apiVersion: v1 kind: Namespace metadata: name: fluent-operator annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: fluent-operator pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-logging' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: clusterfilters.fluentbit.fluent.io annotations: controller-gen.kubebuilder.io/version: v0.11.3 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: fluent-operator pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-logging' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: group: fluentbit.fluent.io names: kind: ClusterFilter listKind: ClusterFilterList plural: clusterfilters shortNames: - cfbf singular: clusterfilter scope: Cluster versions: - name: v1alpha2 schema: openAPIV3Schema: type: object description: ClusterFilter defines a cluster-level Filter configuration. properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object description: Specification of desired Filter configuration. properties: filters: type: array description: A set of filter plugins in order. items: type: object properties: aws: type: object description: Aws defines a Aws configuration. properties: accountID: type: boolean description: The account ID for current EC2 instance.Default is false. alias: type: string description: Alias for the plugin amiID: type: boolean description: The EC2 instance image id.Default is false. az: type: boolean description: The availability zone; for example, "us-east-1a". Default is true. ec2InstanceID: type: boolean description: The EC2 instance ID.Default is true. ec2InstanceType: type: boolean description: The EC2 instance type.Default is false. hostName: type: boolean description: The hostname for current EC2 instance.Default is false. imdsVersion: type: string description: Specify which version of the instance metadata service to use. Valid values are 'v1' or 'v2'. enum: - v1 - v2 privateIP: type: boolean description: The EC2 instance private ip.Default is false. retryLimit: type: string description: 'RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1.' pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ vpcID: type: boolean description: The VPC ID for current EC2 instance.Default is false. customPlugin: type: object description: CustomPlugin defines a Custom plugin configuration. properties: config: type: string grep: type: object description: Grep defines Grep Filter configuration. properties: alias: type: string description: Alias for the plugin exclude: type: string description: 'Exclude records which field matches the regular expression. Value Format: FIELD REGEX' regex: type: string description: 'Keep records which field matches the regular expression. Value Format: FIELD REGEX' retryLimit: type: string description: 'RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1.' pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ kubernetes: type: object description: Kubernetes defines Kubernetes Filter configuration. properties: labels: type: boolean description: Include Kubernetes resource labels in the extra metadata. annotations: type: boolean description: Include Kubernetes resource annotations in the extra metadata. alias: type: string description: Alias for the plugin bufferSize: type: string description: Set the buffer size for HTTP client when reading responses from Kubernetes API server. pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ cacheUseDockerId: type: boolean description: When enabled, metadata will be fetched from K8s when docker_id is changed. dnsRetries: type: integer description: DNS lookup retries N times until the network start working format: int32 dnsWaitTime: type: integer description: DNS lookup interval between network status checks format: int32 dummyMeta: type: boolean description: If set, use dummy-meta data (for test/dev purposes) k8sLoggingExclude: type: boolean description: Allow Kubernetes Pods to exclude their logs from the log processor (read more about it in Kubernetes Annotations section). k8sLoggingParser: type: boolean description: Allow Kubernetes Pods to suggest a pre-defined Parser (read more about it in Kubernetes Annotations section) keepLog: type: boolean description: When Keep_Log is disabled, the log field is removed from the incoming message once it has been successfully merged (Merge_Log must be enabled as well). kubeCAFile: type: string description: CA certificate file kubeCAPath: type: string description: Absolute path to scan for certificate files kubeMetaCacheTTL: type: string description: configurable TTL for K8s cached metadata. By default, it is set to 0 which means TTL for cache entries is disabled and cache entries are evicted at random when capacity is reached. In order to enable this option, you should set the number to a time interval. For example, set this value to 60 or 60s and cache entries which have been created more than 60s will be evicted. kubeMetaPreloadCacheDir: type: string description: If set, Kubernetes meta-data can be cached/pre-loaded from files in JSON format in this directory, named as namespace-pod.meta kubeTagPrefix: type: string description: When the source records comes from Tail input plugin, this option allows to specify what's the prefix used in Tail configuration. kubeTokenFile: type: string description: Token file kubeTokenTTL: type: string description: configurable 'time to live' for the K8s token. By default, it is set to 600 seconds. After this time, the token is reloaded from Kube_Token_File or the Kube_Token_Command. kubeURL: type: string description: API Server end-point kubeletHost: type: string description: kubelet host using for HTTP request, this only works when Use_Kubelet set to On. kubeletPort: type: integer description: kubelet port using for HTTP request, this only works when useKubelet is set to On. format: int32 mergeLog: type: boolean description: When enabled, it checks if the log field content is a JSON string map, if so, it append the map fields as part of the log structure. mergeLogKey: type: string description: When Merge_Log is enabled, the filter tries to assume the log field from the incoming message is a JSON string message and make a structured representation of it at the same level of the log field in the map. Now if Merge_Log_Key is set (a string name), all the new structured fields taken from the original log content are inserted under the new key. mergeLogTrim: type: boolean description: When Merge_Log is enabled, trim (remove possible \n or \r) field values. mergeParser: type: string description: Optional parser name to specify how to parse the data contained in the log key. Recommended use is for developers or testing only. regexParser: type: string description: Set an alternative Parser to process record Tag and extract pod_name, namespace_name, container_name and docker_id. The parser must be registered in a parsers file (refer to parser filter-kube-test as an example). retryLimit: type: string description: 'RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1.' pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ tlsDebug: type: integer description: Debug level between 0 (nothing) and 4 (every detail). format: int32 tlsVerify: type: boolean description: When enabled, turns on certificate validation when connecting to the Kubernetes API server. useJournal: type: boolean description: When enabled, the filter reads logs coming in Journald format. useKubelet: type: boolean description: This is an optional feature flag to get metadata information from kubelet instead of calling Kube Server API to enhance the log. This could mitigate the Kube API heavy traffic issue for large cluster. lua: type: object description: Lua defines Lua Filter configuration. properties: alias: type: string description: Alias for the plugin call: type: string description: Lua function name that will be triggered to do filtering. It's assumed that the function is declared inside the Script defined above. protectedMode: type: boolean description: If enabled, Lua script will be executed in protected mode. It prevents to crash when invalid Lua script is executed. Default is true. retryLimit: type: string description: 'RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1.' pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ script: type: object description: Path to the Lua script that will be used. properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key to select. optional: type: boolean description: Specify whether the ConfigMap or its key must be defined required: - key x-kubernetes-map-type: atomic timeAsTable: type: boolean description: By default when the Lua script is invoked, the record timestamp is passed as a Floating number which might lead to loss precision when the data is converted back. If you desire timestamp precision enabling this option will pass the timestamp as a Lua table with keys sec for seconds since epoch and nsec for nanoseconds. typeIntKey: type: array description: If these keys are matched, the fields are converted to integer. If more than one key, delimit by space. Note that starting from Fluent Bit v1.6 integer data types are preserved and not converted to double as in previous versions. items: type: string required: - call - script modify: type: object description: Modify defines Modify Filter configuration. properties: alias: type: string description: Alias for the plugin conditions: type: array description: All conditions have to be true for the rules to be applied. items: type: object description: The plugin supports the following conditions properties: aKeyMatches: type: string description: Is true if a key matches regex KEY keyDoesNotExist: type: object additionalProperties: type: string description: Is true if KEY does not exist keyExists: type: string description: Is true if KEY exists keyValueDoesNotEqual: type: object additionalProperties: type: string description: Is true if KEY exists and its value is not VALUE keyValueDoesNotMatch: type: object additionalProperties: type: string description: Is true if key KEY exists and its value does not match VALUE keyValueEquals: type: object additionalProperties: type: string description: Is true if KEY exists and its value is VALUE keyValueMatches: type: object additionalProperties: type: string description: Is true if key KEY exists and its value matches VALUE matchingKeysDoNotHaveMatchingValues: type: object additionalProperties: type: string description: Is true if all keys matching KEY have values that do not match VALUE matchingKeysHaveMatchingValues: type: object additionalProperties: type: string description: Is true if all keys matching KEY have values that match VALUE noKeyMatches: type: string description: Is true if no key matches regex KEY retryLimit: type: string description: 'RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1.' pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ rules: type: array description: Rules are applied in the order they appear, with each rule operating on the result of the previous rule. items: type: object description: The plugin supports the following rules properties: add: type: object additionalProperties: type: string description: Add a key/value pair with key KEY and value VALUE if KEY does not exist copy: type: object additionalProperties: type: string description: Copy a key/value pair with key KEY to COPIED_KEY if KEY exists AND COPIED_KEY does not exist hardCopy: type: object additionalProperties: type: string description: Copy a key/value pair with key KEY to COPIED_KEY if KEY exists. If COPIED_KEY already exists, this field is overwritten hardRename: type: object additionalProperties: type: string description: Rename a key/value pair with key KEY to RENAMED_KEY if KEY exists. If RENAMED_KEY already exists, this field is overwritten remove: type: string description: Remove a key/value pair with key KEY if it exists removeRegex: type: string description: Remove all key/value pairs with key matching regexp KEY removeWildcard: type: string description: Remove all key/value pairs with key matching wildcard KEY rename: type: object additionalProperties: type: string description: Rename a key/value pair with key KEY to RENAMED_KEY if KEY exists AND RENAMED_KEY does not exist set: type: object additionalProperties: type: string description: Add a key/value pair with key KEY and value VALUE. If KEY already exists, this field is overwritten multiline: type: object description: Multiline defines a Multiline configuration. properties: alias: type: string description: Alias for the plugin keyContent: type: string description: Key name that holds the content to process. Note that a Multiline Parser definition can already specify the key_content to use, but this option allows to overwrite that value for the purpose of the filter. parser: type: string description: Specify one or multiple Multiline Parsing definitions to apply to the content. You can specify multiple multiline parsers to detect different formats by separating them with a comma. retryLimit: type: string description: 'RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1.' pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ required: - parser nest: type: object description: Nest defines Nest Filter configuration. properties: addPrefix: type: string description: Prefix affected keys with this string alias: type: string description: Alias for the plugin nestUnder: type: string description: Nest records matching the Wildcard under this key nestedUnder: type: string description: Lift records nested under the Nested_under key operation: type: string description: Select the operation nest or lift enum: - nest - lift removePrefix: type: string description: Remove prefix from affected keys if it matches this string retryLimit: type: string description: 'RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1.' pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ wildcard: type: array description: Nest records which field matches the wildcard items: type: string parser: type: object description: Parser defines Parser Filter configuration. properties: alias: type: string