1---
2apiVersion: apiextensions.k8s.io/v1
3kind: CustomResourceDefinition
4metadata:
5 annotations:
6 controller-gen.kubebuilder.io/version: (unknown)
7 name: couchdbpersistences.datasync.edge.ncr.com
8spec:
9 group: datasync.edge.ncr.com
10 names:
11 kind: CouchDBPersistence
12 listKind: CouchDBPersistenceList
13 plural: couchdbpersistences
14 singular: couchdbpersistence
15 scope: Namespaced
16 versions:
17 - additionalPrinterColumns:
18 - jsonPath: .status.conditions[?(@.type=="Ready")].status
19 name: Ready
20 type: string
21 - jsonPath: .status.conditions[?(@.type=="Ready")].message
22 name: Status
23 type: string
24 name: v1alpha1
25 schema:
26 openAPIV3Schema:
27 properties:
28 apiVersion:
29 description: |-
30 APIVersion defines the versioned schema of this representation of an object.
31 Servers should convert recognized schemas to the latest internal value, and
32 may reject unrecognized values.
33 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
34 type: string
35 kind:
36 description: |-
37 Kind is a string value representing the REST resource this object represents.
38 Servers may infer this from the endpoint the client submits requests to.
39 Cannot be updated.
40 In CamelCase.
41 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
42 type: string
43 metadata:
44 type: object
45 spec:
46 properties:
47 databases:
48 items:
49 properties:
50 apiVersion:
51 description: |-
52 APIVersion defines the versioned schema of this representation of an object.
53 Servers should convert recognized schemas to the latest internal value, and
54 may reject unrecognized values.
55 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
56 type: string
57 kind:
58 description: |-
59 Kind is a string value representing the REST resource this object represents.
60 Servers may infer this from the endpoint the client submits requests to.
61 Cannot be updated.
62 In CamelCase.
63 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
64 type: string
65 metadata:
66 properties:
67 annotations:
68 additionalProperties:
69 type: string
70 type: object
71 finalizers:
72 items:
73 type: string
74 type: array
75 labels:
76 additionalProperties:
77 type: string
78 type: object
79 name:
80 type: string
81 namespace:
82 type: string
83 type: object
84 spec:
85 description: https://docs.couchdb.org/en/stable/ddocs/ddocs.html#creation-and-structure
86 properties:
87 interval:
88 description: |-
89 Interval is how often the object will be reconciled, in order to prevent
90 drift.
91 type: string
92 name:
93 type: string
94 retryInterval:
95 description: |-
96 RetryInterval is how often to retry previously failed reconciliations. Defaults
97 to Interval if not provided.
98 type: string
99 security:
100 properties:
101 admins:
102 properties:
103 names:
104 items:
105 type: string
106 type: array
107 roles:
108 items:
109 type: string
110 type: array
111 type: object
112 members:
113 properties:
114 names:
115 items:
116 type: string
117 type: array
118 roles:
119 items:
120 type: string
121 type: array
122 type: object
123 type: object
124 serverRef:
125 properties:
126 name:
127 type: string
128 namespace:
129 type: string
130 required:
131 - name
132 - namespace
133 type: object
134 required:
135 - name
136 - serverRef
137 type: object
138 status:
139 default:
140 observedGeneration: -1
141 properties:
142 conditions:
143 items:
144 description: "Condition contains details for one aspect
145 of the current state of this API Resource.\n---\nThis
146 struct is intended for direct use as an array at the
147 field path .status.conditions. For example,\n\n\n\ttype
148 FooStatus struct{\n\t // Represents the observations
149 of a foo's current state.\n\t // Known .status.conditions.type
150 are: \"Available\", \"Progressing\", and \"Degraded\"\n\t
151 \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t
152 \ // +listType=map\n\t // +listMapKey=type\n\t
153 \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
154 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
155 \ // other fields\n\t}"
156 properties:
157 lastTransitionTime:
158 description: |-
159 lastTransitionTime is the last time the condition transitioned from one status to another.
160 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
161 format: date-time
162 type: string
163 message:
164 description: |-
165 message is a human readable message indicating details about the transition.
166 This may be an empty string.
167 maxLength: 32768
168 type: string
169 observedGeneration:
170 description: |-
171 observedGeneration represents the .metadata.generation that the condition was set based upon.
172 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
173 with respect to the current state of the instance.
174 format: int64
175 minimum: 0
176 type: integer
177 reason:
178 description: |-
179 reason contains a programmatic identifier indicating the reason for the condition's last transition.
180 Producers of specific condition types may define expected values and meanings for this field,
181 and whether the values are considered a guaranteed API.
182 The value should be a CamelCase string.
183 This field may not be empty.
184 maxLength: 1024
185 minLength: 1
186 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
187 type: string
188 status:
189 description: status of the condition, one of True,
190 False, Unknown.
191 enum:
192 - "True"
193 - "False"
194 - Unknown
195 type: string
196 type:
197 description: |-
198 type of condition in CamelCase or in foo.example.com/CamelCase.
199 ---
200 Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
201 useful (see .node.status.conditions), the ability to deconflict is important.
202 The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
203 maxLength: 316
204 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
205 type: string
206 required:
207 - lastTransitionTime
208 - message
209 - reason
210 - status
211 - type
212 type: object
213 type: array
214 observedGeneration:
215 format: int64
216 type: integer
217 type: object
218 type: object
219 type: array
220 replications:
221 items:
222 properties:
223 apiVersion:
224 description: |-
225 APIVersion defines the versioned schema of this representation of an object.
226 Servers should convert recognized schemas to the latest internal value, and
227 may reject unrecognized values.
228 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
229 type: string
230 kind:
231 description: |-
232 Kind is a string value representing the REST resource this object represents.
233 Servers may infer this from the endpoint the client submits requests to.
234 Cannot be updated.
235 In CamelCase.
236 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
237 type: string
238 metadata:
239 properties:
240 annotations:
241 additionalProperties:
242 type: string
243 type: object
244 finalizers:
245 items:
246 type: string
247 type: array
248 labels:
249 additionalProperties:
250 type: string
251 type: object
252 name:
253 type: string
254 namespace:
255 type: string
256 type: object
257 spec:
258 properties:
259 datasets:
260 items:
261 description: Dataset represents a database and associated
262 configuration
263 properties:
264 config:
265 description: ReplConfig CouchDB replication settings
266 from https://docs.couchdb.org/en/stable/json-structure.html?highlight=checkpoint_interval#replication-settings
267 properties:
268 cancel:
269 type: boolean
270 continuous:
271 type: boolean
272 create_target:
273 type: boolean
274 doc_ids:
275 items:
276 type: string
277 type: array
278 filter:
279 type: string
280 interval:
281 type: string
282 query_params:
283 type: string
284 selector:
285 type: string
286 since_seq:
287 type: string
288 source_proxy:
289 type: string
290 target_proxy:
291 type: string
292 use_checkpoints:
293 type: boolean
294 required:
295 - cancel
296 - continuous
297 - create_target
298 - doc_ids
299 - filter
300 - interval
301 - query_params
302 - selector
303 - since_seq
304 - source_proxy
305 - target_proxy
306 - use_checkpoints
307 type: object
308 deleted:
309 type: boolean
310 enterprise_unit_id:
311 type: string
312 name:
313 type: string
314 provider:
315 description: Provider information about the data provider
316 properties:
317 name:
318 type: string
319 required:
320 - name
321 type: object
322 stores:
323 items:
324 type: string
325 type: array
326 touchpoints:
327 items:
328 type: string
329 type: array
330 required:
331 - config
332 - name
333 type: object
334 type: array
335 interval:
336 description: |-
337 Interval is how often the object will be reconciled, in order to prevent
338 drift.
339 type: string
340 retryInterval:
341 description: |-
342 RetryInterval is how often to retry previously failed reconciliations. Defaults
343 to Interval if not provided.
344 type: string
345 source:
346 description: 'Note: must be a ReplicationCredentials (username,
347 password, dbname, uri)'
348 properties:
349 name:
350 description: name is unique within a namespace to reference
351 a secret resource.
352 type: string
353 namespace:
354 description: namespace defines the space within which
355 the secret name must be unique.
356 type: string
357 type: object
358 x-kubernetes-map-type: atomic
359 target:
360 properties:
361 name:
362 type: string
363 namespace:
364 type: string
365 required:
366 - name
367 - namespace
368 type: object
369 required:
370 - datasets
371 - source
372 - target
373 type: object
374 status:
375 default:
376 observedGeneration: -1
377 properties:
378 conditions:
379 items:
380 description: "Condition contains details for one aspect
381 of the current state of this API Resource.\n---\nThis
382 struct is intended for direct use as an array at the
383 field path .status.conditions. For example,\n\n\n\ttype
384 FooStatus struct{\n\t // Represents the observations
385 of a foo's current state.\n\t // Known .status.conditions.type
386 are: \"Available\", \"Progressing\", and \"Degraded\"\n\t
387 \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t
388 \ // +listType=map\n\t // +listMapKey=type\n\t
389 \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
390 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
391 \ // other fields\n\t}"
392 properties:
393 lastTransitionTime:
394 description: |-
395 lastTransitionTime is the last time the condition transitioned from one status to another.
396 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
397 format: date-time
398 type: string
399 message:
400 description: |-
401 message is a human readable message indicating details about the transition.
402 This may be an empty string.
403 maxLength: 32768
404 type: string
405 observedGeneration:
406 description: |-
407 observedGeneration represents the .metadata.generation that the condition was set based upon.
408 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
409 with respect to the current state of the instance.
410 format: int64
411 minimum: 0
412 type: integer
413 reason:
414 description: |-
415 reason contains a programmatic identifier indicating the reason for the condition's last transition.
416 Producers of specific condition types may define expected values and meanings for this field,
417 and whether the values are considered a guaranteed API.
418 The value should be a CamelCase string.
419 This field may not be empty.
420 maxLength: 1024
421 minLength: 1
422 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
423 type: string
424 status:
425 description: status of the condition, one of True,
426 False, Unknown.
427 enum:
428 - "True"
429 - "False"
430 - Unknown
431 type: string
432 type:
433 description: |-
434 type of condition in CamelCase or in foo.example.com/CamelCase.
435 ---
436 Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
437 useful (see .node.status.conditions), the ability to deconflict is important.
438 The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
439 maxLength: 316
440 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
441 type: string
442 required:
443 - lastTransitionTime
444 - message
445 - reason
446 - status
447 - type
448 type: object
449 type: array
450 inventory:
451 description: Inventory contains a list of database names
452 associated with the replication set
453 items:
454 type: string
455 type: array
456 observedGeneration:
457 format: int64
458 type: integer
459 replications:
460 description: Replications contains a list of replication
461 details
462 items:
463 properties:
464 dbname:
465 type: string
466 message:
467 type: string
468 status:
469 type: string
470 required:
471 - dbname
472 - message
473 - status
474 type: object
475 type: array
476 type: object
477 type: object
478 type: array
479 servers:
480 items:
481 properties:
482 apiVersion:
483 description: |-
484 APIVersion defines the versioned schema of this representation of an object.
485 Servers should convert recognized schemas to the latest internal value, and
486 may reject unrecognized values.
487 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
488 type: string
489 kind:
490 description: |-
491 Kind is a string value representing the REST resource this object represents.
492 Servers may infer this from the endpoint the client submits requests to.
493 Cannot be updated.
494 In CamelCase.
495 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
496 type: string
497 metadata:
498 properties:
499 annotations:
500 additionalProperties:
501 type: string
502 type: object
503 finalizers:
504 items:
505 type: string
506 type: array
507 labels:
508 additionalProperties:
509 type: string
510 type: object
511 name:
512 type: string
513 namespace:
514 type: string
515 type: object
516 spec:
517 properties:
518 admin:
519 description: Admin contains configuration that controls
520 how the admin user is setup
521 properties:
522 cookie:
523 description: |-
524 SecretReference represents a Secret Reference. It has enough information to retrieve secret
525 in any namespace
526 properties:
527 name:
528 description: name is unique within a namespace to
529 reference a secret resource.
530 type: string
531 namespace:
532 description: namespace defines the space within
533 which the secret name must be unique.
534 type: string
535 type: object
536 x-kubernetes-map-type: atomic
537 replicationSecret:
538 description: |-
539 ReplicationSecret configures how the GCP Secret Manager Secret for
540 replicators is created. It is always created in the server's GCP Project
541 properties:
542 fromSecret:
543 description: |-
544 Reference to a secret to get the replication auth from. Defaults to the value
545 of Admin.Credentials. Allows using different auth for replication and admin
546 properties:
547 name:
548 description: name is unique within a namespace
549 to reference a secret resource.
550 type: string
551 namespace:
552 description: namespace defines the space within
553 which the secret name must be unique.
554 type: string
555 type: object
556 x-kubernetes-map-type: atomic
557 target:
558 description: The name of the Secret Manager Secret
559 to create
560 type: string
561 required:
562 - target
563 type: object
564 secretRef:
565 description: |-
566 SecretReference represents a Secret Reference. It has enough information to retrieve secret
567 in any namespace
568 properties:
569 name:
570 description: name is unique within a namespace to
571 reference a secret resource.
572 type: string
573 namespace:
574 description: namespace defines the space within
575 which the secret name must be unique.
576 type: string
577 type: object
578 x-kubernetes-map-type: atomic
579 type: object
580 admins:
581 additionalProperties:
582 type: string
583 type: object
584 attachments:
585 description: AttachmentConfig is the configuration for attachment
586 storage
587 properties:
588 compressibleTypes:
589 description: specifies by their MIME type which types
590 of attachments to compress
591 items:
592 type: string
593 type: array
594 compressionLevel:
595 description: Defines zlib compression level for the
596 attachments
597 type: integer
598 type: object
599 backgroundIndex:
600 description: BackgroundIndexConfig Secondary indexes in
601 CouchDB
602 properties:
603 batch_channels:
604 description: BatchChannels Controls number of background
605 view builds that can be running in parallel
606 type: integer
607 ignoreShards:
608 additionalProperties:
609 type: boolean
610 description: IgnoreShardsIgnoreShards tell the background
611 indexer to skip over specific database shard files
612 type: object
613 incremental_channels:
614 description: IncrementalChannels Controls number of
615 additional short jobs allowed to run concurrently
616 with main jobs
617 type: integer
618 max_incremental_updates:
619 description: MaxIncrementalUpdates Controls whether
620 an indexing job is "incremental" or not by looking
621 at the difference in sequence numbers between the
622 current index and the main database
623 type: integer
624 type: object
625 base:
626 description: |-
627 BaseConfig contains all configuration related CouchDB specific functionality
628 Official CouchDB documentation: https://docs.couchdb.org/en/stable/config/couchdb.html
629 properties:
630 bufferSize:
631 description: |-
632 BufferSize Higher values may result in better read performance due to fewer read operations and/or more OS page cache hits.
633 However, they can also increase overall response time for writes when there are many attachment write requests in parallel.
634 type: integer
635 compression:
636 description: |-
637 Compression is the method used to compress everything that is appended
638 to database and view index files, except for attachments. Immutable.
639 Available methods are:
640 - `none`: no compressions
641 - `snappy`: use Google Snappy, a very fast compressor/decompressor
642 - `deflate_N`: use zlib’s deflate; N is the compression level which
643 ranges from 1 (fastest, lowest compression ratio) to 9 (slowest,
644 highest compression ratio)
645 type: string
646 databaseDir:
647 description: |-
648 DatabaseDir location of CouchDB database files (*.couch).
649 This location should be writable and readable for the user the CouchDB service runs as (couchdb by default).
650 type: string
651 databaseRecovery:
652 description: DatabaseRecovery Enable this to only “soft-delete”
653 databases.
654 type: boolean
655 defaultSecurity:
656 description: |-
657 DefaultSecurity for access to databases. By default `admin_only` is set
658 so only admins can read and write. When set to `admin_local`, sharded
659 databases can be read and written by anyone but the shareds can only be
660 read and written by admins. When set to `everyone`, anyone can perform
661 reads and writes. Immutable.
662 type: string
663 driverDir:
664 description: |-
665 DriverDir Specifies location of binary drivers (icu, ejson, etc.).
666 This location and its contents should be readable for the user that runs the CouchDB service.
667 type: string
668 maintenance_mode:
669 description: |-
670 MaintenanceMode A CouchDB node may be put into distinct maintenance modes:
671 Modes:
672 - true: The node will not respond to clustered requests from other nodes and the /_up endpoint will return a 404 response.
673 - nolb: The /_up endpoint will return a 404 response.
674 - false: The node responds normally, /_up returns a 200 response.
675 type: string
676 maxDBsOpen:
677 description: |-
678 MaxDBsOpen is the upper found on the number of databases that can be open
679 at once. Requires restart of CouchDB to take effect. Immutable.
680 type: integer
681 maxDocSize:
682 description: TODO(help_wanted) - add others, maintenance
683 mode and lifecyle actions will need investigation
684 type: integer
685 processTimeout:
686 description: |-
687 ProcessTimeout If an external process, such as a query server or external process,
688 runs for this amount of milliseconds without returning any results, it will be terminated.
689 type: integer
690 securityEditable:
691 description: SecurityEditable When this configuration
692 setting is set to false, users_db_checkpoint is checked
693 for corruption when opened.
694 type: boolean
695 singleNode:
696 description: |-
697 SingleNode automatically creates the system databases on startup. Must
698 be `false` for a clustered installation. Immutable.
699 type: boolean
700 uriFile:
701 description: URIFile This file contains the full URI
702 that can be used to access this instance of CouchDB.
703 type: string
704 usersDBSuffix:
705 description: UsersDBSuffix Specifies the suffix (last
706 component of a name) of the system database for storing
707 CouchDB users.
708 type: string
709 uuid:
710 description: Unique identifier for the server instance.
711 Immutable.
712 type: string
713 viewIndexDir:
714 description: ViewIndexDir Specifies location of CouchDB
715 view index files.
716 type: string
717 type: object
718 cluster:
719 description: Cluster is the configuration for clustered
720 couchdb servers
721 properties:
722 autoFinish:
723 description: |-
724 If true, finish_cluster will be sent to a random node within the cluster,
725 completing the clustered server setup
726 type: boolean
727 nodes:
728 description: Unused. Number of couch servers in the
729 cluster
730 type: integer
731 type: object
732 clustering:
733 description: |-
734 ClusterConfig contains all configuration options for running a multi-node
735 clustered instance. Immutable.
736 Official CouchDB documentation: https://docs.couchdb.org/en/stable/config/cluster.html
737 properties:
738 nodes:
739 description: |-
740 Nodes is the number of nodes in a clustered install. Sets the number of
741 replicas of each document in a cluster with only one replica per node.
742 Immutable.
743 type: integer
744 placement:
745 description: |-
746 Sets the cluster-wide replica placement policy when creating new
747 databases. The value must be a comma-delimited list
748 of strings of the format zone_name:#
749 type: string
750 reconnect_interval_sec:
751 description: Period in seconds specifying how often
752 to attempt reconnecting to disconnected nodes. There
753 is a 25% random jitter applied to this value.
754 type: integer
755 seedList:
756 description: |-
757 SeedList is an optional list of node names used when joining nodes in a
758 cluster. Immutable.
759 items:
760 type: string
761 type: array
762 shards:
763 description: |-
764 Shards is the default number of shards for newly created databases
765 (default value is 2). Immutable.
766 type: integer
767 type: object
768 csp:
769 description: CSPConfig is the configuration for Content
770 Security Policy
771 properties:
772 attachmentsEnable:
773 description: specifies whether to enable the sending
774 of the CSP header for attachments
775 type: boolean
776 attachmentsHeaderValue:
777 description: specifies the exact header value to send
778 for attachments
779 type: string
780 enable:
781 description: specifies whether to enable the sending
782 of the CSP header
783 type: boolean
784 headerValue:
785 description: specifies the default header value to send
786 type: string
787 showListEnable:
788 description: specifies whether to enable the sending
789 of the CSP header for show list
790 type: boolean
791 showlistHeaderValue:
792 description: specifies the exact header value to send
793 for show list
794 type: string
795 utilsEnable:
796 description: specifies whether to enable the sending
797 of the CSP header for _utils
798 type: boolean
799 utilsHeaderValue:
800 description: specifies the exact header value to send
801 for _utils
802 type: string
803 type: object
804 deletionPolicy:
805 description: |-
806 DeletionPolicy determines what happens to the CouchDB instance when this
807 resource is deleted. Immutable.
808 Available options are:
809 - `abandon`: all CouchDB resources are left alone (default)
810 - `purge`: all CouchDB resources will also be removed
811 type: string
812 disk_monitor:
813 description: |-
814 DiskMonitor Disk Monitor Options
815 Apache CouchDB can react proactively when disk space gets low.
816 properties:
817 backgroundViewIndexingThreshold:
818 description: |-
819 BackgroundViewIndexingThreshold The percentage of used disk space on the `view_index_dir` above which CouchDB
820 will no longer start background view indexing jobs. Defaults to 80.
821 type: integer
822 enable:
823 description: Enable enable disk monitoring subsystem.
824 Defaults to false.
825 type: boolean
826 interactiveDatabaseWritesThreshold:
827 description: |-
828 InteractiveDatabaseWritesThreshold The percentage of used disk space on the database_dir above which CouchDB
829 will no longer allow interactive document updates (writes or deletes).
830 Replicated updates and database deletions are still permitted.
831 In a clustered write an error will be returned if enough nodes are above the `interactive_database_writes_threshold`.
832 Defaults to 90.
833 type: integer
834 interactiveViewIndexingThreshold:
835 description: |-
836 InteractiveViewIndexingThreshold The percentage of used disk space on the view_index_dir above which CouchDB
837 will no longer update stale view indexes when queried.
838 View indexes that are already up to date can still be queried,
839 and stale view indexes can be queried if either stale=ok or update=false are set.
840 Attempts to query a stale index without either parameter will yield a 507 Insufficient Storage error. Defaults to 90.
841 type: integer
842 type: object
843 ingress:
844 properties:
845 certificate:
846 description: Certificate is a reference to a ManagedCertificate
847 to create, or use if it exists
848 properties:
849 name:
850 description: |-
851 NOTE: An Ingress will reference this ManagedCertificate, so this value must match
852 the networking.gke.io/managed-certificates annotation on the Ingress.
853 type: string
854 required:
855 - name
856 type: object
857 type: object
858 interval:
859 description: |-
860 Interval is how often the object will be reconciled, in order to prevent
861 drift.
862 type: string
863 ioq:
864 description: IOQConfig config from https://docs.couchdb.org/en/stable/config/ioq.html
865 properties:
866 bypass:
867 description: Bypass ioq bypass config belows
868 properties:
869 compaction:
870 description: Disk IO issued by compaction jobs.
871 type: boolean
872 osProcess:
873 description: Messages on their way to an external
874 process (e.g., couchjs).
875 type: boolean
876 read:
877 description: Disk IO fulfilling interactive read
878 requests.
879 type: boolean
880 reshard:
881 description: Disk IO issued by resharding jobs.
882 type: boolean
883 shardSync:
884 description: Disk IO issued by the background replication
885 processes that fix any inconsistencies between
886 shard copies.
887 type: boolean
888 viewUpdate:
889 description: Disk IO required to update views and
890 other secondary indexes.
891 type: boolean
892 write:
893 description: Disk IO required to update a database.
894 type: boolean
895 type: object
896 concurrency:
897 description: 'Specifies the maximum number of concurrent
898 in-flight IO requests that the queueing system will
899 submit:'
900 type: integer
901 ratio:
902 description: 'The fraction of the time that a background
903 IO request will be selected over an interactive IO
904 request when both queues are non-empty:'
905 type: number
906 type: object
907 log:
908 description: LogConfig from https://docs.couchdb.org/en/stable/config/logging.html
909 properties:
910 file:
911 description: 'Specifies the location of file for logging
912 output. Only used by the file writer:'
913 type: string
914 includeSASL:
915 description: Includes SASL information in logs
916 type: boolean
917 level:
918 description: Logging level defines how verbose and detailed
919 logging will be
920 type: string
921 syslogAppid:
922 description: 'Specifies application name to the syslog
923 writer:'
924 type: string
925 syslogFacility:
926 description: 'Specifies the syslog facility to use with
927 the syslog writer:'
928 type: string
929 syslogHost:
930 description: 'Specifies the syslog host to send logs
931 to. Only used by the syslog writer:'
932 type: string
933 syslogPort:
934 description: 'Specifies the syslog port to connect to
935 when sending logs. Only used by the syslog writer:'
936 type: integer
937 writeBuffer:
938 description: |-
939 Specifies the size of the file log write buffer in bytes, to enable delayed log writes
940 Only used by the file writer
941 type: string
942 writeDelay:
943 description: |-
944 Specifies the wait in milliseconds before committing logs to disk, to enable delayed log writes.
945 Only used by the file writer:
946 type: string
947 writer:
948 description: 'Where to send logs: stderr, file, syslog,
949 journald or your implementation'
950 type: string
951 type: object
952 metrics:
953 description: |-
954 MetricsConfig contains all configuration options for managing Prometheus
955 integration.
956 Official CouchDB documentation: https://docs.couchdb.org/en/stable/config/misc.html#configuration-of-prometheus-endpoint
957 properties:
958 additionalPort:
959 description: |-
960 AdditionalPort sets whether or not to create a separate,
961 non-authenticated port (default is `false``)
962 type: boolean
963 bindAddress:
964 description: BindAddress is the IP address to bind.
965 Immutable.
966 type: string
967 port:
968 description: |-
969 Port on which client can query Prometheus endpoint data without auth.
970 Immutable.
971 type: integer
972 type: object
973 nativeQuery:
974 description: NativeQueryConfig CouchDB has a native Erlang
975 query server, allowing you to write your map/reduce functions
976 in Erlang.
977 properties:
978 enable:
979 description: Enables or disables the Native Erlang Query
980 Server.
981 type: boolean
982 type: object
983 purge:
984 description: PurgeConfig is the configuration for database
985 purge
986 properties:
987 indexLagWarnSeconds:
988 description: allowed duration when index is not updated
989 for local purge checkpoint document
990 type: integer
991 maxDocumentIdNumber:
992 description: maximum number of documents allowed in
993 a single purge request
994 type: integer
995 maxRevisionsNumber:
996 description: maximum number of accumulated revisions
997 allowed in a single purge request
998 type: integer
999 type: object
1000 query:
1001 description: QueryServerConfig The external query server
1002 is a special OS process which communicates with CouchDB
1003 over standard input/output using a very simple line-based
1004 protocol with JSON messages.
1005 properties:
1006 commit_freq:
1007 description: Specifies the delay in seconds before view
1008 index changes are committed to disk.
1009 type: integer
1010 processLimit:
1011 description: Hard limit on the number of OS processes
1012 usable by Query Servers.
1013 type: integer
1014 processTimeout:
1015 description: The timeout for a process used by Query
1016 Servers.
1017 type: integer
1018 reduceLimit:
1019 description: Controls Reduce overflow error that raises
1020 when output of reduce functions.
1021 type: boolean
1022 softLimit:
1023 description: Soft limit on the number of OS processes
1024 usable by Query Servers.
1025 type: integer
1026 type: object
1027 reSharding:
1028 description: ReShardingConfig options for re sharding nodes
1029 properties:
1030 deleteSource:
1031 description: ' DeleteSource Indicates if the source
1032 shard should be deleted after resharding has finished.
1033 By default, it is true'
1034 type: boolean
1035 maxHistory:
1036 description: ' MaxHistory Each resharding job maintains
1037 a timestamped event log. This setting limits the maximum
1038 size of that log'
1039 type: integer
1040 maxJobs:
1041 description: ' MaxJobs Maximum number of resharding
1042 jobs per cluster node'
1043 type: integer
1044 maxRetries:
1045 description: ' MaxRetries How many times to retry shard
1046 splitting steps if they fail. For example, if indexing
1047 or topping off fails, it will be retried up to this
1048 many times before the whole resharding job fails'
1049 type: integer
1050 requireNodeParam:
1051 description: ' RequireNodeParam Require users to specify
1052 a node'
1053 type: boolean
1054 requireRangeParam:
1055 description: ' RequireRangeParam Require users to specify
1056 a range'
1057 type: boolean
1058 retryInterval:
1059 description: RetryInterval How long to wait between
1060 subsequent retries
1061 type: integer
1062 sourceCloseTimeout:
1063 description: ' SourceCloseTimeout How many seconds to
1064 wait for the source shard to close. “Close” in this
1065 context means that client requests which keep the
1066 database open have all finished'
1067 type: integer
1068 updateTimeout:
1069 description: ' UpdateTimeout How many seconds to wait
1070 for the shard map update operation to complete. If
1071 there is a large number of shard db changes waiting
1072 to finish replicating, it might be beneficial to increase
1073 this timeout'
1074 type: integer
1075 type: object
1076 replicator:
1077 description: |-
1078 ReplicatorConfig contains all configuration options for managing
1079 replication for this instance.
1080 Official CouchDB documentation: https://docs.couchdb.org/en/stable/config/replicator.html
1081 properties:
1082 authPlugins:
1083 description: |-
1084 AuthPlugins list of replicator client authentication plugin: couch_replicator_auth_session,couch_replicator_auth_noop.
1085 For backwards compatibility, the no-op plugin should be used at the end of the plugin list.
1086 Immutable.
1087 type: string
1088 certFile:
1089 description: CertFile Path to a file containing the
1090 user’s certificate. Immutable.
1091 type: string
1092 certMaxDepth:
1093 description: CertMaxDepth Maximum peer certificate depth
1094 (must be set even if certificate validation is off).
1095 Immutable.
1096 type: integer
1097 checkpointInterval:
1098 description: CheckpointInterval replicator will request
1099 from the Source database at the specified interval
1100 in milliseconds. Immutable.
1101 type: integer
1102 connectionTimeout:
1103 description: |-
1104 ConnectionTimeout is the http connection timeout per replication in ms.
1105 This is divided by 3 when the replicator makes changes feed requests.
1106 Immutable.
1107 type: integer
1108 httpConnections:
1109 description: HTTPConnections Maximum number of HTTP
1110 connections per replication. Immutable.
1111 type: integer
1112 interval:
1113 description: Interval is the scheduling interval in
1114 milliseconds. Immutable.
1115 type: integer
1116 maxChurn:
1117 description: MaxChurn is the number of replication jobs
1118 to start and stop during rescheduling. Immutable.
1119 type: integer
1120 maxHistory:
1121 description: MaxHistory is the number of events recorded
1122 for each job. Immutable.
1123 type: integer
1124 maxJobs:
1125 description: MaxJobs is the number of actively running
1126 replications. Immutable.
1127 type: integer
1128 password:
1129 description: Password the user’s password, only used
1130 if the private key file is password protected. Immutable.
1131 type: string
1132 priorityCoeff:
1133 description: |-
1134 PriorityCoeff Priority coefficient decays all the job priorities such that they slowly drift towards the front of the run queue.
1135 The value must be between 0.0 and 1.0.
1136 Immutable.
1137 type: number
1138 replicatorShares:
1139 additionalProperties:
1140 type: integer
1141 description: |-
1142 Fair share configuration section. Higher share values results in a higher chance that jobs from that db get to run.
1143 The default value is 100, minimum is 1 and maximum is 1000.
1144 The configuration may be set even if the database does not exist.
1145 type: object
1146 retriesPerRequest:
1147 description: |-
1148 TODO(help_wanted) - handle http_connections in separate PR
1149 RetriesPerRequest if a request fails, the replicator will retry it up to N times. Immutable.
1150 type: integer
1151 socketOptions:
1152 description: SocketOptions socket options that might
1153 boost performance in some scenarios.
1154 type: string
1155 trustedCertFile:
1156 description: TrustedCertFile File containing a list
1157 of peer trusted certificates (in the PEM format).
1158 Immutable.
1159 type: string
1160 updateDocs:
1161 description: UpdateDocs when true, replicator will update
1162 replication document with error and triggered states.
1163 Immutable.
1164 type: boolean
1165 usageCoeff:
1166 description: |-
1167 UsageCoeff Usage coefficient decays historic fair share usage every scheduling cycle.
1168 The value must be between 0.0 and 1.0.
1169 Immutable.
1170 type: number
1171 useBulkGet:
1172 description: UseBulkGet CouchDB will attempt to use
1173 the _bulk_get HTTP API endpoint to fetch documents
1174 from the source. Immutable.
1175 type: boolean
1176 useCheckpoints:
1177 description: UseCheckpoints CouchDB will make checkpoints
1178 during replication and at the completion of replication.
1179 Immutable.
1180 type: boolean
1181 validEndpointProtocols:
1182 description: ValidEndpointProtocols replication jobs
1183 with endpoint urls not in this list will fail to run.
1184 Immutable.
1185 type: string
1186 validProxyProtocols:
1187 description: ValidProxyProtocols replication jobs with
1188 proxy urls not in this list will fail to run. Immutable.
1189 type: string
1190 validSocketOptions:
1191 description: 'ValidSocketOptions valid socket options:
1192 buffer,keepalive,nodelay,priority,recbuf,sndbuf, etc...
1193 Immutable.'
1194 type: string
1195 workerBatchSize:
1196 description: WorkerBatchSize with lower batch sizes
1197 checkpoints are done more frequently. Immutable.
1198 type: integer
1199 workerProcesses:
1200 description: WorkerProcesses More worker processes can
1201 give higher network throughput but can also imply
1202 more disk and network IO. Immutable.
1203 type: integer
1204 type: object
1205 retryInterval:
1206 description: |-
1207 RetryInterval is how often to retry previously failed reconciliations. Defaults
1208 to Interval if not provided.
1209 type: string
1210 rpc:
1211 properties:
1212 bufferCount:
1213 description: |-
1214 The local RPC server will buffer messages if a remote node goes unavailable.
1215 This flag determines how many messages will be buffered before the local
1216 server starts dropping messages. Default value is 2000.
1217 type: integer
1218 server_per_node:
1219 description: |-
1220 By default, rexi will spawn one local gen_server process for each node in
1221 the cluster. Disabling this flag will cause CouchDB to use a single process
1222 for all RPC communication, which is not recommended in high throughput
1223 deployments.
1224 type: boolean
1225 stream_limit:
1226 description: |-
1227 This flag comes into play during streaming operations like views and change
1228 feeds. It controls how many messages a remote worker process can send to a
1229 coordinator without waiting for an acknowledgement from the coordinator
1230 process. If this value is too large the coordinator can become overwhelmed
1231 by messages from the worker processes and actually deliver lower overall
1232 throughput to the client.
1233 type: integer
1234 type: object
1235 search:
1236 description: SearchConfig CouchDB’s search subsystem can
1237 be configured via the dreyfus configuration section.
1238 properties:
1239 limit:
1240 description: The number of results returned from a global
1241 search query if no limit is specified.
1242 type: integer
1243 limitPartitions:
1244 description: The number of results returned from a search
1245 on a partition of a database if no limit is specified.
1246 type: integer
1247 maxLimit:
1248 description: The maximum number of results that can
1249 be returned from a global search query.
1250 type: integer
1251 maxLimitPartitions:
1252 description: The maximum number of results that can
1253 be returned when searching a partition of a database.
1254 type: integer
1255 name:
1256 description: The name and location of the Clouseau Java
1257 service required to enable Search functionality.
1258 type: string
1259 retryLimit:
1260 description: The number of times CouchDB will try to
1261 reconnect to Clouseau.
1262 type: integer
1263 type: object
1264 server:
1265 description: ServerConfig contains all server configuration
1266 options
1267 properties:
1268 auth:
1269 description: |-
1270 AuthConfig contains all auth related configuration options.
1271 Official CouchDB documentation: https://docs.couchdb.org/en/stable/config/auth.html#chttpd_auth
1272 properties:
1273 XAuthRoles:
1274 description: |-
1275 The HTTP header name (X-Auth-CouchDB-Roles by default) that contains the list of a user’s roles, separated by a comma.
1276 Used for Proxy Authentication.
1277 type: string
1278 XAuthToken:
1279 description: |-
1280 The HTTP header name (X-Auth-CouchDB-Token by default) containing the token used to authenticate the authorization.
1281 This token is an HMAC-SHA1 created from the chttpd_auth/secret and chttpd_auth/x_auth_username.
1282 The secret key should be the same on the client and the CouchDB node.
1283 This token is optional if the value of the chttpd_auth/proxy_use_secret option is not true.
1284 Used for Proxy Authentication.
1285 type: string
1286 XAuthUsername:
1287 description: The HTTP header name (X-Auth-CouchDB-UserName
1288 by default) containing the username. Used for
1289 Proxy Authentication.
1290 type: string
1291 allowPersistentCookies:
1292 description: When set to true, CouchDB will set
1293 the Max-Age and Expires attributes on the cookie,
1294 which causes user agents (like browsers) to preserve
1295 the cookie over restarts.
1296 type: boolean
1297 authCacheSize:
1298 description: Number of User Context Object to cache
1299 in memory, to reduce disk lookups.
1300 type: integer
1301 authenticationRedirect:
1302 description: Specifies the location for redirection
1303 on successful authentication if a text/html response
1304 is accepted by the client (via an Accept header).
1305 type: string
1306 cookieDomain:
1307 description: Configures the domain attribute of
1308 the AuthSession cookie. By default the domain
1309 attribute is empty, resulting in the cookie being
1310 set on CouchDB’s domain.
1311 type: string
1312 hashAlgorithms:
1313 description: Sets the HMAC hash algorithm used for
1314 cookie and proxy authentication. You can provide
1315 a comma-separated list of hash algorithms.
1316 type: string
1317 iterations:
1318 description: The number of iterations for password
1319 hashing by the PBKDF2 algorithm.
1320 type: integer
1321 maxIterations:
1322 description: The maximum number of iterations allowed
1323 for passwords hashed by the PBKDF2 algorithm.
1324 Any user with greater iterations is forbidden.
1325 type: integer
1326 minIterations:
1327 description: The minimum number of iterations allowed
1328 for passwords hashed by the PBKDF2 algorithm.
1329 Any user with fewer iterations is forbidden.
1330 type: integer
1331 passwordRegexp:
1332 description: A list of Regular Expressions to check
1333 new/changed passwords. When set, new user passwords
1334 must match all RegExp in this list.
1335 type: string
1336 proxyUseSecret:
1337 description: When this option is set to true, the
1338 chttpd_auth/secret option is required for Proxy
1339 Authentication.
1340 type: boolean
1341 publicFields:
1342 description: |-
1343 A comma-separated list of field names in user documents (in couchdb/users_db_suffix) that can be read by any user.
1344 If unset or not specified, authenticated users can only retrieve their own document.
1345 type: string
1346 sameSite:
1347 description: When this option is set to a non-empty
1348 value, a SameSite attribute is added to the AuthSession
1349 cookie. Valid values are none, lax or strict.
1350 type: string
1351 secret:
1352 description: The secret token is used for Proxy
1353 Authentication and for Cookie Authentication.
1354 type: string
1355 timeout:
1356 description: Number of seconds since the last request
1357 before sessions will be expired.
1358 type: integer
1359 usersDbPublic:
1360 description: Allow all users to view user documents.
1361 By default, only admins may browse all users documents,
1362 while users may browse only their own document.
1363 type: boolean
1364 type: object
1365 cors:
1366 properties:
1367 credentials:
1368 description: |2-
1369 Credentials CouchDB will respond to a credentials-enabled CORS request with an additional header,
1370 Access-Control-Allow-Credentials=true.
1371 type: boolean
1372 headers:
1373 description: Headers List of accepted headers separated
1374 by a comma
1375 items:
1376 type: string
1377 type: array
1378 maxAge:
1379 description: MaxAge Sets the Access-Control-Max-Age
1380 header in seconds. Use it to avoid repeated OPTIONS
1381 requests.
1382 type: integer
1383 methods:
1384 description: Methods List of accepted methods separated
1385 by a comma
1386 items:
1387 type: string
1388 type: array
1389 origins:
1390 description: |-
1391 Origins List of origins separated by a comma, * means accept all.
1392 You can’t set origins = * and credentials = true option at the same time:
1393 items:
1394 type: string
1395 type: array
1396 required:
1397 - credentials
1398 - headers
1399 - maxAge
1400 - methods
1401 - origins
1402 type: object
1403 http:
1404 description: |-
1405 HTTPConfig contains all basic http configuration options.
1406 Official CouchDB documentation: https://docs.couchdb.org/en/stable/config/http.html
1407 properties:
1408 XForwardedHost:
1409 description: The x_forwarded_host header (X-Forwarded-Host)
1410 type: string
1411 XForwardedProto:
1412 description: The x_forwarded_proto header (X-Forwarder-Proto)
1413 type: string
1414 XForwardedSSL:
1415 description: The x_forwarded_ssl header (X-Forwarded-Ssl)
1416 type: string
1417 adminOnlyAllDbs:
1418 description: Whether to restrict _all_dbs to admins
1419 only
1420 type: boolean
1421 allowJsonp:
1422 description: JSONP support
1423 type: boolean
1424 authenticationHandlers:
1425 description: List of authentication handlers used
1426 by CouchDB
1427 type: string
1428 bindAddress:
1429 description: |-
1430 BindAddress is the IP by which clusterd port is available. Default value
1431 is "::" for any available. Immutable.
1432 type: string
1433 bufferResponse:
1434 description: Whether to buffer response
1435 type: boolean
1436 bulkGetUseBatches:
1437 description: Whether to use batches for bulk_get
1438 type: boolean
1439 changesTimeout:
1440 description: |-
1441 ChangesTimeout is the default timeout value for changes feed in ms
1442 (default value is 60000). Immutable.
