
7479 - spec.containers[*].securityContext.seLinuxOptions
7480 - spec.containers[*].securityContext.seccompProfile
7481 - spec.containers[*].securityContext.capabilities
7482 - spec.containers[*].securityContext.readOnlyRootFilesystem
7483 - spec.containers[*].securityContext.privileged
7484 - spec.containers[*].securityContext.allowPrivilegeEscalation
7485 - spec.containers[*].securityContext.procMount
7486 - spec.containers[*].securityContext.runAsUser
7487 - spec.containers[*].securityContext.runAsGroup
7488 properties:
7489 name:
7490 type: string
7491 description: |-
7492 Name is the name of the operating system. The currently supported values are linux and windows.
7493 Additional value may be defined in future and can be one of:
7494 https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
7495 Clients should expect to handle additional values and treat unrecognized values in this field as os: null
7496 required:
7497 - name
7498 overhead:
7499 type: object
7500 additionalProperties:
7501 anyOf:
7502 - type: integer
7503 - type: string
7504 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
7505 x-kubernetes-int-or-string: true
7506 description: |-
7507 Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.
7508 This field will be autopopulated at admission time by the RuntimeClass admission controller. If
7509 the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.
7510 The RuntimeClass admission controller will reject Pod create requests which have the overhead already
7511 set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value
7512 defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.
7513 More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
7514 preemptionPolicy:
7515 type: string
7516 description: |-
7517 PreemptionPolicy is the Policy for preempting pods with lower priority.
7518 One of Never, PreemptLowerPriority.
7519 Defaults to PreemptLowerPriority if unset.
7520 resourceClaims:
7521 type: array
7522 description: |-
7523 ResourceClaims defines which ResourceClaims must be allocated
7524 and reserved before the Pod is allowed to start. The resources
7525 will be made available to those containers which consume them
7526 by name.
7527
7528
7529 This is an alpha field and requires enabling the
7530 DynamicResourceAllocation feature gate.
7531
7532
7533 This field is immutable.
7534 items:
7535 type: object
7536 description: |-
7537 PodResourceClaim references exactly one ResourceClaim through a ClaimSource.
7538 It adds a name to it that uniquely identifies the ResourceClaim inside the Pod.
7539 Containers that need access to the ResourceClaim reference it with this name.
7540 properties:
7541 name:
7542 type: string
7543 description: |-
7544 Name uniquely identifies this resource claim inside the pod.
7545 This must be a DNS_LABEL.
7546 source:
7547 type: object
7548 description: Source describes where to find the ResourceClaim.
7549 properties:
7550 resourceClaimName:
7551 type: string
7552 description: |-
7553 ResourceClaimName is the name of a ResourceClaim object in the same
7554 namespace as this pod.
7555 resourceClaimTemplateName:
7556 type: string
7557 description: |-
7558 ResourceClaimTemplateName is the name of a ResourceClaimTemplate
7559 object in the same namespace as this pod.
7560
7561
7562 The template will be used to create a new ResourceClaim, which will
7563 be bound to this pod. When this pod is deleted, the ResourceClaim
7564 will also be deleted. The pod name and resource name, along with a
7565 generated component, will be used to form a unique name for the
7566 ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.
7567
7568
7569 This field is immutable and no changes will be made to the
7570 corresponding ResourceClaim by the control plane after creating the
7571 ResourceClaim.
7572 required:
7573 - name
7574 x-kubernetes-list-map-keys:
7575 - name
7576 x-kubernetes-list-type: map
7577 schedulingGates:
7578 type: array
7579 description: |-
7580 SchedulingGates is an opaque list of values that if specified will block scheduling the pod.
7581 If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the
7582 scheduler will not attempt to schedule the pod.
7583
7584
7585 SchedulingGates can only be set at pod creation time, and be removed only afterwards.
7586 items:
7587 type: object
7588 description: PodSchedulingGate is associated to a Pod to guard its scheduling.