description: Alias for the plugin keyName: type: string description: Specify field name in record to parse. parser: type: string description: Specify the parser name to interpret the field. Multiple Parser entries are allowed (split by comma). preserveKey: type: boolean description: Keep original Key_Name field in the parsed result. If false, the field will be removed. reserveData: type: boolean description: Keep all other original fields in the parsed result. If false, all other original fields will be removed. retryLimit: type: string description: 'RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1.' pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ unescapeKey: type: boolean description: 'If the key is a escaped string (e.g: stringify JSON), unescape the string before to apply the parser.' recordModifier: type: object description: RecordModifier defines Record Modifier Filter configuration. properties: alias: type: string description: Alias for the plugin allowlistKeys: type: array description: If the key is not matched, that field is removed. items: type: string records: type: array description: Append fields. This parameter needs key and value pair. items: type: string removeKeys: type: array description: If the key is matched, that field is removed. items: type: string retryLimit: type: string description: 'RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1.' pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ uuidKeys: type: array description: If set, the plugin appends uuid to each record. The value assigned becomes the key in the map. items: type: string whitelistKeys: type: array description: An alias of allowlistKeys for backwards compatibility. items: type: string rewriteTag: type: object description: RewriteTag defines a RewriteTag configuration. properties: alias: type: string description: Alias for the plugin emitterName: type: string description: When the filter emits a record under the new Tag, there is an internal emitter plugin that takes care of the job. Since this emitter expose metrics as any other component of the pipeline, you can use this property to configure an optional name for it. retryLimit: type: string description: 'RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1.' pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ rules: type: array description: 'Defines the matching criteria and the format of the Tag for the matching record. The Rule format have four components: KEY REGEX NEW_TAG KEEP.' items: type: string throttle: type: object description: Throttle defines a Throttle configuration. properties: alias: type: string description: Alias for the plugin interval: type: string description: Interval is the time interval expressed in "sleep" format. e.g. 3s, 1.5m, 0.5h, etc. pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ printStatus: type: boolean description: PrintStatus represents whether to print status messages with current rate and the limits to information logs. rate: type: integer description: Rate is the amount of messages for the time. format: int64 retryLimit: type: string description: 'RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1.' pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ window: type: integer description: Window is the amount of intervals to calculate average over. format: int64 logLevel: type: string enum: - "off" - error - warning - info - debug - trace match: type: string description: A pattern to match against the tags of incoming records. It's case-sensitive and support the star (*) character as a wildcard. matchRegex: type: string description: A regular expression to match against the tags of incoming records. Use this option if you want to use the full regex syntax. served: true storage: true --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: clusterfilters.fluentd.fluent.io annotations: controller-gen.kubebuilder.io/version: v0.11.3 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: fluent-operator pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-logging' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: group: fluentd.fluent.io names: kind: ClusterFilter listKind: ClusterFilterList plural: clusterfilters shortNames: - cfdf singular: clusterfilter scope: Cluster versions: - name: v1alpha1 schema: openAPIV3Schema: type: object description: ClusterFilter is the Schema for the clusterfilters API properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object description: ClusterFilterSpec defines the desired state of ClusterFilter properties: filters: type: array items: type: object description: Filter defines all available filter plugins and their parameters. properties: customPlugin: type: object description: Custom plugin type properties: config: type: string required: - config grep: type: object description: The filter_grep filter plugin properties: and: type: array items: type: object description: And defines the parameters for the "and" plugin properties: exclude: type: object description: Exclude defines the parameters for the exclude plugin properties: key: type: string pattern: type: string regexp: type: object description: Regexp defines the parameters for the regexp plugin properties: key: type: string pattern: type: string exclude: type: array items: type: object description: Exclude defines the parameters for the exclude plugin properties: key: type: string pattern: type: string or: type: array items: type: object description: Or defines the parameters for the "or" plugin properties: exclude: type: object description: Exclude defines the parameters for the exclude plugin properties: key: type: string pattern: type: string regexp: type: object description: Regexp defines the parameters for the regexp plugin properties: key: type: string pattern: type: string regexp: type: array items: type: object description: Regexp defines the parameters for the regexp plugin properties: key: type: string pattern: type: string logLevel: type: string description: The @log_level parameter specifies the plugin-specific logging level parser: type: object description: The filter_parser filter plugin properties: emitInvalidRecordToError: type: boolean description: 'Emits invalid record to @ERROR label. Invalid cases are: key does not exist;the format is not matched;an unexpected error. If you want to ignore these errors, set false.' hashValueField: type: string description: Stores the parsed values as a hash value in a field. injectKeyPrefix: type: string description: Stores the parsed values with the specified key name prefix. keyName: type: string description: 'Specifies the field name in the record to parse. Required parameter. i.e: If set keyName to log, {"key":"value","log":"{\"time\":1622473200,\"user\":1}"} => {"user":1}' parse: type: object description: Parse defines various parameters for the parse plugin properties: type: type: string description: The @type parameter specifies the type of the plugin. enum: - regexp - apache2 - apache_error - nginx - syslog - csv - tsv - ltsv - json - multiline - none estimateCurrentEvent: type: boolean description: If true, use Fluent::Eventnow(current time) as a timestamp when time_key is specified. expression: type: string description: Specifies the regular expression for matching logs. Regular expression also supports i and m suffix. id: type: string description: The @id parameter specifies a unique name for the configuration. keepTimeKey: type: boolean description: If true, keep time field in th record. localtime: type: boolean description: If true, uses local time. logLevel: type: string description: The @log_level parameter specifies the plugin-specific logging level timeFormat: type: string description: Process value according to the specified format. This is available only when time_type is string timeFormatFallbacks: type: string description: Uses the specified time format as a fallback in the specified order. You can parse undetermined time format by using time_format_fallbacks. This options is enabled when time_type is mixed. timeKey: type: string description: Specify time field for event time. If the event doesn't have this field, current time is used. timeType: type: string description: parses/formats value according to this type, default is string enum: - float - unixtime - string - mixed timeout: type: string description: Specify timeout for parse processing. pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ timezone: type: string description: Uses the specified timezone. types: type: string description: 'Specify types for converting field into another, i.e: types user_id:integer,paid:bool,paid_usd_amount:float' utc: type: boolean description: If true, uses UTC. required: - type removeKeyNameField: type: boolean description: Removes key_name field when parsing is succeeded. replaceInvalidSequence: type: boolean description: If true, invalid string is replaced with safe characters and re-parse it. reserveData: type: boolean description: 'Keeps the original key-value pair in the parsed result. Default is false. i.e: If set keyName to log, reverseData to true, {"key":"value","log":"{\"user\":1,\"num\":2}"} => {"key":"value","log":"{\"user\":1,\"num\":2}","user":1,"num":2}' reserveTime: type: boolean description: Keeps the original event time in the parsed result. Default is false. required: - keyName - parse recordTransformer: type: object description: The filter_record_transformer filter plugin properties: autoTypecast: type: boolean description: Automatically casts the field types. Default is false. This option is effective only for field values comprised of a single placeholder. enableRuby: type: boolean description: 'When set to true, the full Ruby syntax is enabled in the ${...} expression. The default value is false. i.e: jsonized_record ${record.to_json}' keepKeys: type: string description: A list of keys to keep. Only relevant if renew_record is set to true. records: type: array items: type: object description: The parameters inside directives are considered to be new key-value pairs properties: value: type: string description: The value must from Record properties. See https://docs.fluentd.org/filter/record_transformer#less-than-record-greater-than-directive key: type: string description: New field can be defined as key required: - key - value removeKeys: type: string description: A list of keys to delete. Supports nested field via record_accessor syntax since v1.1.0. renewRecord: type: boolean description: By default, the record transformer filter mutates the incoming data. However, if this parameter is set to true, it modifies a new empty hash instead. renewTimeKey: type: string description: renew_time_key foo overwrites the time of events with a value of the record field foo if exists. The value of foo must be a Unix timestamp. stdout: type: object description: The filter_stdout filter plugin properties: format: type: object description: The format section properties: type: type: string description: The @type parameter specifies the type of the plugin. enum: - out_file - json - ltsv - csv - msgpack - hash - single_value delimiter: type: string description: Delimiter for each field. id: type: string description: The @id parameter specifies a unique name for the configuration. localtime: type: boolean description: If true, uses local time. logLevel: type: string description: The @log_level parameter specifies the plugin-specific logging level newline: type: string description: Specify newline characters. enum: - lf - crlf outputTag: type: boolean description: Output tag field if true. outputTime: type: boolean description: Output time field if true. timeFormat: type: string description: Process value according to the specified format. This is available only when time_type is string timeFormatFallbacks: type: string description: Uses the specified time format as a fallback in the specified order. You can parse undetermined time format by using time_format_fallbacks. This options is enabled when time_type is mixed. timeType: type: string description: parses/formats value according to this type, default is string enum: - float - unixtime - string - mixed timezone: type: string description: Uses the specified timezone. utc: type: boolean description: If true, uses UTC. inject: type: object description: The inject section properties: hostname: type: string description: Hostname value hostnameKey: type: string description: The field name to inject hostname inline: type: object description: Time section properties: localtime: type: boolean description: If true, uses local time. timeFormat: type: string description: Process value according to the specified format. This is available only when time_type is string timeFormatFallbacks: type: string description: Uses the specified time format as a fallback in the specified order. You can parse undetermined time format by using time_format_fallbacks. This options is enabled when time_type is mixed. timeType: type: string description: parses/formats value according to this type, default is string enum: - float - unixtime - string - mixed timezone: type: string description: Uses the specified timezone. utc: type: boolean description: If true, uses UTC. tagKey: type: string description: The field name to inject tag timeKey: type: string description: The field name to inject time workerIdKey: type: string description: The field name to inject worker_id tag: type: string description: Which tag to be matched. status: type: object description: ClusterFilterStatus defines the observed state of ClusterFilter served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: clusterfluentbitconfigs.fluentbit.fluent.io annotations: controller-gen.kubebuilder.io/version: v0.11.3 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: fluent-operator pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-logging' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: group: fluentbit.fluent.io names: kind: ClusterFluentBitConfig listKind: ClusterFluentBitConfigList plural: clusterfluentbitconfigs shortNames: - cfbc singular: clusterfluentbitconfig scope: Cluster