1443 type: integer
1444 configWhitelist:
1445 description: Whitelist of configuration modifications
1446 type: string
1447 enableCORS:
1448 description: |-
1449 EnableCors by supporting CORS functionality, a CouchDB instance can accept direct connections to protected databases
1450 and instances, without the browser functionality being blocked due to same-origin constraints
1451 type: boolean
1452 enableXframeOptions:
1453 description: Whether to enable X-Frame-Options
1454 type: boolean
1455 maxHttpRequestSize:
1456 description: Maximum size of the HTTP request body
1457 type: integer
1458 port:
1459 description: Defines the port number to listen
1460 type: integer
1461 preferMinimal:
1462 description: 'If a request has the header "Prefer":
1463 "return=minimal"'
1464 type: string
1465 requireValidUser:
1466 description: |-
1467 RequireValidUser is when no requests are allowed from anonymous users.
1468 Everyone must be authenticated. Immutable.
1469 type: boolean
1470 requireValidUserExceptUp:
1471 description: |-
1472 RequireValidUserExceptUp same behavior as RequireValidUser with the
1473 `/_up` endpoint being except. Immutable.
1474 type: boolean
1475 secureRewrites:
1476 description: Whether to isolate databases via subdomains
1477 type: boolean
1478 type: object
1479 httpd:
1480 description: HTTPDConfig options
1481 properties:
1482 serverOptions:
1483 description: Server options for the MochiWeb component
1484 of CouchDB can be added to the configuration files.
1485 type: string
1486 socketOptions:
1487 description: |-
1488 The socket options for the listening socket in CouchDB,
1489 as set at the beginning of every request, can be specified as a list of tuples.
1490 Supported options are a subset of full options supported by the TCP/IP stack.
1491 type: string
1492 type: object
1493 ssl:
1494 description: |-
1495 SSLConfig contains all ssl related configuration options.
1496 Official CouchDB documentation: https://docs.couchdb.org/en/stable/config/http.html#https-ssl-tls-options
1497 properties:
1498 ' cacertFile':
1499 description: CacertFile Path to a file containing
1500 PEM encoded CA certificates. Immutable.
1501 type: string
1502 certFile:
1503 description: CertFile Path to a file containing
1504 the couchdb’s certificate. Immutable.
1505 type: string
1506 certMaxDepth:
1507 description: CertMaxDepth Maximum peer certificate
1508 depth (must be set even if certificate validation
1509 is off). Immutable.
1510 type: integer
1511 ciphers:
1512 description: Ciphers Set to the cipher suites that
1513 should be supported which can be specified in
1514 erlang format or in OpenSSL format. Immutable.
1515 type: string
1516 enable:
1517 description: Enable indicates whether to enable
1518 ssl
1519 type: boolean
1520 failIfNoPeerCert:
1521 description: FailIfNoPeerCert if set to false it
1522 will only fail if the client sends an invalid
1523 certificate (an empty certificate is considered
1524 valid)
1525 type: boolean
1526 keyFile:
1527 description: KeyFile Path to a file containing the
1528 couchdb’s certificate. Immutable.
1529 type: string
1530 password:
1531 description: Password the user’s password, only
1532 used if the private key file is password protected.
1533 Immutable.
1534 type: string
1535 secureRenegotiate:
1536 description: SecureRenegotiate Set to true to reject
1537 renegotiation attempt that does not live up to
1538 RFC 5746
1539 type: boolean
1540 tls_versions:
1541 description: TLSVersions Set to a list of permitted
1542 SSL/TLS protocol versions. Immutable.
1543 type: string
1544 verifyCertificates:
1545 description: VerifyCertificates Set to true to validate
1546 peer certificates:. Immutable.
1547 type: string
1548 verifyFun:
1549 description: VerifyFun The verification fun (optional)
1550 if not specified, the default verification fun
1551 will be used. Immutable.
1552 type: string
1553 type: object
1554 type: object
1555 smoosh:
1556 properties:
1557 capacity:
1558 description: If set to true, the compaction daemon will
1559 delete the files for indexes that are no longer associated
1560 with any design document
1561 type: boolean
1562 channels:
1563 additionalProperties:
1564 properties:
1565 capacity:
1566 description: The maximum number of items the channel
1567 can hold (lowest priority item is removed to
1568 make room for new items). Defaults to 9999
1569 type: integer
1570 concurrency:
1571 description: The maximum number of jobs that can
1572 run concurrently in this channel. Defaults to
1573 1.
1574 type: integer
1575 from:
1576 description: |-
1577 The time period during which this channel is allowed to execute compactions
1578 The value for each of these parameters must obey the format HH:MM with HH in [0..23] and MM in [0..59]
1579 type: string
1580 maxPriority:
1581 description: Each item must have a priority lower
1582 than this to be enqueued. Defaults to infinity.
1583 type: number
1584 maxSize:
1585 description: The item must be no larger than this
1586 many bytes in length to be enqueued. Defaults
1587 to infinity.
1588 type: number
1589 minChanges:
1590 description: The minimum number of changes since
1591 last compaction before the item will be enqueued.
1592 Defaults to 0. Currently only works for databases.
1593 type: number
1594 minPriority:
1595 description: The item must have a priority at
1596 least this high to be enqueued. Defaults to
1597 5.0 for ratio and 16 MB for slack.
1598 type: number
1599 minSize:
1600 description: The item must be at least this many
1601 bytes in length to be enqueued. Defaults to
1602 1mb (1048576 bytes).
1603 type: number
1604 priority:
1605 description: The method used to calculate priority.
1606 Can be ratio (calculated as sizes.file/sizes.active)
1607 or slack (calculated as sizes.file - sizes.active).
1608 Defaults to ratio.
1609 type: string
1610 strictWindow:
1611 description: If set to true, any compaction that
1612 is still running after the end of the allowed
1613 perio will be suspended, and then resumed during
1614 the next window
1615 type: boolean
1616 to:
1617 type: string
1618 type: object
1619 description: These settings control the resource allocation
1620 for a given compaction channel.
1621 type: object
1622 cleanupChannels:
1623 description: 'Special channel for compaction cleanup:
1624 index_cleanup, from https://docs.couchdb.org/en/stable/maintenance/compaction.html#channel-configuration'
1625 items:
1626 type: string
1627 type: array
1628 compactionLogLevel:
1629 description: Log level of compaction
1630 type: string
1631 dbChannels:
1632 description: A comma-delimited list of channels that
1633 are sent the names of database files when those files
1634 are updated.
1635 items:
1636 type: string
1637 type: array
1638 persist:
1639 description: 'Smoosh queue persistence. This allows
1640 resuming smoosh operations after a node restart. from:
1641 https://docs.couchdb.org/en/stable/whatsnew/3.3.html#id3,
1642 https://github.com/apache/couchdb/blob/dce6769edf141c36d408bddcd48082e91ae2f7ab/rel/overlay/etc/default.ini#L793'
1643 type: boolean
1644 staleness:
1645 description: The number of minutes that the (expensive)
1646 priority calculation on an individual can be stale
1647 for before it is recalculated. Defaults to 5.
1648 type: integer
1649 viewChannels:
1650 description: A comma-delimited list of channels that
1651 are sent the names of secondary index files when those
1652 files are updated
1653 items:
1654 type: string
1655 type: array
1656 type: object
1657 stats:
1658 description: StatisticsConfig is the configuration for statistics
1659 calculation
1660 properties:
1661 interval:
1662 description: Interval between gathering statistics in
1663 seconds
1664 type: integer
1665 type: object
1666 type:
1667 type: string
1668 uri:
1669 type: string
1670 userDB:
1671 properties:
1672 deleteDBs:
1673 description: DeleteDBs If set to true and a user is
1674 deleted, the respective database gets deleted as well.
1675 type: boolean
1676 enable:
1677 description: Enable indicates whether to enable per-user
1678 databases
1679 type: boolean
1680 shards:
1681 description: Shards specifies the sharding value for
1682 per-user databases
1683 type: integer
1684 type: object
1685 uuids:
1686 description: UUIDConfig is the UUIDs configuration
1687 properties:
1688 algorithm:
1689 description: algorithm to generate UUIDs
1690 type: string
1691 maxCount:
1692 description: maximum number of UUIDs that will be sent
1693 in a single request
1694 type: integer
1695 utcIDSuffix:
1696 description: UUID suffix
1697 type: string
1698 type: object
1699 vendor:
1700 description: VendorConfig is the configuration for vendor
1701 information
1702 properties:
1703 name:
1704 description: distributor name
1705 type: string
1706 version:
1707 description: distributer version
1708 type: string
1709 type: object
1710 required:
1711 - uri
1712 type: object
1713 status:
1714 default:
1715 observedGeneration: -1
1716 properties:
1717 conditions:
1718 items:
1719 description: "Condition contains details for one aspect
1720 of the current state of this API Resource.\n---\nThis
1721 struct is intended for direct use as an array at the
1722 field path .status.conditions. For example,\n\n\n\ttype
1723 FooStatus struct{\n\t // Represents the observations
1724 of a foo's current state.\n\t // Known .status.conditions.type
1725 are: \"Available\", \"Progressing\", and \"Degraded\"\n\t
1726 \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t
1727 \ // +listType=map\n\t // +listMapKey=type\n\t
1728 \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
1729 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
1730 \ // other fields\n\t}"
1731 properties:
1732 lastTransitionTime:
1733 description: |-
1734 lastTransitionTime is the last time the condition transitioned from one status to another.
1735 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
1736 format: date-time
1737 type: string
1738 message:
1739 description: |-
1740 message is a human readable message indicating details about the transition.
1741 This may be an empty string.
1742 maxLength: 32768
1743 type: string
1744 observedGeneration:
1745 description: |-
1746 observedGeneration represents the .metadata.generation that the condition was set based upon.
1747 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
1748 with respect to the current state of the instance.
1749 format: int64
1750 minimum: 0
1751 type: integer
1752 reason:
1753 description: |-
1754 reason contains a programmatic identifier indicating the reason for the condition's last transition.
1755 Producers of specific condition types may define expected values and meanings for this field,
1756 and whether the values are considered a guaranteed API.
1757 The value should be a CamelCase string.
1758 This field may not be empty.
1759 maxLength: 1024
1760 minLength: 1
1761 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1762 type: string
1763 status:
1764 description: status of the condition, one of True,
1765 False, Unknown.
1766 enum:
1767 - "True"
1768 - "False"
1769 - Unknown
1770 type: string
1771 type:
1772 description: |-
1773 type of condition in CamelCase or in foo.example.com/CamelCase.
1774 ---
1775 Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
1776 useful (see .node.status.conditions), the ability to deconflict is important.
1777 The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
1778 maxLength: 316
1779 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1780 type: string
1781 required:
1782 - lastTransitionTime
1783 - message
1784 - reason
1785 - status
1786 - type
1787 type: object
1788 type: array
1789 inventory:
1790 description: |-
1791 ResourceInventory contains a list of Kubernetes resource object references
1792 that have been applied.
1793 properties:
1794 entries:
1795 description: Entries of Kubernetes resource object references.
1796 items:
1797 description: ResourceRef contains the information
1798 necessary to locate a resource within a cluster.
1799 properties:
1800 id:
1801 description: |-
1802 ID is the string representation of the Kubernetes resource object's metadata,
1803 in the format '<namespace>_<name>_<group>_<kind>'.
1804 type: string
1805 v:
1806 description: Version is the API version of the
1807 Kubernetes resource object's kind.
1808 type: string
1809 required:
1810 - id
1811 - v
1812 type: object
1813 type: array
1814 type: object
1815 observedGeneration:
1816 format: int64
1817 type: integer
1818 type: object
1819 type: object
1820 type: array
1821 statefulsets:
1822 items:
1823 description: |-
1824 StatefulSet represents a set of pods with consistent identities.
1825 Identities are defined as:
1826 - Network: A single stable DNS and hostname.
1827 - Storage: As many VolumeClaims as requested.
1828
1829
1830 The StatefulSet guarantees that a given network identity will always
1831 map to the same storage identity.
1832 properties:
1833 apiVersion:
1834 description: |-
1835 APIVersion defines the versioned schema of this representation of an object.
1836 Servers should convert recognized schemas to the latest internal value, and
1837 may reject unrecognized values.
1838 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
1839 type: string
1840 kind:
1841 description: |-
1842 Kind is a string value representing the REST resource this object represents.
1843 Servers may infer this from the endpoint the client submits requests to.
1844 Cannot be updated.
1845 In CamelCase.
1846 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1847 type: string
1848 metadata:
1849 description: |-
1850 Standard object's metadata.
1851 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
1852 properties:
1853 annotations:
1854 additionalProperties:
1855 type: string
1856 type: object
1857 finalizers:
1858 items:
1859 type: string
1860 type: array
1861 labels:
1862 additionalProperties:
1863 type: string
1864 type: object
1865 name:
1866 type: string
1867 namespace:
1868 type: string
1869 type: object
1870 spec:
1871 description: Spec defines the desired identities of pods in
1872 this set.
1873 properties:
1874 minReadySeconds:
1875 description: |-
1876 Minimum number of seconds for which a newly created pod should be ready
1877 without any of its container crashing for it to be considered available.
1878 Defaults to 0 (pod will be considered available as soon as it is ready)
1879 format: int32
1880 type: integer
1881 ordinals:
1882 description: |-
1883 ordinals controls the numbering of replica indices in a StatefulSet. The
1884 default ordinals behavior assigns a "0" index to the first replica and
1885 increments the index by one for each additional replica requested. Using
1886 the ordinals field requires the StatefulSetStartOrdinal feature gate to be
1887 enabled, which is beta.
1888 properties:
1889 start:
1890 description: |-
1891 start is the number representing the first replica's index. It may be used
1892 to number replicas from an alternate index (eg: 1-indexed) over the default
1893 0-indexed names, or to orchestrate progressive movement of replicas from
1894 one StatefulSet to another.
1895 If set, replica indices will be in the range:
1896 [.spec.ordinals.start, .spec.ordinals.start + .spec.replicas).
1897 If unset, defaults to 0. Replica indices will be in the range:
1898 [0, .spec.replicas).
1899 format: int32
1900 type: integer
1901 type: object
1902 persistentVolumeClaimRetentionPolicy:
1903 description: |-
1904 persistentVolumeClaimRetentionPolicy describes the lifecycle of persistent
1905 volume claims created from volumeClaimTemplates. By default, all persistent
1906 volume claims are created as needed and retained until manually deleted. This
1907 policy allows the lifecycle to be altered, for example by deleting persistent
1908 volume claims when their stateful set is deleted, or when their pod is scaled
1909 down. This requires the StatefulSetAutoDeletePVC feature gate to be enabled,
1910 which is alpha. +optional
1911 properties:
1912 whenDeleted:
1913 description: |-
1914 WhenDeleted specifies what happens to PVCs created from StatefulSet
1915 VolumeClaimTemplates when the StatefulSet is deleted. The default policy
1916 of `Retain` causes PVCs to not be affected by StatefulSet deletion. The
1917 `Delete` policy causes those PVCs to be deleted.
1918 type: string
1919 whenScaled:
1920 description: |-
1921 WhenScaled specifies what happens to PVCs created from StatefulSet
1922 VolumeClaimTemplates when the StatefulSet is scaled down. The default
1923 policy of `Retain` causes PVCs to not be affected by a scaledown. The
1924 `Delete` policy causes the associated PVCs for any excess pods above
1925 the replica count to be deleted.
1926 type: string
1927 type: object
1928 podManagementPolicy:
1929 description: |-
1930 podManagementPolicy controls how pods are created during initial scale up,
1931 when replacing pods on nodes, or when scaling down. The default policy is
1932 `OrderedReady`, where pods are created in increasing order (pod-0, then
1933 pod-1, etc) and the controller will wait until each pod is ready before
1934 continuing. When scaling down, the pods are removed in the opposite order.
1935 The alternative policy is `Parallel` which will create pods in parallel
1936 to match the desired scale without waiting, and on scale down will delete
1937 all pods at once.
1938 type: string
1939 replicas:
1940 description: |-
1941 replicas is the desired number of replicas of the given Template.
1942 These are replicas in the sense that they are instantiations of the
1943 same Template, but individual replicas also have a consistent identity.
1944 If unspecified, defaults to 1.
1945 TODO: Consider a rename of this field.
1946 format: int32
1947 type: integer
1948 revisionHistoryLimit:
1949 description: |-
1950 revisionHistoryLimit is the maximum number of revisions that will
1951 be maintained in the StatefulSet's revision history. The revision history
1952 consists of all revisions not represented by a currently applied
1953 StatefulSetSpec version. The default value is 10.
1954 format: int32
1955 type: integer
1956 selector:
1957 description: |-
1958 selector is a label query over pods that should match the replica count.
1959 It must match the pod template's labels.
1960 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
1961 properties:
1962 matchExpressions:
1963 description: matchExpressions is a list of label selector
1964 requirements. The requirements are ANDed.
1965 items:
1966 description: |-
1967 A label selector requirement is a selector that contains values, a key, and an operator that
1968 relates the key and values.
1969 properties:
1970 key:
1971 description: key is the label key that the selector
1972 applies to.
1973 type: string
1974 operator:
1975 description: |-
1976 operator represents a key's relationship to a set of values.
1977 Valid operators are In, NotIn, Exists and DoesNotExist.
1978 type: string
1979 values:
1980 description: |-
1981 values is an array of string values. If the operator is In or NotIn,
1982 the values array must be non-empty. If the operator is Exists or DoesNotExist,
1983 the values array must be empty. This array is replaced during a strategic
1984 merge patch.
1985 items:
1986 type: string
1987 type: array
1988 x-kubernetes-list-type: atomic
1989 required:
1990 - key
1991 - operator
1992 type: object
1993 type: array
1994 x-kubernetes-list-type: atomic
1995 matchLabels:
1996 additionalProperties:
1997 type: string
1998 description: |-
1999 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
2000 map is equivalent to an element of matchExpressions, whose key field is "key", the
2001 operator is "In", and the values array contains only "value". The requirements are ANDed.
2002 type: object
2003 type: object
2004 x-kubernetes-map-type: atomic
2005 serviceName:
2006 description: |-
2007 serviceName is the name of the service that governs this StatefulSet.
2008 This service must exist before the StatefulSet, and is responsible for
2009 the network identity of the set. Pods get DNS/hostnames that follow the
2010 pattern: pod-specific-string.serviceName.default.svc.cluster.local
2011 where "pod-specific-string" is managed by the StatefulSet controller.
2012 type: string
2013 template:
2014 description: |-
2015 template is the object that describes the pod that will be created if
2016 insufficient replicas are detected. Each pod stamped out by the StatefulSet
2017 will fulfill this Template, but have a unique identity from the rest
2018 of the StatefulSet. Each pod will be named with the format
2019 <statefulsetname>-<podindex>. For example, a pod in a StatefulSet named
2020 "web" with index number "3" would be named "web-3".
2021 The only allowed template.spec.restartPolicy value is "Always".
2022 properties:
2023 metadata:
2024 description: |-
2025 Standard object's metadata.
2026 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
2027 properties:
2028 annotations:
2029 additionalProperties:
2030 type: string
2031 type: object
2032 finalizers:
2033 items:
2034 type: string
2035 type: array
2036 labels:
2037 additionalProperties:
2038 type: string
2039 type: object
2040 name:
2041 type: string
2042 namespace:
2043 type: string
2044 type: object
2045 spec:
2046 description: |-
2047 Specification of the desired behavior of the pod.
2048 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
2049 properties:
2050 activeDeadlineSeconds:
2051 description: |-
2052 Optional duration in seconds the pod may be active on the node relative to
2053 StartTime before the system will actively try to mark it failed and kill associated containers.
2054 Value must be a positive integer.
2055 format: int64
2056 type: integer
2057 affinity:
2058 description: If specified, the pod's scheduling
2059 constraints
2060 properties:
2061 nodeAffinity:
2062 description: Describes node affinity scheduling
2063 rules for the pod.
2064 properties:
2065 preferredDuringSchedulingIgnoredDuringExecution:
2066 description: |-
2067 The scheduler will prefer to schedule pods to nodes that satisfy
2068 the affinity expressions specified by this field, but it may choose
2069 a node that violates one or more of the expressions. The node that is
2070 most preferred is the one with the greatest sum of weights, i.e.
2071 for each node that meets all of the scheduling requirements (resource
2072 request, requiredDuringScheduling affinity expressions, etc.),
2073 compute a sum by iterating through the elements of this field and adding
2074 "weight" to the sum if the node matches the corresponding matchExpressions; the
2075 node(s) with the highest sum are the most preferred.
2076 items:
2077 description: |-
2078 An empty preferred scheduling term matches all objects with implicit weight 0
2079 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
2080 properties:
2081 preference:
2082 description: A node selector term,
2083 associated with the corresponding
2084 weight.
2085 properties:
2086 matchExpressions:
2087 description: A list of node selector
2088 requirements by node's labels.
2089 items:
2090 description: |-
2091 A node selector requirement is a selector that contains values, a key, and an operator
2092 that relates the key and values.
2093 properties:
2094 key:
2095 description: The label key
2096 that the selector applies
2097 to.
2098 type: string
2099 operator:
2100 description: |-
2101 Represents a key's relationship to a set of values.
2102 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
2103 type: string
2104 values:
2105 description: |-
2106 An array of string values. If the operator is In or NotIn,
2107 the values array must be non-empty. If the operator is Exists or DoesNotExist,
2108 the values array must be empty. If the operator is Gt or Lt, the values
2109 array must have a single element, which will be interpreted as an integer.
2110 This array is replaced during a strategic merge patch.
2111 items:
2112 type: string
2113 type: array
2114 x-kubernetes-list-type: atomic
2115 required:
2116 - key
2117 - operator
2118 type: object
2119 type: array
2120 x-kubernetes-list-type: atomic
2121 matchFields:
2122 description: A list of node selector
2123 requirements by node's fields.
2124 items:
2125 description: |-
2126 A node selector requirement is a selector that contains values, a key, and an operator
2127 that relates the key and values.
2128 properties:
2129 key:
2130 description: The label key
2131 that the selector applies
2132 to.
2133 type: string
2134 operator:
2135 description: |-
2136 Represents a key's relationship to a set of values.
2137 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
2138 type: string
2139 values:
2140 description: |-
2141 An array of string values. If the operator is In or NotIn,
2142 the values array must be non-empty. If the operator is Exists or DoesNotExist,
2143 the values array must be empty. If the operator is Gt or Lt, the values
2144 array must have a single element, which will be interpreted as an integer.
2145 This array is replaced during a strategic merge patch.
2146 items:
2147 type: string
2148 type: array
2149 x-kubernetes-list-type: atomic
2150 required:
2151 - key
2152 - operator
2153 type: object
2154 type: array
2155 x-kubernetes-list-type: atomic
2156 type: object
2157 x-kubernetes-map-type: atomic
2158 weight:
2159 description: Weight associated with
2160 matching the corresponding nodeSelectorTerm,
2161 in the range 1-100.
2162 format: int32
2163 type: integer
2164 required:
2165 - preference
2166 - weight
2167 type: object
2168 type: array
2169 x-kubernetes-list-type: atomic
2170 requiredDuringSchedulingIgnoredDuringExecution:
2171 description: |-
2172 If the affinity requirements specified by this field are not met at
2173 scheduling time, the pod will not be scheduled onto the node.
2174 If the affinity requirements specified by this field cease to be met
2175 at some point during pod execution (e.g. due to an update), the system
2176 may or may not try to eventually evict the pod from its node.
2177 properties:
2178 nodeSelectorTerms:
2179 description: Required. A list of node
2180 selector terms. The terms are ORed.
2181 items:
2182 description: |-
2183 A null or empty node selector term matches no objects. The requirements of
2184 them are ANDed.
2185 The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
2186 properties:
2187 matchExpressions:
2188 description: A list of node selector
2189 requirements by node's labels.
2190 items:
2191 description: |-
2192 A node selector requirement is a selector that contains values, a key, and an operator
2193 that relates the key and values.
2194 properties:
2195 key:
2196 description: The label key
2197 that the selector applies
2198 to.
2199 type: string
2200 operator:
2201 description: |-
2202 Represents a key's relationship to a set of values.
2203 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
2204 type: string
2205 values:
2206 description: |-
2207 An array of string values. If the operator is In or NotIn,
2208 the values array must be non-empty. If the operator is Exists or DoesNotExist,
2209 the values array must be empty. If the operator is Gt or Lt, the values
2210 array must have a single element, which will be interpreted as an integer.
2211 This array is replaced during a strategic merge patch.
2212 items:
2213 type: string
2214 type: array
2215 x-kubernetes-list-type: atomic
2216 required:
2217 - key
2218 - operator
2219 type: object
2220 type: array
2221 x-kubernetes-list-type: atomic
2222 matchFields:
2223 description: A list of node selector
2224 requirements by node's fields.
2225 items:
2226 description: |-
2227 A node selector requirement is a selector that contains values, a key, and an operator
2228 that relates the key and values.
2229 properties:
2230 key:
2231 description: The label key
2232 that the selector applies
2233 to.
2234 type: string
2235 operator:
2236 description: |-
2237 Represents a key's relationship to a set of values.
2238 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
2239 type: string
2240 values:
2241 description: |-
2242 An array of string values. If the operator is In or NotIn,
2243 the values array must be non-empty. If the operator is Exists or DoesNotExist,
2244 the values array must be empty. If the operator is Gt or Lt, the values
2245 array must have a single element, which will be interpreted as an integer.
2246 This array is replaced during a strategic merge patch.
2247 items:
2248 type: string
2249 type: array
2250 x-kubernetes-list-type: atomic
2251 required:
2252 - key
2253 - operator
2254 type: object
2255 type: array
2256 x-kubernetes-list-type: atomic
2257 type: object
2258 x-kubernetes-map-type: atomic
2259 type: array
2260 x-kubernetes-list-type: atomic
2261 required:
2262 - nodeSelectorTerms
2263 type: object
2264 x-kubernetes-map-type: atomic
2265 type: object
2266 podAffinity:
2267 description: Describes pod affinity scheduling
2268 rules (e.g. co-locate this pod in the same
2269 node, zone, etc. as some other pod(s)).
2270 properties:
2271 preferredDuringSchedulingIgnoredDuringExecution:
2272 description: |-
2273 The scheduler will prefer to schedule pods to nodes that satisfy
2274 the affinity expressions specified by this field, but it may choose
2275 a node that violates one or more of the expressions. The node that is
2276 most preferred is the one with the greatest sum of weights, i.e.
2277 for each node that meets all of the scheduling requirements (resource
2278 request, requiredDuringScheduling affinity expressions, etc.),
2279 compute a sum by iterating through the elements of this field and adding
2280 "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
2281 node(s) with the highest sum are the most preferred.
2282 items:
2283 description: The weights of all of the
2284 matched WeightedPodAffinityTerm fields
2285 are added per-node to find the most
2286 preferred node(s)
2287 properties:
2288 podAffinityTerm:
2289 description: Required. A pod affinity
2290 term, associated with the corresponding
2291 weight.
2292 properties:
2293 labelSelector:
2294 description: |-
2295 A label query over a set of resources, in this case pods.
2296 If it's null, this PodAffinityTerm matches with no Pods.
2297 properties:
2298 matchExpressions:
2299 description: matchExpressions
2300 is a list of label selector
2301 requirements. The requirements
2302 are ANDed.
2303 items:
2304 description: |-
2305 A label selector requirement is a selector that contains values, a key, and an operator that
2306 relates the key and values.
2307 properties:
2308 key:
2309 description: key is
2310 the label key that
2311 the selector applies
2312 to.
2313 type: string
2314 operator:
2315 description: |-
2316 operator represents a key's relationship to a set of values.
2317 Valid operators are In, NotIn, Exists and DoesNotExist.
2318 type: string
2319 values:
2320 description: |-
2321 values is an array of string values. If the operator is In or NotIn,
2322 the values array must be non-empty. If the operator is Exists or DoesNotExist,
2323 the values array must be empty. This array is replaced during a strategic
2324 merge patch.
2325 items:
2326 type: string
2327 type: array
2328 x-kubernetes-list-type: atomic
2329 required:
2330 - key
2331 - operator
2332 type: object
2333 type: array
2334 x-kubernetes-list-type: atomic
2335 matchLabels:
2336 additionalProperties:
2337 type: string
2338 description: |-
2339 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
2340 map is equivalent to an element of matchExpressions, whose key field is "key", the
2341 operator is "In", and the values array contains only "value". The requirements are ANDed.
2342 type: object
2343 type: object
2344 x-kubernetes-map-type: atomic
2345 matchLabelKeys:
2346 description: |-
2347 MatchLabelKeys is a set of pod label keys to select which pods will
2348 be taken into consideration. The keys are used to lookup values from the
2349 incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
2350 to select the group of existing pods which pods will be taken into consideration
2351 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
2352 pod labels will be ignored. The default value is empty.
2353 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
2354 Also, matchLabelKeys cannot be set when labelSelector isn't set.
2355 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
2356 items:
2357 type: string
2358 type: array
2359 x-kubernetes-list-type: atomic
2360 mismatchLabelKeys:
2361 description: |-
2362 MismatchLabelKeys is a set of pod label keys to select which pods will
2363 be taken into consideration. The keys are used to lookup values from the
2364 incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
2365 to select the group of existing pods which pods will be taken into consideration
2366 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
2367 pod labels will be ignored. The default value is empty.
2368 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
2369 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
2370 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
2371 items:
2372 type: string
2373 type: array
2374 x-kubernetes-list-type: atomic
2375 namespaceSelector:
2376 description: |-
2377 A label query over the set of namespaces that the term applies to.
2378 The term is applied to the union of the namespaces selected by this field
2379 and the ones listed in the namespaces field.
2380 null selector and null or empty namespaces list means "this pod's namespace".
2381 An empty selector ({}) matches all namespaces.
2382 properties:
2383 matchExpressions:
2384 description: matchExpressions
2385 is a list of label selector
2386 requirements. The requirements
2387 are ANDed.
2388 items:
2389 description: |-
2390 A label selector requirement is a selector that contains values, a key, and an operator that
2391 relates the key and values.
2392 properties:
2393 key:
2394 description: key is
2395 the label key that
2396 the selector applies
2397 to.
2398 type: string
2399 operator:
2400 description: |-
2401 operator represents a key's relationship to a set of values.
2402 Valid operators are In, NotIn, Exists and DoesNotExist.
2403 type: string
2404 values:
2405 description: |-
2406 values is an array of string values. If the operator is In or NotIn,
2407 the values array must be non-empty. If the operator is Exists or DoesNotExist,
2408 the values array must be empty. This array is replaced during a strategic
2409 merge patch.
2410 items:
2411 type: string
2412 type: array
2413 x-kubernetes-list-type: atomic
2414 required:
2415 - key
2416 - operator
2417 type: object
2418 type: array
2419 x-kubernetes-list-type: atomic
2420 matchLabels:
2421 additionalProperties:
2422 type: string
2423 description: |-
2424 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
2425 map is equivalent to an element of matchExpressions, whose key field is "key", the
2426 operator is "In", and the values array contains only "value". The requirements are ANDed.
2427 type: object
2428 type: object
2429 x-kubernetes-map-type: atomic
2430 namespaces:
2431 description: |-
2432 namespaces specifies a static list of namespace names that the term applies to.
2433 The term is applied to the union of the namespaces listed in this field
2434 and the ones selected by namespaceSelector.
2435 null or empty namespaces list and null namespaceSelector means "this pod's namespace".
2436 items:
2437 type: string
2438 type: array
2439 x-kubernetes-list-type: atomic
2440 topologyKey:
2441 description: |-
2442 This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
2443 the labelSelector in the specified namespaces, where co-located is defined as running on a node
2444 whose value of the label with key topologyKey matches that of any node on which any of the
2445 selected pods is running.
2446 Empty topologyKey is not allowed.
2447 type: string
2448 required:
2449 - topologyKey
2450 type: object
2451 weight:
2452 description: |-
2453 weight associated with matching the corresponding podAffinityTerm,
2454 in the range 1-100.
2455 format: int32
2456 type: integer
2457 required:
2458 - podAffinityTerm
2459 - weight
2460 type: object
2461 type: array
2462 x-kubernetes-list-type: atomic
2463 requiredDuringSchedulingIgnoredDuringExecution:
2464 description: |-
2465 If the affinity requirements specified by this field are not met at
2466 scheduling time, the pod will not be scheduled onto the node.
2467 If the affinity requirements specified by this field cease to be met
2468 at some point during pod execution (e.g. due to a pod label update), the
2469 system may or may not try to eventually evict the pod from its node.
2470 When there are multiple elements, the lists of nodes corresponding to each
2471 podAffinityTerm are intersected, i.e. all terms must be satisfied.
2472 items:
2473 description: |-
2474 Defines a set of pods (namely those matching the labelSelector
2475 relative to the given namespace(s)) that this pod should be
2476 co-located (affinity) or not co-located (anti-affinity) with,
2477 where co-located is defined as running on a node whose value of
2478 the label with key <topologyKey> matches that of any node on which
2479 a pod of the set of pods is running
2480 properties:
2481 labelSelector:
2482 description: |-
2483 A label query over a set of resources, in this case pods.
2484 If it's null, this PodAffinityTerm matches with no Pods.
2485 properties:
2486 matchExpressions:
2487 description: matchExpressions
2488 is a list of label selector
2489 requirements. The requirements
2490 are ANDed.
2491 items:
2492 description: |-
2493 A label selector requirement is a selector that contains values, a key, and an operator that
2494 relates the key and values.
2495 properties:
2496 key:
2497 description: key is the
2498 label key that the selector
2499 applies to.
2500 type: string
2501 operator:
2502 description: |-
2503 operator represents a key's relationship to a set of values.
2504 Valid operators are In, NotIn, Exists and DoesNotExist.
2505 type: string
2506 values:
2507 description: |-
2508 values is an array of string values. If the operator is In or NotIn,
2509 the values array must be non-empty. If the operator is Exists or DoesNotExist,
2510 the values array must be empty. This array is replaced during a strategic
2511 merge patch.
2512 items:
2513 type: string
2514 type: array
2515 x-kubernetes-list-type: atomic
2516 required:
2517 - key
2518 - operator
2519 type: object
2520 type: array
2521 x-kubernetes-list-type: atomic
2522 matchLabels:
2523 additionalProperties:
2524 type: string
2525 description: |-
2526 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
2527 map is equivalent to an element of matchExpressions, whose key field is "key", the
2528 operator is "In", and the values array contains only "value". The requirements are ANDed.
2529 type: object
2530 type: object
2531 x-kubernetes-map-type: atomic
2532 matchLabelKeys:
2533 description: |-
2534 MatchLabelKeys is a set of pod label keys to select which pods will
2535 be taken into consideration. The keys are used to lookup values from the
2536 incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
2537 to select the group of existing pods which pods will be taken into consideration
2538 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
2539 pod labels will be ignored. The default value is empty.
2540 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
2541 Also, matchLabelKeys cannot be set when labelSelector isn't set.
2542 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
2543 items:
2544 type: string
2545 type: array
2546 x-kubernetes-list-type: atomic
2547 mismatchLabelKeys:
2548 description: |-
2549 MismatchLabelKeys is a set of pod label keys to select which pods will
2550 be taken into consideration. The keys are used to lookup values from the
2551 incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
2552 to select the group of existing pods which pods will be taken into consideration
2553 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
2554 pod labels will be ignored. The default value is empty.
2555 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
2556 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
2557 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
2558 items:
2559 type: string
2560 type: array
2561 x-kubernetes-list-type: atomic
2562 namespaceSelector:
2563 description: |-
2564 A label query over the set of namespaces that the term applies to.
2565 The term is applied to the union of the namespaces selected by this field
2566 and the ones listed in the namespaces field.
2567 null selector and null or empty namespaces list means "this pod's namespace".
2568 An empty selector ({}) matches all namespaces.
2569 properties:
2570 matchExpressions:
2571 description: matchExpressions
2572 is a list of label selector
2573 requirements. The requirements
2574 are ANDed.
2575 items:
2576 description: |-
2577 A label selector requirement is a selector that contains values, a key, and an operator that
2578 relates the key and values.
2579 properties:
2580 key:
2581 description: key is the
2582 label key that the selector
2583 applies to.
2584 type: string
2585 operator:
2586 description: |-
2587 operator represents a key's relationship to a set of values.
2588 Valid operators are In, NotIn, Exists and DoesNotExist.
2589 type: string
2590 values:
2591 description: |-
2592 values is an array of string values. If the operator is In or NotIn,
2593 the values array must be non-empty. If the operator is Exists or DoesNotExist,
2594 the values array must be empty. This array is replaced during a strategic
2595 merge patch.
2596 items:
2597 type: string
2598 type: array
2599 x-kubernetes-list-type: atomic
2600 required:
2601 - key
2602 - operator
2603 type: object
2604 type: array
2605 x-kubernetes-list-type: atomic
2606 matchLabels:
2607 additionalProperties:
2608 type: string
2609 description: |-
2610 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
2611 map is equivalent to an element of matchExpressions, whose key field is "key", the
2612 operator is "In", and the values array contains only "value". The requirements are ANDed.
2613 type: object
2614 type: object
2615 x-kubernetes-map-type: atomic
2616 namespaces:
2617 description: |-
2618 namespaces specifies a static list of namespace names that the term applies to.
2619 The term is applied to the union of the namespaces listed in this field
2620 and the ones selected by namespaceSelector.
2621 null or empty namespaces list and null namespaceSelector means "this pod's namespace".
2622 items:
2623 type: string
2624 type: array
2625 x-kubernetes-list-type: atomic
2626 topologyKey:
2627 description: |-
2628 This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
2629 the labelSelector in the specified namespaces, where co-located is defined as running on a node
2630 whose value of the label with key topologyKey matches that of any node on which any of the
2631 selected pods is running.
2632 Empty topologyKey is not allowed.
2633 type: string
2634 required:
2635 - topologyKey
2636 type: object
2637 type: array
2638 x-kubernetes-list-type: atomic
2639 type: object
2640 podAntiAffinity:
2641 description: Describes pod anti-affinity scheduling
2642 rules (e.g. avoid putting this pod in the
2643 same node, zone, etc. as some other pod(s)).
2644 properties:
2645 preferredDuringSchedulingIgnoredDuringExecution:
2646 description: |-
2647 The scheduler will prefer to schedule pods to nodes that satisfy
2648 the anti-affinity expressions specified by this field, but it may choose
2649 a node that violates one or more of the expressions. The node that is
2650 most preferred is the one with the greatest sum of weights, i.e.
2651 for each node that meets all of the scheduling requirements (resource
2652 request, requiredDuringScheduling anti-affinity expressions, etc.),
2653 compute a sum by iterating through the elements of this field and adding
2654 "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
2655 node(s) with the highest sum are the most preferred.
2656 items:
2657 description: The weights of all of the
2658 matched WeightedPodAffinityTerm fields
2659 are added per-node to find the most
2660 preferred node(s)
2661 properties:
2662 podAffinityTerm:
2663 description: Required. A pod affinity
2664 term, associated with the corresponding
2665 weight.
2666 properties:
2667 labelSelector:
2668 description: |-
2669 A label query over a set of resources, in this case pods.
2670 If it's null, this PodAffinityTerm matches with no Pods.
2671 properties:
2672 matchExpressions:
2673 description: matchExpressions
2674 is a list of label selector
2675 requirements. The requirements
2676 are ANDed.
2677 items:
2678 description: |-
2679 A label selector requirement is a selector that contains values, a key, and an operator that
2680 relates the key and values.
2681 properties:
2682 key:
2683 description: key is
2684 the label key that
2685 the selector applies
2686 to.
2687 type: string
2688 operator:
2689 description: |-
2690 operator represents a key's relationship to a set of values.
2691 Valid operators are In, NotIn, Exists and DoesNotExist.
2692 type: string
2693 values:
2694 description: |-
2695 values is an array of string values. If the operator is In or NotIn,
2696 the values array must be non-empty. If the operator is Exists or DoesNotExist,
2697 the values array must be empty. This array is replaced during a strategic
2698 merge patch.
2699 items:
2700 type: string
2701 type: array
2702 x-kubernetes-list-type: atomic
2703 required:
2704 - key
2705 - operator
2706 type: object
2707 type: array
2708 x-kubernetes-list-type: atomic
2709 matchLabels:
2710 additionalProperties:
2711 type: string
2712 description: |-
2713 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
2714 map is equivalent to an element of matchExpressions, whose key field is "key", the
2715 operator is "In", and the values array contains only "value". The requirements are ANDed.
2716 type: object
2717 type: object
2718 x-kubernetes-map-type: atomic
2719 matchLabelKeys:
2720 description: |-
2721 MatchLabelKeys is a set of pod label keys to select which pods will
2722 be taken into consideration. The keys are used to lookup values from the
2723 incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
2724 to select the group of existing pods which pods will be taken into consideration
2725 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
2726 pod labels will be ignored. The default value is empty.
2727 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
2728 Also, matchLabelKeys cannot be set when labelSelector isn't set.
2729 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
2730 items:
2731 type: string
2732 type: array
2733 x-kubernetes-list-type: atomic
2734 mismatchLabelKeys:
2735 description: |-
2736 MismatchLabelKeys is a set of pod label keys to select which pods will
2737 be taken into consideration. The keys are used to lookup values from the
2738 incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
2739 to select the group of existing pods which pods will be taken into consideration
2740 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
2741 pod labels will be ignored. The default value is empty.
2742 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
2743 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
2744 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
2745 items:
2746 type: string
2747 type: array
2748 x-kubernetes-list-type: atomic
2749 namespaceSelector:
2750 description: |-
2751 A label query over the set of namespaces that the term applies to.
2752 The term is applied to the union of the namespaces selected by this field
2753 and the ones listed in the namespaces field.