7589 properties:
7590 name:
7591 type: string
7592 description: |-
7593 Name of the scheduling gate.
7594 Each scheduling gate must have a unique name field.
7595 required:
7596 - name
7597 x-kubernetes-list-map-keys:
7598 - name
7599 x-kubernetes-list-type: map
7600 setHostnameAsFQDN:
7601 type: boolean
7602 description: |-
7603 If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).
7604 In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).
7605 In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN.
7606 If a pod does not have FQDN, this has no effect.
7607 Default to false.
7608 topologySpreadConstraints:
7609 type: array
7610 description: |-
7611 TopologySpreadConstraints describes how a group of pods ought to spread across topology
7612 domains. Scheduler will schedule pods in a way which abides by the constraints.
7613 All topologySpreadConstraints are ANDed.
7614 items:
7615 type: object
7616 description: TopologySpreadConstraint specifies how to spread matching pods among the given topology.
7617 properties:
7618 labelSelector:
7619 type: object
7620 description: |-
7621 LabelSelector is used to find matching pods.
7622 Pods that match this label selector are counted to determine the number of pods
7623 in their corresponding topology domain.
7624 properties:
7625 matchExpressions:
7626 type: array
7627 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
7628 items:
7629 type: object
7630 description: |-
7631 A label selector requirement is a selector that contains values, a key, and an operator that
7632 relates the key and values.
7633 properties:
7634 key:
7635 type: string
7636 description: key is the label key that the selector applies to.
7637 operator:
7638 type: string
7639 description: |-
7640 operator represents a key's relationship to a set of values.
7641 Valid operators are In, NotIn, Exists and DoesNotExist.
7642 values:
7643 type: array
7644 description: |-
7645 values is an array of string values. If the operator is In or NotIn,
7646 the values array must be non-empty. If the operator is Exists or DoesNotExist,
7647 the values array must be empty. This array is replaced during a strategic
7648 merge patch.
7649 items:
7650 type: string
7651 x-kubernetes-list-type: atomic
7652 required:
7653 - key
7654 - operator
7655 x-kubernetes-list-type: atomic
7656 matchLabels:
7657 type: object
7658 additionalProperties:
7659 type: string
7660 description: |-
7661 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
7662 map is equivalent to an element of matchExpressions, whose key field is "key", the
7663 operator is "In", and the values array contains only "value". The requirements are ANDed.
7664 x-kubernetes-map-type: atomic
7665 matchLabelKeys:
7666 type: array
7667 description: |-
7668 MatchLabelKeys is a set of pod label keys to select the pods over which
7669 spreading will be calculated. The keys are used to lookup values from the
7670 incoming pod labels, those key-value labels are ANDed with labelSelector
7671 to select the group of existing pods over which spreading will be calculated
7672 for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
7673 MatchLabelKeys cannot be set when LabelSelector isn't set.
7674 Keys that don't exist in the incoming pod labels will
7675 be ignored. A null or empty list means only match against labelSelector.
7676
7677
7678 This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
7679 items:
7680 type: string
7681 x-kubernetes-list-type: atomic
7682 maxSkew:
7683 type: integer
7684 description: |-
7685 MaxSkew describes the degree to which pods may be unevenly distributed.
7686 When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
7687 between the number of matching pods in the target topology and the global minimum.
7688 The global minimum is the minimum number of matching pods in an eligible domain
7689 or zero if the number of eligible domains is less than MinDomains.
7690 For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
7691 labelSelector spread as 2/2/1:
7692 In this case, the global minimum is 1.
7693 | zone1 | zone2 | zone3 |
7694 | P P | P P | P |
7695 - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;
7696 scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)
7697 violate MaxSkew(1).
7698 - if MaxSkew is 2, incoming pod can be scheduled onto any zone.
7699 When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence
7700 to topologies that satisfy it.
7701 It's a required field. Default value is 1 and 0 is not allowed.
7702 format: int32
7703 minDomains:
7704 type: integer
7705 description: |-
7706 MinDomains indicates a minimum number of eligible domains.
7707 When the number of eligible domains with matching topology keys is less than minDomains,
7708 Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
7709 And when the number of eligible domains with matching topology keys equals or greater than minDomains,
7710 this value has no effect on scheduling.