versions: - name: v1alpha2 schema: openAPIV3Schema: type: object description: ClusterFluentBitConfig is the Schema for the cluster-level fluentbitconfigs API properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object description: FluentBitConfigSpec defines the desired state of ClusterFluentBitConfig properties: namespace: type: string description: If namespace is defined, then the configmap and secret for fluent-bit is in this namespace. If it is not defined, it is in the namespace of the fluentd-operator service: type: object description: Service defines the global behaviour of the Fluent Bit engine. properties: daemon: type: boolean description: If true go to background on start flushSeconds: type: integer description: Interval to flush output format: int64 graceSeconds: type: integer description: Wait time on exit format: int64 hcErrorsCount: type: integer description: 'the error count to meet the unhealthy requirement, this is a sum for all output plugins in a defined HC_Period, example for output error: [2022/02/16 10:44:10] [ warn] [engine] failed to flush chunk ''1-1645008245.491540684.flb'', retry in 7 seconds: task_id=0, input=forward.1 > output=cloudwatch_logs.3 (out_id=3)' format: int64 minimum: 1 hcPeriod: type: integer description: The time period by second to count the error and retry failure data point format: int64 minimum: 1 hcRetryFailureCount: type: integer description: 'the retry failure count to meet the unhealthy requirement, this is a sum for all output plugins in a defined HC_Period, example for retry failure: [2022/02/16 20:11:36] [ warn] [engine] chunk ''1-1645042288.260516436.flb'' cannot be retried: task_id=0, input=tcp.3 > output=cloudwatch_logs.1' format: int64 minimum: 1 healthCheck: type: boolean description: 'enable Health check feature at http://127.0.0.1:2020/api/v1/health Note: Enabling this will not automatically configure kubernetes to use fluentbit''s healthcheck endpoint' httpListen: type: string description: Address to listen pattern: ^\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}$ httpPort: type: integer description: Port to listen format: int32 maximum: 65535 minimum: 1 httpServer: type: boolean description: If true enable statistics HTTP server logFile: type: string description: File to log diagnostic output logLevel: type: string description: Diagnostic level (error/warning/info/debug/trace) enum: - "off" - error - warning - info - debug - trace parsersFile: type: string description: Optional 'parsers' config file (can be multiple) storage: type: object description: Configure a global environment for the storage layer in Service. It is recommended to configure the volume and volumeMount separately for this storage. The hostPath type should be used for that Volume in Fluentbit daemon set. properties: backlogMemLimit: type: string description: This option configure a hint of maximum value of memory to use when processing these records checksum: type: string description: Enable the data integrity check when writing and reading data from the filesystem enum: - "on" - "off" deleteIrrecoverableChunks: type: string description: When enabled, irrecoverable chunks will be deleted during runtime, and any other irrecoverable chunk located in the configured storage path directory will be deleted when Fluent-Bit starts. enum: - "on" - "off" maxChunksUp: type: integer description: If the input plugin has enabled filesystem storage type, this property sets the maximum number of Chunks that can be up in memory format: int64 metrics: type: string description: If http_server option has been enabled in the Service section, this option registers a new endpoint where internal metrics of the storage layer can be consumed enum: - "on" - "off" path: type: string description: Select an optional location in the file system to store streams and chunks of data/ sync: type: string description: Configure the synchronization mode used to store the data into the file system enum: - normal - full filterSelector: type: object description: Select filter plugins properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic inputSelector: type: object description: Select input plugins properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic outputSelector: type: object description: Select output plugins properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic parserSelector: type: object description: Select parser plugins properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic served: true storage: true --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: clusterfluentdconfigs.fluentd.fluent.io annotations: controller-gen.kubebuilder.io/version: v0.11.3 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: fluent-operator pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-logging' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: group: fluentd.fluent.io names: kind: ClusterFluentdConfig listKind: ClusterFluentdConfigList plural: clusterfluentdconfigs shortNames: - cfdc singular: clusterfluentdconfig scope: Cluster versions: - name: v1alpha1 schema: openAPIV3Schema: type: object description: ClusterFluentdConfig is the Schema for the clusterfluentdconfigs API properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object description: ClusterFluentdConfigSpec defines the desired state of ClusterFluentdConfig properties: clusterFilterSelector: type: object description: Select cluster filter plugins properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic clusterOutputSelector: type: object description: Select cluster output plugins properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic emit_mode: type: string description: 'Emit mode. If batch, the plugin will emit events per labels matched. Enum: record, batch. will make no effect if EnableFilterKubernetes is set false.' enum: - record - batch stickyTags: type: string description: Sticky tags will match only one record from an event stream. The same tag will be treated the same way. will make no effect if EnableFilterKubernetes is set false. watchedConstainers: type: array description: A set of container names. Ignored if left empty. items: type: string watchedHosts: type: array description: A set of hosts. Ignored if left empty. items: type: string watchedLabels: type: object additionalProperties: type: string description: Use this field to filter the logs, will make no effect if EnableFilterKubernetes is set false. watchedNamespaces: type: array description: A set of namespaces. The whole namespaces would be watched if left empty. items: type: string status: type: object description: ClusterFluentdConfigStatus defines the observed state of ClusterFluentdConfig properties: messages: type: string description: Messages defines the plugin errors which is selected by this fluentdconfig state: type: string description: The state of this fluentd config served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: clusterinputs.fluentbit.fluent.io annotations: controller-gen.kubebuilder.io/version: v0.11.3 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: fluent-operator pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-logging' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: group: fluentbit.fluent.io names: kind: ClusterInput listKind: ClusterInputList plural: clusterinputs shortNames: - cfbi singular: clusterinput scope: Cluster versions: - name: v1alpha2 schema: openAPIV3Schema: type: object description: ClusterInput is the Schema for the inputs API properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object description: InputSpec defines the desired state of ClusterInput properties: alias: type: string description: A user friendly alias name for this input plugin. Used in metrics for distinction of each configured input. customPlugin: type: object description: CustomPlugin defines Custom Input configuration. properties: config: type: string dummy: type: object description: Dummy defines Dummy Input configuration. properties: dummy: type: string description: Dummy JSON record. rate: type: integer description: Events number generated per second. format: int32 samples: type: integer description: Sample events to generate. format: int32 tag: type: string description: Tag name associated to all records comming from this plugin. fluentBitMetrics: type: object description: FluentBitMetrics defines Fluent Bit Metrics Input configuration. properties: scrapeInterval: type: string description: The rate at which metrics are collected from the host operating system. default is 2 seconds. scrapeOnStart: type: boolean description: Scrape metrics upon start, useful to avoid waiting for 'scrape_interval' for the first round of metrics. tag: type: string logLevel: type: string enum: - "off" - error - warning - info - debug - trace nodeExporterMetrics: type: object description: NodeExporterMetrics defines Node Exporter Metrics Input configuration. properties: path: type: object properties: procfs: type: string description: The mount point used to collect process information and metrics. sysfs: type: string description: The path in the filesystem used to collect system metrics. scrapeInterval: type: string description: The rate at which metrics are collected from the host operating system, default is 5 seconds. tag: type: string description: Tag name associated to all records comming from this plugin. prometheusScrapeMetrics: type: object description: PrometheusScrapeMetrics defines Prometheus Scrape Metrics Input configuration. properties: port: type: integer description: The port of the promethes metric endpoint that you want to scrape format: int32 maximum: 65535 minimum: 1 host: type: string description: The host of the prometheus metric endpoint that you want to scrape metricsPath: type: string description: 'The metrics URI endpoint, that must start with a forward slash, deflaut: /metrics' scrapeInterval: type: string description: 'The interval to scrape metrics, default: 10s' tag: type: string description: Tag name associated to all records comming from this plugin systemd: type: object description: Systemd defines Systemd Input configuration. properties: db: type: string description: Specify the database file to keep track of monitored files and offsets. dbSync: type: string description: 'Set a default synchronization (I/O) method. values: Extra, Full, Normal, Off. This flag affects how the internal SQLite engine do synchronization to disk, for more details about each option please refer to this section. note: this option was introduced on Fluent Bit v1.4.6.' enum: - Extra - Full - Normal - "Off" maxEntries: type: integer description: When Fluent Bit starts, the Journal might have a high number of logs in the queue. In order to avoid delays and reduce memory usage, this option allows to specify the maximum number of log entries that can be processed per round. Once the limit is reached, Fluent Bit will continue processing the remaining log entries once Journald performs the notification. maxFields: type: integer description: Set a maximum number of fields (keys) allowed per record. path: type: string description: Optional path to the Systemd journal directory, if not set, the plugin will use default paths to read local-only logs. pauseOnChunksOverlimit: type: string description: Specifies if the input plugin should be paused (stop ingesting new data) when the storage.max_chunks_up value is reached. enum: - "on" - "off" readFromTail: type: string description: Start reading new entries. Skip entries already stored in Journald. enum: - "on" - "off" storageType: type: string description: Specify the buffering mechanism to use. It can be memory or filesystem enum: - filesystem - memory stripUnderscores: type: string description: Remove the leading underscore of the Journald field (key). For example the Journald field _PID becomes the key PID. enum: - "on" - "off" systemdFilter: type: array description: 'Allows to perform a query over logs that contains a specific Journald key/value pairs, e.g: _SYSTEMD_UNIT=UNIT. The Systemd_Filter option can be specified multiple times in the input section to apply multiple filters as required.' items: type: string systemdFilterType: type: string description: Define the filter type when Systemd_Filter is specified multiple times. Allowed values are And and Or. With And a record is matched only when all of the Systemd_Filter have a match. With Or a record is matched when any of the Systemd_Filter has a match. enum: - And - Or tag: type: string description: 'The tag is used to route messages but on Systemd plugin there is an extra functionality: if the tag includes a star/wildcard, it will be expanded with the Systemd Unit file (e.g: host.* => host.UNIT_NAME).' tail: type: object description: Tail defines Tail Input configuration. properties: bufferChunkSize: type: string description: Set the initial buffer size to read files data. This value is used too to increase buffer size. The value must be according to the Unit Size specification. pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ bufferMaxSize: type: string description: 'Set the limit of the buffer size per monitored file. When a buffer needs to be increased (e.g: very long lines), this value is used to restrict how much the memory buffer can grow. If reading a file exceed this limit, the file is removed from the monitored file list The value must be according to the Unit Size specification.' pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ db: type: string description: Specify the database file to keep track of monitored files and offsets. dbSync: type: string description: 'Set a default synchronization (I/O) method. Values: Extra, Full, Normal, Off.' enum: - Extra - Full - Normal - "Off" disableInotifyWatcher: type: boolean description: DisableInotifyWatcher will disable inotify and use the file stat watcher instead. dockerMode: type: boolean description: If enabled, the plugin will recombine split Docker log lines before passing them to any parser as configured above. This mode cannot be used at the same time as Multiline. dockerModeFlushSeconds: type: integer description: Wait period time in seconds to flush queued unfinished split lines. format: int64 dockerModeParser: type: string description: Specify an optional parser for the first line of the docker multiline mode. The parser name to be specified must be registered in the parsers.conf file. excludePath: type: string description: 'Set one or multiple shell patterns separated by commas to exclude files matching a certain criteria, e.g: exclude_path=*.gz,*.zip' ignoredOlder: type: string description: Ignores records which are older than this time in seconds. Supports m,h,d (minutes, hours, days) syntax. Default behavior is to read all records from specified files. Only available when a Parser is specificied and it can parse the time of a record. pattern: ^\d+(m|h|d)?