2754 null selector and null or empty namespaces list means "this pod's namespace".
2755 An empty selector ({}) matches all namespaces.
2756 properties:
2757 matchExpressions:
2758 description: matchExpressions
2759 is a list of label selector
2760 requirements. The requirements
2761 are ANDed.
2762 items:
2763 description: |-
2764 A label selector requirement is a selector that contains values, a key, and an operator that
2765 relates the key and values.
2766 properties:
2767 key:
2768 description: key is
2769 the label key that
2770 the selector applies
2771 to.
2772 type: string
2773 operator:
2774 description: |-
2775 operator represents a key's relationship to a set of values.
2776 Valid operators are In, NotIn, Exists and DoesNotExist.
2777 type: string
2778 values:
2779 description: |-
2780 values is an array of string values. If the operator is In or NotIn,
2781 the values array must be non-empty. If the operator is Exists or DoesNotExist,
2782 the values array must be empty. This array is replaced during a strategic
2783 merge patch.
2784 items:
2785 type: string
2786 type: array
2787 x-kubernetes-list-type: atomic
2788 required:
2789 - key
2790 - operator
2791 type: object
2792 type: array
2793 x-kubernetes-list-type: atomic
2794 matchLabels:
2795 additionalProperties:
2796 type: string
2797 description: |-
2798 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
2799 map is equivalent to an element of matchExpressions, whose key field is "key", the
2800 operator is "In", and the values array contains only "value". The requirements are ANDed.
2801 type: object
2802 type: object
2803 x-kubernetes-map-type: atomic
2804 namespaces:
2805 description: |-
2806 namespaces specifies a static list of namespace names that the term applies to.
2807 The term is applied to the union of the namespaces listed in this field
2808 and the ones selected by namespaceSelector.
2809 null or empty namespaces list and null namespaceSelector means "this pod's namespace".
2810 items:
2811 type: string
2812 type: array
2813 x-kubernetes-list-type: atomic
2814 topologyKey:
2815 description: |-
2816 This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
2817 the labelSelector in the specified namespaces, where co-located is defined as running on a node
2818 whose value of the label with key topologyKey matches that of any node on which any of the
2819 selected pods is running.
2820 Empty topologyKey is not allowed.
2821 type: string
2822 required:
2823 - topologyKey
2824 type: object
2825 weight:
2826 description: |-
2827 weight associated with matching the corresponding podAffinityTerm,
2828 in the range 1-100.
2829 format: int32
2830 type: integer
2831 required:
2832 - podAffinityTerm
2833 - weight
2834 type: object
2835 type: array
2836 x-kubernetes-list-type: atomic
2837 requiredDuringSchedulingIgnoredDuringExecution:
2838 description: |-
2839 If the anti-affinity requirements specified by this field are not met at
2840 scheduling time, the pod will not be scheduled onto the node.
2841 If the anti-affinity requirements specified by this field cease to be met
2842 at some point during pod execution (e.g. due to a pod label update), the
2843 system may or may not try to eventually evict the pod from its node.
2844 When there are multiple elements, the lists of nodes corresponding to each
2845 podAffinityTerm are intersected, i.e. all terms must be satisfied.
2846 items:
2847 description: |-
2848 Defines a set of pods (namely those matching the labelSelector
2849 relative to the given namespace(s)) that this pod should be
2850 co-located (affinity) or not co-located (anti-affinity) with,
2851 where co-located is defined as running on a node whose value of
2852 the label with key <topologyKey> matches that of any node on which
2853 a pod of the set of pods is running
2854 properties:
2855 labelSelector:
2856 description: |-
2857 A label query over a set of resources, in this case pods.
2858 If it's null, this PodAffinityTerm matches with no Pods.
2859 properties:
2860 matchExpressions:
2861 description: matchExpressions
2862 is a list of label selector
2863 requirements. The requirements
2864 are ANDed.
2865 items:
2866 description: |-
2867 A label selector requirement is a selector that contains values, a key, and an operator that
2868 relates the key and values.
2869 properties:
2870 key:
2871 description: key is the
2872 label key that the selector
2873 applies to.
2874 type: string
2875 operator:
2876 description: |-
2877 operator represents a key's relationship to a set of values.
2878 Valid operators are In, NotIn, Exists and DoesNotExist.
2879 type: string
2880 values:
2881 description: |-
2882 values is an array of string values. If the operator is In or NotIn,
2883 the values array must be non-empty. If the operator is Exists or DoesNotExist,
2884 the values array must be empty. This array is replaced during a strategic
2885 merge patch.
2886 items:
2887 type: string
2888 type: array
2889 x-kubernetes-list-type: atomic
2890 required:
2891 - key
2892 - operator
2893 type: object
2894 type: array
2895 x-kubernetes-list-type: atomic
2896 matchLabels:
2897 additionalProperties:
2898 type: string
2899 description: |-
2900 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
2901 map is equivalent to an element of matchExpressions, whose key field is "key", the
2902 operator is "In", and the values array contains only "value". The requirements are ANDed.
2903 type: object
2904 type: object
2905 x-kubernetes-map-type: atomic
2906 matchLabelKeys:
2907 description: |-
2908 MatchLabelKeys is a set of pod label keys to select which pods will
2909 be taken into consideration. The keys are used to lookup values from the
2910 incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
2911 to select the group of existing pods which pods will be taken into consideration
2912 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
2913 pod labels will be ignored. The default value is empty.
2914 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
2915 Also, matchLabelKeys cannot be set when labelSelector isn't set.
2916 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
2917 items:
2918 type: string
2919 type: array
2920 x-kubernetes-list-type: atomic
2921 mismatchLabelKeys:
2922 description: |-
2923 MismatchLabelKeys is a set of pod label keys to select which pods will
2924 be taken into consideration. The keys are used to lookup values from the
2925 incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
2926 to select the group of existing pods which pods will be taken into consideration
2927 for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
2928 pod labels will be ignored. The default value is empty.
2929 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
2930 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
2931 This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
2932 items:
2933 type: string
2934 type: array
2935 x-kubernetes-list-type: atomic
2936 namespaceSelector:
2937 description: |-
2938 A label query over the set of namespaces that the term applies to.
2939 The term is applied to the union of the namespaces selected by this field
2940 and the ones listed in the namespaces field.
2941 null selector and null or empty namespaces list means "this pod's namespace".
2942 An empty selector ({}) matches all namespaces.
2943 properties:
2944 matchExpressions:
2945 description: matchExpressions
2946 is a list of label selector
2947 requirements. The requirements
2948 are ANDed.
2949 items:
2950 description: |-
2951 A label selector requirement is a selector that contains values, a key, and an operator that
2952 relates the key and values.
2953 properties:
2954 key:
2955 description: key is the
2956 label key that the selector
2957 applies to.
2958 type: string
2959 operator:
2960 description: |-
2961 operator represents a key's relationship to a set of values.
2962 Valid operators are In, NotIn, Exists and DoesNotExist.
2963 type: string
2964 values:
2965 description: |-
2966 values is an array of string values. If the operator is In or NotIn,
2967 the values array must be non-empty. If the operator is Exists or DoesNotExist,
2968 the values array must be empty. This array is replaced during a strategic
2969 merge patch.
2970 items:
2971 type: string
2972 type: array
2973 x-kubernetes-list-type: atomic
2974 required:
2975 - key
2976 - operator
2977 type: object
2978 type: array
2979 x-kubernetes-list-type: atomic
2980 matchLabels:
2981 additionalProperties:
2982 type: string
2983 description: |-
2984 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
2985 map is equivalent to an element of matchExpressions, whose key field is "key", the
2986 operator is "In", and the values array contains only "value". The requirements are ANDed.
2987 type: object
2988 type: object
2989 x-kubernetes-map-type: atomic
2990 namespaces:
2991 description: |-
2992 namespaces specifies a static list of namespace names that the term applies to.
2993 The term is applied to the union of the namespaces listed in this field
2994 and the ones selected by namespaceSelector.
2995 null or empty namespaces list and null namespaceSelector means "this pod's namespace".
2996 items:
2997 type: string
2998 type: array
2999 x-kubernetes-list-type: atomic
3000 topologyKey:
3001 description: |-
3002 This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
3003 the labelSelector in the specified namespaces, where co-located is defined as running on a node
3004 whose value of the label with key topologyKey matches that of any node on which any of the
3005 selected pods is running.
3006 Empty topologyKey is not allowed.
3007 type: string
3008 required:
3009 - topologyKey
3010 type: object
3011 type: array
3012 x-kubernetes-list-type: atomic
3013 type: object
3014 type: object
3015 automountServiceAccountToken:
3016 description: AutomountServiceAccountToken indicates
3017 whether a service account token should be automatically
3018 mounted.
3019 type: boolean
3020 containers:
3021 description: |-
3022 List of containers belonging to the pod.
3023 Containers cannot currently be added or removed.
3024 There must be at least one container in a Pod.
3025 Cannot be updated.
3026 items:
3027 description: A single application container that
3028 you want to run within a pod.
3029 properties:
3030 args:
3031 description: |-
3032 Arguments to the entrypoint.
3033 The container image's CMD is used if this is not provided.
3034 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
3035 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
3036 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
3037 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
3038 of whether the variable exists or not. Cannot be updated.
3039 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
3040 items:
3041 type: string
3042 type: array
3043 x-kubernetes-list-type: atomic
3044 command:
3045 description: |-
3046 Entrypoint array. Not executed within a shell.
3047 The container image's ENTRYPOINT is used if this is not provided.
3048 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
3049 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
3050 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
3051 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
3052 of whether the variable exists or not. Cannot be updated.
3053 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
3054 items:
3055 type: string
3056 type: array
3057 x-kubernetes-list-type: atomic
3058 env:
3059 description: |-
3060 List of environment variables to set in the container.
3061 Cannot be updated.
3062 items:
3063 description: EnvVar represents an environment
3064 variable present in a Container.
3065 properties:
3066 name:
3067 description: Name of the environment
3068 variable. Must be a C_IDENTIFIER.
3069 type: string
3070 value:
3071 description: |-
3072 Variable references $(VAR_NAME) are expanded
3073 using the previously defined environment variables in the container and
3074 any service environment variables. If a variable cannot be resolved,
3075 the reference in the input string will be unchanged. Double $$ are reduced
3076 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
3077 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
3078 Escaped references will never be expanded, regardless of whether the variable
3079 exists or not.
3080 Defaults to "".
3081 type: string
3082 valueFrom:
3083 description: Source for the environment
3084 variable's value. Cannot be used if
3085 value is not empty.
3086 properties:
3087 configMapKeyRef:
3088 description: Selects a key of a
3089 ConfigMap.
3090 properties:
3091 key:
3092 description: The key to select.
3093 type: string
3094 name:
3095 default: ""
3096 description: |-
3097 Name of the referent.
3098 This field is effectively required, but due to backwards compatibility is
3099 allowed to be empty. Instances of this type with an empty value here are
3100 almost certainly wrong.
3101 TODO: Add other useful fields. apiVersion, kind, uid?
3102 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
3103 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
3104 type: string
3105 optional:
3106 description: Specify whether
3107 the ConfigMap or its key must
3108 be defined
3109 type: boolean
3110 required:
3111 - key
3112 type: object
3113 x-kubernetes-map-type: atomic
3114 fieldRef:
3115 description: |-
3116 Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
3117 spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
3118 properties:
3119 apiVersion:
3120 description: Version of the
3121 schema the FieldPath is written
3122 in terms of, defaults to "v1".
3123 type: string
3124 fieldPath:
3125 description: Path of the field
3126 to select in the specified
3127 API version.
3128 type: string
3129 required:
3130 - fieldPath
3131 type: object
3132 x-kubernetes-map-type: atomic
3133 resourceFieldRef:
3134 description: |-
3135 Selects a resource of the container: only resources limits and requests
3136 (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
3137 properties:
3138 containerName:
3139 description: 'Container name:
3140 required for volumes, optional
3141 for env vars'
3142 type: string
3143 divisor:
3144 anyOf:
3145 - type: integer
3146 - type: string
3147 description: Specifies the output
3148 format of the exposed resources,
3149 defaults to "1"
3150 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
3151 x-kubernetes-int-or-string: true
3152 resource:
3153 description: 'Required: resource
3154 to select'
3155 type: string
3156 required:
3157 - resource
3158 type: object
3159 x-kubernetes-map-type: atomic
3160 secretKeyRef:
3161 description: Selects a key of a
3162 secret in the pod's namespace
3163 properties:
3164 key:
3165 description: The key of the
3166 secret to select from. Must
3167 be a valid secret key.
3168 type: string
3169 name:
3170 default: ""
3171 description: |-
3172 Name of the referent.
3173 This field is effectively required, but due to backwards compatibility is
3174 allowed to be empty. Instances of this type with an empty value here are
3175 almost certainly wrong.
3176 TODO: Add other useful fields. apiVersion, kind, uid?
3177 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
3178 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
3179 type: string
3180 optional:
3181 description: Specify whether
3182 the Secret or its key must
3183 be defined
3184 type: boolean
3185 required:
3186 - key
3187 type: object
3188 x-kubernetes-map-type: atomic
3189 type: object
3190 required:
3191 - name
3192 type: object
3193 type: array
3194 x-kubernetes-list-map-keys:
3195 - name
3196 x-kubernetes-list-type: map
3197 envFrom:
3198 description: |-
3199 List of sources to populate environment variables in the container.
3200 The keys defined within a source must be a C_IDENTIFIER. All invalid keys
3201 will be reported as an event when the container is starting. When a key exists in multiple
3202 sources, the value associated with the last source will take precedence.
3203 Values defined by an Env with a duplicate key will take precedence.
3204 Cannot be updated.
3205 items:
3206 description: EnvFromSource represents the
3207 source of a set of ConfigMaps
3208 properties:
3209 configMapRef:
3210 description: The ConfigMap to select
3211 from
3212 properties:
3213 name:
3214 default: ""
3215 description: |-
3216 Name of the referent.
3217 This field is effectively required, but due to backwards compatibility is
3218 allowed to be empty. Instances of this type with an empty value here are
3219 almost certainly wrong.
3220 TODO: Add other useful fields. apiVersion, kind, uid?
3221 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
3222 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
3223 type: string
3224 optional:
3225 description: Specify whether the
3226 ConfigMap must be defined
3227 type: boolean
3228 type: object
3229 x-kubernetes-map-type: atomic
3230 prefix:
3231 description: An optional identifier
3232 to prepend to each key in the ConfigMap.
3233 Must be a C_IDENTIFIER.
3234 type: string
3235 secretRef:
3236 description: The Secret to select from
3237 properties:
3238 name:
3239 default: ""
3240 description: |-
3241 Name of the referent.
3242 This field is effectively required, but due to backwards compatibility is
3243 allowed to be empty. Instances of this type with an empty value here are
3244 almost certainly wrong.
3245 TODO: Add other useful fields. apiVersion, kind, uid?
3246 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
3247 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
3248 type: string
3249 optional:
3250 description: Specify whether the
3251 Secret must be defined
3252 type: boolean
3253 type: object
3254 x-kubernetes-map-type: atomic
3255 type: object
3256 type: array
3257 x-kubernetes-list-type: atomic
3258 image:
3259 description: |-
3260 Container image name.
3261 More info: https://kubernetes.io/docs/concepts/containers/images
3262 This field is optional to allow higher level config management to default or override
3263 container images in workload controllers like Deployments and StatefulSets.
3264 type: string
3265 imagePullPolicy:
3266 description: |-
3267 Image pull policy.
3268 One of Always, Never, IfNotPresent.
3269 Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
3270 Cannot be updated.
3271 More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
3272 type: string
3273 lifecycle:
3274 description: |-
3275 Actions that the management system should take in response to container lifecycle events.
3276 Cannot be updated.
3277 properties:
3278 postStart:
3279 description: |-
3280 PostStart is called immediately after a container is created. If the handler fails,
3281 the container is terminated and restarted according to its restart policy.
3282 Other management of the container blocks until the hook completes.
3283 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
3284 properties:
3285 exec:
3286 description: Exec specifies the action
3287 to take.
3288 properties:
3289 command:
3290 description: |-
3291 Command is the command line to execute inside the container, the working directory for the
3292 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
3293 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
3294 a shell, you need to explicitly call out to that shell.
3295 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
3296 items:
3297 type: string
3298 type: array
3299 x-kubernetes-list-type: atomic
3300 type: object
3301 httpGet:
3302 description: HTTPGet specifies the
3303 http request to perform.
3304 properties:
3305 host:
3306 description: |-
3307 Host name to connect to, defaults to the pod IP. You probably want to set
3308 "Host" in httpHeaders instead.
3309 type: string
3310 httpHeaders:
3311 description: Custom headers to
3312 set in the request. HTTP allows
3313 repeated headers.
3314 items:
3315 description: HTTPHeader describes
3316 a custom header to be used
3317 in HTTP probes
3318 properties:
3319 name:
3320 description: |-
3321 The header field name.
3322 This will be canonicalized upon output, so case-variant names will be understood as the same header.
3323 type: string
3324 value:
3325 description: The header
3326 field value
3327 type: string
3328 required:
3329 - name
3330 - value
3331 type: object
3332 type: array
3333 x-kubernetes-list-type: atomic
3334 path:
3335 description: Path to access on
3336 the HTTP server.
3337 type: string
3338 port:
3339 anyOf:
3340 - type: integer
3341 - type: string
3342 description: |-
3343 Name or number of the port to access on the container.
3344 Number must be in the range 1 to 65535.
3345 Name must be an IANA_SVC_NAME.
3346 x-kubernetes-int-or-string: true
3347 scheme:
3348 description: |-
3349 Scheme to use for connecting to the host.
3350 Defaults to HTTP.
3351 type: string
3352 required:
3353 - port
3354 type: object
3355 sleep:
3356 description: Sleep represents the
3357 duration that the container should
3358 sleep before being terminated.
3359 properties:
3360 seconds:
3361 description: Seconds is the number
3362 of seconds to sleep.
3363 format: int64
3364 type: integer
3365 required:
3366 - seconds
3367 type: object
3368 tcpSocket:
3369 description: |-
3370 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
3371 for the backward compatibility. There are no validation of this field and
3372 lifecycle hooks will fail in runtime when tcp handler is specified.
3373 properties:
3374 host:
3375 description: 'Optional: Host name
3376 to connect to, defaults to the
3377 pod IP.'
3378 type: string
3379 port:
3380 anyOf:
3381 - type: integer
3382 - type: string
3383 description: |-
3384 Number or name of the port to access on the container.
3385 Number must be in the range 1 to 65535.
3386 Name must be an IANA_SVC_NAME.
3387 x-kubernetes-int-or-string: true
3388 required:
3389 - port
3390 type: object
3391 type: object
3392 preStop:
3393 description: |-
3394 PreStop is called immediately before a container is terminated due to an
3395 API request or management event such as liveness/startup probe failure,
3396 preemption, resource contention, etc. The handler is not called if the
3397 container crashes or exits. The Pod's termination grace period countdown begins before the
3398 PreStop hook is executed. Regardless of the outcome of the handler, the
3399 container will eventually terminate within the Pod's termination grace
3400 period (unless delayed by finalizers). Other management of the container blocks until the hook completes
3401 or until the termination grace period is reached.
3402 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
3403 properties:
3404 exec:
3405 description: Exec specifies the action
3406 to take.
3407 properties:
3408 command:
3409 description: |-
3410 Command is the command line to execute inside the container, the working directory for the
3411 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
3412 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
3413 a shell, you need to explicitly call out to that shell.
3414 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
3415 items:
3416 type: string
3417 type: array
3418 x-kubernetes-list-type: atomic
3419 type: object
3420 httpGet:
3421 description: HTTPGet specifies the
3422 http request to perform.
3423 properties:
3424 host:
3425 description: |-
3426 Host name to connect to, defaults to the pod IP. You probably want to set
3427 "Host" in httpHeaders instead.
3428 type: string
3429 httpHeaders:
3430 description: Custom headers to
3431 set in the request. HTTP allows
3432 repeated headers.
3433 items:
3434 description: HTTPHeader describes
3435 a custom header to be used
3436 in HTTP probes
3437 properties:
3438 name:
3439 description: |-
3440 The header field name.
3441 This will be canonicalized upon output, so case-variant names will be understood as the same header.
3442 type: string
3443 value:
3444 description: The header
3445 field value
3446 type: string
3447 required:
3448 - name
3449 - value
3450 type: object
3451 type: array
3452 x-kubernetes-list-type: atomic
3453 path:
3454 description: Path to access on
3455 the HTTP server.
3456 type: string
3457 port:
3458 anyOf:
3459 - type: integer
3460 - type: string
3461 description: |-
3462 Name or number of the port to access on the container.
3463 Number must be in the range 1 to 65535.
3464 Name must be an IANA_SVC_NAME.
3465 x-kubernetes-int-or-string: true
3466 scheme:
3467 description: |-
3468 Scheme to use for connecting to the host.
3469 Defaults to HTTP.
3470 type: string
3471 required:
3472 - port
3473 type: object
3474 sleep:
3475 description: Sleep represents the
3476 duration that the container should
3477 sleep before being terminated.
3478 properties:
3479 seconds:
3480 description: Seconds is the number
3481 of seconds to sleep.
3482 format: int64
3483 type: integer
3484 required:
3485 - seconds
3486 type: object
3487 tcpSocket:
3488 description: |-
3489 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
3490 for the backward compatibility. There are no validation of this field and
3491 lifecycle hooks will fail in runtime when tcp handler is specified.
3492 properties:
3493 host:
3494 description: 'Optional: Host name
3495 to connect to, defaults to the
3496 pod IP.'
3497 type: string
3498 port:
3499 anyOf:
3500 - type: integer
3501 - type: string
3502 description: |-
3503 Number or name of the port to access on the container.
3504 Number must be in the range 1 to 65535.
3505 Name must be an IANA_SVC_NAME.
3506 x-kubernetes-int-or-string: true
3507 required:
3508 - port
3509 type: object
3510 type: object
3511 type: object
3512 livenessProbe:
3513 description: |-
3514 Periodic probe of container liveness.
3515 Container will be restarted if the probe fails.
3516 Cannot be updated.
3517 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
3518 properties:
3519 exec:
3520 description: Exec specifies the action
3521 to take.
3522 properties:
3523 command:
3524 description: |-
3525 Command is the command line to execute inside the container, the working directory for the
3526 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
3527 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
3528 a shell, you need to explicitly call out to that shell.
3529 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
3530 items:
3531 type: string
3532 type: array
3533 x-kubernetes-list-type: atomic
3534 type: object
3535 failureThreshold:
3536 description: |-
3537 Minimum consecutive failures for the probe to be considered failed after having succeeded.
3538 Defaults to 3. Minimum value is 1.
3539 format: int32
3540 type: integer
3541 grpc:
3542 description: GRPC specifies an action
3543 involving a GRPC port.
3544 properties:
3545 port:
3546 description: Port number of the gRPC
3547 service. Number must be in the range
3548 1 to 65535.
3549 format: int32
3550 type: integer
3551 service:
3552 description: |-
3553 Service is the name of the service to place in the gRPC HealthCheckRequest
3554 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
3555
3556
3557 If this is not specified, the default behavior is defined by gRPC.
3558 type: string
3559 required:
3560 - port
3561 type: object
3562 httpGet:
3563 description: HTTPGet specifies the http
3564 request to perform.
3565 properties:
3566 host:
3567 description: |-
3568 Host name to connect to, defaults to the pod IP. You probably want to set
3569 "Host" in httpHeaders instead.
3570 type: string
3571 httpHeaders:
3572 description: Custom headers to set
3573 in the request. HTTP allows repeated
3574 headers.
3575 items:
3576 description: HTTPHeader describes
3577 a custom header to be used in
3578 HTTP probes
3579 properties:
3580 name:
3581 description: |-
3582 The header field name.
3583 This will be canonicalized upon output, so case-variant names will be understood as the same header.
3584 type: string
3585 value:
3586 description: The header field
3587 value
3588 type: string
3589 required:
3590 - name
3591 - value
3592 type: object
3593 type: array
3594 x-kubernetes-list-type: atomic
3595 path:
3596 description: Path to access on the
3597 HTTP server.
3598 type: string
3599 port:
3600 anyOf:
3601 - type: integer
3602 - type: string
3603 description: |-
3604 Name or number of the port to access on the container.
3605 Number must be in the range 1 to 65535.
3606 Name must be an IANA_SVC_NAME.
3607 x-kubernetes-int-or-string: true
3608 scheme:
3609 description: |-
3610 Scheme to use for connecting to the host.
3611 Defaults to HTTP.
3612 type: string
3613 required:
3614 - port
3615 type: object
3616 initialDelaySeconds:
3617 description: |-
3618 Number of seconds after the container has started before liveness probes are initiated.
3619 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
3620 format: int32
3621 type: integer
3622 periodSeconds:
3623 description: |-
3624 How often (in seconds) to perform the probe.
3625 Default to 10 seconds. Minimum value is 1.
3626 format: int32
3627 type: integer
3628 successThreshold:
3629 description: |-
3630 Minimum consecutive successes for the probe to be considered successful after having failed.
3631 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
3632 format: int32
3633 type: integer
3634 tcpSocket:
3635 description: TCPSocket specifies an action
3636 involving a TCP port.
3637 properties:
3638 host:
3639 description: 'Optional: Host name
3640 to connect to, defaults to the pod
3641 IP.'
3642 type: string
3643 port:
3644 anyOf:
3645 - type: integer
3646 - type: string
3647 description: |-
3648 Number or name of the port to access on the container.
3649 Number must be in the range 1 to 65535.
3650 Name must be an IANA_SVC_NAME.
3651 x-kubernetes-int-or-string: true
3652 required:
3653 - port
3654 type: object
3655 terminationGracePeriodSeconds:
3656 description: |-
3657 Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
3658 The grace period is the duration in seconds after the processes running in the pod are sent
3659 a termination signal and the time when the processes are forcibly halted with a kill signal.
3660 Set this value longer than the expected cleanup time for your process.
3661 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
3662 value overrides the value provided by the pod spec.
3663 Value must be non-negative integer. The value zero indicates stop immediately via
3664 the kill signal (no opportunity to shut down).
3665 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
3666 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
3667 format: int64
3668 type: integer
3669 timeoutSeconds:
3670 description: |-
3671 Number of seconds after which the probe times out.
3672 Defaults to 1 second. Minimum value is 1.
3673 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
3674 format: int32
3675 type: integer
3676 type: object
3677 name:
3678 description: |-
3679 Name of the container specified as a DNS_LABEL.
3680 Each container in a pod must have a unique name (DNS_LABEL).
3681 Cannot be updated.
3682 type: string
3683 ports:
3684 description: |-
3685 List of ports to expose from the container. Not specifying a port here
3686 DOES NOT prevent that port from being exposed. Any port which is
3687 listening on the default "0.0.0.0" address inside a container will be
3688 accessible from the network.
3689 Modifying this array with strategic merge patch may corrupt the data.
3690 For more information See https://github.com/kubernetes/kubernetes/issues/108255.
3691 Cannot be updated.
3692 items:
3693 description: ContainerPort represents a
3694 network port in a single container.
3695 properties:
3696 containerPort:
3697 description: |-
3698 Number of port to expose on the pod's IP address.
3699 This must be a valid port number, 0 < x < 65536.
3700 format: int32
3701 type: integer
3702 hostIP:
3703 description: What host IP to bind the
3704 external port to.
3705 type: string
3706 hostPort:
3707 description: |-
3708 Number of port to expose on the host.
3709 If specified, this must be a valid port number, 0 < x < 65536.
3710 If HostNetwork is specified, this must match ContainerPort.
3711 Most containers do not need this.
3712 format: int32
3713 type: integer
3714 name:
3715 description: |-
3716 If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
3717 named port in a pod must have a unique name. Name for the port that can be
3718 referred to by services.
3719 type: string
3720 protocol:
3721 default: TCP
3722 description: |-
3723 Protocol for port. Must be UDP, TCP, or SCTP.
3724 Defaults to "TCP".
3725 type: string
3726 required:
3727 - containerPort
3728 type: object
3729 type: array
3730 x-kubernetes-list-map-keys:
3731 - containerPort
3732 - protocol
3733 x-kubernetes-list-type: map
3734 readinessProbe:
3735 description: |-
3736 Periodic probe of container service readiness.
3737 Container will be removed from service endpoints if the probe fails.
3738 Cannot be updated.
3739 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
3740 properties:
3741 exec:
3742 description: Exec specifies the action
3743 to take.
3744 properties:
3745 command:
3746 description: |-
3747 Command is the command line to execute inside the container, the working directory for the
3748 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
3749 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
3750 a shell, you need to explicitly call out to that shell.
3751 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
3752 items:
3753 type: string
3754 type: array
3755 x-kubernetes-list-type: atomic
3756 type: object
3757 failureThreshold:
3758 description: |-
3759 Minimum consecutive failures for the probe to be considered failed after having succeeded.
3760 Defaults to 3. Minimum value is 1.
3761 format: int32
3762 type: integer
3763 grpc:
3764 description: GRPC specifies an action
3765 involving a GRPC port.
3766 properties:
3767 port:
3768 description: Port number of the gRPC
3769 service. Number must be in the range
3770 1 to 65535.
3771 format: int32
3772 type: integer
3773 service:
3774 description: |-
3775 Service is the name of the service to place in the gRPC HealthCheckRequest
3776 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
3777
3778
3779 If this is not specified, the default behavior is defined by gRPC.
3780 type: string
3781 required:
3782 - port
3783 type: object
3784 httpGet:
3785 description: HTTPGet specifies the http
3786 request to perform.
3787 properties:
3788 host:
3789 description: |-
3790 Host name to connect to, defaults to the pod IP. You probably want to set
3791 "Host" in httpHeaders instead.
3792 type: string
3793 httpHeaders:
3794 description: Custom headers to set
3795 in the request. HTTP allows repeated
3796 headers.
3797 items:
3798 description: HTTPHeader describes
3799 a custom header to be used in
3800 HTTP probes
3801 properties:
3802 name:
3803 description: |-
3804 The header field name.
3805 This will be canonicalized upon output, so case-variant names will be understood as the same header.
3806 type: string
3807 value:
3808 description: The header field
3809 value
3810 type: string
3811 required:
3812 - name
3813 - value
3814 type: object
3815 type: array
3816 x-kubernetes-list-type: atomic
3817 path:
3818 description: Path to access on the
3819 HTTP server.
3820 type: string
3821 port:
3822 anyOf:
3823 - type: integer
3824 - type: string
3825 description: |-
3826 Name or number of the port to access on the container.
3827 Number must be in the range 1 to 65535.
3828 Name must be an IANA_SVC_NAME.
3829 x-kubernetes-int-or-string: true
3830 scheme:
3831 description: |-
3832 Scheme to use for connecting to the host.
3833 Defaults to HTTP.
3834 type: string
3835 required:
3836 - port
3837 type: object
3838 initialDelaySeconds:
3839 description: |-
3840 Number of seconds after the container has started before liveness probes are initiated.
3841 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
3842 format: int32
3843 type: integer
3844 periodSeconds:
3845 description: |-
3846 How often (in seconds) to perform the probe.
3847 Default to 10 seconds. Minimum value is 1.
3848 format: int32
3849 type: integer
3850 successThreshold:
3851 description: |-
3852 Minimum consecutive successes for the probe to be considered successful after having failed.
3853 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
3854 format: int32
3855 type: integer
3856 tcpSocket:
3857 description: TCPSocket specifies an action
3858 involving a TCP port.
3859 properties:
3860 host:
3861 description: 'Optional: Host name
3862 to connect to, defaults to the pod
3863 IP.'
3864 type: string
3865 port:
3866 anyOf:
3867 - type: integer
3868 - type: string
3869 description: |-
3870 Number or name of the port to access on the container.
3871 Number must be in the range 1 to 65535.
3872 Name must be an IANA_SVC_NAME.
3873 x-kubernetes-int-or-string: true
3874 required:
3875 - port
3876 type: object
3877 terminationGracePeriodSeconds:
3878 description: |-
3879 Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
3880 The grace period is the duration in seconds after the processes running in the pod are sent
3881 a termination signal and the time when the processes are forcibly halted with a kill signal.
3882 Set this value longer than the expected cleanup time for your process.
3883 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
3884 value overrides the value provided by the pod spec.
3885 Value must be non-negative integer. The value zero indicates stop immediately via
3886 the kill signal (no opportunity to shut down).
3887 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
3888 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
3889 format: int64
3890 type: integer
3891 timeoutSeconds:
3892 description: |-
3893 Number of seconds after which the probe times out.
3894 Defaults to 1 second. Minimum value is 1.
3895 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
3896 format: int32
3897 type: integer
3898 type: object
3899 resizePolicy:
3900 description: Resources resize policy for the
3901 container.
3902 items:
3903 description: ContainerResizePolicy represents
3904 resource resize policy for the container.
3905 properties:
3906 resourceName:
3907 description: |-
3908 Name of the resource to which this resource resize policy applies.
3909 Supported values: cpu, memory.
3910 type: string
3911 restartPolicy:
3912 description: |-
3913 Restart policy to apply when specified resource is resized.
3914 If not specified, it defaults to NotRequired.
3915 type: string
3916 required:
3917 - resourceName
3918 - restartPolicy
3919 type: object
3920 type: array
3921 x-kubernetes-list-type: atomic
3922 resources:
3923 description: |-
3924 Compute Resources required by this container.
3925 Cannot be updated.
3926 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
3927 properties:
3928 claims:
3929 description: |-
3930 Claims lists the names of resources, defined in spec.resourceClaims,
3931 that are used by this container.
3932
3933
3934 This is an alpha field and requires enabling the
3935 DynamicResourceAllocation feature gate.
3936
3937
3938 This field is immutable. It can only be set for containers.
3939 items:
3940 description: ResourceClaim references
3941 one entry in PodSpec.ResourceClaims.
3942 properties:
3943 name:
3944 description: |-
3945 Name must match the name of one entry in pod.spec.resourceClaims of
3946 the Pod where this field is used. It makes that resource available
3947 inside a container.
3948 type: string
3949 required:
3950 - name
3951 type: object
3952 type: array
3953 x-kubernetes-list-map-keys:
3954 - name
3955 x-kubernetes-list-type: map
3956 limits:
3957 additionalProperties:
3958 anyOf:
3959 - type: integer
3960 - type: string
3961 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
3962 x-kubernetes-int-or-string: true
3963 description: |-
3964 Limits describes the maximum amount of compute resources allowed.
3965 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
3966 type: object
3967 requests:
3968 additionalProperties:
3969 anyOf:
3970 - type: integer
3971 - type: string
3972 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
3973 x-kubernetes-int-or-string: true
3974 description: |-
3975 Requests describes the minimum amount of compute resources required.
3976 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
3977 otherwise to an implementation-defined value. Requests cannot exceed Limits.
3978 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
3979 type: object
3980 type: object
3981 restartPolicy:
3982 description: |-
3983 RestartPolicy defines the restart behavior of individual containers in a pod.
3984 This field may only be set for init containers, and the only allowed value is "Always".
3985 For non-init containers or when this field is not specified,
3986 the restart behavior is defined by the Pod's restart policy and the container type.
3987 Setting the RestartPolicy as "Always" for the init container will have the following effect:
3988 this init container will be continually restarted on
3989 exit until all regular containers have terminated. Once all regular
3990 containers have completed, all init containers with restartPolicy "Always"
3991 will be shut down. This lifecycle differs from normal init containers and
3992 is often referred to as a "sidecar" container. Although this init
3993 container still starts in the init container sequence, it does not wait
3994 for the container to complete before proceeding to the next init
3995 container. Instead, the next init container starts immediately after this
3996 init container is started, or after any startupProbe has successfully
3997 completed.
3998 type: string
3999 securityContext:
4000 description: |-
4001 SecurityContext defines the security options the container should be run with.
4002 If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
4003 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
4004 properties:
4005 allowPrivilegeEscalation:
4006 description: |-
4007 AllowPrivilegeEscalation controls whether a process can gain more
4008 privileges than its parent process. This bool directly controls if
4009 the no_new_privs flag will be set on the container process.
4010 AllowPrivilegeEscalation is true always when the container is:
4011 1) run as Privileged
4012 2) has CAP_SYS_ADMIN
4013 Note that this field cannot be set when spec.os.name is windows.
4014 type: boolean
4015 appArmorProfile:
4016 description: |-
4017 appArmorProfile is the AppArmor options to use by this container. If set, this profile
4018 overrides the pod's appArmorProfile.
4019 Note that this field cannot be set when spec.os.name is windows.
4020 properties:
4021 localhostProfile:
4022 description: |-
4023 localhostProfile indicates a profile loaded on the node that should be used.
4024 The profile must be preconfigured on the node to work.
4025 Must match the loaded name of the profile.
4026 Must be set if and only if type is "Localhost".
4027 type: string
4028 type:
4029 description: |-
4030 type indicates which kind of AppArmor profile will be applied.
4031 Valid options are:
4032 Localhost - a profile pre-loaded on the node.
4033 RuntimeDefault - the container runtime's default profile.
4034 Unconfined - no AppArmor enforcement.
4035 type: string
4036 required:
4037 - type
4038 type: object
4039 capabilities:
4040 description: |-
4041 The capabilities to add/drop when running containers.
4042 Defaults to the default set of capabilities granted by the container runtime.
4043 Note that this field cannot be set when spec.os.name is windows.
4044 properties:
4045 add:
4046 description: Added capabilities
4047 items:
4048 description: Capability represent
4049 POSIX capabilities type
4050 type: string
4051 type: array
4052 x-kubernetes-list-type: atomic
4053 drop:
4054 description: Removed capabilities
4055 items:
4056 description: Capability represent
4057 POSIX capabilities type
4058 type: string
4059 type: array
4060 x-kubernetes-list-type: atomic
4061 type: object
4062 privileged:
4063 description: |-
4064 Run container in privileged mode.
4065 Processes in privileged containers are essentially equivalent to root on the host.
4066 Defaults to false.
4067 Note that this field cannot be set when spec.os.name is windows.
4068 type: boolean
4069 procMount:
4070 description: |-
4071 procMount denotes the type of proc mount to use for the containers.
4072 The default is DefaultProcMount which uses the container runtime defaults for
4073 readonly paths and masked paths.
4074 This requires the ProcMountType feature flag to be enabled.
4075 Note that this field cannot be set when spec.os.name is windows.
4076 type: string
4077 readOnlyRootFilesystem:
4078 description: |-
4079 Whether this container has a read-only root filesystem.
4080 Default is false.
4081 Note that this field cannot be set when spec.os.name is windows.
4082 type: boolean
4083 runAsGroup:
4084 description: |-
4085 The GID to run the entrypoint of the container process.
4086 Uses runtime default if unset.
4087 May also be set in PodSecurityContext. If set in both SecurityContext and
4088 PodSecurityContext, the value specified in SecurityContext takes precedence.
4089 Note that this field cannot be set when spec.os.name is windows.
4090 format: int64
4091 type: integer
4092 runAsNonRoot:
4093 description: |-
4094 Indicates that the container must run as a non-root user.
4095 If true, the Kubelet will validate the image at runtime to ensure that it
4096 does not run as UID 0 (root) and fail to start the container if it does.
4097 If unset or false, no such validation will be performed.
4098 May also be set in PodSecurityContext. If set in both SecurityContext and
4099 PodSecurityContext, the value specified in SecurityContext takes precedence.
4100 type: boolean
4101 runAsUser:
4102 description: |-
4103 The UID to run the entrypoint of the container process.
4104 Defaults to user specified in image metadata if unspecified.
4105 May also be set in PodSecurityContext. If set in both SecurityContext and
4106 PodSecurityContext, the value specified in SecurityContext takes precedence.
4107 Note that this field cannot be set when spec.os.name is windows.
4108 format: int64
4109 type: integer
4110 seLinuxOptions:
4111 description: |-
4112 The SELinux context to be applied to the container.
4113 If unspecified, the container runtime will allocate a random SELinux context for each
4114 container. May also be set in PodSecurityContext. If set in both SecurityContext and
4115 PodSecurityContext, the value specified in SecurityContext takes precedence.
4116 Note that this field cannot be set when spec.os.name is windows.
4117 properties:
4118 level:
4119 description: Level is SELinux level
4120 label that applies to the container.
4121 type: string
4122 role:
4123 description: Role is a SELinux role
4124 label that applies to the container.
4125 type: string
4126 type:
4127 description: Type is a SELinux type
4128 label that applies to the container.
4129 type: string
4130 user:
4131 description: User is a SELinux user
4132 label that applies to the container.
4133 type: string
4134 type: object
4135 seccompProfile:
4136 description: |-
4137 The seccomp options to use by this container. If seccomp options are
4138 provided at both the pod & container level, the container options
4139 override the pod options.
4140 Note that this field cannot be set when spec.os.name is windows.
4141 properties:
4142 localhostProfile:
4143 description: |-
4144 localhostProfile indicates a profile defined in a file on the node should be used.
4145 The profile must be preconfigured on the node to work.
4146 Must be a descending path, relative to the kubelet's configured seccomp profile location.
4147 Must be set if type is "Localhost". Must NOT be set for any other type.
4148 type: string
4149 type:
4150 description: |-
4151 type indicates which kind of seccomp profile will be applied.