7711 As a result, when the number of eligible domains is less than minDomains,
7712 scheduler won't schedule more than maxSkew Pods to those domains.
7713 If value is nil, the constraint behaves as if MinDomains is equal to 1.
7714 Valid values are integers greater than 0.
7715 When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
7716
7717
7718 For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
7719 labelSelector spread as 2/2/2:
7720 | zone1 | zone2 | zone3 |
7721 | P P | P P | P P |
7722 The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0.
7723 In this situation, new pod with the same labelSelector cannot be scheduled,
7724 because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,
7725 it will violate MaxSkew.
7726 format: int32
7727 nodeAffinityPolicy:
7728 type: string
7729 description: |-
7730 NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
7731 when calculating pod topology spread skew. Options are:
7732 - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
7733 - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
7734
7735
7736 If this value is nil, the behavior is equivalent to the Honor policy.
7737 This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
7738 nodeTaintsPolicy:
7739 type: string
7740 description: |-
7741 NodeTaintsPolicy indicates how we will treat node taints when calculating
7742 pod topology spread skew. Options are:
7743 - Honor: nodes without taints, along with tainted nodes for which the incoming pod
7744 has a toleration, are included.
7745 - Ignore: node taints are ignored. All nodes are included.
7746
7747
7748 If this value is nil, the behavior is equivalent to the Ignore policy.
7749 This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
7750 topologyKey:
7751 type: string
7752 description: |-
7753 TopologyKey is the key of node labels. Nodes that have a label with this key
7754 and identical values are considered to be in the same topology.
7755 We consider each <key, value> as a "bucket", and try to put balanced number
7756 of pods into each bucket.
7757 We define a domain as a particular instance of a topology.
7758 Also, we define an eligible domain as a domain whose nodes meet the requirements of
7759 nodeAffinityPolicy and nodeTaintsPolicy.
7760 e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology.
7761 And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology.
7762 It's a required field.
7763 whenUnsatisfiable:
7764 type: string
7765 description: |-
7766 WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
7767 the spread constraint.
7768 - DoNotSchedule (default) tells the scheduler not to schedule it.
7769 - ScheduleAnyway tells the scheduler to schedule the pod in any location,
7770 but giving higher precedence to topologies that would help reduce the
7771 skew.
7772 A constraint is considered "Unsatisfiable" for an incoming pod
7773 if and only if every possible node assignment for that pod would violate
7774 "MaxSkew" on some topology.
7775 For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
7776 labelSelector spread as 3/1/1:
7777 | zone1 | zone2 | zone3 |
7778 | P P P | P | P |
7779 If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled
7780 to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies
7781 MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler
7782 won't make it *more* imbalanced.
7783 It's a required field.
7784 required:
7785 - maxSkew
7786 - topologyKey
7787 - whenUnsatisfiable
7788 x-kubernetes-list-map-keys:
7789 - topologyKey
7790 - whenUnsatisfiable
7791 x-kubernetes-list-type: map
7792 required:
7793 - containers
7794 volumeClaimTemplates:
7795 type: array
7796 description: |-
7797 volumeClaimTemplates is a list of claims that pods are allowed to reference.
7798 The StatefulSet controller is responsible for mapping network identities to
7799 claims in a way that maintains the identity of a pod. Every claim in
7800 this list must have at least one matching (by name) volumeMount in one
7801 container in the template. A claim in this list takes precedence over
7802 any volumes in the template, with the same name.
7803 TODO: Define the behavior if a claim already exists with the same name.
7804 items:
7805 type: object
7806 description: PersistentVolumeClaim is a user's request for and claim to a persistent volume
7807 properties:
7808 apiVersion:
7809 type: string
7810 description: |-
7811 APIVersion defines the versioned schema of this representation of an object.
7812 Servers should convert recognized schemas to the latest internal value, and
7813 may reject unrecognized values.