$ key: type: string description: When a message is unstructured (no parser applied), it's appended as a string under the key name log. This option allows to define an alternative name for that key. memBufLimit: type: string description: Set a limit of memory that Tail plugin can use when appending data to the Engine. If the limit is reach, it will be paused; when the data is flushed it resumes. multiline: type: boolean description: If enabled, the plugin will try to discover multiline messages and use the proper parsers to compose the outgoing messages. Note that when this option is enabled the Parser option is not used. multilineFlushSeconds: type: integer description: Wait period time in seconds to process queued multiline messages format: int64 multilineParser: type: string description: This will help to reassembly multiline messages originally split by Docker or CRI Specify one or Multiline Parser definition to apply to the content. parser: type: string description: Specify the name of a parser to interpret the entry as a structured message. parserFirstline: type: string description: Name of the parser that matchs the beginning of a multiline message. Note that the regular expression defined in the parser must include a group name (named capture) parserN: type: array description: Optional-extra parser to interpret and structure multiline entries. This option can be used to define multiple parsers. items: type: string path: type: string description: Pattern specifying a specific log files or multiple ones through the use of common wildcards. pathKey: type: string description: If enabled, it appends the name of the monitored file as part of the record. The value assigned becomes the key in the map. pauseOnChunksOverlimit: type: string description: Specifies if the input plugin should be paused (stop ingesting new data) when the storage.max_chunks_up value is reached. enum: - "on" - "off" readFromHead: type: boolean description: For new discovered files on start (without a database offset/position), read the content from the head of the file, not tail. refreshIntervalSeconds: type: integer description: The interval of refreshing the list of watched files in seconds. format: int64 rotateWaitSeconds: type: integer description: Specify the number of extra time in seconds to monitor a file once is rotated in case some pending data is flushed. format: int64 skipLongLines: type: boolean description: When a monitored file reach it buffer capacity due to a very long line (Buffer_Max_Size), the default behavior is to stop monitoring that file. Skip_Long_Lines alter that behavior and instruct Fluent Bit to skip long lines and continue processing other lines that fits into the buffer size. storageType: type: string description: Specify the buffering mechanism to use. It can be memory or filesystem enum: - filesystem - memory tag: type: string description: Set a tag (with regex-extract fields) that will be placed on lines read. E.g. kube... tagRegex: type: string description: Set a regex to exctract fields from the file served: true storage: true --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: clusteroutputs.fluentbit.fluent.io annotations: controller-gen.kubebuilder.io/version: v0.11.3 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: fluent-operator pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-logging' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: group: fluentbit.fluent.io names: kind: ClusterOutput listKind: ClusterOutputList plural: clusteroutputs shortNames: - cfbo singular: clusteroutput scope: Cluster versions: - name: v1alpha2 schema: openAPIV3Schema: type: object description: ClusterOutput is the Schema for the cluster-level outputs API properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object description: OutputSpec defines the desired state of ClusterOutput properties: alias: type: string description: A user friendly alias name for this output plugin. Used in metrics for distinction of each configured output. azureBlob: type: object description: AzureBlob defines AzureBlob Output Configuration properties: accountName: type: string description: Azure Storage account name autoCreateContainer: type: boolean description: Creates container if ContainerName is not set. blobType: type: string description: Specify the desired blob type. Must be `appendblob` or `blockblob` containerName: type: string description: Name of the container that will contain the blobs emulatorMode: type: boolean description: Optional toggle to use an Azure emulator endpoint: type: string description: HTTP Service of the endpoint (if using EmulatorMode) path: type: string description: Optional path to store the blobs. sharedKey: type: object description: Specify the Azure Storage Shared Key to authenticate against the storage account properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic tls: type: boolean description: Enable/Disable TLS Encryption. Azure services require TLS to be enabled. required: - accountName - containerName - sharedKey azureLogAnalytics: type: object description: AzureLogAnalytics defines AzureLogAnalytics Output Configuration properties: customerID: type: object description: Customer ID or Workspace ID properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic logType: type: string description: Name of the event type. sharedKey: type: object description: Specify the primary or the secondary client authentication key properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic timeGenerated: type: boolean description: If set, overrides the timeKey value with the `time-generated-field` HTTP header value. timeKey: type: string description: Specify the name of the key where the timestamp is stored. required: - customerID - sharedKey cloudWatch: type: object description: CloudWatch defines CloudWatch Output Configuration properties: autoCreateGroup: type: boolean description: Automatically create the log group. Defaults to False. autoRetryRequests: type: boolean description: Automatically retry failed requests to CloudWatch once. Defaults to True. endpoint: type: string description: Custom endpoint for CloudWatch logs API externalID: type: string description: Specify an external ID for the STS API. logFormat: type: string description: Optional parameter to tell CloudWatch the format of the data logGroupName: type: string description: Name of Cloudwatch Log Group to send log records to logGroupTemplate: type: string description: Template for Log Group name, overrides LogGroupName if set. logKey: type: string description: If set, only the value of the key will be sent to CloudWatch logRetentionDays: type: integer description: Number of days logs are retained for enum: - 1 - 3 - 5 - 7 - 14 - 30 - 60 - 90 - 120 - 150 - 180 - 365 - 400 - 545 - 731 - 1827 - 3653 format: int32 logStreamName: type: string description: The name of the CloudWatch Log Stream to send log records to logStreamPrefix: type: string description: Prefix for the Log Stream name. Not compatible with LogStreamName setting logStreamTemplate: type: string description: Template for Log Stream name. Overrides LogStreamPrefix and LogStreamName if set. metricDimensions: type: string description: Optional lists of lists for dimension keys to be added to all metrics. Use comma separated strings for one list of dimensions and semicolon separated strings for list of lists dimensions. metricNamespace: type: string description: Optional string to represent the CloudWatch namespace. region: type: string description: AWS Region roleArn: type: string description: Role ARN to use for cross-account access stsEndpoint: type: string description: Specify a custom STS endpoint for the AWS STS API required: - region customPlugin: type: object description: CustomPlugin defines Custom Output configuration. properties: config: type: string datadog: type: object description: DataDog defines DataDog Output configuration. properties: apikey: type: string description: Your Datadog API key. compress: type: string description: Compress the payload in GZIP format. Datadog supports and recommends setting this to gzip. dd_message_key: type: string description: By default, the plugin searches for the key 'log' and remap the value to the key 'message'. If the property is set, the plugin will search the property name key. dd_service: type: string description: The human readable name for your service generating the logs. dd_source: type: string description: A human readable name for the underlying technology of your service. dd_tags: type: string description: The tags you want to assign to your logs in Datadog. host: type: string description: Host is the Datadog server where you are sending your logs. include_tag_key: type: boolean description: If enabled, a tag is appended to output. The key name is used tag_key property. json_date_key: type: string description: Date key name for output. provider: type: string description: To activate the remapping, specify configuration flag provider. proxy: type: string description: Specify an HTTP Proxy. tag_key: type: string description: The key name of tag. If include_tag_key is false, This property is ignored. tls: type: boolean description: TLS controls whether to use end-to-end security communications security protocol. Datadog recommends setting this to on. es: type: object description: Elasticsearch defines Elasticsearch Output configuration. properties: type: type: string description: Type name port: type: integer description: TCP port of the target Elasticsearch instance format: int32 maximum: 65535 minimum: 1 awsAuth: type: string description: Enable AWS Sigv4 Authentication for Amazon ElasticSearch Service. awsExternalID: type: string description: External ID for the AWS IAM Role specified with aws_role_arn. awsRegion: type: string description: Specify the AWS region for Amazon ElasticSearch Service. awsRoleARN: type: string description: AWS IAM Role to assume to put records to your Amazon ES cluster. awsSTSEndpoint: type: string description: Specify the custom sts endpoint to be used with STS API for Amazon ElasticSearch Service. bufferSize: type: string description: Specify the buffer size used to read the response from the Elasticsearch HTTP service. This option is useful for debugging purposes where is required to read full responses, note that response size grows depending of the number of records inserted. To set an unlimited amount of memory set this value to False, otherwise the value must be according to the Unit Size specification. pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ cloudAuth: type: string description: Specify the credentials to use to connect to Elastic's Elasticsearch Service running on Elastic Cloud. cloudID: type: string description: If you are using Elastic's Elasticsearch Service you can specify the cloud_id of the cluster running. currentTimeIndex: type: boolean description: Use current time for index generation instead of message record generateID: type: boolean description: When enabled, generate _id for outgoing records. This prevents duplicate records when retrying ES. host: type: string description: IP address or hostname of the target Elasticsearch instance httpPassword: type: object description: Password for user defined in HTTP_User properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic httpUser: type: object description: Optional username credential for Elastic X-Pack access properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic idKey: type: string description: If set, _id will be the value of the key from incoming record and Generate_ID option is ignored. includeTagKey: type: boolean description: When enabled, it append the Tag name to the record. index: type: string description: Index name logstashDateFormat: type: string description: Time format (based on strftime) to generate the second part of the Index name. logstashFormat: type: boolean description: 'Enable Logstash format compatibility. This option takes a boolean value: True/False, On/Off' logstashPrefix: type: string description: 'When Logstash_Format is enabled, the Index name is composed using a prefix and the date, e.g: If Logstash_Prefix is equals to ''mydata'' your index will become ''mydata-YYYY.MM.DD''. The last string appended belongs to the date when the data is being generated.' logstashPrefixKey: type: string description: Prefix keys with this string path: type: string description: Elasticsearch accepts new data on HTTP query path "/_bulk". But it is also possible to serve Elasticsearch behind a reverse proxy on a subpath. This option defines such path on the fluent-bit side. It simply adds a path prefix in the indexing HTTP POST URI. pipeline: type: string description: Newer versions of Elasticsearch allows setting up filters called pipelines. This option allows defining which pipeline the database should use. For performance reasons is strongly suggested parsing and filtering on Fluent Bit side, avoid pipelines. replaceDots: type: boolean description: When enabled, replace field name dots with underscore, required by Elasticsearch 2.0-2.3. suppressTypeName: type: string description: When enabled, mapping types is removed and Type option is ignored. Types are deprecated in APIs in v7.0. This options is for v7.0 or later. tagKey: type: string description: When Include_Tag_Key is enabled, this property defines the key name for the tag. timeKey: type: string description: When Logstash_Format is enabled, each record will get a new timestamp field. The Time_Key property defines the name of that field. timeKeyFormat: type: string description: When Logstash_Format is enabled, this property defines the format of the timestamp. timeKeyNanos: type: boolean description: When Logstash_Format is enabled, enabling this property sends nanosecond precision timestamps. tls: type: object description: Fluent Bit provides integrated support for Transport Layer Security (TLS) and it predecessor Secure Sockets Layer (SSL) respectively. properties: caFile: type: string description: Absolute path to CA certificate file caPath: type: string description: Absolute path to scan for certificate files crtFile: type: string description: Absolute path to Certificate file debug: type: integer description: 'Set TLS debug verbosity level. It accept the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational) and 4 Verbose' enum: - 0 - 1 - 2 - 3 - 4 format: int32 keyFile: type: string description: Absolute path to private Key file keyPassword: type: object description: Optional password for tls.key_file file properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic verify: type: boolean description: Force certificate validation vhost: type: string description: Hostname to be used for TLS SNI extension traceError: type: boolean description: When enabled print the elasticsearch API calls to stdout when elasticsearch returns an error traceOutput: type: boolean description: When enabled print the elasticsearch API calls to stdout (for diag only) file: type: object description: File defines File Output configuration. properties: template: type: string description: The format string. Applicable only if format is template. delimiter: type: string description: The character to separate each pair. Applicable only if format is csv or ltsv. file: type: string description: Set file name to store the records. If not set, the file name will be the tag associated with the records. format: type: string description: 'The format of the file content. See also Format section. Default: out_file.' enum: - out_file - plain - csv - ltsv - template labelDelimiter: type: string description: The character to separate each pair. Applicable only if format is ltsv. path: type: string description: Absolute directory path to store files. If not set, Fluent Bit will write the files on it's own positioned directory. firehose: type: object description: Firehose defines Firehose Output configuration. properties: autoRetryRequests: type: boolean description: Immediately retry failed requests to AWS services once. This option does not affect the normal Fluent Bit retry mechanism with backoff. Instead, it enables an immediate retry with no delay for networking errors, which may help improve throughput when there are transient/random networking issues. dataKeys: type: string description: By default, the whole log record will be sent to Kinesis. If you specify a key name(s) with this option, then only those keys and values will be sent to Kinesis. For example, if you are using the Fluentd Docker log driver, you can specify data_keys log and only the log message will be sent to Kinesis. If you specify multiple keys, they should be comma delimited. deliveryStream: type: string description: The name of the Kinesis Firehose Delivery stream that you want log records sent to. endpoint: type: string description: Specify a custom endpoint for the Kinesis Firehose API. logKey: type: string description: By default, the whole log record will be sent to Firehose. If you specify a key name with this option, then only the value of that key will be sent to Firehose. For example, if you are using the Fluentd Docker log driver, you can specify log_key log and only the log message will be sent to Firehose. region: type: string description: The AWS region. roleARN: type: string description: ARN of an IAM role to assume (for cross account access). stsEndpoint: type: string description: Specify a custom endpoint for the STS API; used to assume your custom role provided with role_arn. timeKey: type: string description: Add the timestamp to the record under this key. By default, the timestamp from Fluent Bit will not be added to records sent to Kinesis. timeKeyFormat: type: string description: strftime compliant format string for the timestamp; for example, %Y-%m-%dT%H *string This option is used with time_key. You can also use %L for milliseconds and %f for microseconds. If you are using ECS FireLens, make sure you are running Amazon ECS Container Agent v1.42.0 or later, otherwise the timestamps associated with your container logs will only have second precision. required: - deliveryStream - region forward: type: object description: Forward defines Forward Output configuration. properties: port: type: integer description: TCP Port of the target service. format: int32 maximum: 65535 minimum: 1 emptySharedKey: type: boolean description: Use this option to connect to Fluentd with a zero-length secret. host: type: string description: Target host where Fluent-Bit or Fluentd are listening for Forward messages. password: type: object description: Specify the password corresponding to the username. properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic requireAckResponse: type: boolean description: Send "chunk"-option and wait for "ack" response from server. Enables at-least-once and receiving server can control rate of traffic. (Requires Fluentd v0.14.0+ server) selfHostname: type: string description: Default value of the auto-generated certificate common name (CN). sendOptions: type: boolean description: Always send options (with "size"=count of messages) sharedKey: type: string description: A key string known by the remote Fluentd used for authorization. timeAsInteger: type: boolean description: Set timestamps in integer format, it enable compatibility mode for Fluentd v0.12 series. tls: type: object description: Fluent Bit provides integrated support for Transport Layer Security (TLS) and it predecessor Secure Sockets Layer (SSL) respectively. properties: caFile: type: string description: Absolute path to CA certificate file caPath: type: string description: Absolute path to scan for certificate files crtFile: type: string description: Absolute path to Certificate file debug: type: integer description: 'Set TLS debug verbosity level. It accept the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational) and 4 Verbose' enum: - 0 - 1 - 2 - 3 - 4 format: int32 keyFile: type: string description: Absolute path to private Key file keyPassword: type: object description: Optional password for tls.key_file file properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic verify: type: boolean description: Force certificate validation vhost: type: string description: Hostname to be used for TLS SNI extension username: type: object description: Specify the username to present to a Fluentd server that enables user_auth. properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic http: type: object description: HTTP defines HTTP Output configuration. properties: port: type: integer description: TCP port of the target HTTP Server format: int32 maximum: 65535 minimum: 1 allowDuplicatedHeaders: type: boolean description: Specify if duplicated headers are allowed. If a duplicated header is found, the latest key/value set is preserved. compress: type: string description: Set payload compression mechanism. Option available is 'gzip' format: type: string description: Specify the data format to be used in the HTTP request body, by default it uses msgpack. Other supported formats are json, json_stream and json_lines and gelf. enum: - msgpack - json - json_stream - json_lines - gelf gelfFullMessageKey: type: string description: Specify the key to use for the full message in gelf format gelfHostKey: type: string description: Specify the key to use for the host in gelf format gelfLevelKey: type: string description: Specify the key to use for the level in gelf format gelfShortMessageKey: type: string description: Specify the key to use as the short message in gelf format gelfTimestampKey: type: string description: Specify the key to use for timestamp in gelf format headerTag: type: string description: Specify an optional HTTP header field for the original message tag. headers: type: object additionalProperties: type: string description: Add a HTTP header key/value pair. Multiple headers can be set. host: type: string description: IP address or hostname of the target HTTP Server httpPassword: type: object description: Basic Auth Password. Requires HTTP_User to be set properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic httpUser: type: object description: Basic Auth Username properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic jsonDateFormat: type: string description: 'Specify the format of the date. Supported formats are double, epoch and iso8601 (eg: 2018-05-30T09:39:52.000681Z)' jsonDateKey: type: string description: Specify the name of the time key in the output record. To disable the time key just set the value to false. proxy: type: string description: Specify an HTTP Proxy. The expected format of this value is http://host:port. Note that https is not supported yet. tls: type: object description: HTTP output plugin supports TTL/SSL, for more details about the properties available and general configuration, please refer to the TLS/SSL section. properties: caFile: type: string description: Absolute path to CA certificate file caPath: type: string description: Absolute path to scan for certificate files crtFile: type: string description: Absolute path to Certificate file debug: type: integer description: 'Set TLS debug verbosity level. It accept the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational) and 4 Verbose' enum: - 0 - 1 - 2 - 3 - 4 format: int32 keyFile: type: string description: Absolute path to private Key file keyPassword: type: object description: Optional password for tls.key_file file properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic verify: type: boolean description: Force certificate validation vhost: type: string description: Hostname to be used for TLS SNI extension uri: type: string description: 'Specify an optional HTTP URI for the target web server, e.g: /something' influxDB: type: object description: InfluxDB defines InfluxDB Output configuration. properties: port: type: integer description: TCP port of the target InfluxDB service. format: int32 maximum: 65536 minimum: 0 autoTags: type: boolean description: Automatically tag keys where value is string. bucket: type: string description: InfluxDB bucket name where records will be inserted - if specified, database is ignored and v2 of API is used database: type: string description: InfluxDB database name where records will be inserted. host: type: string description: IP address or hostname of the target InfluxDB service. format: ipv6 httpPassword: type: object description: Password for user defined in HTTP_User properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic httpToken: type: object description: Authentication token used with InfluxDB v2 - if specified, both HTTPUser and HTTPPasswd are ignored properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic httpUser: type: object description: Optional username for HTTP Basic Authentication properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic org: type: string description: InfluxDB organization name where the bucket is (v2 only) sequenceTag: type: string description: The name of the tag whose value is incremented for the consecutive simultaneous events. tagKeys: type: array description: List of keys that needs to be tagged items: type: string tagListKey: type: string description: Key of the string array optionally contained within each log record that contains tag keys for that record tagsListEnabled: type: boolean description: Dynamically tag keys which are in the string array at Tags_List_Key key. tls: type: object description: Fluent Bit provides integrated support for Transport Layer Security (TLS) and it predecessor Secure Sockets Layer (SSL) respectively. properties: caFile: type: string description: Absolute path to CA certificate file caPath: type: string description: Absolute path to scan for certificate files crtFile: type: string description: Absolute path to Certificate file debug: type: integer description: 'Set TLS debug verbosity level. It accept the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational) and 4 Verbose' enum: - 0 - 1 - 2 - 3 - 4 format: int32 keyFile: type: string description: Absolute path to private Key file keyPassword: type: object description: Optional password for tls.key_file file properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic verify: type: boolean description: Force certificate validation vhost: type: string description: Hostname to be used for TLS SNI extension required: - host kafka: type: object description: Kafka defines Kafka Output configuration. properties: brokers: type: string description: 'Single of multiple list of Kafka Brokers, e.g: 192.168.1.3:9092, 192.168.1.4:9092.' dynamicTopic: type: boolean description: adds unknown topics (found in Topic_Key) to Topics. So in Topics only a default topic needs to be configured format: type: string description: 'Specify data format, options available: json, msgpack.' messageKey: type: string description: Optional key to store the message messageKeyField: type: string description: If set, the value of Message_Key_Field in the record will indicate the message key. If not set nor found in the record, Message_Key will be used (if set). queueFullRetries: type: integer description: Fluent Bit queues data into rdkafka library, if for some reason the underlying library cannot flush the records the queue might fills up blocking new addition of records. The queue_full_retries option set the number of local retries