4152 Valid options are:
4153
4154
4155 Localhost - a profile defined in a file on the node should be used.
4156 RuntimeDefault - the container runtime default profile should be used.
4157 Unconfined - no profile should be applied.
4158 type: string
4159 required:
4160 - type
4161 type: object
4162 windowsOptions:
4163 description: |-
4164 The Windows specific settings applied to all containers.
4165 If unspecified, the options from the PodSecurityContext will be used.
4166 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
4167 Note that this field cannot be set when spec.os.name is linux.
4168 properties:
4169 gmsaCredentialSpec:
4170 description: |-
4171 GMSACredentialSpec is where the GMSA admission webhook
4172 (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
4173 GMSA credential spec named by the GMSACredentialSpecName field.
4174 type: string
4175 gmsaCredentialSpecName:
4176 description: GMSACredentialSpecName
4177 is the name of the GMSA credential
4178 spec to use.
4179 type: string
4180 hostProcess:
4181 description: |-
4182 HostProcess determines if a container should be run as a 'Host Process' container.
4183 All of a Pod's containers must have the same effective HostProcess value
4184 (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
4185 In addition, if HostProcess is true then HostNetwork must also be set to true.
4186 type: boolean
4187 runAsUserName:
4188 description: |-
4189 The UserName in Windows to run the entrypoint of the container process.
4190 Defaults to the user specified in image metadata if unspecified.
4191 May also be set in PodSecurityContext. If set in both SecurityContext and
4192 PodSecurityContext, the value specified in SecurityContext takes precedence.
4193 type: string
4194 type: object
4195 type: object
4196 startupProbe:
4197 description: |-
4198 StartupProbe indicates that the Pod has successfully initialized.
4199 If specified, no other probes are executed until this completes successfully.
4200 If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
4201 This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
4202 when it might take a long time to load data or warm a cache, than during steady-state operation.
4203 This cannot be updated.
4204 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
4205 properties:
4206 exec:
4207 description: Exec specifies the action
4208 to take.
4209 properties:
4210 command:
4211 description: |-
4212 Command is the command line to execute inside the container, the working directory for the
4213 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
4214 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
4215 a shell, you need to explicitly call out to that shell.
4216 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
4217 items:
4218 type: string
4219 type: array
4220 x-kubernetes-list-type: atomic
4221 type: object
4222 failureThreshold:
4223 description: |-
4224 Minimum consecutive failures for the probe to be considered failed after having succeeded.
4225 Defaults to 3. Minimum value is 1.
4226 format: int32
4227 type: integer
4228 grpc:
4229 description: GRPC specifies an action
4230 involving a GRPC port.
4231 properties:
4232 port:
4233 description: Port number of the gRPC
4234 service. Number must be in the range
4235 1 to 65535.
4236 format: int32
4237 type: integer
4238 service:
4239 description: |-
4240 Service is the name of the service to place in the gRPC HealthCheckRequest
4241 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
4242
4243
4244 If this is not specified, the default behavior is defined by gRPC.
4245 type: string
4246 required:
4247 - port
4248 type: object
4249 httpGet:
4250 description: HTTPGet specifies the http
4251 request to perform.
4252 properties:
4253 host:
4254 description: |-
4255 Host name to connect to, defaults to the pod IP. You probably want to set
4256 "Host" in httpHeaders instead.
4257 type: string
4258 httpHeaders:
4259 description: Custom headers to set
4260 in the request. HTTP allows repeated
4261 headers.
4262 items:
4263 description: HTTPHeader describes
4264 a custom header to be used in
4265 HTTP probes
4266 properties:
4267 name:
4268 description: |-
4269 The header field name.
4270 This will be canonicalized upon output, so case-variant names will be understood as the same header.
4271 type: string
4272 value:
4273 description: The header field
4274 value
4275 type: string
4276 required:
4277 - name
4278 - value
4279 type: object
4280 type: array
4281 x-kubernetes-list-type: atomic
4282 path:
4283 description: Path to access on the
4284 HTTP server.
4285 type: string
4286 port:
4287 anyOf:
4288 - type: integer
4289 - type: string
4290 description: |-
4291 Name or number of the port to access on the container.
4292 Number must be in the range 1 to 65535.
4293 Name must be an IANA_SVC_NAME.
4294 x-kubernetes-int-or-string: true
4295 scheme:
4296 description: |-
4297 Scheme to use for connecting to the host.
4298 Defaults to HTTP.
4299 type: string
4300 required:
4301 - port
4302 type: object
4303 initialDelaySeconds:
4304 description: |-
4305 Number of seconds after the container has started before liveness probes are initiated.
4306 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
4307 format: int32
4308 type: integer
4309 periodSeconds:
4310 description: |-
4311 How often (in seconds) to perform the probe.
4312 Default to 10 seconds. Minimum value is 1.
4313 format: int32
4314 type: integer
4315 successThreshold:
4316 description: |-
4317 Minimum consecutive successes for the probe to be considered successful after having failed.
4318 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
4319 format: int32
4320 type: integer
4321 tcpSocket:
4322 description: TCPSocket specifies an action
4323 involving a TCP port.
4324 properties:
4325 host:
4326 description: 'Optional: Host name
4327 to connect to, defaults to the pod
4328 IP.'
4329 type: string
4330 port:
4331 anyOf:
4332 - type: integer
4333 - type: string
4334 description: |-
4335 Number or name of the port to access on the container.
4336 Number must be in the range 1 to 65535.
4337 Name must be an IANA_SVC_NAME.
4338 x-kubernetes-int-or-string: true
4339 required:
4340 - port
4341 type: object
4342 terminationGracePeriodSeconds:
4343 description: |-
4344 Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
4345 The grace period is the duration in seconds after the processes running in the pod are sent
4346 a termination signal and the time when the processes are forcibly halted with a kill signal.
4347 Set this value longer than the expected cleanup time for your process.
4348 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
4349 value overrides the value provided by the pod spec.
4350 Value must be non-negative integer. The value zero indicates stop immediately via
4351 the kill signal (no opportunity to shut down).
4352 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
4353 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
4354 format: int64
4355 type: integer
4356 timeoutSeconds:
4357 description: |-
4358 Number of seconds after which the probe times out.
4359 Defaults to 1 second. Minimum value is 1.
4360 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
4361 format: int32
4362 type: integer
4363 type: object
4364 stdin:
4365 description: |-
4366 Whether this container should allocate a buffer for stdin in the container runtime. If this
4367 is not set, reads from stdin in the container will always result in EOF.
4368 Default is false.
4369 type: boolean
4370 stdinOnce:
4371 description: |-
4372 Whether the container runtime should close the stdin channel after it has been opened by
4373 a single attach. When stdin is true the stdin stream will remain open across multiple attach
4374 sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
4375 first client attaches to stdin, and then remains open and accepts data until the client disconnects,
4376 at which time stdin is closed and remains closed until the container is restarted. If this
4377 flag is false, a container processes that reads from stdin will never receive an EOF.
4378 Default is false
4379 type: boolean
4380 terminationMessagePath:
4381 description: |-
4382 Optional: Path at which the file to which the container's termination message
4383 will be written is mounted into the container's filesystem.
4384 Message written is intended to be brief final status, such as an assertion failure message.
4385 Will be truncated by the node if greater than 4096 bytes. The total message length across
4386 all containers will be limited to 12kb.
4387 Defaults to /dev/termination-log.
4388 Cannot be updated.
4389 type: string
4390 terminationMessagePolicy:
4391 description: |-
4392 Indicate how the termination message should be populated. File will use the contents of
4393 terminationMessagePath to populate the container status message on both success and failure.
4394 FallbackToLogsOnError will use the last chunk of container log output if the termination
4395 message file is empty and the container exited with an error.
4396 The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
4397 Defaults to File.
4398 Cannot be updated.
4399 type: string
4400 tty:
4401 description: |-
4402 Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
4403 Default is false.
4404 type: boolean
4405 volumeDevices:
4406 description: volumeDevices is the list of
4407 block devices to be used by the container.
4408 items:
4409 description: volumeDevice describes a mapping
4410 of a raw block device within a container.
4411 properties:
4412 devicePath:
4413 description: devicePath is the path
4414 inside of the container that the device
4415 will be mapped to.
4416 type: string
4417 name:
4418 description: name must match the name
4419 of a persistentVolumeClaim in the
4420 pod
4421 type: string
4422 required:
4423 - devicePath
4424 - name
4425 type: object
4426 type: array
4427 x-kubernetes-list-map-keys:
4428 - devicePath
4429 x-kubernetes-list-type: map
4430 volumeMounts:
4431 description: |-
4432 Pod volumes to mount into the container's filesystem.
4433 Cannot be updated.
4434 items:
4435 description: VolumeMount describes a mounting
4436 of a Volume within a container.
4437 properties:
4438 mountPath:
4439 description: |-
4440 Path within the container at which the volume should be mounted. Must
4441 not contain ':'.
4442 type: string
4443 mountPropagation:
4444 description: |-
4445 mountPropagation determines how mounts are propagated from the host
4446 to container and the other way around.
4447 When not set, MountPropagationNone is used.
4448 This field is beta in 1.10.
4449 When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
4450 (which defaults to None).
4451 type: string
4452 name:
4453 description: This must match the Name
4454 of a Volume.
4455 type: string
4456 readOnly:
4457 description: |-
4458 Mounted read-only if true, read-write otherwise (false or unspecified).
4459 Defaults to false.
4460 type: boolean
4461 recursiveReadOnly:
4462 description: |-
4463 RecursiveReadOnly specifies whether read-only mounts should be handled
4464 recursively.
4465
4466
4467 If ReadOnly is false, this field has no meaning and must be unspecified.
4468
4469
4470 If ReadOnly is true, and this field is set to Disabled, the mount is not made
4471 recursively read-only. If this field is set to IfPossible, the mount is made
4472 recursively read-only, if it is supported by the container runtime. If this
4473 field is set to Enabled, the mount is made recursively read-only if it is
4474 supported by the container runtime, otherwise the pod will not be started and
4475 an error will be generated to indicate the reason.
4476
4477
4478 If this field is set to IfPossible or Enabled, MountPropagation must be set to
4479 None (or be unspecified, which defaults to None).
4480
4481
4482 If this field is not specified, it is treated as an equivalent of Disabled.
4483 type: string
4484 subPath:
4485 description: |-
4486 Path within the volume from which the container's volume should be mounted.
4487 Defaults to "" (volume's root).
4488 type: string
4489 subPathExpr:
4490 description: |-
4491 Expanded path within the volume from which the container's volume should be mounted.
4492 Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
4493 Defaults to "" (volume's root).
4494 SubPathExpr and SubPath are mutually exclusive.
4495 type: string
4496 required:
4497 - mountPath
4498 - name
4499 type: object
4500 type: array
4501 x-kubernetes-list-map-keys:
4502 - mountPath
4503 x-kubernetes-list-type: map
4504 workingDir:
4505 description: |-
4506 Container's working directory.
4507 If not specified, the container runtime's default will be used, which
4508 might be configured in the container image.
4509 Cannot be updated.
4510 type: string
4511 required:
4512 - name
4513 type: object
4514 type: array
4515 x-kubernetes-list-map-keys:
4516 - name
4517 x-kubernetes-list-type: map
4518 dnsConfig:
4519 description: |-
4520 Specifies the DNS parameters of a pod.
4521 Parameters specified here will be merged to the generated DNS
4522 configuration based on DNSPolicy.
4523 properties:
4524 nameservers:
4525 description: |-
4526 A list of DNS name server IP addresses.
4527 This will be appended to the base nameservers generated from DNSPolicy.
4528 Duplicated nameservers will be removed.
4529 items:
4530 type: string
4531 type: array
4532 x-kubernetes-list-type: atomic
4533 options:
4534 description: |-
4535 A list of DNS resolver options.
4536 This will be merged with the base options generated from DNSPolicy.
4537 Duplicated entries will be removed. Resolution options given in Options
4538 will override those that appear in the base DNSPolicy.
4539 items:
4540 description: PodDNSConfigOption defines DNS
4541 resolver options of a pod.
4542 properties:
4543 name:
4544 description: Required.
4545 type: string
4546 value:
4547 type: string
4548 type: object
4549 type: array
4550 x-kubernetes-list-type: atomic
4551 searches:
4552 description: |-
4553 A list of DNS search domains for host-name lookup.
4554 This will be appended to the base search paths generated from DNSPolicy.
4555 Duplicated search paths will be removed.
4556 items:
4557 type: string
4558 type: array
4559 x-kubernetes-list-type: atomic
4560 type: object
4561 dnsPolicy:
4562 description: |-
4563 Set DNS policy for the pod.
4564 Defaults to "ClusterFirst".
4565 Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.
4566 DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.
4567 To have DNS options set along with hostNetwork, you have to specify DNS policy
4568 explicitly to 'ClusterFirstWithHostNet'.
4569 type: string
4570 enableServiceLinks:
4571 description: |-
4572 EnableServiceLinks indicates whether information about services should be injected into pod's
4573 environment variables, matching the syntax of Docker links.
4574 Optional: Defaults to true.
4575 type: boolean
4576 ephemeralContainers:
4577 description: |-
4578 List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing
4579 pod to perform user-initiated actions such as debugging. This list cannot be specified when
4580 creating a pod, and it cannot be modified by updating the pod spec. In order to add an
4581 ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
4582 items:
4583 description: |-
4584 An EphemeralContainer is a temporary container that you may add to an existing Pod for
4585 user-initiated activities such as debugging. Ephemeral containers have no resource or
4586 scheduling guarantees, and they will not be restarted when they exit or when a Pod is
4587 removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the
4588 Pod to exceed its resource allocation.
4589
4590
4591 To add an ephemeral container, use the ephemeralcontainers subresource of an existing
4592 Pod. Ephemeral containers may not be removed or restarted.
4593 properties:
4594 args:
4595 description: |-
4596 Arguments to the entrypoint.
4597 The image's CMD is used if this is not provided.
4598 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
4599 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
4600 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
4601 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
4602 of whether the variable exists or not. Cannot be updated.
4603 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
4604 items:
4605 type: string
4606 type: array
4607 x-kubernetes-list-type: atomic
4608 command:
4609 description: |-
4610 Entrypoint array. Not executed within a shell.
4611 The image's ENTRYPOINT is used if this is not provided.
4612 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
4613 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
4614 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
4615 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
4616 of whether the variable exists or not. Cannot be updated.
4617 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
4618 items:
4619 type: string
4620 type: array
4621 x-kubernetes-list-type: atomic
4622 env:
4623 description: |-
4624 List of environment variables to set in the container.
4625 Cannot be updated.
4626 items:
4627 description: EnvVar represents an environment
4628 variable present in a Container.
4629 properties:
4630 name:
4631 description: Name of the environment
4632 variable. Must be a C_IDENTIFIER.
4633 type: string
4634 value:
4635 description: |-
4636 Variable references $(VAR_NAME) are expanded
4637 using the previously defined environment variables in the container and
4638 any service environment variables. If a variable cannot be resolved,
4639 the reference in the input string will be unchanged. Double $$ are reduced
4640 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
4641 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
4642 Escaped references will never be expanded, regardless of whether the variable
4643 exists or not.
4644 Defaults to "".
4645 type: string
4646 valueFrom:
4647 description: Source for the environment
4648 variable's value. Cannot be used if
4649 value is not empty.
4650 properties:
4651 configMapKeyRef:
4652 description: Selects a key of a
4653 ConfigMap.
4654 properties:
4655 key:
4656 description: The key to select.
4657 type: string
4658 name:
4659 default: ""
4660 description: |-
4661 Name of the referent.
4662 This field is effectively required, but due to backwards compatibility is
4663 allowed to be empty. Instances of this type with an empty value here are
4664 almost certainly wrong.
4665 TODO: Add other useful fields. apiVersion, kind, uid?
4666 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
4667 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
4668 type: string
4669 optional:
4670 description: Specify whether
4671 the ConfigMap or its key must
4672 be defined
4673 type: boolean
4674 required:
4675 - key
4676 type: object
4677 x-kubernetes-map-type: atomic
4678 fieldRef:
4679 description: |-
4680 Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
4681 spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
4682 properties:
4683 apiVersion:
4684 description: Version of the
4685 schema the FieldPath is written
4686 in terms of, defaults to "v1".
4687 type: string
4688 fieldPath:
4689 description: Path of the field
4690 to select in the specified
4691 API version.
4692 type: string
4693 required:
4694 - fieldPath
4695 type: object
4696 x-kubernetes-map-type: atomic
4697 resourceFieldRef:
4698 description: |-
4699 Selects a resource of the container: only resources limits and requests
4700 (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
4701 properties:
4702 containerName:
4703 description: 'Container name:
4704 required for volumes, optional
4705 for env vars'
4706 type: string
4707 divisor:
4708 anyOf:
4709 - type: integer
4710 - type: string
4711 description: Specifies the output
4712 format of the exposed resources,
4713 defaults to "1"
4714 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
4715 x-kubernetes-int-or-string: true
4716 resource:
4717 description: 'Required: resource
4718 to select'
4719 type: string
4720 required:
4721 - resource
4722 type: object
4723 x-kubernetes-map-type: atomic
4724 secretKeyRef:
4725 description: Selects a key of a
4726 secret in the pod's namespace
4727 properties:
4728 key:
4729 description: The key of the
4730 secret to select from. Must
4731 be a valid secret key.
4732 type: string
4733 name:
4734 default: ""
4735 description: |-
4736 Name of the referent.
4737 This field is effectively required, but due to backwards compatibility is
4738 allowed to be empty. Instances of this type with an empty value here are
4739 almost certainly wrong.
4740 TODO: Add other useful fields. apiVersion, kind, uid?
4741 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
4742 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
4743 type: string
4744 optional:
4745 description: Specify whether
4746 the Secret or its key must
4747 be defined
4748 type: boolean
4749 required:
4750 - key
4751 type: object
4752 x-kubernetes-map-type: atomic
4753 type: object
4754 required:
4755 - name
4756 type: object
4757 type: array
4758 x-kubernetes-list-map-keys:
4759 - name
4760 x-kubernetes-list-type: map
4761 envFrom:
4762 description: |-
4763 List of sources to populate environment variables in the container.
4764 The keys defined within a source must be a C_IDENTIFIER. All invalid keys
4765 will be reported as an event when the container is starting. When a key exists in multiple
4766 sources, the value associated with the last source will take precedence.
4767 Values defined by an Env with a duplicate key will take precedence.
4768 Cannot be updated.
4769 items:
4770 description: EnvFromSource represents the
4771 source of a set of ConfigMaps
4772 properties:
4773 configMapRef:
4774 description: The ConfigMap to select
4775 from
4776 properties:
4777 name:
4778 default: ""
4779 description: |-
4780 Name of the referent.
4781 This field is effectively required, but due to backwards compatibility is
4782 allowed to be empty. Instances of this type with an empty value here are
4783 almost certainly wrong.
4784 TODO: Add other useful fields. apiVersion, kind, uid?
4785 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
4786 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
4787 type: string
4788 optional:
4789 description: Specify whether the
4790 ConfigMap must be defined
4791 type: boolean
4792 type: object
4793 x-kubernetes-map-type: atomic
4794 prefix:
4795 description: An optional identifier
4796 to prepend to each key in the ConfigMap.
4797 Must be a C_IDENTIFIER.
4798 type: string
4799 secretRef:
4800 description: The Secret to select from
4801 properties:
4802 name:
4803 default: ""
4804 description: |-
4805 Name of the referent.
4806 This field is effectively required, but due to backwards compatibility is
4807 allowed to be empty. Instances of this type with an empty value here are
4808 almost certainly wrong.
4809 TODO: Add other useful fields. apiVersion, kind, uid?
4810 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
4811 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
4812 type: string
4813 optional:
4814 description: Specify whether the
4815 Secret must be defined
4816 type: boolean
4817 type: object
4818 x-kubernetes-map-type: atomic
4819 type: object
4820 type: array
4821 x-kubernetes-list-type: atomic
4822 image:
4823 description: |-
4824 Container image name.
4825 More info: https://kubernetes.io/docs/concepts/containers/images
4826 type: string
4827 imagePullPolicy:
4828 description: |-
4829 Image pull policy.
4830 One of Always, Never, IfNotPresent.
4831 Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
4832 Cannot be updated.
4833 More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
4834 type: string
4835 lifecycle:
4836 description: Lifecycle is not allowed for
4837 ephemeral containers.
4838 properties:
4839 postStart:
4840 description: |-
4841 PostStart is called immediately after a container is created. If the handler fails,
4842 the container is terminated and restarted according to its restart policy.
4843 Other management of the container blocks until the hook completes.
4844 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
4845 properties:
4846 exec:
4847 description: Exec specifies the action
4848 to take.
4849 properties:
4850 command:
4851 description: |-
4852 Command is the command line to execute inside the container, the working directory for the
4853 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
4854 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
4855 a shell, you need to explicitly call out to that shell.
4856 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
4857 items:
4858 type: string
4859 type: array
4860 x-kubernetes-list-type: atomic
4861 type: object
4862 httpGet:
4863 description: HTTPGet specifies the
4864 http request to perform.
4865 properties:
4866 host:
4867 description: |-
4868 Host name to connect to, defaults to the pod IP. You probably want to set
4869 "Host" in httpHeaders instead.
4870 type: string
4871 httpHeaders:
4872 description: Custom headers to
4873 set in the request. HTTP allows
4874 repeated headers.
4875 items:
4876 description: HTTPHeader describes
4877 a custom header to be used
4878 in HTTP probes
4879 properties:
4880 name:
4881 description: |-
4882 The header field name.
4883 This will be canonicalized upon output, so case-variant names will be understood as the same header.
4884 type: string
4885 value:
4886 description: The header
4887 field value
4888 type: string
4889 required:
4890 - name
4891 - value
4892 type: object
4893 type: array
4894 x-kubernetes-list-type: atomic
4895 path:
4896 description: Path to access on
4897 the HTTP server.
4898 type: string
4899 port:
4900 anyOf:
4901 - type: integer
4902 - type: string
4903 description: |-
4904 Name or number of the port to access on the container.
4905 Number must be in the range 1 to 65535.
4906 Name must be an IANA_SVC_NAME.
4907 x-kubernetes-int-or-string: true
4908 scheme:
4909 description: |-
4910 Scheme to use for connecting to the host.
4911 Defaults to HTTP.
4912 type: string
4913 required:
4914 - port
4915 type: object
4916 sleep:
4917 description: Sleep represents the
4918 duration that the container should
4919 sleep before being terminated.
4920 properties:
4921 seconds:
4922 description: Seconds is the number
4923 of seconds to sleep.
4924 format: int64
4925 type: integer
4926 required:
4927 - seconds
4928 type: object
4929 tcpSocket:
4930 description: |-
4931 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
4932 for the backward compatibility. There are no validation of this field and
4933 lifecycle hooks will fail in runtime when tcp handler is specified.
4934 properties:
4935 host:
4936 description: 'Optional: Host name
4937 to connect to, defaults to the
4938 pod IP.'
4939 type: string
4940 port:
4941 anyOf:
4942 - type: integer
4943 - type: string
4944 description: |-
4945 Number or name of the port to access on the container.
4946 Number must be in the range 1 to 65535.
4947 Name must be an IANA_SVC_NAME.
4948 x-kubernetes-int-or-string: true
4949 required:
4950 - port
4951 type: object
4952 type: object
4953 preStop:
4954 description: |-
4955 PreStop is called immediately before a container is terminated due to an
4956 API request or management event such as liveness/startup probe failure,
4957 preemption, resource contention, etc. The handler is not called if the
4958 container crashes or exits. The Pod's termination grace period countdown begins before the
4959 PreStop hook is executed. Regardless of the outcome of the handler, the
4960 container will eventually terminate within the Pod's termination grace
4961 period (unless delayed by finalizers). Other management of the container blocks until the hook completes
4962 or until the termination grace period is reached.
4963 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
4964 properties:
4965 exec:
4966 description: Exec specifies the action
4967 to take.
4968 properties:
4969 command:
4970 description: |-
4971 Command is the command line to execute inside the container, the working directory for the
4972 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
4973 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
4974 a shell, you need to explicitly call out to that shell.
4975 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
4976 items:
4977 type: string
4978 type: array
4979 x-kubernetes-list-type: atomic
4980 type: object
4981 httpGet:
4982 description: HTTPGet specifies the
4983 http request to perform.
4984 properties:
4985 host:
4986 description: |-
4987 Host name to connect to, defaults to the pod IP. You probably want to set
4988 "Host" in httpHeaders instead.
4989 type: string
4990 httpHeaders:
4991 description: Custom headers to
4992 set in the request. HTTP allows
4993 repeated headers.
4994 items:
4995 description: HTTPHeader describes
4996 a custom header to be used
4997 in HTTP probes
4998 properties:
4999 name:
5000 description: |-
5001 The header field name.
5002 This will be canonicalized upon output, so case-variant names will be understood as the same header.
5003 type: string
5004 value:
5005 description: The header
5006 field value
5007 type: string
5008 required:
5009 - name
5010 - value
5011 type: object
5012 type: array
5013 x-kubernetes-list-type: atomic
5014 path:
5015 description: Path to access on
5016 the HTTP server.
5017 type: string
5018 port:
5019 anyOf:
5020 - type: integer
5021 - type: string
5022 description: |-
5023 Name or number of the port to access on the container.
5024 Number must be in the range 1 to 65535.
5025 Name must be an IANA_SVC_NAME.
5026 x-kubernetes-int-or-string: true
5027 scheme:
5028 description: |-
5029 Scheme to use for connecting to the host.
5030 Defaults to HTTP.
5031 type: string
5032 required:
5033 - port
5034 type: object
5035 sleep:
5036 description: Sleep represents the
5037 duration that the container should
5038 sleep before being terminated.
5039 properties:
5040 seconds:
5041 description: Seconds is the number
5042 of seconds to sleep.
5043 format: int64
5044 type: integer
5045 required:
5046 - seconds
5047 type: object
5048 tcpSocket:
5049 description: |-
5050 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
5051 for the backward compatibility. There are no validation of this field and
5052 lifecycle hooks will fail in runtime when tcp handler is specified.
5053 properties:
5054 host:
5055 description: 'Optional: Host name
5056 to connect to, defaults to the
5057 pod IP.'
5058 type: string
5059 port:
5060 anyOf:
5061 - type: integer
5062 - type: string
5063 description: |-
5064 Number or name of the port to access on the container.
5065 Number must be in the range 1 to 65535.
5066 Name must be an IANA_SVC_NAME.
5067 x-kubernetes-int-or-string: true
5068 required:
5069 - port
5070 type: object
5071 type: object
5072 type: object
5073 livenessProbe:
5074 description: Probes are not allowed for ephemeral
5075 containers.
5076 properties:
5077 exec:
5078 description: Exec specifies the action
5079 to take.
5080 properties:
5081 command:
5082 description: |-
5083 Command is the command line to execute inside the container, the working directory for the
5084 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
5085 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
5086 a shell, you need to explicitly call out to that shell.
5087 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
5088 items:
5089 type: string
5090 type: array
5091 x-kubernetes-list-type: atomic
5092 type: object
5093 failureThreshold:
5094 description: |-
5095 Minimum consecutive failures for the probe to be considered failed after having succeeded.
5096 Defaults to 3. Minimum value is 1.
5097 format: int32
5098 type: integer
5099 grpc:
5100 description: GRPC specifies an action
5101 involving a GRPC port.
5102 properties:
5103 port:
5104 description: Port number of the gRPC
5105 service. Number must be in the range
5106 1 to 65535.
5107 format: int32
5108 type: integer
5109 service:
5110 description: |-
5111 Service is the name of the service to place in the gRPC HealthCheckRequest
5112 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
5113
5114
5115 If this is not specified, the default behavior is defined by gRPC.
5116 type: string
5117 required:
5118 - port
5119 type: object
5120 httpGet:
5121 description: HTTPGet specifies the http
5122 request to perform.
5123 properties:
5124 host:
5125 description: |-
5126 Host name to connect to, defaults to the pod IP. You probably want to set
5127 "Host" in httpHeaders instead.
5128 type: string
5129 httpHeaders:
5130 description: Custom headers to set
5131 in the request. HTTP allows repeated
5132 headers.
5133 items:
5134 description: HTTPHeader describes
5135 a custom header to be used in
5136 HTTP probes
5137 properties:
5138 name:
5139 description: |-
5140 The header field name.
5141 This will be canonicalized upon output, so case-variant names will be understood as the same header.
5142 type: string
5143 value:
5144 description: The header field
5145 value
5146 type: string
5147 required:
5148 - name
5149 - value
5150 type: object
5151 type: array
5152 x-kubernetes-list-type: atomic
5153 path:
5154 description: Path to access on the
5155 HTTP server.
5156 type: string
5157 port:
5158 anyOf:
5159 - type: integer
5160 - type: string
5161 description: |-
5162 Name or number of the port to access on the container.
5163 Number must be in the range 1 to 65535.
5164 Name must be an IANA_SVC_NAME.
5165 x-kubernetes-int-or-string: true
5166 scheme:
5167 description: |-
5168 Scheme to use for connecting to the host.
5169 Defaults to HTTP.
5170 type: string
5171 required:
5172 - port
5173 type: object
5174 initialDelaySeconds:
5175 description: |-
5176 Number of seconds after the container has started before liveness probes are initiated.
5177 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
5178 format: int32
5179 type: integer
5180 periodSeconds:
5181 description: |-
5182 How often (in seconds) to perform the probe.
5183 Default to 10 seconds. Minimum value is 1.
5184 format: int32
5185 type: integer
5186 successThreshold:
5187 description: |-
5188 Minimum consecutive successes for the probe to be considered successful after having failed.
5189 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
5190 format: int32
5191 type: integer
5192 tcpSocket:
5193 description: TCPSocket specifies an action
5194 involving a TCP port.
5195 properties:
5196 host:
5197 description: 'Optional: Host name
5198 to connect to, defaults to the pod
5199 IP.'
5200 type: string
5201 port:
5202 anyOf:
5203 - type: integer
5204 - type: string
5205 description: |-
5206 Number or name of the port to access on the container.
5207 Number must be in the range 1 to 65535.
5208 Name must be an IANA_SVC_NAME.
5209 x-kubernetes-int-or-string: true
5210 required:
5211 - port
5212 type: object
5213 terminationGracePeriodSeconds:
5214 description: |-
5215 Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
5216 The grace period is the duration in seconds after the processes running in the pod are sent
5217 a termination signal and the time when the processes are forcibly halted with a kill signal.
5218 Set this value longer than the expected cleanup time for your process.
5219 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
5220 value overrides the value provided by the pod spec.
5221 Value must be non-negative integer. The value zero indicates stop immediately via
5222 the kill signal (no opportunity to shut down).
5223 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
5224 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
5225 format: int64
5226 type: integer
5227 timeoutSeconds:
5228 description: |-
5229 Number of seconds after which the probe times out.
5230 Defaults to 1 second. Minimum value is 1.
5231 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
5232 format: int32
5233 type: integer
5234 type: object
5235 name:
5236 description: |-
5237 Name of the ephemeral container specified as a DNS_LABEL.
5238 This name must be unique among all containers, init containers and ephemeral containers.
5239 type: string
5240 ports:
5241 description: Ports are not allowed for ephemeral
5242 containers.
5243 items:
5244 description: ContainerPort represents a
5245 network port in a single container.
5246 properties:
5247 containerPort:
5248 description: |-
5249 Number of port to expose on the pod's IP address.
5250 This must be a valid port number, 0 < x < 65536.
5251 format: int32
5252 type: integer
5253 hostIP:
5254 description: What host IP to bind the
5255 external port to.
5256 type: string
5257 hostPort:
5258 description: |-
5259 Number of port to expose on the host.
5260 If specified, this must be a valid port number, 0 < x < 65536.
5261 If HostNetwork is specified, this must match ContainerPort.
5262 Most containers do not need this.
5263 format: int32
5264 type: integer
5265 name:
5266 description: |-
5267 If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
5268 named port in a pod must have a unique name. Name for the port that can be
5269 referred to by services.
5270 type: string
5271 protocol:
5272 default: TCP
5273 description: |-
5274 Protocol for port. Must be UDP, TCP, or SCTP.
5275 Defaults to "TCP".
5276 type: string
5277 required:
5278 - containerPort
5279 type: object
5280 type: array
5281 x-kubernetes-list-map-keys:
5282 - containerPort
5283 - protocol
5284 x-kubernetes-list-type: map
5285 readinessProbe:
5286 description: Probes are not allowed for ephemeral
5287 containers.
5288 properties:
5289 exec:
5290 description: Exec specifies the action
5291 to take.
5292 properties:
5293 command:
5294 description: |-
5295 Command is the command line to execute inside the container, the working directory for the
5296 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
5297 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
5298 a shell, you need to explicitly call out to that shell.
5299 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
5300 items:
5301 type: string
5302 type: array
5303 x-kubernetes-list-type: atomic
5304 type: object
5305 failureThreshold:
5306 description: |-
5307 Minimum consecutive failures for the probe to be considered failed after having succeeded.
5308 Defaults to 3. Minimum value is 1.
5309 format: int32
5310 type: integer
5311 grpc:
5312 description: GRPC specifies an action
5313 involving a GRPC port.
5314 properties:
5315 port:
5316 description: Port number of the gRPC
5317 service. Number must be in the range
5318 1 to 65535.
5319 format: int32
5320 type: integer
5321 service:
5322 description: |-
5323 Service is the name of the service to place in the gRPC HealthCheckRequest
5324 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
5325
5326
5327 If this is not specified, the default behavior is defined by gRPC.
5328 type: string
5329 required:
5330 - port
5331 type: object
5332 httpGet:
5333 description: HTTPGet specifies the http
5334 request to perform.
5335 properties:
5336 host:
5337 description: |-
5338 Host name to connect to, defaults to the pod IP. You probably want to set
5339 "Host" in httpHeaders instead.
5340 type: string
5341 httpHeaders:
5342 description: Custom headers to set
5343 in the request. HTTP allows repeated
5344 headers.
5345 items:
5346 description: HTTPHeader describes
5347 a custom header to be used in
5348 HTTP probes
5349 properties:
5350 name:
5351 description: |-
5352 The header field name.
5353 This will be canonicalized upon output, so case-variant names will be understood as the same header.
5354 type: string
5355 value:
5356 description: The header field
5357 value
5358 type: string
5359 required:
5360 - name
5361 - value
5362 type: object
5363 type: array
5364 x-kubernetes-list-type: atomic
5365 path:
5366 description: Path to access on the
5367 HTTP server.
5368 type: string
5369 port:
5370 anyOf:
5371 - type: integer
5372 - type: string
5373 description: |-
5374 Name or number of the port to access on the container.
5375 Number must be in the range 1 to 65535.
5376 Name must be an IANA_SVC_NAME.
5377 x-kubernetes-int-or-string: true
5378 scheme:
5379 description: |-
5380 Scheme to use for connecting to the host.
5381 Defaults to HTTP.
5382 type: string
5383 required:
5384 - port
5385 type: object
5386 initialDelaySeconds:
5387 description: |-
5388 Number of seconds after the container has started before liveness probes are initiated.
5389 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
5390 format: int32
5391 type: integer
5392 periodSeconds:
5393 description: |-
5394 How often (in seconds) to perform the probe.
5395 Default to 10 seconds. Minimum value is 1.
5396 format: int32
5397 type: integer
5398 successThreshold:
5399 description: |-
5400 Minimum consecutive successes for the probe to be considered successful after having failed.
5401 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
5402 format: int32
5403 type: integer
5404 tcpSocket:
5405 description: TCPSocket specifies an action
5406 involving a TCP port.
5407 properties:
5408 host:
5409 description: 'Optional: Host name
5410 to connect to, defaults to the pod
5411 IP.'
5412 type: string
5413 port:
5414 anyOf:
5415 - type: integer
5416 - type: string
5417 description: |-
5418 Number or name of the port to access on the container.
5419 Number must be in the range 1 to 65535.
5420 Name must be an IANA_SVC_NAME.
5421 x-kubernetes-int-or-string: true
5422 required:
5423 - port
5424 type: object
5425 terminationGracePeriodSeconds:
5426 description: |-
5427 Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
5428 The grace period is the duration in seconds after the processes running in the pod are sent
5429 a termination signal and the time when the processes are forcibly halted with a kill signal.
5430 Set this value longer than the expected cleanup time for your process.
5431 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
5432 value overrides the value provided by the pod spec.
5433 Value must be non-negative integer. The value zero indicates stop immediately via
5434 the kill signal (no opportunity to shut down).
5435 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
5436 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
5437 format: int64
5438 type: integer
5439 timeoutSeconds:
5440 description: |-
5441 Number of seconds after which the probe times out.
5442 Defaults to 1 second. Minimum value is 1.
5443 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
5444 format: int32
5445 type: integer
5446 type: object
5447 resizePolicy:
5448 description: Resources resize policy for the
5449 container.
5450 items:
5451 description: ContainerResizePolicy represents
5452 resource resize policy for the container.
5453 properties:
5454 resourceName:
5455 description: |-
5456 Name of the resource to which this resource resize policy applies.
5457 Supported values: cpu, memory.
5458 type: string
5459 restartPolicy:
5460 description: |-
5461 Restart policy to apply when specified resource is resized.
5462 If not specified, it defaults to NotRequired.
5463 type: string
5464 required:
5465 - resourceName
5466 - restartPolicy
5467 type: object
5468 type: array
5469 x-kubernetes-list-type: atomic
5470 resources:
5471 description: |-
5472 Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources
5473 already allocated to the pod.
5474 properties:
5475 claims:
5476 description: |-
5477 Claims lists the names of resources, defined in spec.resourceClaims,
5478 that are used by this container.
5479
5480
5481 This is an alpha field and requires enabling the
5482 DynamicResourceAllocation feature gate.
5483
5484
5485 This field is immutable. It can only be set for containers.
5486 items:
5487 description: ResourceClaim references
5488 one entry in PodSpec.ResourceClaims.
5489 properties:
5490 name:
5491 description: |-
5492 Name must match the name of one entry in pod.spec.resourceClaims of
5493 the Pod where this field is used. It makes that resource available
5494 inside a container.
5495 type: string
5496 required:
5497 - name
5498 type: object
5499 type: array
5500 x-kubernetes-list-map-keys:
5501 - name
5502 x-kubernetes-list-type: map
5503 limits:
5504 additionalProperties:
5505 anyOf:
5506 - type: integer
5507 - type: string
5508 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
5509 x-kubernetes-int-or-string: true
5510 description: |-
5511 Limits describes the maximum amount of compute resources allowed.
5512 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
5513 type: object
5514 requests:
5515 additionalProperties:
5516 anyOf:
5517 - type: integer
5518 - type: string
5519 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
5520 x-kubernetes-int-or-string: true
5521 description: |-
5522 Requests describes the minimum amount of compute resources required.
5523 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
5524 otherwise to an implementation-defined value. Requests cannot exceed Limits.
5525 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
5526 type: object
5527 type: object
5528 restartPolicy:
5529 description: |-
5530 Restart policy for the container to manage the restart behavior of each
5531 container within a pod.
5532 This may only be set for init containers. You cannot set this field on
5533 ephemeral containers.
5534 type: string
5535 securityContext:
5536 description: |-
5537 Optional: SecurityContext defines the security options the ephemeral container should be run with.
5538 If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
5539 properties:
5540 allowPrivilegeEscalation:
5541 description: |-
5542 AllowPrivilegeEscalation controls whether a process can gain more
5543 privileges than its parent process. This bool directly controls if
5544 the no_new_privs flag will be set on the container process.
5545 AllowPrivilegeEscalation is true always when the container is:
5546 1) run as Privileged
5547 2) has CAP_SYS_ADMIN
5548 Note that this field cannot be set when spec.os.name is windows.
5549 type: boolean
5550 appArmorProfile:
5551 description: |-
5552 appArmorProfile is the AppArmor options to use by this container. If set, this profile
5553 overrides the pod's appArmorProfile.
5554 Note that this field cannot be set when spec.os.name is windows.
5555 properties:
5556 localhostProfile:
5557 description: |-
5558 localhostProfile indicates a profile loaded on the node that should be used.
5559 The profile must be preconfigured on the node to work.
5560 Must match the loaded name of the profile.
5561 Must be set if and only if type is "Localhost".
5562 type: string
5563 type:
5564 description: |-
5565 type indicates which kind of AppArmor profile will be applied.
5566 Valid options are:
5567 Localhost - a profile pre-loaded on the node.
5568 RuntimeDefault - the container runtime's default profile.
5569 Unconfined - no AppArmor enforcement.
5570 type: string
5571 required:
5572 - type
5573 type: object
5574 capabilities:
5575 description: |-
5576 The capabilities to add/drop when running containers.
5577 Defaults to the default set of capabilities granted by the container runtime.
5578 Note that this field cannot be set when spec.os.name is windows.
5579 properties:
5580 add:
5581 description: Added capabilities
5582 items:
5583 description: Capability represent
5584 POSIX capabilities type
5585 type: string
5586 type: array
5587 x-kubernetes-list-type: atomic
5588 drop:
5589 description: Removed capabilities
5590 items:
5591 description: Capability represent
5592 POSIX capabilities type
5593 type: string
5594 type: array
5595 x-kubernetes-list-type: atomic
5596 type: object
5597 privileged:
5598 description: |-
5599 Run container in privileged mode.
5600 Processes in privileged containers are essentially equivalent to root on the host.
5601 Defaults to false.
5602 Note that this field cannot be set when spec.os.name is windows.
5603 type: boolean
5604 procMount:
5605 description: |-
5606 procMount denotes the type of proc mount to use for the containers.
5607 The default is DefaultProcMount which uses the container runtime defaults for
5608 readonly paths and masked paths.