7814 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
7815 kind:
7816 type: string
7817 description: |-
7818 Kind is a string value representing the REST resource this object represents.
7819 Servers may infer this from the endpoint the client submits requests to.
7820 Cannot be updated.
7821 In CamelCase.
7822 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
7823 metadata:
7824 type: object
7825 description: |-
7826 Standard object's metadata.
7827 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
7828 properties:
7829 name:
7830 type: string
7831 namespace:
7832 type: string
7833 labels:
7834 type: object
7835 additionalProperties:
7836 type: string
7837 annotations:
7838 type: object
7839 additionalProperties:
7840 type: string
7841 finalizers:
7842 type: array
7843 items:
7844 type: string
7845 spec:
7846 type: object
7847 description: |-
7848 spec defines the desired characteristics of a volume requested by a pod author.
7849 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
7850 properties:
7851 selector:
7852 type: object
7853 description: selector is a label query over volumes to consider for binding.
7854 properties:
7855 matchExpressions:
7856 type: array
7857 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
7858 items:
7859 type: object
7860 description: |-
7861 A label selector requirement is a selector that contains values, a key, and an operator that
7862 relates the key and values.
7863 properties:
7864 key:
7865 type: string
7866 description: key is the label key that the selector applies to.
7867 operator:
7868 type: string
7869 description: |-
7870 operator represents a key's relationship to a set of values.
7871 Valid operators are In, NotIn, Exists and DoesNotExist.
7872 values:
7873 type: array
7874 description: |-
7875 values is an array of string values. If the operator is In or NotIn,
7876 the values array must be non-empty. If the operator is Exists or DoesNotExist,
7877 the values array must be empty. This array is replaced during a strategic
7878 merge patch.
7879 items:
7880 type: string
7881 x-kubernetes-list-type: atomic
7882 required:
7883 - key
7884 - operator
7885 x-kubernetes-list-type: atomic
7886 matchLabels:
7887 type: object
7888 additionalProperties:
7889 type: string
7890 description: |-
7891 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
7892 map is equivalent to an element of matchExpressions, whose key field is "key", the
7893 operator is "In", and the values array contains only "value". The requirements are ANDed.
7894 x-kubernetes-map-type: atomic
7895 resources:
7896 type: object
7897 description: |-
7898 resources represents the minimum resources the volume should have.
7899 If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
7900 that are lower than previous value but must still be higher than capacity recorded in the
7901 status field of the claim.
7902 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
7903 properties:
7904 limits:
7905 type: object
7906 additionalProperties:
7907 anyOf:
7908 - type: integer
7909 - type: string
7910 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
7911 x-kubernetes-int-or-string: true
7912 description: |-
7913 Limits describes the maximum amount of compute resources allowed.
7914 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
7915 requests:
7916 type: object
7917 additionalProperties:
7918 anyOf:
7919 - type: integer
7920 - type: string
7921 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
7922 x-kubernetes-int-or-string: true
7923 description: |-
7924 Requests describes the minimum amount of compute resources required.
7925 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
7926 otherwise to an implementation-defined value. Requests cannot exceed Limits.
7927 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
7928 accessModes:
7929 type: array
7930 description: |-
7931 accessModes contains the desired access modes the volume should have.
7932 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
7933 items:
7934 type: string
7935 x-kubernetes-list-type: atomic
7936 dataSource:
7937 type: object
7938 description: |-
7939 dataSource field can be used to specify either:
7940 * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
7941 * An existing PVC (PersistentVolumeClaim)
7942 If the provisioner or an external controller can support the specified data source,
7943 it will create a new volume based on the contents of the specified data source.
7944 When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
7945 and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
7946 If the namespace is specified, then dataSourceRef will not be copied to dataSource.
7947 properties:
7948 name:
7949 type: string
7950 description: Name is the name of resource being referenced
7951 kind:
7952 type: string
7953 description: Kind is the type of resource being referenced
7954 apiGroup:
7955 type: string
7956 description: |-
7957 APIGroup is the group for the resource being referenced.
7958 If APIGroup is not specified, the specified Kind must be in the core API group.
7959 For any other third-party types, APIGroup is required.
7960 required:
7961 - kind
7962 - name
7963 x-kubernetes-map-type: atomic
7964 dataSourceRef:
7965 type: object
7966 description: |-
7967 dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
7968 volume is desired. This may be any object from a non-empty API group (non
7969 core object) or a PersistentVolumeClaim object.