to enqueue the data. The default value is 10 times, the interval between each retry is 1 second. Setting the queue_full_retries value to 0 set's an unlimited number of retries. format: int64 rdkafka: type: object additionalProperties: type: string description: '{property} can be any librdkafka properties' timestampFormat: type: string description: iso8601 or double timestampKey: type: string description: Set the key to store the record timestamp topicKey: type: string description: 'If multiple Topics exists, the value of Topic_Key in the record will indicate the topic to use. E.g: if Topic_Key is router and the record is {"key1": 123, "router": "route_2"}, Fluent Bit will use topic route_2. Note that if the value of Topic_Key is not present in Topics, then by default the first topic in the Topics list will indicate the topic to be used.' topics: type: string description: Single entry or list of topics separated by comma (,) that Fluent Bit will use to send messages to Kafka. If only one topic is set, that one will be used for all records. Instead if multiple topics exists, the one set in the record by Topic_Key will be used. kinesis: type: object description: Kinesis defines Kinesis Output configuration. properties: autoRetryRequests: type: boolean description: Immediately retry failed requests to AWS services once. This option does not affect the normal Fluent Bit retry mechanism with backoff. Instead, it enables an immediate retry with no delay for networking errors, which may help improve throughput when there are transient/random networking issues. This option defaults to true. endpoint: type: string description: Specify a custom endpoint for the Kinesis API. externalID: type: string description: Specify an external ID for the STS API, can be used with the role_arn parameter if your role requires an external ID. logKey: type: string description: By default, the whole log record will be sent to Kinesis. If you specify a key name with this option, then only the value of that key will be sent to Kinesis. For example, if you are using the Fluentd Docker log driver, you can specify log_key log and only the log message will be sent to Kinesis. region: type: string description: The AWS region. roleARN: type: string description: ARN of an IAM role to assume (for cross account access). stream: type: string description: The name of the Kinesis Streams Delivery stream that you want log records sent to. stsEndpoint: type: string description: Custom endpoint for the STS API. timeKey: type: string description: Add the timestamp to the record under this key. By default the timestamp from Fluent Bit will not be added to records sent to Kinesis. timeKeyFormat: type: string description: strftime compliant format string for the timestamp; for example, the default is '%Y-%m-%dT%H:%M:%S'. Supports millisecond precision with '%3N' and supports nanosecond precision with '%9N' and '%L'; for example, adding '%3N' to support millisecond '%Y-%m-%dT%H:%M:%S.%3N'. This option is used with time_key. required: - region - stream logLevel: type: string description: 'Set the plugin''s logging verbosity level. Allowed values are: off, error, warn, info, debug and trace, Defaults to the SERVICE section''s Log_Level' enum: - "off" - error - warning - info - debug - trace loki: type: object description: Loki defines Loki Output configuration. properties: labels: type: array description: Stream labels for API request. It can be multiple comma separated of strings specifying key=value pairs. In addition to fixed parameters, it also allows to add custom record keys (similar to label_keys property). items: type: string port: type: integer description: Loki TCP port format: int32 maximum: 65535 minimum: 1 autoKubernetesLabels: type: string description: If set to true, it will add all Kubernetes labels to the Stream labels. enum: - "on" - "off" dropSingleKey: type: string description: If set to true and after extracting labels only a single key remains, the log line sent to Loki will be the value of that key in line_format. enum: - "on" - "off" host: type: string description: Loki hostname or IP address. httpPassword: type: object description: Password for user defined in HTTP_User Set HTTP basic authentication password properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic httpUser: type: object description: Set HTTP basic authentication user name. properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic labelKeys: type: array description: Optional list of record keys that will be placed as stream labels. This configuration property is for records key only. items: type: string labelMapPath: type: string description: Specify the label map file path. The file defines how to extract labels from each record. lineFormat: type: string description: Format to use when flattening the record to a log line. Valid values are json or key_value. If set to json, the log line sent to Loki will be the Fluent Bit record dumped as JSON. If set to key_value, the log line will be each item in the record concatenated together (separated by a single space) in the format. enum: - json - key_value removeKeys: type: array description: Optional list of keys to remove. items: type: string tenantID: type: object description: Tenant ID used by default to push logs to Loki. If omitted or empty it assumes Loki is running in single-tenant mode and no X-Scope-OrgID header is sent. properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic tenantIDKey: type: string description: Specify the name of the key from the original record that contains the Tenant ID. The value of the key is set as X-Scope-OrgID of HTTP header. It is useful to set Tenant ID dynamically. tls: type: object description: Fluent Bit provides integrated support for Transport Layer Security (TLS) and it predecessor Secure Sockets Layer (SSL) respectively. properties: caFile: type: string description: Absolute path to CA certificate file caPath: type: string description: Absolute path to scan for certificate files crtFile: type: string description: Absolute path to Certificate file debug: type: integer description: 'Set TLS debug verbosity level. It accept the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational) and 4 Verbose' enum: - 0 - 1 - 2 - 3 - 4 format: int32 keyFile: type: string description: Absolute path to private Key file keyPassword: type: object description: Optional password for tls.key_file file properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic verify: type: boolean description: Force certificate validation vhost: type: string description: Hostname to be used for TLS SNI extension required: - host match: type: string description: A pattern to match against the tags of incoming records. It's case sensitive and support the star (*) character as a wildcard. matchRegex: type: string description: A regular expression to match against the tags of incoming records. Use this option if you want to use the full regex syntax. "null": type: object description: Null defines Null Output configuration. opensearch: type: object description: OpenSearch defines OpenSearch Output configuration. properties: type: type: string description: Type name port: type: integer description: TCP port of the target OpenSearch instance, default `9200` format: int32 maximum: 65535 minimum: 1 Workers: type: integer description: Enables dedicated thread(s) for this output. Default value is set since version 1.8.13. For previous versions is 0. format: int32 awsAuth: type: string description: Enable AWS Sigv4 Authentication for Amazon OpenSearch Service. awsExternalID: type: string description: External ID for the AWS IAM Role specified with aws_role_arn. awsRegion: type: string description: Specify the AWS region for Amazon OpenSearch Service. awsRoleARN: type: string description: AWS IAM Role to assume to put records to your Amazon cluster. awsSTSEndpoint: type: string description: Specify the custom sts endpoint to be used with STS API for Amazon OpenSearch Service. bufferSize: type: string description: Specify the buffer size used to read the response from the OpenSearch HTTP service. This option is useful for debugging purposes where is required to read full responses, note that response size grows depending of the number of records inserted. To set an unlimited amount of memory set this value to False, otherwise the value must be according to the Unit Size specification. pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ currentTimeIndex: type: boolean description: Use current time for index generation instead of message record generateID: type: boolean description: When enabled, generate _id for outgoing records. This prevents duplicate records when retrying OpenSearch. host: type: string description: IP address or hostname of the target OpenSearch instance, default `127.0.0.1` httpPassword: type: object description: Password for user defined in HTTP_User properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic httpUser: type: object description: Optional username credential for access properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic idKey: type: string description: If set, _id will be the value of the key from incoming record and Generate_ID option is ignored. includeTagKey: type: boolean description: When enabled, it append the Tag name to the record. index: type: string description: Index name logstashDateFormat: type: string description: Time format (based on strftime) to generate the second part of the Index name. logstashFormat: type: boolean description: 'Enable Logstash format compatibility. This option takes a boolean value: True/False, On/Off' logstashPrefix: type: string description: 'When Logstash_Format is enabled, the Index name is composed using a prefix and the date, e.g: If Logstash_Prefix is equals to ''mydata'' your index will become ''mydata-YYYY.MM.DD''. The last string appended belongs to the date when the data is being generated.' logstashPrefixKey: type: string description: Prefix keys with this string path: type: string description: OpenSearch accepts new data on HTTP query path "/_bulk". But it is also possible to serve OpenSearch behind a reverse proxy on a subpath. This option defines such path on the fluent-bit side. It simply adds a path prefix in the indexing HTTP POST URI. pipeline: type: string description: OpenSearch allows to setup filters called pipelines. This option allows to define which pipeline the database should use. For performance reasons is strongly suggested to do parsing and filtering on Fluent Bit side, avoid pipelines. replaceDots: type: boolean description: When enabled, replace field name dots with underscore, required by Elasticsearch 2.0-2.3. suppressTypeName: type: boolean description: When enabled, mapping types is removed and Type option is ignored. Types are deprecated in APIs in v7.0. This options is for v7.0 or later. tagKey: type: string description: When Include_Tag_Key is enabled, this property defines the key name for the tag. timeKey: type: string description: When Logstash_Format is enabled, each record will get a new timestamp field. The Time_Key property defines the name of that field. timeKeyFormat: type: string description: When Logstash_Format is enabled, this property defines the format of the timestamp. timeKeyNanos: type: boolean description: When Logstash_Format is enabled, enabling this property sends nanosecond precision timestamps. tls: type: object description: Fluent Bit provides integrated support for Transport Layer Security (TLS) and it predecessor Secure Sockets Layer (SSL) respectively. properties: caFile: type: string description: Absolute path to CA certificate file caPath: type: string description: Absolute path to scan for certificate files crtFile: type: string description: Absolute path to Certificate file debug: type: integer description: 'Set TLS debug verbosity level. It accept the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational) and 4 Verbose' enum: - 0 - 1 - 2 - 3 - 4 format: int32 keyFile: type: string description: Absolute path to private Key file keyPassword: type: object description: Optional password for tls.key_file file properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic verify: type: boolean description: Force certificate validation vhost: type: string description: Hostname to be used for TLS SNI extension totalLimitSize: type: string description: Limit the maximum number of Chunks in the filesystem for the current output logical destination. traceError: type: boolean description: When enabled print the elasticsearch API calls to stdout when elasticsearch returns an error traceOutput: type: boolean description: When enabled print the elasticsearch API calls to stdout (for diag only) writeOperation: type: string description: Operation to use to write in bulk requests. opentelemetry: type: object description: OpenTelemetry defines OpenTelemetry Output configuration. properties: port: type: integer description: TCP port of the target OpenSearch instance, default `80` format: int32 maximum: 65535 minimum: 1 addLabel: type: object additionalProperties: type: string description: This allows you to add custom labels to all metrics exposed through the OpenTelemetry exporter. You may have multiple of these fields. header: type: object additionalProperties: type: string description: Add a HTTP header key/value pair. Multiple headers can be set. host: type: string description: IP address or hostname of the target HTTP Server, default `127.0.0.1` httpPassword: type: object description: Password for user defined in HTTP_User properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic httpUser: type: object description: Optional username credential for access properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic logResponsePayload: type: boolean description: Log the response payload within the Fluent Bit log. logsUri: type: string description: 'Specify an optional HTTP URI for the target web server listening for logs, e.g: /v1/logs' metricsUri: type: string description: 'Specify an optional HTTP URI