5609 This requires the ProcMountType feature flag to be enabled.
5610 Note that this field cannot be set when spec.os.name is windows.
5611 type: string
5612 readOnlyRootFilesystem:
5613 description: |-
5614 Whether this container has a read-only root filesystem.
5615 Default is false.
5616 Note that this field cannot be set when spec.os.name is windows.
5617 type: boolean
5618 runAsGroup:
5619 description: |-
5620 The GID to run the entrypoint of the container process.
5621 Uses runtime default if unset.
5622 May also be set in PodSecurityContext. If set in both SecurityContext and
5623 PodSecurityContext, the value specified in SecurityContext takes precedence.
5624 Note that this field cannot be set when spec.os.name is windows.
5625 format: int64
5626 type: integer
5627 runAsNonRoot:
5628 description: |-
5629 Indicates that the container must run as a non-root user.
5630 If true, the Kubelet will validate the image at runtime to ensure that it
5631 does not run as UID 0 (root) and fail to start the container if it does.
5632 If unset or false, no such validation will be performed.
5633 May also be set in PodSecurityContext. If set in both SecurityContext and
5634 PodSecurityContext, the value specified in SecurityContext takes precedence.
5635 type: boolean
5636 runAsUser:
5637 description: |-
5638 The UID to run the entrypoint of the container process.
5639 Defaults to user specified in image metadata if unspecified.
5640 May also be set in PodSecurityContext. If set in both SecurityContext and
5641 PodSecurityContext, the value specified in SecurityContext takes precedence.
5642 Note that this field cannot be set when spec.os.name is windows.
5643 format: int64
5644 type: integer
5645 seLinuxOptions:
5646 description: |-
5647 The SELinux context to be applied to the container.
5648 If unspecified, the container runtime will allocate a random SELinux context for each
5649 container. May also be set in PodSecurityContext. If set in both SecurityContext and
5650 PodSecurityContext, the value specified in SecurityContext takes precedence.
5651 Note that this field cannot be set when spec.os.name is windows.
5652 properties:
5653 level:
5654 description: Level is SELinux level
5655 label that applies to the container.
5656 type: string
5657 role:
5658 description: Role is a SELinux role
5659 label that applies to the container.
5660 type: string
5661 type:
5662 description: Type is a SELinux type
5663 label that applies to the container.
5664 type: string
5665 user:
5666 description: User is a SELinux user
5667 label that applies to the container.
5668 type: string
5669 type: object
5670 seccompProfile:
5671 description: |-
5672 The seccomp options to use by this container. If seccomp options are
5673 provided at both the pod & container level, the container options
5674 override the pod options.
5675 Note that this field cannot be set when spec.os.name is windows.
5676 properties:
5677 localhostProfile:
5678 description: |-
5679 localhostProfile indicates a profile defined in a file on the node should be used.
5680 The profile must be preconfigured on the node to work.
5681 Must be a descending path, relative to the kubelet's configured seccomp profile location.
5682 Must be set if type is "Localhost". Must NOT be set for any other type.
5683 type: string
5684 type:
5685 description: |-
5686 type indicates which kind of seccomp profile will be applied.
5687 Valid options are:
5688
5689
5690 Localhost - a profile defined in a file on the node should be used.
5691 RuntimeDefault - the container runtime default profile should be used.
5692 Unconfined - no profile should be applied.
5693 type: string
5694 required:
5695 - type
5696 type: object
5697 windowsOptions:
5698 description: |-
5699 The Windows specific settings applied to all containers.
5700 If unspecified, the options from the PodSecurityContext will be used.
5701 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
5702 Note that this field cannot be set when spec.os.name is linux.
5703 properties:
5704 gmsaCredentialSpec:
5705 description: |-
5706 GMSACredentialSpec is where the GMSA admission webhook
5707 (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
5708 GMSA credential spec named by the GMSACredentialSpecName field.
5709 type: string
5710 gmsaCredentialSpecName:
5711 description: GMSACredentialSpecName
5712 is the name of the GMSA credential
5713 spec to use.
5714 type: string
5715 hostProcess:
5716 description: |-
5717 HostProcess determines if a container should be run as a 'Host Process' container.
5718 All of a Pod's containers must have the same effective HostProcess value
5719 (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
5720 In addition, if HostProcess is true then HostNetwork must also be set to true.
5721 type: boolean
5722 runAsUserName:
5723 description: |-
5724 The UserName in Windows to run the entrypoint of the container process.
5725 Defaults to the user specified in image metadata if unspecified.
5726 May also be set in PodSecurityContext. If set in both SecurityContext and
5727 PodSecurityContext, the value specified in SecurityContext takes precedence.
5728 type: string
5729 type: object
5730 type: object
5731 startupProbe:
5732 description: Probes are not allowed for ephemeral
5733 containers.
5734 properties:
5735 exec:
5736 description: Exec specifies the action
5737 to take.
5738 properties:
5739 command:
5740 description: |-
5741 Command is the command line to execute inside the container, the working directory for the
5742 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
5743 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
5744 a shell, you need to explicitly call out to that shell.
5745 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
5746 items:
5747 type: string
5748 type: array
5749 x-kubernetes-list-type: atomic
5750 type: object
5751 failureThreshold:
5752 description: |-
5753 Minimum consecutive failures for the probe to be considered failed after having succeeded.
5754 Defaults to 3. Minimum value is 1.
5755 format: int32
5756 type: integer
5757 grpc:
5758 description: GRPC specifies an action
5759 involving a GRPC port.
5760 properties:
5761 port:
5762 description: Port number of the gRPC
5763 service. Number must be in the range
5764 1 to 65535.
5765 format: int32
5766 type: integer
5767 service:
5768 description: |-
5769 Service is the name of the service to place in the gRPC HealthCheckRequest
5770 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
5771
5772
5773 If this is not specified, the default behavior is defined by gRPC.
5774 type: string
5775 required:
5776 - port
5777 type: object
5778 httpGet:
5779 description: HTTPGet specifies the http
5780 request to perform.
5781 properties:
5782 host:
5783 description: |-
5784 Host name to connect to, defaults to the pod IP. You probably want to set
5785 "Host" in httpHeaders instead.
5786 type: string
5787 httpHeaders:
5788 description: Custom headers to set
5789 in the request. HTTP allows repeated
5790 headers.
5791 items:
5792 description: HTTPHeader describes
5793 a custom header to be used in
5794 HTTP probes
5795 properties:
5796 name:
5797 description: |-
5798 The header field name.
5799 This will be canonicalized upon output, so case-variant names will be understood as the same header.
5800 type: string
5801 value:
5802 description: The header field
5803 value
5804 type: string
5805 required:
5806 - name
5807 - value
5808 type: object
5809 type: array
5810 x-kubernetes-list-type: atomic
5811 path:
5812 description: Path to access on the
5813 HTTP server.
5814 type: string
5815 port:
5816 anyOf:
5817 - type: integer
5818 - type: string
5819 description: |-
5820 Name or number of the port to access on the container.
5821 Number must be in the range 1 to 65535.
5822 Name must be an IANA_SVC_NAME.
5823 x-kubernetes-int-or-string: true
5824 scheme:
5825 description: |-
5826 Scheme to use for connecting to the host.
5827 Defaults to HTTP.
5828 type: string
5829 required:
5830 - port
5831 type: object
5832 initialDelaySeconds:
5833 description: |-
5834 Number of seconds after the container has started before liveness probes are initiated.
5835 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
5836 format: int32
5837 type: integer
5838 periodSeconds:
5839 description: |-
5840 How often (in seconds) to perform the probe.
5841 Default to 10 seconds. Minimum value is 1.
5842 format: int32
5843 type: integer
5844 successThreshold:
5845 description: |-
5846 Minimum consecutive successes for the probe to be considered successful after having failed.
5847 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
5848 format: int32
5849 type: integer
5850 tcpSocket:
5851 description: TCPSocket specifies an action
5852 involving a TCP port.
5853 properties:
5854 host:
5855 description: 'Optional: Host name
5856 to connect to, defaults to the pod
5857 IP.'
5858 type: string
5859 port:
5860 anyOf:
5861 - type: integer
5862 - type: string
5863 description: |-
5864 Number or name of the port to access on the container.
5865 Number must be in the range 1 to 65535.
5866 Name must be an IANA_SVC_NAME.
5867 x-kubernetes-int-or-string: true
5868 required:
5869 - port
5870 type: object
5871 terminationGracePeriodSeconds:
5872 description: |-
5873 Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
5874 The grace period is the duration in seconds after the processes running in the pod are sent
5875 a termination signal and the time when the processes are forcibly halted with a kill signal.
5876 Set this value longer than the expected cleanup time for your process.
5877 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
5878 value overrides the value provided by the pod spec.
5879 Value must be non-negative integer. The value zero indicates stop immediately via
5880 the kill signal (no opportunity to shut down).
5881 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
5882 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
5883 format: int64
5884 type: integer
5885 timeoutSeconds:
5886 description: |-
5887 Number of seconds after which the probe times out.
5888 Defaults to 1 second. Minimum value is 1.
5889 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
5890 format: int32
5891 type: integer
5892 type: object
5893 stdin:
5894 description: |-
5895 Whether this container should allocate a buffer for stdin in the container runtime. If this
5896 is not set, reads from stdin in the container will always result in EOF.
5897 Default is false.
5898 type: boolean
5899 stdinOnce:
5900 description: |-
5901 Whether the container runtime should close the stdin channel after it has been opened by
5902 a single attach. When stdin is true the stdin stream will remain open across multiple attach
5903 sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
5904 first client attaches to stdin, and then remains open and accepts data until the client disconnects,
5905 at which time stdin is closed and remains closed until the container is restarted. If this
5906 flag is false, a container processes that reads from stdin will never receive an EOF.
5907 Default is false
5908 type: boolean
5909 targetContainerName:
5910 description: |-
5911 If set, the name of the container from PodSpec that this ephemeral container targets.
5912 The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.
5913 If not set then the ephemeral container uses the namespaces configured in the Pod spec.
5914
5915
5916 The container runtime must implement support for this feature. If the runtime does not
5917 support namespace targeting then the result of setting this field is undefined.
5918 type: string
5919 terminationMessagePath:
5920 description: |-
5921 Optional: Path at which the file to which the container's termination message
5922 will be written is mounted into the container's filesystem.
5923 Message written is intended to be brief final status, such as an assertion failure message.
5924 Will be truncated by the node if greater than 4096 bytes. The total message length across
5925 all containers will be limited to 12kb.
5926 Defaults to /dev/termination-log.
5927 Cannot be updated.
5928 type: string
5929 terminationMessagePolicy:
5930 description: |-
5931 Indicate how the termination message should be populated. File will use the contents of
5932 terminationMessagePath to populate the container status message on both success and failure.
5933 FallbackToLogsOnError will use the last chunk of container log output if the termination
5934 message file is empty and the container exited with an error.
5935 The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
5936 Defaults to File.
5937 Cannot be updated.
5938 type: string
5939 tty:
5940 description: |-
5941 Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
5942 Default is false.
5943 type: boolean
5944 volumeDevices:
5945 description: volumeDevices is the list of
5946 block devices to be used by the container.
5947 items:
5948 description: volumeDevice describes a mapping
5949 of a raw block device within a container.
5950 properties:
5951 devicePath:
5952 description: devicePath is the path
5953 inside of the container that the device
5954 will be mapped to.
5955 type: string
5956 name:
5957 description: name must match the name
5958 of a persistentVolumeClaim in the
5959 pod
5960 type: string
5961 required:
5962 - devicePath
5963 - name
5964 type: object
5965 type: array
5966 x-kubernetes-list-map-keys:
5967 - devicePath
5968 x-kubernetes-list-type: map
5969 volumeMounts:
5970 description: |-
5971 Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.
5972 Cannot be updated.
5973 items:
5974 description: VolumeMount describes a mounting
5975 of a Volume within a container.
5976 properties:
5977 mountPath:
5978 description: |-
5979 Path within the container at which the volume should be mounted. Must
5980 not contain ':'.
5981 type: string
5982 mountPropagation:
5983 description: |-
5984 mountPropagation determines how mounts are propagated from the host
5985 to container and the other way around.
5986 When not set, MountPropagationNone is used.
5987 This field is beta in 1.10.
5988 When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
5989 (which defaults to None).
5990 type: string
5991 name:
5992 description: This must match the Name
5993 of a Volume.
5994 type: string
5995 readOnly:
5996 description: |-
5997 Mounted read-only if true, read-write otherwise (false or unspecified).
5998 Defaults to false.
5999 type: boolean
6000 recursiveReadOnly:
6001 description: |-
6002 RecursiveReadOnly specifies whether read-only mounts should be handled
6003 recursively.
6004
6005
6006 If ReadOnly is false, this field has no meaning and must be unspecified.
6007
6008
6009 If ReadOnly is true, and this field is set to Disabled, the mount is not made
6010 recursively read-only. If this field is set to IfPossible, the mount is made
6011 recursively read-only, if it is supported by the container runtime. If this
6012 field is set to Enabled, the mount is made recursively read-only if it is
6013 supported by the container runtime, otherwise the pod will not be started and
6014 an error will be generated to indicate the reason.
6015
6016
6017 If this field is set to IfPossible or Enabled, MountPropagation must be set to
6018 None (or be unspecified, which defaults to None).
6019
6020
6021 If this field is not specified, it is treated as an equivalent of Disabled.
6022 type: string
6023 subPath:
6024 description: |-
6025 Path within the volume from which the container's volume should be mounted.
6026 Defaults to "" (volume's root).
6027 type: string
6028 subPathExpr:
6029 description: |-
6030 Expanded path within the volume from which the container's volume should be mounted.
6031 Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
6032 Defaults to "" (volume's root).
6033 SubPathExpr and SubPath are mutually exclusive.
6034 type: string
6035 required:
6036 - mountPath
6037 - name
6038 type: object
6039 type: array
6040 x-kubernetes-list-map-keys:
6041 - mountPath
6042 x-kubernetes-list-type: map
6043 workingDir:
6044 description: |-
6045 Container's working directory.
6046 If not specified, the container runtime's default will be used, which
6047 might be configured in the container image.
6048 Cannot be updated.
6049 type: string
6050 required:
6051 - name
6052 type: object
6053 type: array
6054 x-kubernetes-list-map-keys:
6055 - name
6056 x-kubernetes-list-type: map
6057 hostAliases:
6058 description: |-
6059 HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
6060 file if specified.
6061 items:
6062 description: |-
6063 HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
6064 pod's hosts file.
6065 properties:
6066 hostnames:
6067 description: Hostnames for the above IP address.
6068 items:
6069 type: string
6070 type: array
6071 x-kubernetes-list-type: atomic
6072 ip:
6073 description: IP address of the host file entry.
6074 type: string
6075 required:
6076 - ip
6077 type: object
6078 type: array
6079 x-kubernetes-list-map-keys:
6080 - ip
6081 x-kubernetes-list-type: map
6082 hostIPC:
6083 description: |-
6084 Use the host's ipc namespace.
6085 Optional: Default to false.
6086 type: boolean
6087 hostNetwork:
6088 description: |-
6089 Host networking requested for this pod. Use the host's network namespace.
6090 If this option is set, the ports that will be used must be specified.
6091 Default to false.
6092 type: boolean
6093 hostPID:
6094 description: |-
6095 Use the host's pid namespace.
6096 Optional: Default to false.
6097 type: boolean
6098 hostUsers:
6099 description: |-
6100 Use the host's user namespace.
6101 Optional: Default to true.
6102 If set to true or not present, the pod will be run in the host user namespace, useful
6103 for when the pod needs a feature only available to the host user namespace, such as
6104 loading a kernel module with CAP_SYS_MODULE.
6105 When set to false, a new userns is created for the pod. Setting false is useful for
6106 mitigating container breakout vulnerabilities even allowing users to run their
6107 containers as root without actually having root privileges on the host.
6108 This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
6109 type: boolean
6110 hostname:
6111 description: |-
6112 Specifies the hostname of the Pod
6113 If not specified, the pod's hostname will be set to a system-defined value.
6114 type: string
6115 imagePullSecrets:
6116 description: |-
6117 ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
6118 If specified, these secrets will be passed to individual puller implementations for them to use.
6119 More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
6120 items:
6121 description: |-
6122 LocalObjectReference contains enough information to let you locate the
6123 referenced object inside the same namespace.
6124 properties:
6125 name:
6126 default: ""
6127 description: |-
6128 Name of the referent.
6129 This field is effectively required, but due to backwards compatibility is
6130 allowed to be empty. Instances of this type with an empty value here are
6131 almost certainly wrong.
6132 TODO: Add other useful fields. apiVersion, kind, uid?
6133 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
6134 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
6135 type: string
6136 type: object
6137 x-kubernetes-map-type: atomic
6138 type: array
6139 x-kubernetes-list-map-keys:
6140 - name
6141 x-kubernetes-list-type: map
6142 initContainers:
6143 description: |-
6144 List of initialization containers belonging to the pod.
6145 Init containers are executed in order prior to containers being started. If any
6146 init container fails, the pod is considered to have failed and is handled according
6147 to its restartPolicy. The name for an init container or normal container must be
6148 unique among all containers.
6149 Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
6150 The resourceRequirements of an init container are taken into account during scheduling
6151 by finding the highest request/limit for each resource type, and then using the max of
6152 of that value or the sum of the normal containers. Limits are applied to init containers
6153 in a similar fashion.
6154 Init containers cannot currently be added or removed.
6155 Cannot be updated.
6156 More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
6157 items:
6158 description: A single application container that
6159 you want to run within a pod.
6160 properties:
6161 args:
6162 description: |-
6163 Arguments to the entrypoint.
6164 The container image's CMD is used if this is not provided.
6165 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
6166 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
6167 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
6168 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
6169 of whether the variable exists or not. Cannot be updated.
6170 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
6171 items:
6172 type: string
6173 type: array
6174 x-kubernetes-list-type: atomic
6175 command:
6176 description: |-
6177 Entrypoint array. Not executed within a shell.
6178 The container image's ENTRYPOINT is used if this is not provided.
6179 Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
6180 cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
6181 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
6182 produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
6183 of whether the variable exists or not. Cannot be updated.
6184 More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
6185 items:
6186 type: string
6187 type: array
6188 x-kubernetes-list-type: atomic
6189 env:
6190 description: |-
6191 List of environment variables to set in the container.
6192 Cannot be updated.
6193 items:
6194 description: EnvVar represents an environment
6195 variable present in a Container.
6196 properties:
6197 name:
6198 description: Name of the environment
6199 variable. Must be a C_IDENTIFIER.
6200 type: string
6201 value:
6202 description: |-
6203 Variable references $(VAR_NAME) are expanded
6204 using the previously defined environment variables in the container and
6205 any service environment variables. If a variable cannot be resolved,
6206 the reference in the input string will be unchanged. Double $$ are reduced
6207 to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
6208 "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
6209 Escaped references will never be expanded, regardless of whether the variable
6210 exists or not.
6211 Defaults to "".
6212 type: string
6213 valueFrom:
6214 description: Source for the environment
6215 variable's value. Cannot be used if
6216 value is not empty.
6217 properties:
6218 configMapKeyRef:
6219 description: Selects a key of a
6220 ConfigMap.
6221 properties:
6222 key:
6223 description: The key to select.
6224 type: string
6225 name:
6226 default: ""
6227 description: |-
6228 Name of the referent.
6229 This field is effectively required, but due to backwards compatibility is
6230 allowed to be empty. Instances of this type with an empty value here are
6231 almost certainly wrong.
6232 TODO: Add other useful fields. apiVersion, kind, uid?
6233 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
6234 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
6235 type: string
6236 optional:
6237 description: Specify whether
6238 the ConfigMap or its key must
6239 be defined
6240 type: boolean
6241 required:
6242 - key
6243 type: object
6244 x-kubernetes-map-type: atomic
6245 fieldRef:
6246 description: |-
6247 Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
6248 spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
6249 properties:
6250 apiVersion:
6251 description: Version of the
6252 schema the FieldPath is written
6253 in terms of, defaults to "v1".
6254 type: string
6255 fieldPath:
6256 description: Path of the field
6257 to select in the specified
6258 API version.
6259 type: string
6260 required:
6261 - fieldPath
6262 type: object
6263 x-kubernetes-map-type: atomic
6264 resourceFieldRef:
6265 description: |-
6266 Selects a resource of the container: only resources limits and requests
6267 (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
6268 properties:
6269 containerName:
6270 description: 'Container name:
6271 required for volumes, optional
6272 for env vars'
6273 type: string
6274 divisor:
6275 anyOf:
6276 - type: integer
6277 - type: string
6278 description: Specifies the output
6279 format of the exposed resources,
6280 defaults to "1"
6281 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
6282 x-kubernetes-int-or-string: true
6283 resource:
6284 description: 'Required: resource
6285 to select'
6286 type: string
6287 required:
6288 - resource
6289 type: object
6290 x-kubernetes-map-type: atomic
6291 secretKeyRef:
6292 description: Selects a key of a
6293 secret in the pod's namespace
6294 properties:
6295 key:
6296 description: The key of the
6297 secret to select from. Must
6298 be a valid secret key.
6299 type: string
6300 name:
6301 default: ""
6302 description: |-
6303 Name of the referent.
6304 This field is effectively required, but due to backwards compatibility is
6305 allowed to be empty. Instances of this type with an empty value here are
6306 almost certainly wrong.
6307 TODO: Add other useful fields. apiVersion, kind, uid?
6308 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
6309 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
6310 type: string
6311 optional:
6312 description: Specify whether
6313 the Secret or its key must
6314 be defined
6315 type: boolean
6316 required:
6317 - key
6318 type: object
6319 x-kubernetes-map-type: atomic
6320 type: object
6321 required:
6322 - name
6323 type: object
6324 type: array
6325 x-kubernetes-list-map-keys:
6326 - name
6327 x-kubernetes-list-type: map
6328 envFrom:
6329 description: |-
6330 List of sources to populate environment variables in the container.
6331 The keys defined within a source must be a C_IDENTIFIER. All invalid keys
6332 will be reported as an event when the container is starting. When a key exists in multiple
6333 sources, the value associated with the last source will take precedence.
6334 Values defined by an Env with a duplicate key will take precedence.
6335 Cannot be updated.
6336 items:
6337 description: EnvFromSource represents the
6338 source of a set of ConfigMaps
6339 properties:
6340 configMapRef:
6341 description: The ConfigMap to select
6342 from
6343 properties:
6344 name:
6345 default: ""
6346 description: |-
6347 Name of the referent.
6348 This field is effectively required, but due to backwards compatibility is
6349 allowed to be empty. Instances of this type with an empty value here are
6350 almost certainly wrong.
6351 TODO: Add other useful fields. apiVersion, kind, uid?
6352 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
6353 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
6354 type: string
6355 optional:
6356 description: Specify whether the
6357 ConfigMap must be defined
6358 type: boolean
6359 type: object
6360 x-kubernetes-map-type: atomic
6361 prefix:
6362 description: An optional identifier
6363 to prepend to each key in the ConfigMap.
6364 Must be a C_IDENTIFIER.
6365 type: string
6366 secretRef:
6367 description: The Secret to select from
6368 properties:
6369 name:
6370 default: ""
6371 description: |-
6372 Name of the referent.
6373 This field is effectively required, but due to backwards compatibility is
6374 allowed to be empty. Instances of this type with an empty value here are
6375 almost certainly wrong.
6376 TODO: Add other useful fields. apiVersion, kind, uid?
6377 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
6378 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
6379 type: string
6380 optional:
6381 description: Specify whether the
6382 Secret must be defined
6383 type: boolean
6384 type: object
6385 x-kubernetes-map-type: atomic
6386 type: object
6387 type: array
6388 x-kubernetes-list-type: atomic
6389 image:
6390 description: |-
6391 Container image name.
6392 More info: https://kubernetes.io/docs/concepts/containers/images
6393 This field is optional to allow higher level config management to default or override
6394 container images in workload controllers like Deployments and StatefulSets.
6395 type: string
6396 imagePullPolicy:
6397 description: |-
6398 Image pull policy.
6399 One of Always, Never, IfNotPresent.
6400 Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
6401 Cannot be updated.
6402 More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
6403 type: string
6404 lifecycle:
6405 description: |-
6406 Actions that the management system should take in response to container lifecycle events.
6407 Cannot be updated.
6408 properties:
6409 postStart:
6410 description: |-
6411 PostStart is called immediately after a container is created. If the handler fails,
6412 the container is terminated and restarted according to its restart policy.
6413 Other management of the container blocks until the hook completes.
6414 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
6415 properties:
6416 exec:
6417 description: Exec specifies the action
6418 to take.
6419 properties:
6420 command:
6421 description: |-
6422 Command is the command line to execute inside the container, the working directory for the
6423 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
6424 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
6425 a shell, you need to explicitly call out to that shell.
6426 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
6427 items:
6428 type: string
6429 type: array
6430 x-kubernetes-list-type: atomic
6431 type: object
6432 httpGet:
6433 description: HTTPGet specifies the
6434 http request to perform.
6435 properties:
6436 host:
6437 description: |-
6438 Host name to connect to, defaults to the pod IP. You probably want to set
6439 "Host" in httpHeaders instead.
6440 type: string
6441 httpHeaders:
6442 description: Custom headers to
6443 set in the request. HTTP allows
6444 repeated headers.
6445 items:
6446 description: HTTPHeader describes
6447 a custom header to be used
6448 in HTTP probes
6449 properties:
6450 name:
6451 description: |-
6452 The header field name.
6453 This will be canonicalized upon output, so case-variant names will be understood as the same header.
6454 type: string
6455 value:
6456 description: The header
6457 field value
6458 type: string
6459 required:
6460 - name
6461 - value
6462 type: object
6463 type: array
6464 x-kubernetes-list-type: atomic
6465 path:
6466 description: Path to access on
6467 the HTTP server.
6468 type: string
6469 port:
6470 anyOf:
6471 - type: integer
6472 - type: string
6473 description: |-
6474 Name or number of the port to access on the container.
6475 Number must be in the range 1 to 65535.
6476 Name must be an IANA_SVC_NAME.
6477 x-kubernetes-int-or-string: true
6478 scheme:
6479 description: |-
6480 Scheme to use for connecting to the host.
6481 Defaults to HTTP.
6482 type: string
6483 required:
6484 - port
6485 type: object
6486 sleep:
6487 description: Sleep represents the
6488 duration that the container should
6489 sleep before being terminated.
6490 properties:
6491 seconds:
6492 description: Seconds is the number
6493 of seconds to sleep.
6494 format: int64
6495 type: integer
6496 required:
6497 - seconds
6498 type: object
6499 tcpSocket:
6500 description: |-
6501 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
6502 for the backward compatibility. There are no validation of this field and
6503 lifecycle hooks will fail in runtime when tcp handler is specified.
6504 properties:
6505 host:
6506 description: 'Optional: Host name
6507 to connect to, defaults to the
6508 pod IP.'
6509 type: string
6510 port:
6511 anyOf:
6512 - type: integer
6513 - type: string
6514 description: |-
6515 Number or name of the port to access on the container.
6516 Number must be in the range 1 to 65535.
6517 Name must be an IANA_SVC_NAME.
6518 x-kubernetes-int-or-string: true
6519 required:
6520 - port
6521 type: object
6522 type: object
6523 preStop:
6524 description: |-
6525 PreStop is called immediately before a container is terminated due to an
6526 API request or management event such as liveness/startup probe failure,
6527 preemption, resource contention, etc. The handler is not called if the
6528 container crashes or exits. The Pod's termination grace period countdown begins before the
6529 PreStop hook is executed. Regardless of the outcome of the handler, the
6530 container will eventually terminate within the Pod's termination grace
6531 period (unless delayed by finalizers). Other management of the container blocks until the hook completes
6532 or until the termination grace period is reached.
6533 More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
6534 properties:
6535 exec:
6536 description: Exec specifies the action
6537 to take.
6538 properties:
6539 command:
6540 description: |-
6541 Command is the command line to execute inside the container, the working directory for the
6542 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
6543 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
6544 a shell, you need to explicitly call out to that shell.
6545 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
6546 items:
6547 type: string
6548 type: array
6549 x-kubernetes-list-type: atomic
6550 type: object
6551 httpGet:
6552 description: HTTPGet specifies the
6553 http request to perform.
6554 properties:
6555 host:
6556 description: |-
6557 Host name to connect to, defaults to the pod IP. You probably want to set
6558 "Host" in httpHeaders instead.
6559 type: string
6560 httpHeaders:
6561 description: Custom headers to
6562 set in the request. HTTP allows
6563 repeated headers.
6564 items:
6565 description: HTTPHeader describes
6566 a custom header to be used
6567 in HTTP probes
6568 properties:
6569 name:
6570 description: |-
6571 The header field name.
6572 This will be canonicalized upon output, so case-variant names will be understood as the same header.
6573 type: string
6574 value:
6575 description: The header
6576 field value
6577 type: string
6578 required:
6579 - name
6580 - value
6581 type: object
6582 type: array
6583 x-kubernetes-list-type: atomic
6584 path:
6585 description: Path to access on
6586 the HTTP server.
6587 type: string
6588 port:
6589 anyOf:
6590 - type: integer
6591 - type: string
6592 description: |-
6593 Name or number of the port to access on the container.
6594 Number must be in the range 1 to 65535.
6595 Name must be an IANA_SVC_NAME.
6596 x-kubernetes-int-or-string: true
6597 scheme:
6598 description: |-
6599 Scheme to use for connecting to the host.
6600 Defaults to HTTP.
6601 type: string
6602 required:
6603 - port
6604 type: object
6605 sleep:
6606 description: Sleep represents the
6607 duration that the container should
6608 sleep before being terminated.
6609 properties:
6610 seconds:
6611 description: Seconds is the number
6612 of seconds to sleep.
6613 format: int64
6614 type: integer
6615 required:
6616 - seconds
6617 type: object
6618 tcpSocket:
6619 description: |-
6620 Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
6621 for the backward compatibility. There are no validation of this field and
6622 lifecycle hooks will fail in runtime when tcp handler is specified.
6623 properties:
6624 host:
6625 description: 'Optional: Host name
6626 to connect to, defaults to the
6627 pod IP.'
6628 type: string
6629 port:
6630 anyOf:
6631 - type: integer
6632 - type: string
6633 description: |-
6634 Number or name of the port to access on the container.
6635 Number must be in the range 1 to 65535.
6636 Name must be an IANA_SVC_NAME.
6637 x-kubernetes-int-or-string: true
6638 required:
6639 - port
6640 type: object
6641 type: object
6642 type: object
6643 livenessProbe:
6644 description: |-
6645 Periodic probe of container liveness.
6646 Container will be restarted if the probe fails.
6647 Cannot be updated.
6648 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
6649 properties:
6650 exec:
6651 description: Exec specifies the action
6652 to take.
6653 properties:
6654 command:
6655 description: |-
6656 Command is the command line to execute inside the container, the working directory for the
6657 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
6658 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
6659 a shell, you need to explicitly call out to that shell.
6660 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
6661 items:
6662 type: string
6663 type: array
6664 x-kubernetes-list-type: atomic
6665 type: object
6666 failureThreshold:
6667 description: |-
6668 Minimum consecutive failures for the probe to be considered failed after having succeeded.
6669 Defaults to 3. Minimum value is 1.
6670 format: int32
6671 type: integer
6672 grpc:
6673 description: GRPC specifies an action
6674 involving a GRPC port.
6675 properties:
6676 port:
6677 description: Port number of the gRPC
6678 service. Number must be in the range
6679 1 to 65535.
6680 format: int32
6681 type: integer
6682 service:
6683 description: |-
6684 Service is the name of the service to place in the gRPC HealthCheckRequest
6685 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
6686
6687
6688 If this is not specified, the default behavior is defined by gRPC.
6689 type: string
6690 required:
6691 - port
6692 type: object
6693 httpGet:
6694 description: HTTPGet specifies the http
6695 request to perform.
6696 properties:
6697 host:
6698 description: |-
6699 Host name to connect to, defaults to the pod IP. You probably want to set
6700 "Host" in httpHeaders instead.
6701 type: string
6702 httpHeaders:
6703 description: Custom headers to set
6704 in the request. HTTP allows repeated
6705 headers.
6706 items:
6707 description: HTTPHeader describes
6708 a custom header to be used in
6709 HTTP probes
6710 properties:
6711 name:
6712 description: |-
6713 The header field name.
6714 This will be canonicalized upon output, so case-variant names will be understood as the same header.
6715 type: string
6716 value:
6717 description: The header field
6718 value
6719 type: string
6720 required:
6721 - name
6722 - value
6723 type: object
6724 type: array
6725 x-kubernetes-list-type: atomic
6726 path:
6727 description: Path to access on the
6728 HTTP server.
6729 type: string
6730 port:
6731 anyOf:
6732 - type: integer
6733 - type: string
6734 description: |-
6735 Name or number of the port to access on the container.
6736 Number must be in the range 1 to 65535.
6737 Name must be an IANA_SVC_NAME.
6738 x-kubernetes-int-or-string: true
6739 scheme:
6740 description: |-
6741 Scheme to use for connecting to the host.
6742 Defaults to HTTP.
6743 type: string
6744 required:
6745 - port
6746 type: object
6747 initialDelaySeconds:
6748 description: |-
6749 Number of seconds after the container has started before liveness probes are initiated.
6750 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
6751 format: int32
6752 type: integer
6753 periodSeconds:
6754 description: |-
6755 How often (in seconds) to perform the probe.
6756 Default to 10 seconds. Minimum value is 1.
6757 format: int32
6758 type: integer
6759 successThreshold:
6760 description: |-
6761 Minimum consecutive successes for the probe to be considered successful after having failed.
6762 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
6763 format: int32
6764 type: integer
6765 tcpSocket:
6766 description: TCPSocket specifies an action
6767 involving a TCP port.
6768 properties:
6769 host:
6770 description: 'Optional: Host name
6771 to connect to, defaults to the pod
6772 IP.'
6773 type: string
6774 port:
6775 anyOf:
6776 - type: integer
6777 - type: string
6778 description: |-
6779 Number or name of the port to access on the container.
6780 Number must be in the range 1 to 65535.
6781 Name must be an IANA_SVC_NAME.
6782 x-kubernetes-int-or-string: true
6783 required:
6784 - port
6785 type: object
6786 terminationGracePeriodSeconds:
6787 description: |-
6788 Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
6789 The grace period is the duration in seconds after the processes running in the pod are sent
6790 a termination signal and the time when the processes are forcibly halted with a kill signal.
6791 Set this value longer than the expected cleanup time for your process.
6792 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
6793 value overrides the value provided by the pod spec.
6794 Value must be non-negative integer. The value zero indicates stop immediately via
6795 the kill signal (no opportunity to shut down).
6796 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
6797 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
6798 format: int64
6799 type: integer
6800 timeoutSeconds:
6801 description: |-
6802 Number of seconds after which the probe times out.
6803 Defaults to 1 second. Minimum value is 1.
6804 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
6805 format: int32
6806 type: integer
6807 type: object
6808 name:
6809 description: |-
6810 Name of the container specified as a DNS_LABEL.
6811 Each container in a pod must have a unique name (DNS_LABEL).
6812 Cannot be updated.
6813 type: string
6814 ports:
6815 description: |-
6816 List of ports to expose from the container. Not specifying a port here
6817 DOES NOT prevent that port from being exposed. Any port which is
6818 listening on the default "0.0.0.0" address inside a container will be
6819 accessible from the network.
6820 Modifying this array with strategic merge patch may corrupt the data.
6821 For more information See https://github.com/kubernetes/kubernetes/issues/108255.
6822 Cannot be updated.
6823 items:
6824 description: ContainerPort represents a
6825 network port in a single container.
6826 properties:
6827 containerPort:
6828 description: |-
6829 Number of port to expose on the pod's IP address.
6830 This must be a valid port number, 0 < x < 65536.
6831 format: int32
6832 type: integer
6833 hostIP:
6834 description: What host IP to bind the
6835 external port to.
6836 type: string
6837 hostPort:
6838 description: |-
6839 Number of port to expose on the host.
6840 If specified, this must be a valid port number, 0 < x < 65536.
6841 If HostNetwork is specified, this must match ContainerPort.
6842 Most containers do not need this.
6843 format: int32
6844 type: integer
6845 name:
6846 description: |-
6847 If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
6848 named port in a pod must have a unique name. Name for the port that can be
6849 referred to by services.
6850 type: string
6851 protocol:
6852 default: TCP
6853 description: |-
6854 Protocol for port. Must be UDP, TCP, or SCTP.
6855 Defaults to "TCP".
6856 type: string
6857 required:
6858 - containerPort
6859 type: object
6860 type: array
6861 x-kubernetes-list-map-keys:
6862 - containerPort
6863 - protocol
6864 x-kubernetes-list-type: map
6865 readinessProbe:
6866 description: |-
6867 Periodic probe of container service readiness.
6868 Container will be removed from service endpoints if the probe fails.
6869 Cannot be updated.
6870 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
6871 properties:
6872 exec:
6873 description: Exec specifies the action
6874 to take.
6875 properties:
6876 command:
6877 description: |-
6878 Command is the command line to execute inside the container, the working directory for the
6879 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
6880 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
6881 a shell, you need to explicitly call out to that shell.
6882 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
6883 items:
6884 type: string
6885 type: array
6886 x-kubernetes-list-type: atomic
6887 type: object
6888 failureThreshold:
6889 description: |-
6890 Minimum consecutive failures for the probe to be considered failed after having succeeded.
6891 Defaults to 3. Minimum value is 1.
6892 format: int32
6893 type: integer
6894 grpc:
6895 description: GRPC specifies an action
6896 involving a GRPC port.
6897 properties:
6898 port:
6899 description: Port number of the gRPC
6900 service. Number must be in the range
6901 1 to 65535.
6902 format: int32
6903 type: integer
6904 service:
6905 description: |-
6906 Service is the name of the service to place in the gRPC HealthCheckRequest
6907 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
6908
6909
6910 If this is not specified, the default behavior is defined by gRPC.
6911 type: string
6912 required:
6913 - port
6914 type: object
6915 httpGet:
6916 description: HTTPGet specifies the http
6917 request to perform.
6918 properties:
6919 host:
6920 description: |-
6921 Host name to connect to, defaults to the pod IP. You probably want to set
6922 "Host" in httpHeaders instead.
6923 type: string
6924 httpHeaders:
6925 description: Custom headers to set
6926 in the request. HTTP allows repeated
6927 headers.
6928 items:
6929 description: HTTPHeader describes
6930 a custom header to be used in
6931 HTTP probes
6932 properties:
6933 name:
6934 description: |-
6935 The header field name.
6936 This will be canonicalized upon output, so case-variant names will be understood as the same header.
6937 type: string
6938 value:
6939 description: The header field
6940 value
6941 type: string
6942 required:
6943 - name
6944 - value
6945 type: object
6946 type: array
6947 x-kubernetes-list-type: atomic
6948 path:
6949 description: Path to access on the
6950 HTTP server.
6951 type: string
6952 port:
6953 anyOf:
6954 - type: integer
6955 - type: string
6956 description: |-
6957 Name or number of the port to access on the container.
6958 Number must be in the range 1 to 65535.
6959 Name must be an IANA_SVC_NAME.
6960 x-kubernetes-int-or-string: true
6961 scheme:
6962 description: |-
6963 Scheme to use for connecting to the host.
6964 Defaults to HTTP.
6965 type: string
6966 required:
6967 - port
6968 type: object
6969 initialDelaySeconds:
6970 description: |-
6971 Number of seconds after the container has started before liveness probes are initiated.
6972 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
6973 format: int32
6974 type: integer
6975 periodSeconds:
6976 description: |-
6977 How often (in seconds) to perform the probe.
6978 Default to 10 seconds. Minimum value is 1.
6979 format: int32
6980 type: integer
6981 successThreshold:
6982 description: |-
6983 Minimum consecutive successes for the probe to be considered successful after having failed.
6984 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
6985 format: int32
6986 type: integer
6987 tcpSocket:
6988 description: TCPSocket specifies an action
6989 involving a TCP port.
6990 properties:
6991 host:
6992 description: 'Optional: Host name
6993 to connect to, defaults to the pod
6994 IP.'
6995 type: string
6996 port:
6997 anyOf:
6998 - type: integer
6999 - type: string
7000 description: |-
7001 Number or name of the port to access on the container.
7002 Number must be in the range 1 to 65535.
7003 Name must be an IANA_SVC_NAME.
7004 x-kubernetes-int-or-string: true
7005 required:
7006 - port
7007 type: object
7008 terminationGracePeriodSeconds:
7009 description: |-
7010 Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
7011 The grace period is the duration in seconds after the processes running in the pod are sent
7012 a termination signal and the time when the processes are forcibly halted with a kill signal.
7013 Set this value longer than the expected cleanup time for your process.
7014 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
7015 value overrides the value provided by the pod spec.
7016 Value must be non-negative integer. The value zero indicates stop immediately via
7017 the kill signal (no opportunity to shut down).
7018 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
7019 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
7020 format: int64
7021 type: integer
7022 timeoutSeconds:
7023 description: |-
7024 Number of seconds after which the probe times out.
7025 Defaults to 1 second. Minimum value is 1.
7026 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
7027 format: int32
7028 type: integer
7029 type: object
7030 resizePolicy:
7031 description: Resources resize policy for the
7032 container.
7033 items:
7034 description: ContainerResizePolicy represents
7035 resource resize policy for the container.