7970 When this field is specified, volume binding will only succeed if the type of
7971 the specified object matches some installed volume populator or dynamic
7972 provisioner.
7973 This field will replace the functionality of the dataSource field and as such
7974 if both fields are non-empty, they must have the same value. For backwards
7975 compatibility, when namespace isn't specified in dataSourceRef,
7976 both fields (dataSource and dataSourceRef) will be set to the same
7977 value automatically if one of them is empty and the other is non-empty.
7978 When namespace is specified in dataSourceRef,
7979 dataSource isn't set to the same value and must be empty.
7980 There are three important differences between dataSource and dataSourceRef:
7981 * While dataSource only allows two specific types of objects, dataSourceRef
7982 allows any non-core object, as well as PersistentVolumeClaim objects.
7983 * While dataSource ignores disallowed values (dropping them), dataSourceRef
7984 preserves all values, and generates an error if a disallowed value is
7985 specified.
7986 * While dataSource only allows local objects, dataSourceRef allows objects
7987 in any namespaces.
7988 (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
7989 (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
7990 properties:
7991 name:
7992 type: string
7993 description: Name is the name of resource being referenced
7994 namespace:
7995 type: string
7996 description: |-
7997 Namespace is the namespace of resource being referenced
7998 Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
7999 (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
8000 kind:
8001 type: string
8002 description: Kind is the type of resource being referenced
8003 apiGroup:
8004 type: string
8005 description: |-
8006 APIGroup is the group for the resource being referenced.
8007 If APIGroup is not specified, the specified Kind must be in the core API group.
8008 For any other third-party types, APIGroup is required.
8009 required:
8010 - kind
8011 - name
8012 storageClassName:
8013 type: string
8014 description: |-
8015 storageClassName is the name of the StorageClass required by the claim.
8016 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
8017 volumeAttributesClassName:
8018 type: string
8019 description: |-
8020 volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
8021 If specified, the CSI driver will create or update the volume with the attributes defined
8022 in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
8023 it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
8024 will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
8025 If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
8026 will be set by the persistentvolume controller if it exists.
8027 If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
8028 set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
8029 exists.
8030 More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
8031 (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
8032 volumeMode:
8033 type: string
8034 description: |-
8035 volumeMode defines what type of volume is required by the claim.
8036 Value of Filesystem is implied when not included in claim spec.
8037 volumeName:
8038 type: string
8039 description: volumeName is the binding reference to the PersistentVolume backing this claim.
8040 status:
8041 type: object
8042 description: |-
8043 status represents the current information/status of a persistent volume claim.
8044 Read-only.
8045 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
8046 properties:
8047 accessModes:
8048 type: array
8049 description: |-
8050 accessModes contains the actual access modes the volume backing the PVC has.
8051 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
8052 items:
8053 type: string
8054 x-kubernetes-list-type: atomic
8055 allocatedResourceStatuses:
8056 type: object
8057 additionalProperties:
8058 type: string
8059 description: |-
8060 When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource
8061 that it does not recognizes, then it should ignore that update and let other controllers
8062 handle it.
8063 description: "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature."
8064 x-kubernetes-map-type: granular
8065 allocatedResources:
8066 type: object
8067 additionalProperties:
8068 anyOf:
8069 - type: integer
8070 - type: string
8071 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
8072 x-kubernetes-int-or-string: true
8073 description: "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature."
8074 capacity:
8075 type: object
8076 additionalProperties:
8077 anyOf:
8078 - type: integer
8079 - type: string
8080 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
8081 x-kubernetes-int-or-string: true
8082 description: capacity represents the actual resources of the underlying volume.
8083 conditions:
8084 type: array
8085 description: |-
8086 conditions is the current Condition of persistent volume claim. If underlying persistent volume is being
8087 resized then the Condition will be set to 'Resizing'.