for the target web server listening for metrics, e.g: /v1/metrics' proxy: type: string description: Specify an HTTP Proxy. The expected format of this value is http://HOST:PORT. Note that HTTPS is not currently supported. It is recommended not to set this and to configure the HTTP proxy environment variables instead as they support both HTTP and HTTPS. tls: type: object description: Fluent Bit provides integrated support for Transport Layer Security (TLS) and it predecessor Secure Sockets Layer (SSL) respectively. properties: caFile: type: string description: Absolute path to CA certificate file caPath: type: string description: Absolute path to scan for certificate files crtFile: type: string description: Absolute path to Certificate file debug: type: integer description: 'Set TLS debug verbosity level. It accept the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational) and 4 Verbose' enum: - 0 - 1 - 2 - 3 - 4 format: int32 keyFile: type: string description: Absolute path to private Key file keyPassword: type: object description: Optional password for tls.key_file file properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic verify: type: boolean description: Force certificate validation vhost: type: string description: Hostname to be used for TLS SNI extension tracesUri: type: string description: 'Specify an optional HTTP URI for the target web server listening for traces, e.g: /v1/traces' prometheusRemoteWrite: type: object description: PrometheusRemoteWrite_types defines Prometheus Remote Write configuration. properties: port: type: integer description: TCP port of the target HTTP Serveri, default:80 format: int32 maximum: 65535 minimum: 1 addLabels: type: object additionalProperties: type: string description: This allows you to add custom labels to all metrics exposed through the prometheus exporter. You may have multiple of these fields headers: type: object additionalProperties: type: string description: Add a HTTP header key/value pair. Multiple headers can be set. host: type: string description: 'IP address or hostname of the target HTTP Server, default: 127.0.0.1' httpPasswd: type: object description: Basic Auth Password. Requires HTTP_user to be se properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic httpUser: type: object description: Basic Auth Username properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic logResponsePayload: type: boolean description: 'Log the response payload within the Fluent Bit log,default: false' proxy: type: string description: Specify an HTTP Proxy. The expected format of this value is http://HOST:PORT. tls: type: object description: Fluent Bit provides integrated support for Transport Layer Security (TLS) and it predecessor Secure Sockets Layer (SSL) respectively. properties: caFile: type: string description: Absolute path to CA certificate file caPath: type: string description: Absolute path to scan for certificate files crtFile: type: string description: Absolute path to Certificate file debug: type: integer description: 'Set TLS debug verbosity level. It accept the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational) and 4 Verbose' enum: - 0 - 1 - 2 - 3 - 4 format: int32 keyFile: type: string description: Absolute path to private Key file keyPassword: type: object description: Optional password for tls.key_file file properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic verify: type: boolean description: Force certificate validation vhost: type: string description: Hostname to be used for TLS SNI extension uri: type: string description: 'Specify an optional HTTP URI for the target web server, e.g: /something ,default: /' workers: type: integer description: 'Enables dedicated thread(s) for this output. Default value is set since version 1.8.13. For previous versions is 0,default : 2' format: int32 required: - host retry_limit: type: string description: RetryLimit represents configuration for the scheduler which can be set independently on each output section. This option allows to disable retries or impose a limit to try N times and then discard the data after reaching that limit. s3: type: object description: S3 defines S3 Output configuration. properties: AutoRetryRequests: type: boolean description: Immediately retry failed requests to AWS services once. Bucket: type: string description: S3 Bucket name CannedAcl: type: string description: Predefined Canned ACL Policy for S3 objects. Compression: type: string description: Compression type for S3 objects. ContentType: type: string description: A standard MIME type for the S3 object; this will be set as the Content-Type HTTP header. Endpoint: type: string description: Custom endpoint for the S3 API. ExternalId: type: string description: Specify an external ID for the STS API, can be used with the role_arn parameter if your role requires an external ID. JsonDateFormat: type: string description: 'Specify the format of the date. Supported formats are double, epoch, iso8601 (eg: 2018-05-30T09:39:52.000681Z) and java_sql_timestamp (eg: 2018-05-30 09:39:52.000681)' JsonDateKey: type: string description: Specify the name of the time key in the output record. To disable the time key just set the value to false. LogKey: type: string description: By default, the whole log record will be sent to S3. If you specify a key name with this option, then only the value of that key will be sent to S3. PreserveDataOrdering: type: boolean description: Normally, when an upload request fails, there is a high chance for the last received chunk to be swapped with a later chunk, resulting in data shuffling. This feature prevents this shuffling by using a queue logic for uploads. Region: type: string description: The AWS region of your S3 bucket RetryLimit: type: integer description: Integer value to set the maximum number of retries allowed. format: int32 RoleArn: type: string description: ARN of an IAM role to assume S3KeyFormat: type: string description: Format string for keys in S3. S3KeyFormatTagDelimiters: type: string description: A series of characters which will be used to split the tag into 'parts' for use with the s3_key_format option. SendContentMd5: type: boolean description: Send the Content-MD5 header with PutObject and UploadPart requests, as is required when Object Lock is enabled. StaticFilePath: type: boolean description: Disables behavior where UUID string is automatically appended to end of S3 key name when $UUID is not provided in s3_key_format. $UUID, time formatters, $TAG, and other dynamic key formatters all work as expected while this feature is set to true. StorageClass: type: string description: Specify the storage class for S3 objects. If this option is not specified, objects will be stored with the default 'STANDARD' storage class. StoreDir: type: string description: Directory to locally buffer data before sending. StoreDirLimitSize: type: string description: The size of the limitation for disk usage in S3. StsEndpoint: type: string description: Custom endpoint for the STS API. TotalFileSize: type: string description: Specifies the size of files in S3. Minimum size is 1M. With use_put_object On the maximum size is 1G. With multipart upload mode, the maximum size is 50G. UploadChunkSize: type: string description: 'The size of each ''part'' for multipart uploads. Max: 50M' UploadTimeout: type: string description: Whenever this amount of time has elapsed, Fluent Bit will complete an upload and create a new file in S3. For example, set this value to 60m and you will get a new file every hour. UsePutObject: type: boolean description: Use the S3 PutObject API, instead of the multipart upload API. required: - Bucket - Region splunk: type: object description: Splunk defines Splunk Output Configuration properties: port: type: integer description: TCP port of the target Splunk instance, default `8088` format: int32 maximum: 65535 minimum: 1 Workers: type: integer description: Enables dedicated thread(s) for this output. Default value `2` is set since version 1.8.13. For previous versions is 0. format: int32 channel: type: string description: Specify X-Splunk-Request-Channel Header for the HTTP Event Collector interface. compress: type: string description: Set payload compression mechanism. The only available option is gzip. eventFields: type: array description: Set event fields for the record. This option is an array and the format is "key_name record_accessor_pattern". items: type: string eventHost: type: string description: Specify the key name that contains the host value. This option allows a record accessors pattern. eventIndex: type: string description: The name of the index by which the event data is to be indexed. eventIndexKey: type: string description: Set a record key that will populate the index field. If the key is found, it will have precedence over the value set in event_index. eventKey: type: string description: Specify the key name that will be used to send a single value as part of the record. eventSource: type: string description: Set the source value to assign to the event data. eventSourcetype: type: string description: Set the sourcetype value to assign to the event data. eventSourcetypeKey: type: string description: Set a record key that will populate 'sourcetype'. If the key is found, it will have precedence over the value set in event_sourcetype. host: type: string description: IP address or hostname of the target OpenSearch instance, default `127.0.0.1` httpBufferSize: type: string description: 'Buffer size used to receive Splunk HTTP responses: Default `2M`' pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ httpDebugBadRequest: type: boolean description: If the HTTP server response code is 400 (bad request) and this flag is enabled, it will print the full HTTP request and response to the stdout interface. This feature is available for debugging purposes. httpPassword: type: object description: Password for user defined in HTTP_User properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic httpUser: type: object description: Optional username credential for access properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic splunkSendRaw: type: boolean description: When enabled, the record keys and values are set in the top level of the map instead of under the event key. Refer to the Sending Raw Events section from the docs more details to make this option work properly. splunkToken: type: object description: Specify the Authentication Token for the HTTP Event Collector interface. properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic tls: type: object description: Fluent Bit provides integrated support for Transport Layer Security (TLS) and it predecessor Secure Sockets Layer (SSL) respectively. properties: caFile: type: string description: Absolute path to CA certificate file caPath: type: string description: Absolute path to scan for certificate files crtFile: type: string description: Absolute path to Certificate file debug: type: integer description: 'Set TLS debug verbosity level. It accept the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational) and 4 Verbose' enum: - 0 - 1 - 2 - 3 - 4 format: int32 keyFile: type: string description: Absolute path to private Key file keyPassword: type: object description: Optional password for tls.key_file file properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic verify: type: boolean description: Force certificate validation vhost: type: string description: Hostname to be used for TLS SNI extension stackdriver: type: object description: Stackdriver defines Stackdriver Output Configuration properties: namespace: type: string description: Namespace identifier. Required if Resource is generic_node or generic_task labels: type: array description: Optional list of comma separated of strings for key/value pairs items: type: string autoformatStackdriverTrace: type: boolean description: Rewrite the trace field to be formatted for use with GCP Cloud Trace customK8sRegex: type: string description: A custom regex to extract fields from the local_resource_id of the logs exportToProjectID: type: string description: The GCP Project that should receive the logs googleServiceCredentials: type: string description: Path to GCP Credentials JSON file job: type: string description: Identifier for a grouping of tasks. Required if Resource is generic_task k8sClusterLocation: type: string description: Location of the cluster that contains the pods/nodes. Required if Resource is k8s_container, k8s_node, or k8s_pod k8sClusterName: type: string description: Name of the cluster that the pod is running in. Required if Resource is k8s_container, k8s_node, or k8s_pod labelsKey: type: string description: Used by Stackdriver to find related labels and extract them to LogEntry Labels location: type: string description: GCP/AWS region to store data. Required if Resource is generic_node or generic_task logNameKey: type: string description: The value of this field is set as the logName field in Stackdriver metadataServer: type: string description: Metadata Server Prefix nodeID: type: string description: Node identifier within the namespace. Required if Resource is generic_node or generic_task resource: type: string description: Set resource types of data resourceLabels: type: array description: Optional list of comma seperated strings. Setting these fields overrides the Stackdriver monitored resource API values items: type: string serviceAccountEmail: type: object description: Email associated with the service properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic serviceAccountSecret: type: object description: Private Key associated with the service properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic severityKey: type: string description: Specify the key that contains the severity information for the logs tagPrefix: type: string description: Used to validate the tags of logs that when the Resource is k8s_container, k8s_node, or k8s_pod taskID: type: string description: Identifier for a task within a namespace. Required if Resource is generic_task