7036 properties:
7037 resourceName:
7038 description: |-
7039 Name of the resource to which this resource resize policy applies.
7040 Supported values: cpu, memory.
7041 type: string
7042 restartPolicy:
7043 description: |-
7044 Restart policy to apply when specified resource is resized.
7045 If not specified, it defaults to NotRequired.
7046 type: string
7047 required:
7048 - resourceName
7049 - restartPolicy
7050 type: object
7051 type: array
7052 x-kubernetes-list-type: atomic
7053 resources:
7054 description: |-
7055 Compute Resources required by this container.
7056 Cannot be updated.
7057 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
7058 properties:
7059 claims:
7060 description: |-
7061 Claims lists the names of resources, defined in spec.resourceClaims,
7062 that are used by this container.
7063
7064
7065 This is an alpha field and requires enabling the
7066 DynamicResourceAllocation feature gate.
7067
7068
7069 This field is immutable. It can only be set for containers.
7070 items:
7071 description: ResourceClaim references
7072 one entry in PodSpec.ResourceClaims.
7073 properties:
7074 name:
7075 description: |-
7076 Name must match the name of one entry in pod.spec.resourceClaims of
7077 the Pod where this field is used. It makes that resource available
7078 inside a container.
7079 type: string
7080 required:
7081 - name
7082 type: object
7083 type: array
7084 x-kubernetes-list-map-keys:
7085 - name
7086 x-kubernetes-list-type: map
7087 limits:
7088 additionalProperties:
7089 anyOf:
7090 - type: integer
7091 - type: string
7092 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
7093 x-kubernetes-int-or-string: true
7094 description: |-
7095 Limits describes the maximum amount of compute resources allowed.
7096 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
7097 type: object
7098 requests:
7099 additionalProperties:
7100 anyOf:
7101 - type: integer
7102 - type: string
7103 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
7104 x-kubernetes-int-or-string: true
7105 description: |-
7106 Requests describes the minimum amount of compute resources required.
7107 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
7108 otherwise to an implementation-defined value. Requests cannot exceed Limits.
7109 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
7110 type: object
7111 type: object
7112 restartPolicy:
7113 description: |-
7114 RestartPolicy defines the restart behavior of individual containers in a pod.
7115 This field may only be set for init containers, and the only allowed value is "Always".
7116 For non-init containers or when this field is not specified,
7117 the restart behavior is defined by the Pod's restart policy and the container type.
7118 Setting the RestartPolicy as "Always" for the init container will have the following effect:
7119 this init container will be continually restarted on
7120 exit until all regular containers have terminated. Once all regular
7121 containers have completed, all init containers with restartPolicy "Always"
7122 will be shut down. This lifecycle differs from normal init containers and
7123 is often referred to as a "sidecar" container. Although this init
7124 container still starts in the init container sequence, it does not wait
7125 for the container to complete before proceeding to the next init
7126 container. Instead, the next init container starts immediately after this
7127 init container is started, or after any startupProbe has successfully
7128 completed.
7129 type: string
7130 securityContext:
7131 description: |-
7132 SecurityContext defines the security options the container should be run with.
7133 If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
7134 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
7135 properties:
7136 allowPrivilegeEscalation:
7137 description: |-
7138 AllowPrivilegeEscalation controls whether a process can gain more
7139 privileges than its parent process. This bool directly controls if
7140 the no_new_privs flag will be set on the container process.
7141 AllowPrivilegeEscalation is true always when the container is:
7142 1) run as Privileged
7143 2) has CAP_SYS_ADMIN
7144 Note that this field cannot be set when spec.os.name is windows.
7145 type: boolean
7146 appArmorProfile:
7147 description: |-
7148 appArmorProfile is the AppArmor options to use by this container. If set, this profile
7149 overrides the pod's appArmorProfile.
7150 Note that this field cannot be set when spec.os.name is windows.
7151 properties:
7152 localhostProfile:
7153 description: |-
7154 localhostProfile indicates a profile loaded on the node that should be used.
7155 The profile must be preconfigured on the node to work.
7156 Must match the loaded name of the profile.
7157 Must be set if and only if type is "Localhost".
7158 type: string
7159 type:
7160 description: |-
7161 type indicates which kind of AppArmor profile will be applied.
7162 Valid options are:
7163 Localhost - a profile pre-loaded on the node.
7164 RuntimeDefault - the container runtime's default profile.
7165 Unconfined - no AppArmor enforcement.
7166 type: string
7167 required:
7168 - type
7169 type: object
7170 capabilities:
7171 description: |-
7172 The capabilities to add/drop when running containers.
7173 Defaults to the default set of capabilities granted by the container runtime.
7174 Note that this field cannot be set when spec.os.name is windows.
7175 properties:
7176 add:
7177 description: Added capabilities
7178 items:
7179 description: Capability represent
7180 POSIX capabilities type
7181 type: string
7182 type: array
7183 x-kubernetes-list-type: atomic
7184 drop:
7185 description: Removed capabilities
7186 items:
7187 description: Capability represent
7188 POSIX capabilities type
7189 type: string
7190 type: array
7191 x-kubernetes-list-type: atomic
7192 type: object
7193 privileged:
7194 description: |-
7195 Run container in privileged mode.
7196 Processes in privileged containers are essentially equivalent to root on the host.
7197 Defaults to false.
7198 Note that this field cannot be set when spec.os.name is windows.
7199 type: boolean
7200 procMount:
7201 description: |-
7202 procMount denotes the type of proc mount to use for the containers.
7203 The default is DefaultProcMount which uses the container runtime defaults for
7204 readonly paths and masked paths.
7205 This requires the ProcMountType feature flag to be enabled.
7206 Note that this field cannot be set when spec.os.name is windows.
7207 type: string
7208 readOnlyRootFilesystem:
7209 description: |-
7210 Whether this container has a read-only root filesystem.
7211 Default is false.
7212 Note that this field cannot be set when spec.os.name is windows.
7213 type: boolean
7214 runAsGroup:
7215 description: |-
7216 The GID to run the entrypoint of the container process.
7217 Uses runtime default if unset.
7218 May also be set in PodSecurityContext. If set in both SecurityContext and
7219 PodSecurityContext, the value specified in SecurityContext takes precedence.
7220 Note that this field cannot be set when spec.os.name is windows.
7221 format: int64
7222 type: integer
7223 runAsNonRoot:
7224 description: |-
7225 Indicates that the container must run as a non-root user.
7226 If true, the Kubelet will validate the image at runtime to ensure that it
7227 does not run as UID 0 (root) and fail to start the container if it does.
7228 If unset or false, no such validation will be performed.
7229 May also be set in PodSecurityContext. If set in both SecurityContext and
7230 PodSecurityContext, the value specified in SecurityContext takes precedence.
7231 type: boolean
7232 runAsUser:
7233 description: |-
7234 The UID to run the entrypoint of the container process.
7235 Defaults to user specified in image metadata if unspecified.
7236 May also be set in PodSecurityContext. If set in both SecurityContext and
7237 PodSecurityContext, the value specified in SecurityContext takes precedence.
7238 Note that this field cannot be set when spec.os.name is windows.
7239 format: int64
7240 type: integer
7241 seLinuxOptions:
7242 description: |-
7243 The SELinux context to be applied to the container.
7244 If unspecified, the container runtime will allocate a random SELinux context for each
7245 container. May also be set in PodSecurityContext. If set in both SecurityContext and
7246 PodSecurityContext, the value specified in SecurityContext takes precedence.
7247 Note that this field cannot be set when spec.os.name is windows.
7248 properties:
7249 level:
7250 description: Level is SELinux level
7251 label that applies to the container.
7252 type: string
7253 role:
7254 description: Role is a SELinux role
7255 label that applies to the container.
7256 type: string
7257 type:
7258 description: Type is a SELinux type
7259 label that applies to the container.
7260 type: string
7261 user:
7262 description: User is a SELinux user
7263 label that applies to the container.
7264 type: string
7265 type: object
7266 seccompProfile:
7267 description: |-
7268 The seccomp options to use by this container. If seccomp options are
7269 provided at both the pod & container level, the container options
7270 override the pod options.
7271 Note that this field cannot be set when spec.os.name is windows.
7272 properties:
7273 localhostProfile:
7274 description: |-
7275 localhostProfile indicates a profile defined in a file on the node should be used.
7276 The profile must be preconfigured on the node to work.
7277 Must be a descending path, relative to the kubelet's configured seccomp profile location.
7278 Must be set if type is "Localhost". Must NOT be set for any other type.
7279 type: string
7280 type:
7281 description: |-
7282 type indicates which kind of seccomp profile will be applied.
7283 Valid options are:
7284
7285
7286 Localhost - a profile defined in a file on the node should be used.
7287 RuntimeDefault - the container runtime default profile should be used.
7288 Unconfined - no profile should be applied.
7289 type: string
7290 required:
7291 - type
7292 type: object
7293 windowsOptions:
7294 description: |-
7295 The Windows specific settings applied to all containers.
7296 If unspecified, the options from the PodSecurityContext will be used.
7297 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
7298 Note that this field cannot be set when spec.os.name is linux.
7299 properties:
7300 gmsaCredentialSpec:
7301 description: |-
7302 GMSACredentialSpec is where the GMSA admission webhook
7303 (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
7304 GMSA credential spec named by the GMSACredentialSpecName field.
7305 type: string
7306 gmsaCredentialSpecName:
7307 description: GMSACredentialSpecName
7308 is the name of the GMSA credential
7309 spec to use.
7310 type: string
7311 hostProcess:
7312 description: |-
7313 HostProcess determines if a container should be run as a 'Host Process' container.
7314 All of a Pod's containers must have the same effective HostProcess value
7315 (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
7316 In addition, if HostProcess is true then HostNetwork must also be set to true.
7317 type: boolean
7318 runAsUserName:
7319 description: |-
7320 The UserName in Windows to run the entrypoint of the container process.
7321 Defaults to the user specified in image metadata if unspecified.
7322 May also be set in PodSecurityContext. If set in both SecurityContext and
7323 PodSecurityContext, the value specified in SecurityContext takes precedence.
7324 type: string
7325 type: object
7326 type: object
7327 startupProbe:
7328 description: |-
7329 StartupProbe indicates that the Pod has successfully initialized.
7330 If specified, no other probes are executed until this completes successfully.
7331 If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
7332 This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
7333 when it might take a long time to load data or warm a cache, than during steady-state operation.
7334 This cannot be updated.
7335 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
7336 properties:
7337 exec:
7338 description: Exec specifies the action
7339 to take.
7340 properties:
7341 command:
7342 description: |-
7343 Command is the command line to execute inside the container, the working directory for the
7344 command is root ('/') in the container's filesystem. The command is simply exec'd, it is
7345 not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
7346 a shell, you need to explicitly call out to that shell.
7347 Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
7348 items:
7349 type: string
7350 type: array
7351 x-kubernetes-list-type: atomic
7352 type: object
7353 failureThreshold:
7354 description: |-
7355 Minimum consecutive failures for the probe to be considered failed after having succeeded.
7356 Defaults to 3. Minimum value is 1.
7357 format: int32
7358 type: integer
7359 grpc:
7360 description: GRPC specifies an action
7361 involving a GRPC port.
7362 properties:
7363 port:
7364 description: Port number of the gRPC
7365 service. Number must be in the range
7366 1 to 65535.
7367 format: int32
7368 type: integer
7369 service:
7370 description: |-
7371 Service is the name of the service to place in the gRPC HealthCheckRequest
7372 (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
7373
7374
7375 If this is not specified, the default behavior is defined by gRPC.
7376 type: string
7377 required:
7378 - port
7379 type: object
7380 httpGet:
7381 description: HTTPGet specifies the http
7382 request to perform.
7383 properties:
7384 host:
7385 description: |-
7386 Host name to connect to, defaults to the pod IP. You probably want to set
7387 "Host" in httpHeaders instead.
7388 type: string
7389 httpHeaders:
7390 description: Custom headers to set
7391 in the request. HTTP allows repeated
7392 headers.
7393 items:
7394 description: HTTPHeader describes
7395 a custom header to be used in
7396 HTTP probes
7397 properties:
7398 name:
7399 description: |-
7400 The header field name.
7401 This will be canonicalized upon output, so case-variant names will be understood as the same header.
7402 type: string
7403 value:
7404 description: The header field
7405 value
7406 type: string
7407 required:
7408 - name
7409 - value
7410 type: object
7411 type: array
7412 x-kubernetes-list-type: atomic
7413 path:
7414 description: Path to access on the
7415 HTTP server.
7416 type: string
7417 port:
7418 anyOf:
7419 - type: integer
7420 - type: string
7421 description: |-
7422 Name or number of the port to access on the container.
7423 Number must be in the range 1 to 65535.
7424 Name must be an IANA_SVC_NAME.
7425 x-kubernetes-int-or-string: true
7426 scheme:
7427 description: |-
7428 Scheme to use for connecting to the host.
7429 Defaults to HTTP.
7430 type: string
7431 required:
7432 - port
7433 type: object
7434 initialDelaySeconds:
7435 description: |-
7436 Number of seconds after the container has started before liveness probes are initiated.
7437 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
7438 format: int32
7439 type: integer
7440 periodSeconds:
7441 description: |-
7442 How often (in seconds) to perform the probe.
7443 Default to 10 seconds. Minimum value is 1.
7444 format: int32
7445 type: integer
7446 successThreshold:
7447 description: |-
7448 Minimum consecutive successes for the probe to be considered successful after having failed.
7449 Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
7450 format: int32
7451 type: integer
7452 tcpSocket:
7453 description: TCPSocket specifies an action
7454 involving a TCP port.
7455 properties:
7456 host:
7457 description: 'Optional: Host name
7458 to connect to, defaults to the pod
7459 IP.'
7460 type: string
7461 port:
7462 anyOf:
7463 - type: integer
7464 - type: string
7465 description: |-
7466 Number or name of the port to access on the container.
7467 Number must be in the range 1 to 65535.
7468 Name must be an IANA_SVC_NAME.
7469 x-kubernetes-int-or-string: true
7470 required:
7471 - port
7472 type: object
7473 terminationGracePeriodSeconds:
7474 description: |-
7475 Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
7476 The grace period is the duration in seconds after the processes running in the pod are sent
7477 a termination signal and the time when the processes are forcibly halted with a kill signal.
7478 Set this value longer than the expected cleanup time for your process.
7479 If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
7480 value overrides the value provided by the pod spec.
7481 Value must be non-negative integer. The value zero indicates stop immediately via
7482 the kill signal (no opportunity to shut down).
7483 This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
7484 Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
7485 format: int64
7486 type: integer
7487 timeoutSeconds:
7488 description: |-
7489 Number of seconds after which the probe times out.
7490 Defaults to 1 second. Minimum value is 1.
7491 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
7492 format: int32
7493 type: integer
7494 type: object
7495 stdin:
7496 description: |-
7497 Whether this container should allocate a buffer for stdin in the container runtime. If this
7498 is not set, reads from stdin in the container will always result in EOF.
7499 Default is false.
7500 type: boolean
7501 stdinOnce:
7502 description: |-
7503 Whether the container runtime should close the stdin channel after it has been opened by
7504 a single attach. When stdin is true the stdin stream will remain open across multiple attach
7505 sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
7506 first client attaches to stdin, and then remains open and accepts data until the client disconnects,
7507 at which time stdin is closed and remains closed until the container is restarted. If this
7508 flag is false, a container processes that reads from stdin will never receive an EOF.
7509 Default is false
7510 type: boolean
7511 terminationMessagePath:
7512 description: |-
7513 Optional: Path at which the file to which the container's termination message
7514 will be written is mounted into the container's filesystem.
7515 Message written is intended to be brief final status, such as an assertion failure message.
7516 Will be truncated by the node if greater than 4096 bytes. The total message length across
7517 all containers will be limited to 12kb.
7518 Defaults to /dev/termination-log.
7519 Cannot be updated.
7520 type: string
7521 terminationMessagePolicy:
7522 description: |-
7523 Indicate how the termination message should be populated. File will use the contents of
7524 terminationMessagePath to populate the container status message on both success and failure.
7525 FallbackToLogsOnError will use the last chunk of container log output if the termination
7526 message file is empty and the container exited with an error.
7527 The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
7528 Defaults to File.
7529 Cannot be updated.
7530 type: string
7531 tty:
7532 description: |-
7533 Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
7534 Default is false.
7535 type: boolean
7536 volumeDevices:
7537 description: volumeDevices is the list of
7538 block devices to be used by the container.
7539 items:
7540 description: volumeDevice describes a mapping
7541 of a raw block device within a container.
7542 properties:
7543 devicePath:
7544 description: devicePath is the path
7545 inside of the container that the device
7546 will be mapped to.
7547 type: string
7548 name:
7549 description: name must match the name
7550 of a persistentVolumeClaim in the
7551 pod
7552 type: string
7553 required:
7554 - devicePath
7555 - name
7556 type: object
7557 type: array
7558 x-kubernetes-list-map-keys:
7559 - devicePath
7560 x-kubernetes-list-type: map
7561 volumeMounts:
7562 description: |-
7563 Pod volumes to mount into the container's filesystem.
7564 Cannot be updated.
7565 items:
7566 description: VolumeMount describes a mounting
7567 of a Volume within a container.
7568 properties:
7569 mountPath:
7570 description: |-
7571 Path within the container at which the volume should be mounted. Must
7572 not contain ':'.
7573 type: string
7574 mountPropagation:
7575 description: |-
7576 mountPropagation determines how mounts are propagated from the host
7577 to container and the other way around.
7578 When not set, MountPropagationNone is used.
7579 This field is beta in 1.10.
7580 When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
7581 (which defaults to None).
7582 type: string
7583 name:
7584 description: This must match the Name
7585 of a Volume.
7586 type: string
7587 readOnly:
7588 description: |-
7589 Mounted read-only if true, read-write otherwise (false or unspecified).
7590 Defaults to false.
7591 type: boolean
7592 recursiveReadOnly:
7593 description: |-
7594 RecursiveReadOnly specifies whether read-only mounts should be handled
7595 recursively.
7596
7597
7598 If ReadOnly is false, this field has no meaning and must be unspecified.
7599
7600
7601 If ReadOnly is true, and this field is set to Disabled, the mount is not made
7602 recursively read-only. If this field is set to IfPossible, the mount is made
7603 recursively read-only, if it is supported by the container runtime. If this
7604 field is set to Enabled, the mount is made recursively read-only if it is
7605 supported by the container runtime, otherwise the pod will not be started and
7606 an error will be generated to indicate the reason.
7607
7608
7609 If this field is set to IfPossible or Enabled, MountPropagation must be set to
7610 None (or be unspecified, which defaults to None).
7611
7612
7613 If this field is not specified, it is treated as an equivalent of Disabled.
7614 type: string
7615 subPath:
7616 description: |-
7617 Path within the volume from which the container's volume should be mounted.
7618 Defaults to "" (volume's root).
7619 type: string
7620 subPathExpr:
7621 description: |-
7622 Expanded path within the volume from which the container's volume should be mounted.
7623 Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
7624 Defaults to "" (volume's root).
7625 SubPathExpr and SubPath are mutually exclusive.
7626 type: string
7627 required:
7628 - mountPath
7629 - name
7630 type: object
7631 type: array
7632 x-kubernetes-list-map-keys:
7633 - mountPath
7634 x-kubernetes-list-type: map
7635 workingDir:
7636 description: |-
7637 Container's working directory.
7638 If not specified, the container runtime's default will be used, which
7639 might be configured in the container image.
7640 Cannot be updated.
7641 type: string
7642 required:
7643 - name
7644 type: object
7645 type: array
7646 x-kubernetes-list-map-keys:
7647 - name
7648 x-kubernetes-list-type: map
7649 nodeName:
7650 description: |-
7651 NodeName is a request to schedule this pod onto a specific node. If it is non-empty,
7652 the scheduler simply schedules this pod onto that node, assuming that it fits resource
7653 requirements.
7654 type: string
7655 nodeSelector:
7656 additionalProperties:
7657 type: string
7658 description: |-
7659 NodeSelector is a selector which must be true for the pod to fit on a node.
7660 Selector which must match a node's labels for the pod to be scheduled on that node.
7661 More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
7662 type: object
7663 x-kubernetes-map-type: atomic
7664 os:
7665 description: |-
7666 Specifies the OS of the containers in the pod.
7667 Some pod and container fields are restricted if this is set.
7668
7669
7670 If the OS field is set to linux, the following fields must be unset:
7671 -securityContext.windowsOptions
7672
7673
7674 If the OS field is set to windows, following fields must be unset:
7675 - spec.hostPID
7676 - spec.hostIPC
7677 - spec.hostUsers
7678 - spec.securityContext.appArmorProfile
7679 - spec.securityContext.seLinuxOptions
7680 - spec.securityContext.seccompProfile
7681 - spec.securityContext.fsGroup
7682 - spec.securityContext.fsGroupChangePolicy
7683 - spec.securityContext.sysctls
7684 - spec.shareProcessNamespace
7685 - spec.securityContext.runAsUser
7686 - spec.securityContext.runAsGroup
7687 - spec.securityContext.supplementalGroups
7688 - spec.containers[*].securityContext.appArmorProfile
7689 - spec.containers[*].securityContext.seLinuxOptions
7690 - spec.containers[*].securityContext.seccompProfile
7691 - spec.containers[*].securityContext.capabilities
7692 - spec.containers[*].securityContext.readOnlyRootFilesystem
7693 - spec.containers[*].securityContext.privileged
7694 - spec.containers[*].securityContext.allowPrivilegeEscalation
7695 - spec.containers[*].securityContext.procMount
7696 - spec.containers[*].securityContext.runAsUser
7697 - spec.containers[*].securityContext.runAsGroup
7698 properties:
7699 name:
7700 description: |-
7701 Name is the name of the operating system. The currently supported values are linux and windows.
7702 Additional value may be defined in future and can be one of:
7703 https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
7704 Clients should expect to handle additional values and treat unrecognized values in this field as os: null
7705 type: string
7706 required:
7707 - name
7708 type: object
7709 overhead:
7710 additionalProperties:
7711 anyOf:
7712 - type: integer
7713 - type: string
7714 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
7715 x-kubernetes-int-or-string: true
7716 description: |-
7717 Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.
7718 This field will be autopopulated at admission time by the RuntimeClass admission controller. If
7719 the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.
7720 The RuntimeClass admission controller will reject Pod create requests which have the overhead already
7721 set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value
7722 defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.
7723 More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
7724 type: object
7725 preemptionPolicy:
7726 description: |-
7727 PreemptionPolicy is the Policy for preempting pods with lower priority.
7728 One of Never, PreemptLowerPriority.
7729 Defaults to PreemptLowerPriority if unset.
7730 type: string
7731 priority:
7732 description: |-
7733 The priority value. Various system components use this field to find the
7734 priority of the pod. When Priority Admission Controller is enabled, it
7735 prevents users from setting this field. The admission controller populates
7736 this field from PriorityClassName.
7737 The higher the value, the higher the priority.
7738 format: int32
7739 type: integer
7740 priorityClassName:
7741 description: |-
7742 If specified, indicates the pod's priority. "system-node-critical" and
7743 "system-cluster-critical" are two special keywords which indicate the
7744 highest priorities with the former being the highest priority. Any other
7745 name must be defined by creating a PriorityClass object with that name.
7746 If not specified, the pod priority will be default or zero if there is no
7747 default.
7748 type: string
7749 readinessGates:
7750 description: |-
7751 If specified, all readiness gates will be evaluated for pod readiness.
7752 A pod is ready when all its containers are ready AND
7753 all conditions specified in the readiness gates have status equal to "True"
7754 More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
7755 items:
7756 description: PodReadinessGate contains the reference
7757 to a pod condition
7758 properties:
7759 conditionType:
7760 description: ConditionType refers to a condition
7761 in the pod's condition list with matching
7762 type.
7763 type: string
7764 required:
7765 - conditionType
7766 type: object
7767 type: array
7768 x-kubernetes-list-type: atomic
7769 resourceClaims:
7770 description: |-
7771 ResourceClaims defines which ResourceClaims must be allocated
7772 and reserved before the Pod is allowed to start. The resources
7773 will be made available to those containers which consume them
7774 by name.
7775
7776
7777 This is an alpha field and requires enabling the
7778 DynamicResourceAllocation feature gate.
7779
7780
7781 This field is immutable.
7782 items:
7783 description: |-
7784 PodResourceClaim references exactly one ResourceClaim through a ClaimSource.
7785 It adds a name to it that uniquely identifies the ResourceClaim inside the Pod.
7786 Containers that need access to the ResourceClaim reference it with this name.
7787 properties:
7788 name:
7789 description: |-
7790 Name uniquely identifies this resource claim inside the pod.
7791 This must be a DNS_LABEL.
7792 type: string
7793 source:
7794 description: Source describes where to find
7795 the ResourceClaim.
7796 properties:
7797 resourceClaimName:
7798 description: |-
7799 ResourceClaimName is the name of a ResourceClaim object in the same
7800 namespace as this pod.
7801 type: string
7802 resourceClaimTemplateName:
7803 description: |-
7804 ResourceClaimTemplateName is the name of a ResourceClaimTemplate
7805 object in the same namespace as this pod.
7806
7807
7808 The template will be used to create a new ResourceClaim, which will
7809 be bound to this pod. When this pod is deleted, the ResourceClaim
7810 will also be deleted. The pod name and resource name, along with a
7811 generated component, will be used to form a unique name for the
7812 ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.
7813
7814
7815 This field is immutable and no changes will be made to the
7816 corresponding ResourceClaim by the control plane after creating the
7817 ResourceClaim.
7818 type: string
7819 type: object
7820 required:
7821 - name
7822 type: object
7823 type: array
7824 x-kubernetes-list-map-keys:
7825 - name
7826 x-kubernetes-list-type: map
7827 restartPolicy:
7828 description: |-
7829 Restart policy for all containers within the pod.
7830 One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.
7831 Default to Always.
7832 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
7833 type: string
7834 runtimeClassName:
7835 description: |-
7836 RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
7837 to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.
7838 If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an
7839 empty definition that uses the default runtime handler.
7840 More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class
7841 type: string
7842 schedulerName:
7843 description: |-
7844 If specified, the pod will be dispatched by specified scheduler.
7845 If not specified, the pod will be dispatched by default scheduler.
7846 type: string
7847 schedulingGates:
7848 description: |-
7849 SchedulingGates is an opaque list of values that if specified will block scheduling the pod.
7850 If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the
7851 scheduler will not attempt to schedule the pod.
7852
7853
7854 SchedulingGates can only be set at pod creation time, and be removed only afterwards.
7855 items:
7856 description: PodSchedulingGate is associated to
7857 a Pod to guard its scheduling.
7858 properties:
7859 name:
7860 description: |-
7861 Name of the scheduling gate.
7862 Each scheduling gate must have a unique name field.
7863 type: string
7864 required:
7865 - name
7866 type: object
7867 type: array
7868 x-kubernetes-list-map-keys:
7869 - name
7870 x-kubernetes-list-type: map
7871 securityContext:
7872 description: |-
7873 SecurityContext holds pod-level security attributes and common container settings.
7874 Optional: Defaults to empty. See type description for default values of each field.
7875 properties:
7876 appArmorProfile:
7877 description: |-
7878 appArmorProfile is the AppArmor options to use by the containers in this pod.
7879 Note that this field cannot be set when spec.os.name is windows.
7880 properties:
7881 localhostProfile:
7882 description: |-
7883 localhostProfile indicates a profile loaded on the node that should be used.
7884 The profile must be preconfigured on the node to work.
7885 Must match the loaded name of the profile.
7886 Must be set if and only if type is "Localhost".
7887 type: string
7888 type:
7889 description: |-
7890 type indicates which kind of AppArmor profile will be applied.
7891 Valid options are:
7892 Localhost - a profile pre-loaded on the node.
7893 RuntimeDefault - the container runtime's default profile.
7894 Unconfined - no AppArmor enforcement.
7895 type: string
7896 required:
7897 - type
7898 type: object
7899 fsGroup:
7900 description: |-
7901 A special supplemental group that applies to all containers in a pod.
7902 Some volume types allow the Kubelet to change the ownership of that volume
7903 to be owned by the pod:
7904
7905
7906 1. The owning GID will be the FSGroup
7907 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
7908 3. The permission bits are OR'd with rw-rw----
7909
7910
7911 If unset, the Kubelet will not modify the ownership and permissions of any volume.
7912 Note that this field cannot be set when spec.os.name is windows.
7913 format: int64
7914 type: integer
7915 fsGroupChangePolicy:
7916 description: |-
7917 fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
7918 before being exposed inside Pod. This field will only apply to
7919 volume types which support fsGroup based ownership(and permissions).
7920 It will have no effect on ephemeral volume types such as: secret, configmaps
7921 and emptydir.
7922 Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
7923 Note that this field cannot be set when spec.os.name is windows.
7924 type: string
7925 runAsGroup:
7926 description: |-
7927 The GID to run the entrypoint of the container process.
7928 Uses runtime default if unset.
7929 May also be set in SecurityContext. If set in both SecurityContext and
7930 PodSecurityContext, the value specified in SecurityContext takes precedence
7931 for that container.
7932 Note that this field cannot be set when spec.os.name is windows.
7933 format: int64
7934 type: integer
7935 runAsNonRoot:
7936 description: |-
7937 Indicates that the container must run as a non-root user.
7938 If true, the Kubelet will validate the image at runtime to ensure that it
7939 does not run as UID 0 (root) and fail to start the container if it does.
7940 If unset or false, no such validation will be performed.
7941 May also be set in SecurityContext. If set in both SecurityContext and
7942 PodSecurityContext, the value specified in SecurityContext takes precedence.
7943 type: boolean
7944 runAsUser:
7945 description: |-
7946 The UID to run the entrypoint of the container process.
7947 Defaults to user specified in image metadata if unspecified.
7948 May also be set in SecurityContext. If set in both SecurityContext and
7949 PodSecurityContext, the value specified in SecurityContext takes precedence
7950 for that container.
7951 Note that this field cannot be set when spec.os.name is windows.
7952 format: int64
7953 type: integer
7954 seLinuxOptions:
7955 description: |-
7956 The SELinux context to be applied to all containers.
7957 If unspecified, the container runtime will allocate a random SELinux context for each
7958 container. May also be set in SecurityContext. If set in
7959 both SecurityContext and PodSecurityContext, the value specified in SecurityContext
7960 takes precedence for that container.
7961 Note that this field cannot be set when spec.os.name is windows.
7962 properties:
7963 level:
7964 description: Level is SELinux level label
7965 that applies to the container.
7966 type: string
7967 role:
7968 description: Role is a SELinux role label
7969 that applies to the container.
7970 type: string
7971 type:
7972 description: Type is a SELinux type label
7973 that applies to the container.
7974 type: string
7975 user:
7976 description: User is a SELinux user label
7977 that applies to the container.
7978 type: string
7979 type: object
7980 seccompProfile:
7981 description: |-
7982 The seccomp options to use by the containers in this pod.
7983 Note that this field cannot be set when spec.os.name is windows.
7984 properties:
7985 localhostProfile:
7986 description: |-
7987 localhostProfile indicates a profile defined in a file on the node should be used.
7988 The profile must be preconfigured on the node to work.
7989 Must be a descending path, relative to the kubelet's configured seccomp profile location.
7990 Must be set if type is "Localhost". Must NOT be set for any other type.
7991 type: string
7992 type:
7993 description: |-
7994 type indicates which kind of seccomp profile will be applied.
7995 Valid options are:
7996
7997
7998 Localhost - a profile defined in a file on the node should be used.
7999 RuntimeDefault - the container runtime default profile should be used.
8000 Unconfined - no profile should be applied.
8001 type: string
8002 required:
8003 - type
8004 type: object
8005 supplementalGroups:
8006 description: |-
8007 A list of groups applied to the first process run in each container, in addition
8008 to the container's primary GID, the fsGroup (if specified), and group memberships
8009 defined in the container image for the uid of the container process. If unspecified,
8010 no additional groups are added to any container. Note that group memberships
8011 defined in the container image for the uid of the container process are still effective,
8012 even if they are not included in this list.
8013 Note that this field cannot be set when spec.os.name is windows.
8014 items:
8015 format: int64
8016 type: integer
8017 type: array
8018 x-kubernetes-list-type: atomic
8019 sysctls:
8020 description: |-
8021 Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
8022 sysctls (by the container runtime) might fail to launch.
8023 Note that this field cannot be set when spec.os.name is windows.
8024 items:
8025 description: Sysctl defines a kernel parameter
8026 to be set
8027 properties:
8028 name:
8029 description: Name of a property to set
8030 type: string
8031 value:
8032 description: Value of a property to set
8033 type: string
8034 required:
8035 - name
8036 - value
8037 type: object
8038 type: array
8039 x-kubernetes-list-type: atomic
8040 windowsOptions:
8041 description: |-
8042 The Windows specific settings applied to all containers.
8043 If unspecified, the options within a container's SecurityContext will be used.
8044 If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
8045 Note that this field cannot be set when spec.os.name is linux.
8046 properties:
8047 gmsaCredentialSpec:
8048 description: |-
8049 GMSACredentialSpec is where the GMSA admission webhook
8050 (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
8051 GMSA credential spec named by the GMSACredentialSpecName field.
8052 type: string
8053 gmsaCredentialSpecName:
8054 description: GMSACredentialSpecName is the
8055 name of the GMSA credential spec to use.
8056 type: string
8057 hostProcess:
8058 description: |-
8059 HostProcess determines if a container should be run as a 'Host Process' container.
8060 All of a Pod's containers must have the same effective HostProcess value
8061 (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
8062 In addition, if HostProcess is true then HostNetwork must also be set to true.
8063 type: boolean
8064 runAsUserName:
8065 description: |-
8066 The UserName in Windows to run the entrypoint of the container process.
8067 Defaults to the user specified in image metadata if unspecified.
8068 May also be set in PodSecurityContext. If set in both SecurityContext and
8069 PodSecurityContext, the value specified in SecurityContext takes precedence.
8070 type: string
8071 type: object
8072 type: object
8073 serviceAccount:
8074 description: |-
8075 DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.
8076 Deprecated: Use serviceAccountName instead.
8077 type: string
8078 serviceAccountName:
8079 description: |-
8080 ServiceAccountName is the name of the ServiceAccount to use to run this pod.
8081 More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
8082 type: string
8083 setHostnameAsFQDN:
8084 description: |-
8085 If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).
8086 In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).
8087 In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN.
8088 If a pod does not have FQDN, this has no effect.
8089 Default to false.
8090 type: boolean
8091 shareProcessNamespace:
8092 description: |-
8093 Share a single process namespace between all of the containers in a pod.
8094 When this is set containers will be able to view and signal processes from other containers
8095 in the same pod, and the first process in each container will not be assigned PID 1.
8096 HostPID and ShareProcessNamespace cannot both be set.
8097 Optional: Default to false.
8098 type: boolean
8099 subdomain:
8100 description: |-
8101 If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>".
8102 If not specified, the pod will not have a domainname at all.
8103 type: string
8104 terminationGracePeriodSeconds:
8105 description: |-
8106 Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.
8107 Value must be non-negative integer. The value zero indicates stop immediately via
8108 the kill signal (no opportunity to shut down).
8109 If this value is nil, the default grace period will be used instead.
8110 The grace period is the duration in seconds after the processes running in the pod are sent
8111 a termination signal and the time when the processes are forcibly halted with a kill signal.
8112 Set this value longer than the expected cleanup time for your process.
8113 Defaults to 30 seconds.
8114 format: int64
8115 type: integer
8116 tolerations:
8117 description: If specified, the pod's tolerations.
8118 items:
8119 description: |-
8120 The pod this Toleration is attached to tolerates any taint that matches
8121 the triple <key,value,effect> using the matching operator <operator>.
8122 properties:
8123 effect:
8124 description: |-
8125 Effect indicates the taint effect to match. Empty means match all taint effects.
8126 When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
8127 type: string
8128 key:
8129 description: |-
8130 Key is the taint key that the toleration applies to. Empty means match all taint keys.
8131 If the key is empty, operator must be Exists; this combination means to match all values and all keys.
8132 type: string
8133 operator:
8134 description: |-
8135 Operator represents a key's relationship to the value.
8136 Valid operators are Exists and Equal. Defaults to Equal.
8137 Exists is equivalent to wildcard for value, so that a pod can
8138 tolerate all taints of a particular category.
8139 type: string
8140 tolerationSeconds:
8141 description: |-
8142 TolerationSeconds represents the period of time the toleration (which must be
8143 of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
8144 it is not set, which means tolerate the taint forever (do not evict). Zero and
8145 negative values will be treated as 0 (evict immediately) by the system.
8146 format: int64
8147 type: integer
8148 value:
8149 description: |-
8150 Value is the taint value the toleration matches to.
8151 If the operator is Exists, the value should be empty, otherwise just a regular string.
8152 type: string
8153 type: object
8154 type: array
8155 x-kubernetes-list-type: atomic
8156 topologySpreadConstraints:
8157 description: |-
8158 TopologySpreadConstraints describes how a group of pods ought to spread across topology
8159 domains. Scheduler will schedule pods in a way which abides by the constraints.
8160 All topologySpreadConstraints are ANDed.
8161 items:
8162 description: TopologySpreadConstraint specifies
8163 how to spread matching pods among the given
8164 topology.
8165 properties:
8166 labelSelector:
8167 description: |-
8168 LabelSelector is used to find matching pods.
8169 Pods that match this label selector are counted to determine the number of pods
8170 in their corresponding topology domain.
8171 properties:
8172 matchExpressions:
8173 description: matchExpressions is a list
8174 of label selector requirements. The
8175 requirements are ANDed.
8176 items:
8177 description: |-
8178 A label selector requirement is a selector that contains values, a key, and an operator that
8179 relates the key and values.
8180 properties:
8181 key:
8182 description: key is the label key
8183 that the selector applies to.
8184 type: string
8185 operator:
8186 description: |-
8187 operator represents a key's relationship to a set of values.
8188 Valid operators are In, NotIn, Exists and DoesNotExist.
8189 type: string
8190 values:
8191 description: |-
8192 values is an array of string values. If the operator is In or NotIn,
8193 the values array must be non-empty. If the operator is Exists or DoesNotExist,
8194 the values array must be empty. This array is replaced during a strategic
8195 merge patch.
8196 items:
8197 type: string
8198 type: array
8199 x-kubernetes-list-type: atomic
8200 required:
8201 - key
8202 - operator
8203 type: object
8204 type: array
8205 x-kubernetes-list-type: atomic
8206 matchLabels:
8207 additionalProperties:
8208 type: string
8209 description: |-
8210 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
8211 map is equivalent to an element of matchExpressions, whose key field is "key", the
8212 operator is "In", and the values array contains only "value". The requirements are ANDed.
8213 type: object
8214 type: object
8215 x-kubernetes-map-type: atomic
8216 matchLabelKeys:
8217 description: |-
8218 MatchLabelKeys is a set of pod label keys to select the pods over which
8219 spreading will be calculated. The keys are used to lookup values from the
8220 incoming pod labels, those key-value labels are ANDed with labelSelector
8221 to select the group of existing pods over which spreading will be calculated
8222 for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
8223 MatchLabelKeys cannot be set when LabelSelector isn't set.
8224 Keys that don't exist in the incoming pod labels will
8225 be ignored. A null or empty list means only match against labelSelector.
8226
8227
8228 This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
8229 items:
8230 type: string
8231 type: array
8232 x-kubernetes-list-type: atomic
8233 maxSkew:
8234 description: |-
8235 MaxSkew describes the degree to which pods may be unevenly distributed.
8236 When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
8237 between the number of matching pods in the target topology and the global minimum.
8238 The global minimum is the minimum number of matching pods in an eligible domain
8239 or zero if the number of eligible domains is less than MinDomains.
8240 For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
8241 labelSelector spread as 2/2/1:
8242 In this case, the global minimum is 1.
8243 | zone1 | zone2 | zone3 |
8244 | P P | P P | P |
8245 - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;
8246 scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)
8247 violate MaxSkew(1).
8248 - if MaxSkew is 2, incoming pod can be scheduled onto any zone.
8249 When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence
8250 to topologies that satisfy it.
8251 It's a required field. Default value is 1 and 0 is not allowed.
8252 format: int32
8253 type: integer
8254 minDomains:
8255 description: |-
8256 MinDomains indicates a minimum number of eligible domains.
8257 When the number of eligible domains with matching topology keys is less than minDomains,
8258 Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
8259 And when the number of eligible domains with matching topology keys equals or greater than minDomains,
8260 this value has no effect on scheduling.
8261 As a result, when the number of eligible domains is less than minDomains,
8262 scheduler won't schedule more than maxSkew Pods to those domains.
8263 If value is nil, the constraint behaves as if MinDomains is equal to 1.
8264 Valid values are integers greater than 0.
8265 When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
8266
8267
8268 For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
8269 labelSelector spread as 2/2/2:
8270 | zone1 | zone2 | zone3 |
8271 | P P | P P | P P |
8272 The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0.
8273 In this situation, new pod with the same labelSelector cannot be scheduled,
8274 because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,
8275 it will violate MaxSkew.
8276 format: int32
8277 type: integer
8278 nodeAffinityPolicy:
8279 description: |-
8280 NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
8281 when calculating pod topology spread skew. Options are:
8282 - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
8283 - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
8284
8285
8286 If this value is nil, the behavior is equivalent to the Honor policy.
8287 This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
8288 type: string
8289 nodeTaintsPolicy:
8290 description: |-
8291 NodeTaintsPolicy indicates how we will treat node taints when calculating
8292 pod topology spread skew. Options are:
8293 - Honor: nodes without taints, along with tainted nodes for which the incoming pod
8294 has a toleration, are included.
8295 - Ignore: node taints are ignored. All nodes are included.