8088 items:
8089 type: object
8090 description: PersistentVolumeClaimCondition contains details about state of pvc
8091 properties:
8092 type:
8093 type: string
8094 description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type
8095 status:
8096 type: string
8097 lastProbeTime:
8098 type: string
8099 description: lastProbeTime is the time we probed the condition.
8100 format: date-time
8101 lastTransitionTime:
8102 type: string
8103 description: lastTransitionTime is the time the condition transitioned from one status to another.
8104 format: date-time
8105 message:
8106 type: string
8107 description: message is the human-readable message indicating details about last transition.
8108 reason:
8109 type: string
8110 description: |-
8111 reason is a unique, this should be a short, machine understandable string that gives the reason
8112 for condition's last transition. If it reports "Resizing" that means the underlying
8113 persistent volume is being resized.
8114 required:
8115 - status
8116 - type
8117 x-kubernetes-list-map-keys:
8118 - type
8119 x-kubernetes-list-type: map
8120 currentVolumeAttributesClassName:
8121 type: string
8122 description: |-
8123 currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.
8124 When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim
8125 This is an alpha field and requires enabling VolumeAttributesClass feature.
8126 modifyVolumeStatus:
8127 type: object
8128 description: |-
8129 ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.
8130 When this is unset, there is no ModifyVolume operation being attempted.
8131 This is an alpha field and requires enabling VolumeAttributesClass feature.
8132 properties:
8133 status:
8134 type: string
8135 description: "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately."
8136 targetVolumeAttributesClassName:
8137 type: string
8138 description: targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled
8139 required:
8140 - status
8141 phase:
8142 type: string
8143 description: phase represents the current phase of PersistentVolumeClaim.
8144 x-kubernetes-list-type: atomic
8145 serviceName:
8146 type: string
8147 description: |-
8148 serviceName is the name of the service that governs this StatefulSet.
8149 This service must exist before the StatefulSet, and is responsible for
8150 the network identity of the set. Pods get DNS/hostnames that follow the
8151 pattern: pod-specific-string.serviceName.default.svc.cluster.local
8152 where "pod-specific-string" is managed by the StatefulSet controller.
8153 podManagementPolicy:
8154 type: string
8155 description: |-
8156 podManagementPolicy controls how pods are created during initial scale up,
8157 when replacing pods on nodes, or when scaling down. The default policy is
8158 `OrderedReady`, where pods are created in increasing order (pod-0, then
8159 pod-1, etc) and the controller will wait until each pod is ready before
8160 continuing. When scaling down, the pods are removed in the opposite order.
8161 The alternative policy is `Parallel` which will create pods in parallel
8162 to match the desired scale without waiting, and on scale down will delete
8163 all pods at once.
8164 updateStrategy:
8165 type: object
8166 description: |-
8167 updateStrategy indicates the StatefulSetUpdateStrategy that will be
8168 employed to update Pods in the StatefulSet when a revision is made to
8169 Template.
8170 properties:
8171 type:
8172 type: string
8173 description: |-
8174 Type indicates the type of the StatefulSetUpdateStrategy.
8175 Default is RollingUpdate.
8176 rollingUpdate:
8177 type: object
8178 description: RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType.
8179 properties:
8180 maxUnavailable:
8181 anyOf:
8182 - type: integer
8183 - type: string
8184 description: |-
8185 The maximum number of pods that can be unavailable during the update.
8186 Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
8187 Absolute number is calculated from percentage by rounding up. This can not be 0.
8188 Defaults to 1. This field is alpha-level and is only honored by servers that enable the
8189 MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to
8190 Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it
8191 will be counted towards MaxUnavailable.
8192 x-kubernetes-int-or-string: true
8193 partition:
8194 type: integer
8195 description: |-
8196 Partition indicates the ordinal at which the StatefulSet should be partitioned
8197 for updates. During a rolling update, all pods from ordinal Replicas-1 to
8198 Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched.
8199 This is helpful in being able to do a canary based deployment. The default value is 0.
8200 format: int32
8201 minReadySeconds:
8202 type: integer
8203 description: |-
8204 Minimum number of seconds for which a newly created pod should be ready
8205 without any of its container crashing for it to be considered available.