8296
8297
8298 If this value is nil, the behavior is equivalent to the Ignore policy.
8299 This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
8300 type: string
8301 topologyKey:
8302 description: |-
8303 TopologyKey is the key of node labels. Nodes that have a label with this key
8304 and identical values are considered to be in the same topology.
8305 We consider each <key, value> as a "bucket", and try to put balanced number
8306 of pods into each bucket.
8307 We define a domain as a particular instance of a topology.
8308 Also, we define an eligible domain as a domain whose nodes meet the requirements of
8309 nodeAffinityPolicy and nodeTaintsPolicy.
8310 e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology.
8311 And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology.
8312 It's a required field.
8313 type: string
8314 whenUnsatisfiable:
8315 description: |-
8316 WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
8317 the spread constraint.
8318 - DoNotSchedule (default) tells the scheduler not to schedule it.
8319 - ScheduleAnyway tells the scheduler to schedule the pod in any location,
8320 but giving higher precedence to topologies that would help reduce the
8321 skew.
8322 A constraint is considered "Unsatisfiable" for an incoming pod
8323 if and only if every possible node assignment for that pod would violate
8324 "MaxSkew" on some topology.
8325 For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
8326 labelSelector spread as 3/1/1:
8327 | zone1 | zone2 | zone3 |
8328 | P P P | P | P |
8329 If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled
8330 to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies
8331 MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler
8332 won't make it *more* imbalanced.
8333 It's a required field.
8334 type: string
8335 required:
8336 - maxSkew
8337 - topologyKey
8338 - whenUnsatisfiable
8339 type: object
8340 type: array
8341 x-kubernetes-list-map-keys:
8342 - topologyKey
8343 - whenUnsatisfiable
8344 x-kubernetes-list-type: map
8345 volumes:
8346 description: |-
8347 List of volumes that can be mounted by containers belonging to the pod.
8348 More info: https://kubernetes.io/docs/concepts/storage/volumes
8349 items:
8350 description: Volume represents a named volume
8351 in a pod that may be accessed by any container
8352 in the pod.
8353 properties:
8354 awsElasticBlockStore:
8355 description: |-
8356 awsElasticBlockStore represents an AWS Disk resource that is attached to a
8357 kubelet's host machine and then exposed to the pod.
8358 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
8359 properties:
8360 fsType:
8361 description: |-
8362 fsType is the filesystem type of the volume that you want to mount.
8363 Tip: Ensure that the filesystem type is supported by the host operating system.
8364 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
8365 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
8366 TODO: how do we prevent errors in the filesystem from compromising the machine
8367 type: string
8368 partition:
8369 description: |-
8370 partition is the partition in the volume that you want to mount.
8371 If omitted, the default is to mount by volume name.
8372 Examples: For volume /dev/sda1, you specify the partition as "1".
8373 Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
8374 format: int32
8375 type: integer
8376 readOnly:
8377 description: |-
8378 readOnly value true will force the readOnly setting in VolumeMounts.
8379 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
8380 type: boolean
8381 volumeID:
8382 description: |-
8383 volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
8384 More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
8385 type: string
8386 required:
8387 - volumeID
8388 type: object
8389 azureDisk:
8390 description: azureDisk represents an Azure
8391 Data Disk mount on the host and bind mount
8392 to the pod.
8393 properties:
8394 cachingMode:
8395 description: 'cachingMode is the Host
8396 Caching mode: None, Read Only, Read
8397 Write.'
8398 type: string
8399 diskName:
8400 description: diskName is the Name of the
8401 data disk in the blob storage
8402 type: string
8403 diskURI:
8404 description: diskURI is the URI of data
8405 disk in the blob storage
8406 type: string
8407 fsType:
8408 description: |-
8409 fsType is Filesystem type to mount.
8410 Must be a filesystem type supported by the host operating system.
8411 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
8412 type: string
8413 kind:
8414 description: 'kind expected values are
8415 Shared: multiple blob disks per storage
8416 account Dedicated: single blob disk
8417 per storage account Managed: azure
8418 managed data disk (only in managed availability
8419 set). defaults to shared'
8420 type: string
8421 readOnly:
8422 description: |-
8423 readOnly Defaults to false (read/write). ReadOnly here will force
8424 the ReadOnly setting in VolumeMounts.
8425 type: boolean
8426 required:
8427 - diskName
8428 - diskURI
8429 type: object
8430 azureFile:
8431 description: azureFile represents an Azure
8432 File Service mount on the host and bind
8433 mount to the pod.
8434 properties:
8435 readOnly:
8436 description: |-
8437 readOnly defaults to false (read/write). ReadOnly here will force
8438 the ReadOnly setting in VolumeMounts.
8439 type: boolean
8440 secretName:
8441 description: secretName is the name of
8442 secret that contains Azure Storage Account
8443 Name and Key
8444 type: string
8445 shareName:
8446 description: shareName is the azure share
8447 Name
8448 type: string
8449 required:
8450 - secretName
8451 - shareName
8452 type: object
8453 cephfs:
8454 description: cephFS represents a Ceph FS mount
8455 on the host that shares a pod's lifetime
8456 properties:
8457 monitors:
8458 description: |-
8459 monitors is Required: Monitors is a collection of Ceph monitors
8460 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
8461 items:
8462 type: string
8463 type: array
8464 x-kubernetes-list-type: atomic
8465 path:
8466 description: 'path is Optional: Used as
8467 the mounted root, rather than the full
8468 Ceph tree, default is /'
8469 type: string
8470 readOnly:
8471 description: |-
8472 readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
8473 the ReadOnly setting in VolumeMounts.
8474 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
8475 type: boolean
8476 secretFile:
8477 description: |-
8478 secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
8479 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
8480 type: string
8481 secretRef:
8482 description: |-
8483 secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
8484 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
8485 properties:
8486 name:
8487 default: ""
8488 description: |-
8489 Name of the referent.
8490 This field is effectively required, but due to backwards compatibility is
8491 allowed to be empty. Instances of this type with an empty value here are
8492 almost certainly wrong.
8493 TODO: Add other useful fields. apiVersion, kind, uid?
8494 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
8495 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
8496 type: string
8497 type: object
8498 x-kubernetes-map-type: atomic
8499 user:
8500 description: |-
8501 user is optional: User is the rados user name, default is admin
8502 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
8503 type: string
8504 required:
8505 - monitors
8506 type: object
8507 cinder:
8508 description: |-
8509 cinder represents a cinder volume attached and mounted on kubelets host machine.
8510 More info: https://examples.k8s.io/mysql-cinder-pd/README.md
8511 properties:
8512 fsType:
8513 description: |-
8514 fsType is the filesystem type to mount.
8515 Must be a filesystem type supported by the host operating system.
8516 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
8517 More info: https://examples.k8s.io/mysql-cinder-pd/README.md
8518 type: string
8519 readOnly:
8520 description: |-
8521 readOnly defaults to false (read/write). ReadOnly here will force
8522 the ReadOnly setting in VolumeMounts.
8523 More info: https://examples.k8s.io/mysql-cinder-pd/README.md
8524 type: boolean
8525 secretRef:
8526 description: |-
8527 secretRef is optional: points to a secret object containing parameters used to connect
8528 to OpenStack.
8529 properties:
8530 name:
8531 default: ""
8532 description: |-
8533 Name of the referent.
8534 This field is effectively required, but due to backwards compatibility is
8535 allowed to be empty. Instances of this type with an empty value here are
8536 almost certainly wrong.
8537 TODO: Add other useful fields. apiVersion, kind, uid?
8538 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
8539 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
8540 type: string
8541 type: object
8542 x-kubernetes-map-type: atomic
8543 volumeID:
8544 description: |-
8545 volumeID used to identify the volume in cinder.
8546 More info: https://examples.k8s.io/mysql-cinder-pd/README.md
8547 type: string
8548 required:
8549 - volumeID
8550 type: object
8551 configMap:
8552 description: configMap represents a configMap
8553 that should populate this volume
8554 properties:
8555 defaultMode:
8556 description: |-
8557 defaultMode is optional: mode bits used to set permissions on created files by default.
8558 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
8559 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
8560 Defaults to 0644.
8561 Directories within the path are not affected by this setting.
8562 This might be in conflict with other options that affect the file
8563 mode, like fsGroup, and the result can be other mode bits set.
8564 format: int32
8565 type: integer
8566 items:
8567 description: |-
8568 items if unspecified, each key-value pair in the Data field of the referenced
8569 ConfigMap will be projected into the volume as a file whose name is the
8570 key and content is the value. If specified, the listed keys will be
8571 projected into the specified paths, and unlisted keys will not be
8572 present. If a key is specified which is not present in the ConfigMap,
8573 the volume setup will error unless it is marked optional. Paths must be
8574 relative and may not contain the '..' path or start with '..'.
8575 items:
8576 description: Maps a string key to a
8577 path within a volume.
8578 properties:
8579 key:
8580 description: key is the key to project.
8581 type: string
8582 mode:
8583 description: |-
8584 mode is Optional: mode bits used to set permissions on this file.
8585 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
8586 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
8587 If not specified, the volume defaultMode will be used.
8588 This might be in conflict with other options that affect the file
8589 mode, like fsGroup, and the result can be other mode bits set.
8590 format: int32
8591 type: integer
8592 path:
8593 description: |-
8594 path is the relative path of the file to map the key to.
8595 May not be an absolute path.
8596 May not contain the path element '..'.
8597 May not start with the string '..'.
8598 type: string
8599 required:
8600 - key
8601 - path
8602 type: object
8603 type: array
8604 x-kubernetes-list-type: atomic
8605 name:
8606 default: ""
8607 description: |-
8608 Name of the referent.
8609 This field is effectively required, but due to backwards compatibility is
8610 allowed to be empty. Instances of this type with an empty value here are
8611 almost certainly wrong.
8612 TODO: Add other useful fields. apiVersion, kind, uid?
8613 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
8614 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
8615 type: string
8616 optional:
8617 description: optional specify whether
8618 the ConfigMap or its keys must be defined
8619 type: boolean
8620 type: object
8621 x-kubernetes-map-type: atomic
8622 csi:
8623 description: csi (Container Storage Interface)
8624 represents ephemeral storage that is handled
8625 by certain external CSI drivers (Beta feature).
8626 properties:
8627 driver:
8628 description: |-
8629 driver is the name of the CSI driver that handles this volume.
8630 Consult with your admin for the correct name as registered in the cluster.
8631 type: string
8632 fsType:
8633 description: |-
8634 fsType to mount. Ex. "ext4", "xfs", "ntfs".
8635 If not provided, the empty value is passed to the associated CSI driver
8636 which will determine the default filesystem to apply.
8637 type: string
8638 nodePublishSecretRef:
8639 description: |-
8640 nodePublishSecretRef is a reference to the secret object containing
8641 sensitive information to pass to the CSI driver to complete the CSI
8642 NodePublishVolume and NodeUnpublishVolume calls.
8643 This field is optional, and may be empty if no secret is required. If the
8644 secret object contains more than one secret, all secret references are passed.
8645 properties:
8646 name:
8647 default: ""
8648 description: |-
8649 Name of the referent.
8650 This field is effectively required, but due to backwards compatibility is
8651 allowed to be empty. Instances of this type with an empty value here are
8652 almost certainly wrong.
8653 TODO: Add other useful fields. apiVersion, kind, uid?
8654 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
8655 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
8656 type: string
8657 type: object
8658 x-kubernetes-map-type: atomic
8659 readOnly:
8660 description: |-
8661 readOnly specifies a read-only configuration for the volume.
8662 Defaults to false (read/write).
8663 type: boolean
8664 volumeAttributes:
8665 additionalProperties:
8666 type: string
8667 description: |-
8668 volumeAttributes stores driver-specific properties that are passed to the CSI
8669 driver. Consult your driver's documentation for supported values.
8670 type: object
8671 required:
8672 - driver
8673 type: object
8674 downwardAPI:
8675 description: downwardAPI represents downward
8676 API about the pod that should populate this
8677 volume
8678 properties:
8679 defaultMode:
8680 description: |-
8681 Optional: mode bits to use on created files by default. Must be a
8682 Optional: mode bits used to set permissions on created files by default.
8683 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
8684 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
8685 Defaults to 0644.
8686 Directories within the path are not affected by this setting.
8687 This might be in conflict with other options that affect the file
8688 mode, like fsGroup, and the result can be other mode bits set.
8689 format: int32
8690 type: integer
8691 items:
8692 description: Items is a list of downward
8693 API volume file
8694 items:
8695 description: DownwardAPIVolumeFile represents
8696 information to create the file containing
8697 the pod field
8698 properties:
8699 fieldRef:
8700 description: 'Required: Selects
8701 a field of the pod: only annotations,
8702 labels, name, namespace and uid
8703 are supported.'
8704 properties:
8705 apiVersion:
8706 description: Version of the
8707 schema the FieldPath is written
8708 in terms of, defaults to "v1".
8709 type: string
8710 fieldPath:
8711 description: Path of the field
8712 to select in the specified
8713 API version.
8714 type: string
8715 required:
8716 - fieldPath
8717 type: object
8718 x-kubernetes-map-type: atomic
8719 mode:
8720 description: |-
8721 Optional: mode bits used to set permissions on this file, must be an octal value
8722 between 0000 and 0777 or a decimal value between 0 and 511.
8723 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
8724 If not specified, the volume defaultMode will be used.
8725 This might be in conflict with other options that affect the file
8726 mode, like fsGroup, and the result can be other mode bits set.
8727 format: int32
8728 type: integer
8729 path:
8730 description: 'Required: Path is the
8731 relative path name of the file
8732 to be created. Must not be absolute
8733 or contain the ''..'' path. Must
8734 be utf-8 encoded. The first item
8735 of the relative path must not
8736 start with ''..'''
8737 type: string
8738 resourceFieldRef:
8739 description: |-
8740 Selects a resource of the container: only resources limits and requests
8741 (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
8742 properties:
8743 containerName:
8744 description: 'Container name:
8745 required for volumes, optional
8746 for env vars'
8747 type: string
8748 divisor:
8749 anyOf:
8750 - type: integer
8751 - type: string
8752 description: Specifies the output
8753 format of the exposed resources,
8754 defaults to "1"
8755 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
8756 x-kubernetes-int-or-string: true
8757 resource:
8758 description: 'Required: resource
8759 to select'
8760 type: string
8761 required:
8762 - resource
8763 type: object
8764 x-kubernetes-map-type: atomic
8765 required:
8766 - path
8767 type: object
8768 type: array
8769 x-kubernetes-list-type: atomic
8770 type: object
8771 emptyDir:
8772 description: |-
8773 emptyDir represents a temporary directory that shares a pod's lifetime.
8774 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
8775 properties:
8776 medium:
8777 description: |-
8778 medium represents what type of storage medium should back this directory.
8779 The default is "" which means to use the node's default medium.
8780 Must be an empty string (default) or Memory.
8781 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
8782 type: string
8783 sizeLimit:
8784 anyOf:
8785 - type: integer
8786 - type: string
8787 description: |-
8788 sizeLimit is the total amount of local storage required for this EmptyDir volume.
8789 The size limit is also applicable for memory medium.
8790 The maximum usage on memory medium EmptyDir would be the minimum value between
8791 the SizeLimit specified here and the sum of memory limits of all containers in a pod.
8792 The default is nil which means that the limit is undefined.
8793 More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
8794 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
8795 x-kubernetes-int-or-string: true
8796 type: object
8797 ephemeral:
8798 description: |-
8799 ephemeral represents a volume that is handled by a cluster storage driver.
8800 The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
8801 and deleted when the pod is removed.
8802
8803
8804 Use this if:
8805 a) the volume is only needed while the pod runs,
8806 b) features of normal volumes like restoring from snapshot or capacity
8807 tracking are needed,
8808 c) the storage driver is specified through a storage class, and
8809 d) the storage driver supports dynamic volume provisioning through
8810 a PersistentVolumeClaim (see EphemeralVolumeSource for more
8811 information on the connection between this volume type
8812 and PersistentVolumeClaim).
8813
8814
8815 Use PersistentVolumeClaim or one of the vendor-specific
8816 APIs for volumes that persist for longer than the lifecycle
8817 of an individual pod.
8818
8819
8820 Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
8821 be used that way - see the documentation of the driver for
8822 more information.
8823
8824
8825 A pod can use both types of ephemeral volumes and
8826 persistent volumes at the same time.
8827 properties:
8828 volumeClaimTemplate:
8829 description: |-
8830 Will be used to create a stand-alone PVC to provision the volume.
8831 The pod in which this EphemeralVolumeSource is embedded will be the
8832 owner of the PVC, i.e. the PVC will be deleted together with the
8833 pod. The name of the PVC will be `<pod name>-<volume name>` where
8834 `<volume name>` is the name from the `PodSpec.Volumes` array
8835 entry. Pod validation will reject the pod if the concatenated name
8836 is not valid for a PVC (for example, too long).
8837
8838
8839 An existing PVC with that name that is not owned by the pod
8840 will *not* be used for the pod to avoid using an unrelated
8841 volume by mistake. Starting the pod is then blocked until
8842 the unrelated PVC is removed. If such a pre-created PVC is
8843 meant to be used by the pod, the PVC has to updated with an
8844 owner reference to the pod once the pod exists. Normally
8845 this should not be necessary, but it may be useful when
8846 manually reconstructing a broken cluster.
8847
8848
8849 This field is read-only and no changes will be made by Kubernetes
8850 to the PVC after it has been created.
8851
8852
8853 Required, must not be nil.
8854 properties:
8855 metadata:
8856 description: |-
8857 May contain labels and annotations that will be copied into the PVC
8858 when creating it. No other fields are allowed and will be rejected during
8859 validation.
8860 properties:
8861 annotations:
8862 additionalProperties:
8863 type: string
8864 type: object
8865 finalizers:
8866 items:
8867 type: string
8868 type: array
8869 labels:
8870 additionalProperties:
8871 type: string
8872 type: object
8873 name:
8874 type: string
8875 namespace:
8876 type: string
8877 type: object
8878 spec:
8879 description: |-
8880 The specification for the PersistentVolumeClaim. The entire content is
8881 copied unchanged into the PVC that gets created from this
8882 template. The same fields as in a PersistentVolumeClaim
8883 are also valid here.
8884 properties:
8885 accessModes:
8886 description: |-
8887 accessModes contains the desired access modes the volume should have.
8888 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
8889 items:
8890 type: string
8891 type: array
8892 x-kubernetes-list-type: atomic
8893 dataSource:
8894 description: |-
8895 dataSource field can be used to specify either:
8896 * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
8897 * An existing PVC (PersistentVolumeClaim)
8898 If the provisioner or an external controller can support the specified data source,
8899 it will create a new volume based on the contents of the specified data source.
8900 When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
8901 and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
8902 If the namespace is specified, then dataSourceRef will not be copied to dataSource.
8903 properties:
8904 apiGroup:
8905 description: |-
8906 APIGroup is the group for the resource being referenced.
8907 If APIGroup is not specified, the specified Kind must be in the core API group.
8908 For any other third-party types, APIGroup is required.
8909 type: string
8910 kind:
8911 description: Kind is the type
8912 of resource being referenced
8913 type: string
8914 name:
8915 description: Name is the name
8916 of resource being referenced
8917 type: string
8918 required:
8919 - kind
8920 - name
8921 type: object
8922 x-kubernetes-map-type: atomic
8923 dataSourceRef:
8924 description: |-
8925 dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
8926 volume is desired. This may be any object from a non-empty API group (non
8927 core object) or a PersistentVolumeClaim object.
8928 When this field is specified, volume binding will only succeed if the type of
8929 the specified object matches some installed volume populator or dynamic
8930 provisioner.
8931 This field will replace the functionality of the dataSource field and as such
8932 if both fields are non-empty, they must have the same value. For backwards
8933 compatibility, when namespace isn't specified in dataSourceRef,
8934 both fields (dataSource and dataSourceRef) will be set to the same
8935 value automatically if one of them is empty and the other is non-empty.
8936 When namespace is specified in dataSourceRef,
8937 dataSource isn't set to the same value and must be empty.
8938 There are three important differences between dataSource and dataSourceRef:
8939 * While dataSource only allows two specific types of objects, dataSourceRef
8940 allows any non-core object, as well as PersistentVolumeClaim objects.
8941 * While dataSource ignores disallowed values (dropping them), dataSourceRef
8942 preserves all values, and generates an error if a disallowed value is
8943 specified.
8944 * While dataSource only allows local objects, dataSourceRef allows objects
8945 in any namespaces.
8946 (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
8947 (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
8948 properties:
8949 apiGroup:
8950 description: |-
8951 APIGroup is the group for the resource being referenced.
8952 If APIGroup is not specified, the specified Kind must be in the core API group.
8953 For any other third-party types, APIGroup is required.
8954 type: string
8955 kind:
8956 description: Kind is the type
8957 of resource being referenced
8958 type: string
8959 name:
8960 description: Name is the name
8961 of resource being referenced
8962 type: string
8963 namespace:
8964 description: |-
8965 Namespace is the namespace of resource being referenced
8966 Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
8967 (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
8968 type: string
8969 required:
8970 - kind
8971 - name
8972 type: object
8973 resources:
8974 description: |-
8975 resources represents the minimum resources the volume should have.
8976 If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
8977 that are lower than previous value but must still be higher than capacity recorded in the
8978 status field of the claim.
8979 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
8980 properties:
8981 limits:
8982 additionalProperties:
8983 anyOf:
8984 - type: integer
8985 - type: string
8986 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
8987 x-kubernetes-int-or-string: true
8988 description: |-
8989 Limits describes the maximum amount of compute resources allowed.
8990 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
8991 type: object
8992 requests:
8993 additionalProperties:
8994 anyOf:
8995 - type: integer
8996 - type: string
8997 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
8998 x-kubernetes-int-or-string: true
8999 description: |-
9000 Requests describes the minimum amount of compute resources required.
9001 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
9002 otherwise to an implementation-defined value. Requests cannot exceed Limits.
9003 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
9004 type: object
9005 type: object
9006 selector:
9007 description: selector is a label
9008 query over volumes to consider
9009 for binding.
9010 properties:
9011 matchExpressions:
9012 description: matchExpressions
9013 is a list of label selector
9014 requirements. The requirements
9015 are ANDed.
9016 items:
9017 description: |-
9018 A label selector requirement is a selector that contains values, a key, and an operator that
9019 relates the key and values.
9020 properties:
9021 key:
9022 description: key is
9023 the label key that
9024 the selector applies
9025 to.
9026 type: string
9027 operator:
9028 description: |-
9029 operator represents a key's relationship to a set of values.
9030 Valid operators are In, NotIn, Exists and DoesNotExist.
9031 type: string
9032 values:
9033 description: |-
9034 values is an array of string values. If the operator is In or NotIn,
9035 the values array must be non-empty. If the operator is Exists or DoesNotExist,
9036 the values array must be empty. This array is replaced during a strategic
9037 merge patch.
9038 items:
9039 type: string
9040 type: array
9041 x-kubernetes-list-type: atomic
9042 required:
9043 - key
9044 - operator
9045 type: object
9046 type: array
9047 x-kubernetes-list-type: atomic
9048 matchLabels:
9049 additionalProperties:
9050 type: string
9051 description: |-
9052 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
9053 map is equivalent to an element of matchExpressions, whose key field is "key", the
9054 operator is "In", and the values array contains only "value". The requirements are ANDed.
9055 type: object
9056 type: object
9057 x-kubernetes-map-type: atomic
9058 storageClassName:
9059 description: |-
9060 storageClassName is the name of the StorageClass required by the claim.
9061 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
9062 type: string
9063 volumeAttributesClassName:
9064 description: |-
9065 volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
9066 If specified, the CSI driver will create or update the volume with the attributes defined
9067 in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
9068 it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
9069 will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
9070 If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
9071 will be set by the persistentvolume controller if it exists.
9072 If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
9073 set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
9074 exists.
9075 More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
9076 (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
9077 type: string
9078 volumeMode:
9079 description: |-
9080 volumeMode defines what type of volume is required by the claim.
9081 Value of Filesystem is implied when not included in claim spec.
9082 type: string
9083 volumeName:
9084 description: volumeName is the
9085 binding reference to the PersistentVolume
9086 backing this claim.
9087 type: string
9088 type: object
9089 required:
9090 - spec
9091 type: object
9092 type: object
9093 fc:
9094 description: fc represents a Fibre Channel
9095 resource that is attached to a kubelet's
9096 host machine and then exposed to the pod.
9097 properties:
9098 fsType:
9099 description: |-
9100 fsType is the filesystem type to mount.
9101 Must be a filesystem type supported by the host operating system.
9102 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
9103 TODO: how do we prevent errors in the filesystem from compromising the machine
9104 type: string
9105 lun:
9106 description: 'lun is Optional: FC target
9107 lun number'
9108 format: int32
9109 type: integer
9110 readOnly:
9111 description: |-
9112 readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
9113 the ReadOnly setting in VolumeMounts.
9114 type: boolean
9115 targetWWNs:
9116 description: 'targetWWNs is Optional:
9117 FC target worldwide names (WWNs)'
9118 items:
9119 type: string
9120 type: array
9121 x-kubernetes-list-type: atomic
9122 wwids:
9123 description: |-
9124 wwids Optional: FC volume world wide identifiers (wwids)
9125 Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
9126 items:
9127 type: string
9128 type: array
9129 x-kubernetes-list-type: atomic
9130 type: object
9131 flexVolume:
9132 description: |-
9133 flexVolume represents a generic volume resource that is
9134 provisioned/attached using an exec based plugin.
9135 properties:
9136 driver:
9137 description: driver is the name of the
9138 driver to use for this volume.
9139 type: string
9140 fsType:
9141 description: |-
9142 fsType is the filesystem type to mount.
9143 Must be a filesystem type supported by the host operating system.
9144 Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
9145 type: string
9146 options:
9147 additionalProperties:
9148 type: string
9149 description: 'options is Optional: this
9150 field holds extra command options if
9151 any.'
9152 type: object
9153 readOnly:
9154 description: |-
9155 readOnly is Optional: defaults to false (read/write). ReadOnly here will force
9156 the ReadOnly setting in VolumeMounts.
9157 type: boolean
9158 secretRef:
9159 description: |-
9160 secretRef is Optional: secretRef is reference to the secret object containing
9161 sensitive information to pass to the plugin scripts. This may be
9162 empty if no secret object is specified. If the secret object
9163 contains more than one secret, all secrets are passed to the plugin
9164 scripts.
9165 properties:
9166 name:
9167 default: ""
9168 description: |-
9169 Name of the referent.
9170 This field is effectively required, but due to backwards compatibility is
9171 allowed to be empty. Instances of this type with an empty value here are
9172 almost certainly wrong.
9173 TODO: Add other useful fields. apiVersion, kind, uid?
9174 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
9175 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
9176 type: string
9177 type: object
9178 x-kubernetes-map-type: atomic
9179 required:
9180 - driver
9181 type: object
9182 flocker:
9183 description: flocker represents a Flocker
9184 volume attached to a kubelet's host machine.
9185 This depends on the Flocker control service
9186 being running
9187 properties:
9188 datasetName:
9189 description: |-
9190 datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
9191 should be considered as deprecated
9192 type: string
9193 datasetUUID:
9194 description: datasetUUID is the UUID of
9195 the dataset. This is unique identifier
9196 of a Flocker dataset
9197 type: string
9198 type: object
9199 gcePersistentDisk:
9200 description: |-
9201 gcePersistentDisk represents a GCE Disk resource that is attached to a
9202 kubelet's host machine and then exposed to the pod.
9203 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
9204 properties:
9205 fsType:
9206 description: |-
9207 fsType is filesystem type of the volume that you want to mount.
9208 Tip: Ensure that the filesystem type is supported by the host operating system.
9209 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
9210 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
9211 TODO: how do we prevent errors in the filesystem from compromising the machine
9212 type: string
9213 partition:
9214 description: |-
9215 partition is the partition in the volume that you want to mount.
9216 If omitted, the default is to mount by volume name.
9217 Examples: For volume /dev/sda1, you specify the partition as "1".
9218 Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
9219 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
9220 format: int32
9221 type: integer
9222 pdName:
9223 description: |-
9224 pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
9225 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
9226 type: string
9227 readOnly:
9228 description: |-
9229 readOnly here will force the ReadOnly setting in VolumeMounts.
9230 Defaults to false.
9231 More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
9232 type: boolean
9233 required:
9234 - pdName
9235 type: object
9236 gitRepo:
9237 description: |-
9238 gitRepo represents a git repository at a particular revision.
9239 DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
9240 EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
9241 into the Pod's container.
9242 properties:
9243 directory:
9244 description: |-
9245 directory is the target directory name.
9246 Must not contain or start with '..'. If '.' is supplied, the volume directory will be the
9247 git repository. Otherwise, if specified, the volume will contain the git repository in
9248 the subdirectory with the given name.
9249 type: string
9250 repository:
9251 description: repository is the URL
9252 type: string
9253 revision:
9254 description: revision is the commit hash
9255 for the specified revision.
9256 type: string
9257 required:
9258 - repository
9259 type: object
9260 glusterfs:
9261 description: |-
9262 glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
9263 More info: https://examples.k8s.io/volumes/glusterfs/README.md
9264 properties:
9265 endpoints:
9266 description: |-
9267 endpoints is the endpoint name that details Glusterfs topology.
9268 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
9269 type: string
9270 path:
9271 description: |-
9272 path is the Glusterfs volume path.
9273 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
9274 type: string
9275 readOnly:
9276 description: |-
9277 readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
9278 Defaults to false.
9279 More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
9280 type: boolean
9281 required:
9282 - endpoints
9283 - path
9284 type: object
9285 hostPath:
9286 description: |-
9287 hostPath represents a pre-existing file or directory on the host
9288 machine that is directly exposed to the container. This is generally
9289 used for system agents or other privileged things that are allowed
9290 to see the host machine. Most containers will NOT need this.
9291 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
9292 ---
9293 TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
9294 mount host directories as read/write.
9295 properties:
9296 path:
9297 description: |-
9298 path of the directory on the host.
9299 If the path is a symlink, it will follow the link to the real path.
9300 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
9301 type: string
9302 type:
9303 description: |-
9304 type for HostPath Volume
9305 Defaults to ""
9306 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
9307 type: string
9308 required:
9309 - path
9310 type: object
9311 iscsi:
9312 description: |-
9313 iscsi represents an ISCSI Disk resource that is attached to a
9314 kubelet's host machine and then exposed to the pod.
9315 More info: https://examples.k8s.io/volumes/iscsi/README.md
9316 properties:
9317 chapAuthDiscovery:
9318 description: chapAuthDiscovery defines
9319 whether support iSCSI Discovery CHAP
9320 authentication
9321 type: boolean
9322 chapAuthSession:
9323 description: chapAuthSession defines whether
9324 support iSCSI Session CHAP authentication
9325 type: boolean
9326 fsType:
9327 description: |-
9328 fsType is the filesystem type of the volume that you want to mount.
9329 Tip: Ensure that the filesystem type is supported by the host operating system.
9330 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
9331 More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
9332 TODO: how do we prevent errors in the filesystem from compromising the machine
9333 type: string
9334 initiatorName:
9335 description: |-
9336 initiatorName is the custom iSCSI Initiator Name.
9337 If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
9338 <target portal>:<volume name> will be created for the connection.
9339 type: string
9340 iqn:
9341 description: iqn is the target iSCSI Qualified
9342 Name.
9343 type: string
9344 iscsiInterface:
9345 description: |-
9346 iscsiInterface is the interface Name that uses an iSCSI transport.
9347 Defaults to 'default' (tcp).
9348 type: string
9349 lun:
9350 description: lun represents iSCSI Target
9351 Lun number.
9352 format: int32
9353 type: integer
9354 portals:
9355 description: |-
9356 portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
9357 is other than default (typically TCP ports 860 and 3260).
9358 items:
9359 type: string
9360 type: array
9361 x-kubernetes-list-type: atomic
9362 readOnly:
9363 description: |-
9364 readOnly here will force the ReadOnly setting in VolumeMounts.
9365 Defaults to false.
9366 type: boolean
9367 secretRef:
9368 description: secretRef is the CHAP Secret
9369 for iSCSI target and initiator authentication
9370 properties:
9371 name:
9372 default: ""
9373 description: |-
9374 Name of the referent.
9375 This field is effectively required, but due to backwards compatibility is
9376 allowed to be empty. Instances of this type with an empty value here are
9377 almost certainly wrong.
9378 TODO: Add other useful fields. apiVersion, kind, uid?
9379 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
9380 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
9381 type: string
9382 type: object
9383 x-kubernetes-map-type: atomic
9384 targetPortal:
9385 description: |-
9386 targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
9387 is other than default (typically TCP ports 860 and 3260).
9388 type: string
9389 required:
9390 - iqn
9391 - lun
9392 - targetPortal
9393 type: object
9394 name:
9395 description: |-
9396 name of the volume.
9397 Must be a DNS_LABEL and unique within the pod.
9398 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
9399 type: string
9400 nfs:
9401 description: |-
9402 nfs represents an NFS mount on the host that shares a pod's lifetime
9403 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
9404 properties:
9405 path:
9406 description: |-
9407 path that is exported by the NFS server.
9408 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
9409 type: string
9410 readOnly:
9411 description: |-
9412 readOnly here will force the NFS export to be mounted with read-only permissions.
9413 Defaults to false.
9414 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
9415 type: boolean
9416 server:
9417 description: |-
9418 server is the hostname or IP address of the NFS server.
9419 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
9420 type: string
9421 required:
9422 - path
9423 - server
9424 type: object
9425 persistentVolumeClaim:
9426 description: |-
9427 persistentVolumeClaimVolumeSource represents a reference to a
9428 PersistentVolumeClaim in the same namespace.
9429 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
9430 properties:
9431 claimName:
9432 description: |-
9433 claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
9434 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
9435 type: string
9436 readOnly:
9437 description: |-
9438 readOnly Will force the ReadOnly setting in VolumeMounts.
9439 Default false.
9440 type: boolean
9441 required:
9442 - claimName
9443 type: object
9444 photonPersistentDisk:
9445 description: photonPersistentDisk represents
9446 a PhotonController persistent disk attached
9447 and mounted on kubelets host machine
9448 properties:
9449 fsType:
9450 description: |-
9451 fsType is the filesystem type to mount.
9452 Must be a filesystem type supported by the host operating system.
9453 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
9454 type: string
9455 pdID:
9456 description: pdID is the ID that identifies
9457 Photon Controller persistent disk
9458 type: string
9459 required:
9460 - pdID
9461 type: object
9462 portworxVolume:
9463 description: portworxVolume represents a portworx
9464 volume attached and mounted on kubelets
9465 host machine
9466 properties:
9467 fsType:
9468 description: |-
9469 fSType represents the filesystem type to mount
9470 Must be a filesystem type supported by the host operating system.
9471 Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
9472 type: string
9473 readOnly:
9474 description: |-
9475 readOnly defaults to false (read/write). ReadOnly here will force
9476 the ReadOnly setting in VolumeMounts.
9477 type: boolean
9478 volumeID:
9479 description: volumeID uniquely identifies
9480 a Portworx volume
9481 type: string
9482 required:
9483 - volumeID
9484 type: object
9485 projected:
9486 description: projected items for all in one
9487 resources secrets, configmaps, and downward
9488 API
9489 properties:
9490 defaultMode:
9491 description: |-
9492 defaultMode are the mode bits used to set permissions on created files by default.
9493 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
9494 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
9495 Directories within the path are not affected by this setting.
9496 This might be in conflict with other options that affect the file
9497 mode, like fsGroup, and the result can be other mode bits set.
9498 format: int32
9499 type: integer
9500 sources:
9501 description: sources is the list of volume
9502 projections
9503 items:
9504 description: Projection that may be
9505 projected along with other supported
9506 volume types
9507 properties:
9508 clusterTrustBundle:
9509 description: |-
9510 ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
9511 of ClusterTrustBundle objects in an auto-updating file.
9512
9513
9514 Alpha, gated by the ClusterTrustBundleProjection feature gate.
9515
9516
9517 ClusterTrustBundle objects can either be selected by name, or by the
9518 combination of signer name and a label selector.
9519
9520
9521 Kubelet performs aggressive normalization of the PEM contents written
9522 into the pod filesystem. Esoteric PEM features such as inter-block
9523 comments and block headers are stripped. Certificates are deduplicated.
9524 The ordering of certificates within the file is arbitrary, and Kubelet
9525 may change the order over time.
9526 properties:
9527 labelSelector:
9528 description: |-
9529 Select all ClusterTrustBundles that match this label selector. Only has
9530 effect if signerName is set. Mutually-exclusive with name. If unset,
9531 interpreted as "match nothing". If set but empty, interpreted as "match
9532 everything".
9533 properties:
9534 matchExpressions:
9535 description: matchExpressions
9536 is a list of label selector
9537 requirements. The requirements
9538 are ANDed.
9539 items:
9540 description: |-
9541 A label selector requirement is a selector that contains values, a key, and an operator that
9542 relates the key and values.
9543 properties:
9544 key:
9545 description: key is
9546 the label key that
9547 the selector applies
9548 to.
9549 type: string
9550 operator:
9551 description: |-
9552 operator represents a key's relationship to a set of values.
9553 Valid operators are In, NotIn, Exists and DoesNotExist.
9554 type: string
9555 values:
9556 description: |-
9557 values is an array of string values. If the operator is In or NotIn,
9558 the values array must be non-empty. If the operator is Exists or DoesNotExist,
9559 the values array must be empty. This array is replaced during a strategic
9560 merge patch.
9561 items:
9562 type: string
9563 type: array
9564 x-kubernetes-list-type: atomic
9565 required:
9566 - key
9567 - operator
9568 type: object
9569 type: array
9570 x-kubernetes-list-type: atomic
9571 matchLabels:
9572 additionalProperties:
9573 type: string
9574 description: |-
9575 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
9576 map is equivalent to an element of matchExpressions, whose key field is "key", the
9577 operator is "In", and the values array contains only "value". The requirements are ANDed.
9578 type: object
9579 type: object
9580 x-kubernetes-map-type: atomic
9581 name:
9582 description: |-
9583 Select a single ClusterTrustBundle by object name. Mutually-exclusive
9584 with signerName and labelSelector.
9585 type: string
9586 optional:
9587 description: |-
9588 If true, don't block pod startup if the referenced ClusterTrustBundle(s)
9589 aren't available. If using name, then the named ClusterTrustBundle is
9590 allowed not to exist. If using signerName, then the combination of
9591 signerName and labelSelector is allowed to match zero
9592 ClusterTrustBundles.
9593 type: boolean
9594 path:
9595 description: Relative path from
9596 the volume root to write the
9597 bundle.
9598 type: string
9599 signerName:
9600 description: |-
9601 Select all ClusterTrustBundles that match this signer name.
9602 Mutually-exclusive with name. The contents of all selected
9603 ClusterTrustBundles will be unified and deduplicated.
9604 type: string
9605 required:
9606 - path
9607 type: object
9608 configMap:
9609 description: configMap information
9610 about the configMap data to project
9611 properties:
9612 items:
9613 description: |-
9614 items if unspecified, each key-value pair in the Data field of the referenced
9615 ConfigMap will be projected into the volume as a file whose name is the
9616 key and content is the value. If specified, the listed keys will be
9617 projected into the specified paths, and unlisted keys will not be
9618 present. If a key is specified which is not present in the ConfigMap,
9619 the volume setup will error unless it is marked optional. Paths must be
9620 relative and may not contain the '..' path or start with '..'.
9621 items:
9622 description: Maps a string
9623 key to a path within a volume.
9624 properties:
9625 key:
9626 description: key is the
9627 key to project.
9628 type: string
9629 mode:
9630 description: |-
9631 mode is Optional: mode bits used to set permissions on this file.
9632 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
9633 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
9634 If not specified, the volume defaultMode will be used.
9635 This might be in conflict with other options that affect the file
9636 mode, like fsGroup, and the result can be other mode bits set.
9637 format: int32
9638 type: integer
9639 path:
9640 description: |-
9641 path is the relative path of the file to map the key to.
9642 May not be an absolute path.
9643 May not contain the path element '..'.
9644 May not start with the string '..'.
9645 type: string
9646 required:
9647 - key
9648 - path
9649 type: object
9650 type: array
9651 x-kubernetes-list-type: atomic
9652 name:
9653 default: ""
9654 description: |-
9655 Name of the referent.
9656 This field is effectively required, but due to backwards compatibility is
9657 allowed to be empty. Instances of this type with an empty value here are
9658 almost certainly wrong.
9659 TODO: Add other useful fields. apiVersion, kind, uid?
9660 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
9661 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
9662 type: string
9663 optional:
9664 description: optional specify
9665 whether the ConfigMap or its
9666 keys must be defined
9667 type: boolean
9668 type: object
9669 x-kubernetes-map-type: atomic
9670 downwardAPI:
9671 description: downwardAPI information
9672 about the downwardAPI data to
9673 project
9674 properties:
9675 items:
9676 description: Items is a list
9677 of DownwardAPIVolume file
9678 items:
9679 description: DownwardAPIVolumeFile
9680 represents information to
9681 create the file containing
9682 the pod field
9683 properties:
9684 fieldRef:
9685 description: 'Required:
9686 Selects a field of the
9687 pod: only annotations,
9688 labels, name, namespace
9689 and uid are supported.'
9690 properties:
9691 apiVersion:
9692 description: Version
9693 of the schema the
9694 FieldPath is written
9695 in terms of, defaults
9696 to "v1".
9697 type: string
9698 fieldPath:
9699 description: Path
9700 of the field to
9701 select in the specified
9702 API version.
9703 type: string
9704 required:
9705 - fieldPath
9706 type: object
9707 x-kubernetes-map-type: atomic
9708 mode:
9709 description: |-
9710 Optional: mode bits used to set permissions on this file, must be an octal value
9711 between 0000 and 0777 or a decimal value between 0 and 511.
9712 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
9713 If not specified, the volume defaultMode will be used.
9714 This might be in conflict with other options that affect the file
9715 mode, like fsGroup, and the result can be other mode bits set.
9716 format: int32
9717 type: integer
9718 path:
9719 description: 'Required:
9720 Path is the relative
9721 path name of the file
9722 to be created. Must
9723 not be absolute or contain
9724 the ''..'' path. Must
9725 be utf-8 encoded. The
9726 first item of the relative
9727 path must not start
9728 with ''..'''
9729 type: string
9730 resourceFieldRef:
9731 description: |-
9732 Selects a resource of the container: only resources limits and requests
9733 (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
9734 properties:
9735 containerName:
9736 description: 'Container
9737 name: required for
9738 volumes, optional
9739 for env vars'
9740 type: string
9741 divisor:
9742 anyOf:
9743 - type: integer
9744 - type: string
9745 description: Specifies
9746 the output format
9747 of the exposed resources,
9748 defaults to "1"
9749 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
9750 x-kubernetes-int-or-string: true
9751 resource:
9752 description: 'Required:
9753 resource to select'
9754 type: string
9755 required:
9756 - resource
9757 type: object
9758 x-kubernetes-map-type: atomic
9759 required:
9760 - path
9761 type: object
9762 type: array
9763 x-kubernetes-list-type: atomic
9764 type: object
9765 secret:
9766 description: secret information
9767 about the secret data to project
9768 properties:
9769 items:
9770 description: |-
9771 items if unspecified, each key-value pair in the Data field of the referenced
9772 Secret will be projected into the volume as a file whose name is the
9773 key and content is the value. If specified, the listed keys will be
9774 projected into the specified paths, and unlisted keys will not be
9775 present. If a key is specified which is not present in the Secret,
9776 the volume setup will error unless it is marked optional. Paths must be
9777 relative and may not contain the '..' path or start with '..'.
9778 items:
9779 description: Maps a string
9780 key to a path within a volume.
9781 properties:
9782 key:
9783 description: key is the
9784 key to project.
9785 type: string
9786 mode:
9787 description: |-
9788 mode is Optional: mode bits used to set permissions on this file.
9789 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
9790 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
9791 If not specified, the volume defaultMode will be used.
9792 This might be in conflict with other options that affect the file
9793 mode, like fsGroup, and the result can be other mode bits set.
9794 format: int32
9795 type: integer
9796 path:
9797 description: |-
9798 path is the relative path of the file to map the key to.
9799 May not be an absolute path.
9800 May not contain the path element '..'.
9801 May not start with the string '..'.
9802 type: string
9803 required:
9804 - key
9805 - path
9806 type: object
9807 type: array
9808 x-kubernetes-list-type: atomic
9809 name:
9810 default: ""
9811 description: |-
9812 Name of the referent.
9813 This field is effectively required, but due to backwards compatibility is
9814 allowed to be empty. Instances of this type with an empty value here are
9815 almost certainly wrong.
9816 TODO: Add other useful fields. apiVersion, kind, uid?
9817 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
9818 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
9819 type: string
9820 optional:
9821 description: optional field
9822 specify whether the Secret
9823 or its key must be defined
9824 type: boolean
9825 type: object
9826 x-kubernetes-map-type: atomic
9827 serviceAccountToken:
9828 description: serviceAccountToken
9829 is information about the serviceAccountToken
9830 data to project
9831 properties:
9832 audience:
9833 description: |-
9834 audience is the intended audience of the token. A recipient of a token
9835 must identify itself with an identifier specified in the audience of the
9836 token, and otherwise should reject the token. The audience defaults to the
9837 identifier of the apiserver.
9838 type: string
9839 expirationSeconds:
9840 description: |-
9841 expirationSeconds is the requested duration of validity of the service
9842 account token. As the token approaches expiration, the kubelet volume
9843 plugin will proactively rotate the service account token. The kubelet will
9844 start trying to rotate the token if the token is older than 80 percent of
9845 its time to live or if the token is older than 24 hours.Defaults to 1 hour
9846 and must be at least 10 minutes.
9847 format: int64
9848 type: integer
9849 path:
9850 description: |-
9851 path is the path relative to the mount point of the file to project the
9852 token into.
9853 type: string
9854 required:
9855 - path
9856 type: object
9857 type: object
9858 type: array
9859 x-kubernetes-list-type: atomic
9860 type: object
9861 quobyte:
9862 description: quobyte represents a Quobyte
9863 mount on the host that shares a pod's lifetime
9864 properties:
9865 group:
9866 description: |-
9867 group to map volume access to
9868 Default is no group
9869 type: string
9870 readOnly:
9871 description: |-
9872 readOnly here will force the Quobyte volume to be mounted with read-only permissions.
9873 Defaults to false.
9874 type: boolean
9875 registry:
9876 description: |-
9877 registry represents a single or multiple Quobyte Registry services
9878 specified as a string as host:port pair (multiple entries are separated with commas)
9879 which acts as the central registry for volumes
9880 type: string
9881 tenant:
9882 description: |-
9883 tenant owning the given Quobyte volume in the Backend
9884 Used with dynamically provisioned Quobyte volumes, value is set by the plugin
9885 type: string
9886 user:
9887 description: |-
9888 user to map volume access to
9889 Defaults to serivceaccount user
9890 type: string
9891 volume:
9892 description: volume is a string that references
9893 an already created Quobyte volume by
9894 name.
9895 type: string
9896 required:
9897 - registry
9898 - volume
9899 type: object
9900 rbd:
9901 description: |-
9902 rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
9903 More info: https://examples.k8s.io/volumes/rbd/README.md
9904 properties:
9905 fsType:
9906 description: |-
9907 fsType is the filesystem type of the volume that you want to mount.
9908 Tip: Ensure that the filesystem type is supported by the host operating system.
9909 Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
9910 More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
9911 TODO: how do we prevent errors in the filesystem from compromising the machine
9912 type: string
9913 image:
9914 description: |-
9915 image is the rados image name.
9916 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
9917 type: string
9918 keyring:
9919 description: |-
9920 keyring is the path to key ring for RBDUser.
9921 Default is /etc/ceph/keyring.
9922 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
9923 type: string
9924 monitors:
9925 description: |-
9926 monitors is a collection of Ceph monitors.
9927 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
9928 items:
9929 type: string
9930 type: array
9931 x-kubernetes-list-type: atomic
9932 pool:
9933 description: |-
9934 pool is the rados pool name.
9935 Default is rbd.
9936 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
9937 type: string
9938 readOnly:
9939 description: |-
9940 readOnly here will force the ReadOnly setting in VolumeMounts.
9941 Defaults to false.
9942 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
9943 type: boolean
9944 secretRef:
9945 description: |-
9946 secretRef is name of the authentication secret for RBDUser. If provided
9947 overrides keyring.
9948 Default is nil.
9949 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
9950 properties:
9951 name:
9952 default: ""
9953 description: |-
9954 Name of the referent.
9955 This field is effectively required, but due to backwards compatibility is
9956 allowed to be empty. Instances of this type with an empty value here are
9957 almost certainly wrong.
9958 TODO: Add other useful fields. apiVersion, kind, uid?
9959 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
9960 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
9961 type: string
9962 type: object
9963 x-kubernetes-map-type: atomic
9964 user:
9965 description: |-
9966 user is the rados user name.
9967 Default is admin.
9968 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
9969 type: string
9970 required:
9971 - image
9972 - monitors
9973 type: object
9974 scaleIO:
9975 description: scaleIO represents a ScaleIO
9976 persistent volume attached and mounted on
9977 Kubernetes nodes.
9978 properties:
9979 fsType:
9980 description: |-
9981 fsType is the filesystem type to mount.
9982 Must be a filesystem type supported by the host operating system.
9983 Ex. "ext4", "xfs", "ntfs".
9984 Default is "xfs".
9985 type: string
9986 gateway:
9987 description: gateway is the host address
9988 of the ScaleIO API Gateway.
9989 type: string
9990 protectionDomain:
9991 description: protectionDomain is the name
9992 of the ScaleIO Protection Domain for
9993 the configured storage.
9994 type: string
9995 readOnly:
9996 description: |-
9997 readOnly Defaults to false (read/write). ReadOnly here will force
9998 the ReadOnly setting in VolumeMounts.
9999 type: boolean
10000 secretRef:
10001 description: |-
10002 secretRef references to the secret for ScaleIO user and other
10003 sensitive information. If this is not provided, Login operation will fail.
10004 properties:
10005 name:
10006 default: ""
10007 description: |-
10008 Name of the referent.
10009 This field is effectively required, but due to backwards compatibility is
10010 allowed to be empty. Instances of this type with an empty value here are
10011 almost certainly wrong.
10012 TODO: Add other useful fields. apiVersion, kind, uid?
10013 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
10014 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
10015 type: string
10016 type: object
10017 x-kubernetes-map-type: atomic
10018 sslEnabled:
10019 description: sslEnabled Flag enable/disable
10020 SSL communication with Gateway, default
10021 false
10022 type: boolean
10023 storageMode:
10024 description: |-
10025 storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
10026 Default is ThinProvisioned.
10027 type: string
10028 storagePool:
10029 description: storagePool is the ScaleIO
10030 Storage Pool associated with the protection
10031 domain.
10032 type: string
10033 system:
10034 description: system is the name of the
10035 storage system as configured in ScaleIO.
10036 type: string
10037 volumeName:
10038 description: |-
10039 volumeName is the name of a volume already created in the ScaleIO system
10040 that is associated with this volume source.
10041 type: string
10042 required:
10043 - gateway
10044 - secretRef
10045 - system
10046 type: object
10047 secret:
10048 description: |-
10049 secret represents a secret that should populate this volume.
10050 More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
10051 properties:
10052 defaultMode:
10053 description: |-
10054 defaultMode is Optional: mode bits used to set permissions on created files by default.
10055 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
10056 YAML accepts both octal and decimal values, JSON requires decimal values
10057 for mode bits. Defaults to 0644.
10058 Directories within the path are not affected by this setting.
10059 This might be in conflict with other options that affect the file
10060 mode, like fsGroup, and the result can be other mode bits set.
10061 format: int32
10062 type: integer
10063 items:
10064 description: |-
10065 items If unspecified, each key-value pair in the Data field of the referenced
10066 Secret will be projected into the volume as a file whose name is the
10067 key and content is the value. If specified, the listed keys will be
10068 projected into the specified paths, and unlisted keys will not be
10069 present. If a key is specified which is not present in the Secret,
10070 the volume setup will error unless it is marked optional. Paths must be
10071 relative and may not contain the '..' path or start with '..'.
10072 items:
10073 description: Maps a string key to a
10074 path within a volume.
10075 properties:
10076 key:
10077 description: key is the key to project.
10078 type: string
10079 mode:
10080 description: |-
10081 mode is Optional: mode bits used to set permissions on this file.
10082 Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
10083 YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
10084 If not specified, the volume defaultMode will be used.
10085 This might be in conflict with other options that affect the file
10086 mode, like fsGroup, and the result can be other mode bits set.
10087 format: int32
10088 type: integer
10089 path:
10090 description: |-
10091 path is the relative path of the file to map the key to.
10092 May not be an absolute path.
10093 May not contain the path element '..'.
10094 May not start with the string '..'.
10095 type: string
10096 required:
10097 - key
10098 - path
10099 type: object
10100 type: array
10101 x-kubernetes-list-type: atomic
10102 optional:
10103 description: optional field specify whether
10104 the Secret or its keys must be defined
10105 type: boolean
10106 secretName:
10107 description: |-
10108 secretName is the name of the secret in the pod's namespace to use.
10109 More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
10110 type: string
10111 type: object
10112 storageos:
10113 description: storageOS represents a StorageOS
10114 volume attached and mounted on Kubernetes
10115 nodes.
10116 properties:
10117 fsType:
10118 description: |-
10119 fsType is the filesystem type to mount.
10120 Must be a filesystem type supported by the host operating system.
10121 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
10122 type: string
10123 readOnly:
10124 description: |-
10125 readOnly defaults to false (read/write). ReadOnly here will force
10126 the ReadOnly setting in VolumeMounts.
10127 type: boolean
10128 secretRef:
10129 description: |-
10130 secretRef specifies the secret to use for obtaining the StorageOS API
10131 credentials. If not specified, default values will be attempted.
10132 properties:
10133 name:
10134 default: ""
10135 description: |-
10136 Name of the referent.
10137 This field is effectively required, but due to backwards compatibility is
10138 allowed to be empty. Instances of this type with an empty value here are
10139 almost certainly wrong.
10140 TODO: Add other useful fields. apiVersion, kind, uid?
10141 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
10142 TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
10143 type: string
10144 type: object
10145 x-kubernetes-map-type: atomic
10146 volumeName:
10147 description: |-
10148 volumeName is the human-readable name of the StorageOS volume. Volume
10149 names are only unique within a namespace.
10150 type: string
10151 volumeNamespace:
10152 description: |-
10153 volumeNamespace specifies the scope of the volume within StorageOS. If no
10154 namespace is specified then the Pod's namespace will be used. This allows the
10155 Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
10156 Set VolumeName to any name to override the default behaviour.
10157 Set to "default" if you are not using namespaces within StorageOS.
10158 Namespaces that do not pre-exist within StorageOS will be created.
10159 type: string
10160 type: object
10161 vsphereVolume:
10162 description: vsphereVolume represents a vSphere
10163 volume attached and mounted on kubelets
10164 host machine
10165 properties:
10166 fsType:
10167 description: |-
10168 fsType is filesystem type to mount.
10169 Must be a filesystem type supported by the host operating system.
10170 Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
10171 type: string
10172 storagePolicyID:
10173 description: storagePolicyID is the storage
10174 Policy Based Management (SPBM) profile
10175 ID associated with the StoragePolicyName.
10176 type: string
10177 storagePolicyName:
10178 description: storagePolicyName is the
10179 storage Policy Based Management (SPBM)
10180 profile name.
10181 type: string
10182 volumePath:
10183 description: volumePath is the path that
10184 identifies vSphere volume vmdk
10185 type: string
10186 required:
10187 - volumePath
10188 type: object
10189 required:
10190 - name
10191 type: object
10192 type: array
10193 x-kubernetes-list-map-keys:
10194 - name
10195 x-kubernetes-list-type: map
10196 required:
10197 - containers
10198 type: object
10199 type: object
10200 updateStrategy:
10201 description: |-
10202 updateStrategy indicates the StatefulSetUpdateStrategy that will be
10203 employed to update Pods in the StatefulSet when a revision is made to
10204 Template.
10205 properties:
10206 rollingUpdate:
10207 description: RollingUpdate is used to communicate parameters
10208 when Type is RollingUpdateStatefulSetStrategyType.
10209 properties:
10210 maxUnavailable:
10211 anyOf:
10212 - type: integer
10213 - type: string
10214 description: |-
10215 The maximum number of pods that can be unavailable during the update.
10216 Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
10217 Absolute number is calculated from percentage by rounding up. This can not be 0.
10218 Defaults to 1. This field is alpha-level and is only honored by servers that enable the
10219 MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to
10220 Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it
10221 will be counted towards MaxUnavailable.
10222 x-kubernetes-int-or-string: true
10223 partition:
10224 description: |-
10225 Partition indicates the ordinal at which the StatefulSet should be partitioned
10226 for updates. During a rolling update, all pods from ordinal Replicas-1 to
10227 Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched.
10228 This is helpful in being able to do a canary based deployment. The default value is 0.
10229 format: int32
10230 type: integer
10231 type: object
10232 type:
10233 description: |-
10234 Type indicates the type of the StatefulSetUpdateStrategy.
10235 Default is RollingUpdate.
10236 type: string
10237 type: object
10238 volumeClaimTemplates:
10239 description: |-
10240 volumeClaimTemplates is a list of claims that pods are allowed to reference.
10241 The StatefulSet controller is responsible for mapping network identities to
10242 claims in a way that maintains the identity of a pod. Every claim in
10243 this list must have at least one matching (by name) volumeMount in one
10244 container in the template. A claim in this list takes precedence over
10245 any volumes in the template, with the same name.
10246 TODO: Define the behavior if a claim already exists with the same name.
10247 items:
10248 description: PersistentVolumeClaim is a user's request
10249 for and claim to a persistent volume
10250 properties:
10251 apiVersion:
10252 description: |-
10253 APIVersion defines the versioned schema of this representation of an object.
10254 Servers should convert recognized schemas to the latest internal value, and
10255 may reject unrecognized values.
10256 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
10257 type: string
10258 kind:
10259 description: |-
10260 Kind is a string value representing the REST resource this object represents.
10261 Servers may infer this from the endpoint the client submits requests to.
10262 Cannot be updated.
10263 In CamelCase.
10264 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
10265 type: string
10266 metadata:
10267 description: |-
10268 Standard object's metadata.
10269 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
10270 properties:
10271 annotations:
10272 additionalProperties:
10273 type: string
10274 type: object
10275 finalizers:
10276 items:
10277 type: string
10278 type: array
10279 labels:
10280 additionalProperties:
10281 type: string
10282 type: object
10283 name:
10284 type: string
10285 namespace:
10286 type: string
10287 type: object
10288 spec:
10289 description: |-
10290 spec defines the desired characteristics of a volume requested by a pod author.
10291 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
10292 properties:
10293 accessModes:
10294 description: |-
10295 accessModes contains the desired access modes the volume should have.
10296 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
10297 items:
10298 type: string
10299 type: array
10300 x-kubernetes-list-type: atomic
10301 dataSource:
10302 description: |-
10303 dataSource field can be used to specify either:
10304 * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
10305 * An existing PVC (PersistentVolumeClaim)
10306 If the provisioner or an external controller can support the specified data source,
10307 it will create a new volume based on the contents of the specified data source.
10308 When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
10309 and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
10310 If the namespace is specified, then dataSourceRef will not be copied to dataSource.
10311 properties:
10312 apiGroup:
10313 description: |-
10314 APIGroup is the group for the resource being referenced.
10315 If APIGroup is not specified, the specified Kind must be in the core API group.
10316 For any other third-party types, APIGroup is required.
10317 type: string
10318 kind:
10319 description: Kind is the type of resource
10320 being referenced
10321 type: string
10322 name:
10323 description: Name is the name of resource
10324 being referenced
10325 type: string
10326 required:
10327 - kind
10328 - name
10329 type: object
10330 x-kubernetes-map-type: atomic
10331 dataSourceRef:
10332 description: |-
10333 dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
10334 volume is desired. This may be any object from a non-empty API group (non
10335 core object) or a PersistentVolumeClaim object.
10336 When this field is specified, volume binding will only succeed if the type of
10337 the specified object matches some installed volume populator or dynamic
10338 provisioner.
10339 This field will replace the functionality of the dataSource field and as such
10340 if both fields are non-empty, they must have the same value. For backwards
10341 compatibility, when namespace isn't specified in dataSourceRef,
10342 both fields (dataSource and dataSourceRef) will be set to the same
10343 value automatically if one of them is empty and the other is non-empty.
10344 When namespace is specified in dataSourceRef,
10345 dataSource isn't set to the same value and must be empty.
10346 There are three important differences between dataSource and dataSourceRef:
10347 * While dataSource only allows two specific types of objects, dataSourceRef
10348 allows any non-core object, as well as PersistentVolumeClaim objects.
10349 * While dataSource ignores disallowed values (dropping them), dataSourceRef
10350 preserves all values, and generates an error if a disallowed value is
10351 specified.
10352 * While dataSource only allows local objects, dataSourceRef allows objects
10353 in any namespaces.
10354 (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
10355 (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
10356 properties:
10357 apiGroup:
10358 description: |-
10359 APIGroup is the group for the resource being referenced.
10360 If APIGroup is not specified, the specified Kind must be in the core API group.
10361 For any other third-party types, APIGroup is required.
10362 type: string
10363 kind:
10364 description: Kind is the type of resource
10365 being referenced
10366 type: string
10367 name:
10368 description: Name is the name of resource
10369 being referenced
10370 type: string
10371 namespace:
10372 description: |-
10373 Namespace is the namespace of resource being referenced
10374 Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
10375 (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
10376 type: string
10377 required:
10378 - kind
10379 - name
10380 type: object
10381 resources:
10382 description: |-
10383 resources represents the minimum resources the volume should have.
10384 If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
10385 that are lower than previous value but must still be higher than capacity recorded in the
10386 status field of the claim.
10387 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
10388 properties:
10389 limits:
10390 additionalProperties:
10391 anyOf:
10392 - type: integer
10393 - type: string
10394 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
10395 x-kubernetes-int-or-string: true
10396 description: |-
10397 Limits describes the maximum amount of compute resources allowed.
10398 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
10399 type: object
10400 requests:
10401 additionalProperties:
10402 anyOf:
10403 - type: integer
10404 - type: string
10405 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
10406 x-kubernetes-int-or-string: true
10407 description: |-
10408 Requests describes the minimum amount of compute resources required.
10409 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
10410 otherwise to an implementation-defined value. Requests cannot exceed Limits.
10411 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
10412 type: object
10413 type: object
10414 selector:
10415 description: selector is a label query over volumes
10416 to consider for binding.
10417 properties:
10418 matchExpressions:
10419 description: matchExpressions is a list of
10420 label selector requirements. The requirements
10421 are ANDed.
10422 items:
10423 description: |-
10424 A label selector requirement is a selector that contains values, a key, and an operator that
10425 relates the key and values.
10426 properties:
10427 key:
10428 description: key is the label key that
10429 the selector applies to.
10430 type: string
10431 operator:
10432 description: |-
10433 operator represents a key's relationship to a set of values.
10434 Valid operators are In, NotIn, Exists and DoesNotExist.
10435 type: string
10436 values:
10437 description: |-
10438 values is an array of string values. If the operator is In or NotIn,
10439 the values array must be non-empty. If the operator is Exists or DoesNotExist,
10440 the values array must be empty. This array is replaced during a strategic
10441 merge patch.
10442 items:
10443 type: string
10444 type: array
10445 x-kubernetes-list-type: atomic
10446 required:
10447 - key
10448 - operator
10449 type: object
10450 type: array
10451 x-kubernetes-list-type: atomic
10452 matchLabels:
10453 additionalProperties:
10454 type: string
10455 description: |-
10456 matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
10457 map is equivalent to an element of matchExpressions, whose key field is "key", the
10458 operator is "In", and the values array contains only "value". The requirements are ANDed.
10459 type: object
10460 type: object
10461 x-kubernetes-map-type: atomic
10462 storageClassName:
10463 description: |-
10464 storageClassName is the name of the StorageClass required by the claim.
10465 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
10466 type: string
10467 volumeAttributesClassName:
10468 description: |-
10469 volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
10470 If specified, the CSI driver will create or update the volume with the attributes defined
10471 in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
10472 it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
10473 will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
10474 If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
10475 will be set by the persistentvolume controller if it exists.
10476 If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
10477 set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
10478 exists.
10479 More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
10480 (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
10481 type: string
10482 volumeMode:
10483 description: |-
10484 volumeMode defines what type of volume is required by the claim.
10485 Value of Filesystem is implied when not included in claim spec.
10486 type: string
10487 volumeName:
10488 description: volumeName is the binding reference
10489 to the PersistentVolume backing this claim.
10490 type: string
10491 type: object
10492 status:
10493 description: |-
10494 status represents the current information/status of a persistent volume claim.
10495 Read-only.
10496 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
10497 properties:
10498 accessModes:
10499 description: |-
10500 accessModes contains the actual access modes the volume backing the PVC has.
10501 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
10502 items:
10503 type: string
10504 type: array
10505 x-kubernetes-list-type: atomic
10506 allocatedResourceStatuses:
10507 additionalProperties:
10508 description: |-
10509 When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource
10510 that it does not recognizes, then it should ignore that update and let other controllers
10511 handle it.
10512 type: string
10513 description: "allocatedResourceStatuses stores
10514 status of resource being resized for the given
10515 PVC.\nKey names follow standard Kubernetes label
10516 syntax. Valid values are either:\n\t* Un-prefixed
10517 keys:\n\t\t- storage - the capacity of the volume.\n\t*
10518 Custom resources must use implementation-defined
10519 prefixed names such as \"example.com/my-custom-resource\"\nApart
10520 from above values - keys that are unprefixed
10521 or have kubernetes.io prefix are considered\nreserved
10522 and hence may not be used.\n\n\nClaimResourceStatus
10523 can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState
10524 set when resize controller starts resizing the
10525 volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState
10526 set when resize has failed in resize controller
10527 with a terminal error.\n\t- NodeResizePending:\n\t\tState
10528 set when resize controller has finished resizing
10529 the volume but further resizing of\n\t\tvolume
10530 is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState
10531 set when kubelet starts resizing the volume.\n\t-
10532 NodeResizeFailed:\n\t\tState set when resizing
10533 has failed in kubelet with a terminal error.
10534 Transient errors don't set\n\t\tNodeResizeFailed.\nFor
10535 example: if expanding a PVC for more capacity
10536 - this field can be one of the following states:\n\t-
10537 pvc.status.allocatedResourceStatus['storage']
10538 = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage']
10539 = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage']
10540 = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage']
10541 = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage']
10542 = \"NodeResizeFailed\"\nWhen this field is not
10543 set, it means that no resize operation is in
10544 progress for the given PVC.\n\n\nA controller
10545 that receives PVC update with previously unknown
10546 resourceName or ClaimResourceStatus\nshould
10547 ignore the update for the purpose it was designed.
10548 For example - a controller that\nonly is responsible
10549 for resizing capacity of the volume, should
10550 ignore PVC updates that change other valid\nresources
10551 associated with PVC.\n\n\nThis is an alpha field
10552 and requires enabling RecoverVolumeExpansionFailure
10553 feature."
10554 type: object
10555 x-kubernetes-map-type: granular
10556 allocatedResources:
10557 additionalProperties:
10558 anyOf:
10559 - type: integer
10560 - type: string
10561 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
10562 x-kubernetes-int-or-string: true
10563 description: "allocatedResources tracks the resources
10564 allocated to a PVC including its capacity.\nKey
10565 names follow standard Kubernetes label syntax.
10566 Valid values are either:\n\t* Un-prefixed keys:\n\t\t-
10567 storage - the capacity of the volume.\n\t* Custom
10568 resources must use implementation-defined prefixed
10569 names such as \"example.com/my-custom-resource\"\nApart
10570 from above values - keys that are unprefixed
10571 or have kubernetes.io prefix are considered\nreserved
10572 and hence may not be used.\n\n\nCapacity reported
10573 here may be larger than the actual capacity
10574 when a volume expansion operation\nis requested.\nFor
10575 storage quota, the larger value from allocatedResources
10576 and PVC.spec.resources is used.\nIf allocatedResources
10577 is not set, PVC.spec.resources alone is used
10578 for quota calculation.\nIf a volume expansion
10579 capacity request is lowered, allocatedResources
10580 is only\nlowered if there are no expansion operations
10581 in progress and if the actual volume capacity\nis
10582 equal or lower than the requested capacity.\n\n\nA
10583 controller that receives PVC update with previously
10584 unknown resourceName\nshould ignore the update
10585 for the purpose it was designed. For example
10586 - a controller that\nonly is responsible for
10587 resizing capacity of the volume, should ignore
10588 PVC updates that change other valid\nresources
10589 associated with PVC.\n\n\nThis is an alpha field
10590 and requires enabling RecoverVolumeExpansionFailure
10591 feature."
10592 type: object
10593 capacity:
10594 additionalProperties:
10595 anyOf:
10596 - type: integer
10597 - type: string
10598 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
10599 x-kubernetes-int-or-string: true
10600 description: capacity represents the actual resources
10601 of the underlying volume.
10602 type: object
10603 conditions:
10604 description: |-
10605 conditions is the current Condition of persistent volume claim. If underlying persistent volume is being
10606 resized then the Condition will be set to 'Resizing'.
10607 items:
10608 description: PersistentVolumeClaimCondition
10609 contains details about state of pvc
10610 properties:
10611 lastProbeTime:
10612 description: lastProbeTime is the time we
10613 probed the condition.
10614 format: date-time
10615 type: string
10616 lastTransitionTime:
10617 description: lastTransitionTime is the time
10618 the condition transitioned from one status
10619 to another.
10620 format: date-time
10621 type: string
10622 message:
10623 description: message is the human-readable
10624 message indicating details about last
10625 transition.
10626 type: string
10627 reason:
10628 description: |-
10629 reason is a unique, this should be a short, machine understandable string that gives the reason
10630 for condition's last transition. If it reports "Resizing" that means the underlying
10631 persistent volume is being resized.
10632 type: string
10633 status:
10634 type: string
10635 type:
10636 description: PersistentVolumeClaimConditionType
10637 is a valid value of PersistentVolumeClaimCondition.Type
10638 type: string
10639 required:
10640 - status
10641 - type
10642 type: object
10643 type: array
10644 x-kubernetes-list-map-keys:
10645 - type
10646 x-kubernetes-list-type: map
10647 currentVolumeAttributesClassName:
10648 description: |-
10649 currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.
10650 When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim
10651 This is an alpha field and requires enabling VolumeAttributesClass feature.
10652 type: string
10653 modifyVolumeStatus:
10654 description: |-
10655 ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.
10656 When this is unset, there is no ModifyVolume operation being attempted.
10657 This is an alpha field and requires enabling VolumeAttributesClass feature.
10658 properties:
10659 status:
10660 description: "status is the status of the
10661 ControllerModifyVolume operation. It can
10662 be in any of following states:\n - Pending\n
10663 \ Pending indicates that the PersistentVolumeClaim
10664 cannot be modified due to unmet requirements,
10665 such as\n the specified VolumeAttributesClass
10666 not existing.\n - InProgress\n InProgress
10667 indicates that the volume is being modified.\n
10668 - Infeasible\n Infeasible indicates that
10669 the request has been rejected as invalid
10670 by the CSI driver. To\n\t resolve the error,
10671 a valid VolumeAttributesClass needs to be
10672 specified.\nNote: New statuses can be added
10673 in the future. Consumers should check for
10674 unknown statuses and fail appropriately."
10675 type: string
10676 targetVolumeAttributesClassName:
10677 description: targetVolumeAttributesClassName
10678 is the name of the VolumeAttributesClass
10679 the PVC currently being reconciled
10680 type: string
10681 required:
10682 - status
10683 type: object
10684 phase:
10685 description: phase represents the current phase
10686 of PersistentVolumeClaim.
10687 type: string
10688 type: object
10689 type: object
10690 type: array
10691 x-kubernetes-list-type: atomic
10692 required:
10693 - selector
10694 - serviceName
10695 - template
10696 type: object
10697 status:
10698 description: |-
10699 Status is the current status of Pods in this StatefulSet. This data
10700 may be out of date by some window of time.
10701 properties:
10702 availableReplicas:
10703 description: Total number of available pods (ready for at
10704 least minReadySeconds) targeted by this statefulset.
10705 format: int32
10706 type: integer
10707 collisionCount:
10708 description: |-
10709 collisionCount is the count of hash collisions for the StatefulSet. The StatefulSet controller
10710 uses this field as a collision avoidance mechanism when it needs to create the name for the
10711 newest ControllerRevision.
10712 format: int32
10713 type: integer
10714 conditions:
10715 description: Represents the latest available observations
10716 of a statefulset's current state.
10717 items:
10718 description: StatefulSetCondition describes the state
10719 of a statefulset at a certain point.
10720 properties:
10721 lastTransitionTime:
10722 description: Last time the condition transitioned
10723 from one status to another.
10724 format: date-time
10725 type: string
10726 message:
10727 description: A human readable message indicating details
10728 about the transition.
10729 type: string
10730 reason:
10731 description: The reason for the condition's last transition.
10732 type: string
10733 status:
10734 description: Status of the condition, one of True,
10735 False, Unknown.
10736 type: string
10737 type:
10738 description: Type of statefulset condition.
10739 type: string
10740 required:
10741 - status
10742 - type
10743 type: object
10744 type: array
10745 x-kubernetes-list-map-keys:
10746 - type
10747 x-kubernetes-list-type: map
10748 currentReplicas:
10749 description: |-
10750 currentReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version
10751 indicated by currentRevision.
10752 format: int32
10753 type: integer
10754 currentRevision:
10755 description: |-
10756 currentRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the
10757 sequence [0,currentReplicas).
10758 type: string
10759 observedGeneration:
10760 description: |-
10761 observedGeneration is the most recent generation observed for this StatefulSet. It corresponds to the
10762 StatefulSet's generation, which is updated on mutation by the API Server.
10763 format: int64
10764 type: integer
10765 readyReplicas:
10766 description: readyReplicas is the number of pods created
10767 for this StatefulSet with a Ready Condition.
10768 format: int32
10769 type: integer
10770 replicas:
10771 description: replicas is the number of Pods created by the
10772 StatefulSet controller.
10773 format: int32
10774 type: integer
10775 updateRevision:
10776 description: |-
10777 updateRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence
10778 [replicas-updatedReplicas,replicas)
10779 type: string
10780 updatedReplicas:
10781 description: |-
10782 updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version
10783 indicated by updateRevision.
10784 format: int32
10785 type: integer
10786 required:
10787 - replicas
10788 type: object
10789 type: object
10790 type: array
10791 users:
10792 items:
10793 properties:
10794 apiVersion:
10795 description: |-
10796 APIVersion defines the versioned schema of this representation of an object.
10797 Servers should convert recognized schemas to the latest internal value, and
10798 may reject unrecognized values.
10799 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
10800 type: string
10801 kind:
10802 description: |-
10803 Kind is a string value representing the REST resource this object represents.
10804 Servers may infer this from the endpoint the client submits requests to.
10805 Cannot be updated.
10806 In CamelCase.
10807 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
10808 type: string
10809 metadata:
10810 properties:
10811 annotations:
10812 additionalProperties:
10813 type: string
10814 type: object
10815 finalizers:
10816 items:
10817 type: string
10818 type: array
10819 labels:
10820 additionalProperties:
10821 type: string
10822 type: object
10823 name:
10824 type: string
10825 namespace:
10826 type: string
10827 type: object
10828 spec:
10829 description: https://docs.couchdb.org/en/3.2.0/intro/security.html?highlight=user#users-documents
10830 properties:
10831 interval:
10832 description: |-
10833 Interval is how often the object will be reconciled, in order to prevent
10834 drift.
10835 type: string
10836 provider:
10837 description: Provider information about the data provider
10838 properties:
10839 name:
10840 type: string
10841 required:
10842 - name
10843 type: object
10844 retryInterval:
10845 description: |-
10846 RetryInterval is how often to retry previously failed reconciliations. Defaults
10847 to Interval if not provided.
10848 type: string
10849 serverRef:
10850 properties:
10851 name:
10852 type: string
10853 namespace:
10854 type: string
10855 required:
10856 - name
10857 - namespace
10858 type: object
10859 type:
10860 type: string
10861 user:
10862 properties:
10863 name:
10864 type: string
10865 roles:
10866 items:
10867 type: string
10868 type: array
10869 secretRef:
10870 description: |-
10871 SecretReference represents a Secret Reference. It has enough information to retrieve secret
10872 in any namespace
10873 properties:
10874 name:
10875 description: name is unique within a namespace to
10876 reference a secret resource.
10877 type: string
10878 namespace:
10879 description: namespace defines the space within
10880 which the secret name must be unique.
10881 type: string
10882 type: object
10883 x-kubernetes-map-type: atomic
10884 type: object
10885 required:
10886 - serverRef
10887 type: object
10888 status:
10889 default:
10890 observedGeneration: -1
10891 properties:
10892 conditions:
10893 items:
10894 description: "Condition contains details for one aspect
10895 of the current state of this API Resource.\n---\nThis
10896 struct is intended for direct use as an array at the
10897 field path .status.conditions. For example,\n\n\n\ttype
10898 FooStatus struct{\n\t // Represents the observations
10899 of a foo's current state.\n\t // Known .status.conditions.type
10900 are: \"Available\", \"Progressing\", and \"Degraded\"\n\t
10901 \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t
10902 \ // +listType=map\n\t // +listMapKey=type\n\t
10903 \ Conditions []metav1.Condition `json:\"conditions,omitempty\"
10904 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
10905 \ // other fields\n\t}"
10906 properties:
10907 lastTransitionTime:
10908 description: |-
10909 lastTransitionTime is the last time the condition transitioned from one status to another.
10910 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
10911 format: date-time
10912 type: string
10913 message:
10914 description: |-
10915 message is a human readable message indicating details about the transition.
10916 This may be an empty string.
10917 maxLength: 32768
10918 type: string
10919 observedGeneration:
10920 description: |-
10921 observedGeneration represents the .metadata.generation that the condition was set based upon.
10922 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
10923 with respect to the current state of the instance.
10924 format: int64
10925 minimum: 0
10926 type: integer
10927 reason:
10928 description: |-
10929 reason contains a programmatic identifier indicating the reason for the condition's last transition.
10930 Producers of specific condition types may define expected values and meanings for this field,
10931 and whether the values are considered a guaranteed API.
10932 The value should be a CamelCase string.
10933 This field may not be empty.
10934 maxLength: 1024
10935 minLength: 1
10936 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
10937 type: string
10938 status:
10939 description: status of the condition, one of True,
10940 False, Unknown.
10941 enum:
10942 - "True"
10943 - "False"
10944 - Unknown
10945 type: string
10946 type:
10947 description: |-
10948 type of condition in CamelCase or in foo.example.com/CamelCase.
10949 ---
10950 Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
10951 useful (see .node.status.conditions), the ability to deconflict is important.
10952 The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
10953 maxLength: 316
10954 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
10955 type: string
10956 required:
10957 - lastTransitionTime
10958 - message
10959 - reason
10960 - status
10961 - type
10962 type: object
10963 type: array
10964 inventory:
10965 description: |-
10966 ResourceInventory contains a list of Kubernetes resource object references
10967 that have been applied.
10968 properties:
10969 entries:
10970 description: Entries of Kubernetes resource object references.
10971 items:
10972 description: ResourceRef contains the information
10973 necessary to locate a resource within a cluster.
10974 properties:
10975 id:
10976 description: |-
10977 ID is the string representation of the Kubernetes resource object's metadata,
10978 in the format '<namespace>_<name>_<group>_<kind>'.
10979 type: string
10980 v:
10981 description: Version is the API version of the
10982 Kubernetes resource object's kind.
10983 type: string
10984 required:
10985 - id
10986 - v
10987 type: object
10988 type: array
10989 type: object
10990 observedGeneration:
10991 format: int64
10992 type: integer
10993 type: object
10994 type: object
10995 type: array
10996 type: object
10997 status:
10998 default:
10999 observedGeneration: -1
11000 properties:
11001 conditions:
11002 items:
11003 description: "Condition contains details for one aspect of the current
11004 state of this API Resource.\n---\nThis struct is intended for
11005 direct use as an array at the field path .status.conditions. For
11006 example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
11007 observations of a foo's current state.\n\t // Known .status.conditions.type
11008 are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
11009 +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
11010 \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
11011 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
11012 \ // other fields\n\t}"
11013 properties:
11014 lastTransitionTime:
11015 description: |-
11016 lastTransitionTime is the last time the condition transitioned from one status to another.
11017 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
11018 format: date-time
11019 type: string
11020 message:
11021 description: |-
11022 message is a human readable message indicating details about the transition.
11023 This may be an empty string.
11024 maxLength: 32768
11025 type: string
11026 observedGeneration:
11027 description: |-
11028 observedGeneration represents the .metadata.generation that the condition was set based upon.
11029 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
11030 with respect to the current state of the instance.
11031 format: int64
11032 minimum: 0
11033 type: integer
11034 reason:
11035 description: |-
11036 reason contains a programmatic identifier indicating the reason for the condition's last transition.
11037 Producers of specific condition types may define expected values and meanings for this field,
11038 and whether the values are considered a guaranteed API.
11039 The value should be a CamelCase string.
11040 This field may not be empty.
11041 maxLength: 1024
11042 minLength: 1
11043 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
11044 type: string
11045 status:
11046 description: status of the condition, one of True, False, Unknown.
11047 enum:
11048 - "True"
11049 - "False"
11050 - Unknown
11051 type: string
11052 type:
11053 description: |-
11054 type of condition in CamelCase or in foo.example.com/CamelCase.
11055 ---
11056 Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
11057 useful (see .node.status.conditions), the ability to deconflict is important.
11058 The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
11059 maxLength: 316
11060 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
11061 type: string
11062 required:
11063 - lastTransitionTime
11064 - message
11065 - reason
11066 - status
11067 - type
11068 type: object
11069 type: array
11070 inventory:
11071 description: |-
11072 ResourceInventory contains a list of Kubernetes resource object references
11073 that have been applied.
11074 properties:
11075 entries:
11076 description: Entries of Kubernetes resource object references.
11077 items:
11078 description: ResourceRef contains the information necessary
11079 to locate a resource within a cluster.
11080 properties:
11081 id:
11082 description: |-
11083 ID is the string representation of the Kubernetes resource object's metadata,
11084 in the format '<namespace>_<name>_<group>_<kind>'.
11085 type: string
11086 v:
11087 description: Version is the API version of the Kubernetes
11088 resource object's kind.
11089 type: string
11090 required:
11091 - id
11092 - v
11093 type: object
11094 type: array
11095 type: object
11096 observedGeneration:
11097 format: int64
11098 type: integer
11099 type: object
11100 type: object
11101 served: true
11102 storage: true
11103 subresources:
11104 status: {}
View as plain text