8206 Defaults to 0 (pod will be considered available as soon as it is ready)
8207 format: int32
8208 revisionHistoryLimit:
8209 type: integer
8210 description: |-
8211 revisionHistoryLimit is the maximum number of revisions that will
8212 be maintained in the StatefulSet's revision history. The revision history
8213 consists of all revisions not represented by a currently applied
8214 StatefulSetSpec version. The default value is 10.
8215 format: int32
8216 ordinals:
8217 type: object
8218 description: |-
8219 ordinals controls the numbering of replica indices in a StatefulSet. The
8220 default ordinals behavior assigns a "0" index to the first replica and
8221 increments the index by one for each additional replica requested. Using
8222 the ordinals field requires the StatefulSetStartOrdinal feature gate to be
8223 enabled, which is beta.
8224 properties:
8225 start:
8226 type: integer
8227 description: |-
8228 start is the number representing the first replica's index. It may be used
8229 to number replicas from an alternate index (eg: 1-indexed) over the default
8230 0-indexed names, or to orchestrate progressive movement of replicas from
8231 one StatefulSet to another.
8232 If set, replica indices will be in the range:
8233 [.spec.ordinals.start, .spec.ordinals.start + .spec.replicas).
8234 If unset, defaults to 0. Replica indices will be in the range:
8235 [0, .spec.replicas).
8236 format: int32
8237 persistentVolumeClaimRetentionPolicy:
8238 type: object
8239 description: |-
8240 persistentVolumeClaimRetentionPolicy describes the lifecycle of persistent
8241 volume claims created from volumeClaimTemplates. By default, all persistent
8242 volume claims are created as needed and retained until manually deleted. This
8243 policy allows the lifecycle to be altered, for example by deleting persistent
8244 volume claims when their stateful set is deleted, or when their pod is scaled
8245 down. This requires the StatefulSetAutoDeletePVC feature gate to be enabled,
8246 which is alpha. +optional
8247 properties:
8248 whenDeleted:
8249 type: string
8250 description: |-
8251 WhenDeleted specifies what happens to PVCs created from StatefulSet
8252 VolumeClaimTemplates when the StatefulSet is deleted. The default policy
8253 of `Retain` causes PVCs to not be affected by StatefulSet deletion. The
8254 `Delete` policy causes those PVCs to be deleted.
8255 whenScaled:
8256 type: string
8257 description: |-
8258 WhenScaled specifies what happens to PVCs created from StatefulSet
8259 VolumeClaimTemplates when the StatefulSet is scaled down. The default
8260 policy of `Retain` causes PVCs to not be affected by a scaledown. The
8261 `Delete` policy causes the associated PVCs for any excess pods above
8262 the replica count to be deleted.
8263 required:
8264 - selector
8265 - serviceName
8266 - template
8267 status:
8268 type: object
8269 description: |-
8270 Status is the current status of Pods in this StatefulSet. This data
8271 may be out of date by some window of time.
8272 properties:
8273 replicas:
8274 type: integer
8275 description: replicas is the number of Pods created by the StatefulSet controller.
8276 format: int32
8277 availableReplicas:
8278 type: integer
8279 description: Total number of available pods (ready for at least minReadySeconds) targeted by this statefulset.
8280 format: int32
8281 collisionCount:
8282 type: integer
8283 description: |-
8284 collisionCount is the count of hash collisions for the StatefulSet. The StatefulSet controller
8285 uses this field as a collision avoidance mechanism when it needs to create the name for the
8286 newest ControllerRevision.
8287 format: int32
8288 conditions:
8289 type: array
8290 description: Represents the latest available observations of a statefulset's current state.
8291 items:
8292 type: object
8293 description: StatefulSetCondition describes the state of a statefulset at a certain point.
8294 properties:
8295 type:
8296 type: string
8297 description: Type of statefulset condition.
8298 status:
8299 type: string
8300 description: Status of the condition, one of True, False, Unknown.
8301 lastTransitionTime:
8302 type: string
8303 description: Last time the condition transitioned from one status to another.
8304 format: date-time
8305 message:
8306 type: string
8307 description: A human readable message indicating details about the transition.
8308 reason:
8309 type: string
8310 description: The reason for the condition's last transition.
8311 required:
8312 - status
8313 - type
8314 x-kubernetes-list-map-keys:
8315 - type
8316 x-kubernetes-list-type: map
8317 currentReplicas:
8318 type: integer
8319 description: |-
8320 currentReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version
8321 indicated by currentRevision.
8322 format: int32
8323 currentRevision:
8324 type: string
8325 description: |-
8326 currentRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the
8327 sequence [0,currentReplicas).
8328 observedGeneration:
8329 type: integer
8330 description: |-
8331 observedGeneration is the most recent generation observed for this StatefulSet. It corresponds to the
8332 StatefulSet's generation, which is updated on mutation by the API Server.
8333 format: int64
8334 readyReplicas:
8335 type: integer
8336 description: readyReplicas is the number of pods created for this StatefulSet with a Ready Condition.
8337 format: int32
8338 updateRevision:
8339 type: string
8340 description: |-
8341 updateRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence
8342 [replicas-updatedReplicas,replicas)
8343 updatedReplicas:
8344 type: integer
8345 description: |-
8346 updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version
8347 indicated by updateRevision.
8348 format: int32
8349 required:
8350 - replicas
8351 required:
8352 - statefulSet
8353 status:
8354 type: object
8355 default:
8356 observedGeneration: -1
8357 description: PersistenceStatus defines the observed state of a Persistence
8358 properties:
8359 conditions:
8360 type: array
8361 items:
8362 type: object
8363 description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}"
8364 properties:
8365 type:
8366 type: string
8367 description: |-
8368 type of condition in CamelCase or in foo.example.com/CamelCase.
8369 ---
8370 Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
8371 useful (see .node.status.conditions), the ability to deconflict is important.
8372 The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
8373 maxLength: 316
8374 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
8375 status:
8376 type: string
8377 description: status of the condition, one of True, False, Unknown.
8378 enum:
8379 - "True"
8380 - "False"
8381 - Unknown
8382 lastTransitionTime:
8383 type: string
8384 description: |-
8385 lastTransitionTime is the last time the condition transitioned from one status to another.
8386 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
8387 format: date-time
8388 message:
8389 type: string
8390 description: |-
8391 message is a human readable message indicating details about the transition.
8392 This may be an empty string.
8393 maxLength: 32768
8394 observedGeneration:
8395 type: integer
8396 description: |-
8397 observedGeneration represents the .metadata.generation that the condition was set based upon.
8398 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
8399 with respect to the current state of the instance.
8400 format: int64
8401 minimum: 0
8402 reason:
8403 type: string
8404 description: |-
8405 reason contains a programmatic identifier indicating the reason for the condition's last transition.
8406 Producers of specific condition types may define expected values and meanings for this field,
8407 and whether the values are considered a guaranteed API.
8408 The value should be a CamelCase string.
8409 This field may not be empty.
8410 maxLength: 1024
8411 minLength: 1
8412 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
8413 required:
8414 - lastTransitionTime
8415 - message
8416 - reason
8417 - status
8418 - type
8419 inventory:
8420 type: object
8421 description: |-
8422 ResourceInventory contains a list of Kubernetes resource object references
8423 that have been applied.
8424 properties:
8425 entries:
8426 type: array
8427 description: Entries of Kubernetes resource object references.
8428 items:
8429 type: object
8430 description: ResourceRef contains the information necessary to locate a resource within a cluster.
8431 properties:
8432 id:
8433 type: string
8434 description: |-
8435 ID is the string representation of the Kubernetes resource object's metadata,
8436 in the format '<namespace>_<name>_<group>_<kind>'.
8437 v:
8438 type: string
8439 description: Version is the API version of the Kubernetes resource object's kind.
8440 required:
8441 - id
8442 - v
8443 observedGeneration:
8444 type: integer
8445 format: int64
8446 served: true
8447 storage: true
8448 subresources:
8449 status: {}
View as plain text