workers: type: integer description: Number of dedicated threads for the Stackdriver Output Plugin format: int32 stdout: type: object description: Stdout defines Stdout Output configuration. properties: format: type: string description: Specify the data format to be printed. Supported formats are msgpack json, json_lines and json_stream. enum: - msgpack - json - json_lines - json_stream jsonDateFormat: type: string description: 'Specify the format of the date. Supported formats are double, iso8601 (eg: 2018-05-30T09:39:52.000681Z) and epoch.' enum: - double - iso8601 - epoch jsonDateKey: type: string description: Specify the name of the date field in output. syslog: type: object description: Syslog defines Syslog Output configuration. properties: port: type: integer description: TCP or UDP port of the remote Syslog server. format: int32 maximum: 65535 minimum: 1 host: type: string description: Host domain or IP address of the remote Syslog server. mode: type: string description: Mode of the desired transport type, the available options are tcp, tls and udp. syslogAppnameKey: type: string description: Key name from the original record that contains the application name that generated the message. syslogFacilityKey: type: string description: Key from the original record that contains the Syslog facility number. syslogFormat: type: string description: Syslog protocol format to use, the available options are rfc3164 and rfc5424. syslogHostnameKey: type: string description: Key name from the original record that contains the hostname that generated the message. syslogMaxSize: type: integer description: Maximum size allowed per message, in bytes. format: int32 syslogMessageIDKey: type: string description: Key name from the original record that contains the Message ID associated to the message. syslogMessageKey: type: string description: Key key name that contains the message to deliver. syslogProcessIDKey: type: string description: Key name from the original record that contains the Process ID that generated the message. syslogSDKey: type: string description: Key name from the original record that contains the Structured Data (SD) content. syslogSeverityKey: type: string description: Key from the original record that contains the Syslog severity number. tls: type: object description: Syslog output plugin supports TTL/SSL, for more details about the properties available and general configuration, please refer to the TLS/SSL section. properties: caFile: type: string description: Absolute path to CA certificate file caPath: type: string description: Absolute path to scan for certificate files crtFile: type: string description: Absolute path to Certificate file debug: type: integer description: 'Set TLS debug verbosity level. It accept the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational) and 4 Verbose' enum: - 0 - 1 - 2 - 3 - 4 format: int32 keyFile: type: string description: Absolute path to private Key file keyPassword: type: object description: Optional password for tls.key_file file properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic verify: type: boolean description: Force certificate validation vhost: type: string description: Hostname to be used for TLS SNI extension tcp: type: object description: TCP defines TCP Output configuration. properties: port: type: integer description: TCP Port of the target service. format: int32 maximum: 65535 minimum: 1 format: type: string description: Specify the data format to be printed. Supported formats are msgpack json, json_lines and json_stream. enum: - msgpack - json - json_lines - json_stream host: type: string description: Target host where Fluent-Bit or Fluentd are listening for Forward messages. jsonDateFormat: type: string description: 'Specify the format of the date. Supported formats are double, epoch and iso8601 (eg: 2018-05-30T09:39:52.000681Z)' enum: - double - epoch - iso8601 jsonDateKey: type: string description: TSpecify the name of the time key in the output record. To disable the time key just set the value to false. tls: type: object description: Fluent Bit provides integrated support for Transport Layer Security (TLS) and it predecessor Secure Sockets Layer (SSL) respectively. properties: caFile: type: string description: Absolute path to CA certificate file caPath: type: string description: Absolute path to scan for certificate files crtFile: type: string description: Absolute path to Certificate file debug: type: integer description: 'Set TLS debug verbosity level. It accept the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational) and 4 Verbose' enum: - 0 - 1 - 2 - 3 - 4 format: int32 keyFile: type: string description: Absolute path to private Key file keyPassword: type: object description: Optional password for tls.key_file file properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic verify: type: boolean description: Force certificate validation vhost: type: string description: Hostname to be used for TLS SNI extension served: true storage: true --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: clusteroutputs.fluentd.fluent.io annotations: controller-gen.kubebuilder.io/version: v0.11.3 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: fluent-operator pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-logging' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: group: fluentd.fluent.io names: kind: ClusterOutput listKind: ClusterOutputList plural: clusteroutputs shortNames: - cfdo singular: clusteroutput scope: Cluster versions: - name: v1alpha1 schema: openAPIV3Schema: type: object description: ClusterOutput is the Schema for the clusteroutputs API properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object description: ClusterOutputSpec defines the desired state of ClusterOutput properties: outputs: type: array items: type: object description: Output defines all available output plugins and their parameters properties: buffer: type: object description: buffer section properties: type: type: string description: The @type parameter specifies the type of the plugin. enum: - file - memory - file_single calcNumRecords: type: string description: Calculates the number of records, chunk size, during chunk resume. chunkFormat: type: string description: ChunkFormat specifies the chunk format for calc_num_records. enum: - msgpack - text - auto chunkLimitRecords: type: string description: The max number of events that each chunks can store in it. pattern: ^\d+(KB|MB|GB|TB)$ chunkLimitSize: type: string description: 'Buffer parameters The max size of each chunks: events will be written into chunks until the size of chunks become this size Default: 8MB (memory) / 256MB (file)' pattern: ^\d+(KB|MB|GB|TB)$ compress: type: string description: Fluentd will decompress these compressed chunks automatically before passing them to the output plugin If gzip is set, Fluentd compresses data records before writing to buffer chunks. Default:text. enum: - text - gzip delayedCommitTimeout: type: string description: The timeout (seconds) until output plugin decides if the async write operation has failed. Default is 60s pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ disableChunkBackup: type: boolean description: Instead of storing unrecoverable chunks in the backup directory, just discard them. This option is new in Fluentd v1.2.6. flushAtShutdown: type: boolean description: Flush parameters This specifies whether to flush/write all buffer chunks on shutdown or not. flushInterval: type: string description: FlushInterval defines the flush interval pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ flushMode: type: string description: 'FlushMode defines the flush mode: lazy: flushes/writes chunks once per timekey interval: flushes/writes chunks per specified time via flush_interval immediate: flushes/writes chunks immediately after events are appended into chunks default: equals to lazy if time is specified as chunk key, interval otherwise' enum: - default - lazy - interval - immediate flushThreadCount: type: string description: The number of threads to flush/write chunks in parallel pattern: ^\d+$ id: type: string description: The @id parameter specifies a unique name for the configuration. localtime: type: boolean description: If true, uses local time. logLevel: type: string description: The @log_level parameter specifies the plugin-specific logging level overflowAction: type: string description: 'OverflowAtction defines the output plugin behave when its buffer queue is full. Default: throw_exception' path: type: string description: The path where buffer chunks are stored. This field would make no effect in memory buffer plugin. pathSuffix: type: string description: Changes the suffix of the buffer file. queueLimitLength: type: string description: 'The queue length limitation of this buffer plugin instance. Default: 0.95' pattern: ^\d+.?\d+$ queuedChunksLimitSize: type: integer description: 'Limit the number of queued chunks. Default: 1 If a smaller flush_interval is set, e.g. 1s, there are lots of small queued chunks in the buffer. With file buffer, it may consume a lot of fd resources when output destination has a problem. This parameter mitigates such situations.' minimum: 1 retryExponentialBackoffBase: type: string description: The base number of exponential backoff for retries. pattern: ^\d+(\.[0-9]{0,2})?$ retryForever: type: boolean description: If true, plugin will ignore retry_timeout and retry_max_times options and retry flushing forever. retryMaxInterval: type: string description: The maximum interval (seconds) for exponential backoff between retries while failing pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ retryMaxTimes: type: integer description: 'The maximum number of times to retry to flush the failed chunks. Default: none' retryRandomize: type: boolean description: If true, the output plugin will retry after randomized interval not to do burst retries retrySecondaryThreshold: type: string description: The ratio of retry_timeout to switch to use the secondary while failing. pattern: ^\d+.?\d+$ retryTimeout: type: string description: Retry parameters The maximum time (seconds) to retry to flush again the failed chunks, until the plugin discards the buffer chunks pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ retryType: type: string description: Output plugin will retry periodically with fixed intervals. retryWait: type: string description: Wait in seconds before the next retry to flush or constant factor of exponential backoff pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ tag: type: string description: The output plugins group events into chunks. Chunk keys, specified as the argument of section, control how to group events into chunks. If tag is empty, which means blank Chunk Keys. Tag also supports Nested Field, combination of Chunk Keys, placeholders, etc. See https://docs.fluentd.org/configuration/buffer-section. timeFormat: type: string description: Process value according to the specified format. This is available only when time_type is string timeFormatFallbacks: type: string description: Uses the specified time format as a fallback in the specified order. You can parse undetermined time format by using time_format_fallbacks. This options is enabled when time_type is mixed. timeType: type: string description: parses/formats value according to this type, default is string enum: - float - unixtime - string - mixed timekey: type: string description: Output plugin will flush chunks per specified time (enabled when time is specified in chunk keys) timekeyWait: type: string description: Output plugin will write chunks after timekey_wait seconds later after timekey expiration timezone: type: string description: Uses the specified timezone. totalLimitSize: type: string description: 'The size limitation of this buffer plugin instance Default: 512MB (memory) / 64GB (file)' pattern: ^\d+(KB|MB|GB|TB)$ utc: type: boolean description: If true, uses UTC. required: - type cloudWatch: type: object description: out_cloudwatch plugin properties: autoCreateStream: type: boolean awsEcsAuthentication: type: boolean awsKeyId: type: object description: Secret defines the key of a value. properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic awsSecKey: type: object description: Secret defines the key of a value. properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic awsStsDurationSeconds: type: string awsStsEndpointUrl: type: string awsStsExternalId: type: string awsStsPolicy: type: string awsStsRoleArn: type: string awsStsSessionName: type: string awsUseSts: type: boolean concurrency: type: integer durationSeconds: type: string endpoint: type: string description: Specify an AWS endpoint to send data to. httpProxy: type: string includeTimeKey: type: boolean jsonHandler: type: string localtime: type: boolean logGroupAwsTags: type: string logGroupAwsTagsKey: type: string logGroupName: type: string logGroupNameKey: type: string logRejectedRequest: type: string logStreamName: type: string logStreamNameKey: type: string maxEventsPerBatch: type: string maxMessageLength: type: string messageKeys: type: string policy: type: string putLogEventsDisableRetryLimit: type: boolean putLogEventsRetryLimit: type: string putLogEventsRetryWait: type: string region: type: string description: The AWS region. removeLogGroupAwsTagsKey: type: boolean removeLogGroupNameKey: type: boolean removeLogStreamNameKey: type: boolean removeRetentionInDaysKey: type: boolean retentionInDays: type: string retentionInDaysKey: type: string roleArn: type: string description: ARN of an IAM role to assume (for cross account access). roleSessionName: type: string description: Role Session name sslVerifyPeer: type: boolean useTagAsGroup: type: string useTagAsStream: type: string webIdentityTokenFile: type: string description: Web identity token file customPlugin: type: object description: Custom plugin type properties: config: type: string required: - config datadog: type: object description: datadog plugin properties: service: type: string description: Used by Datadog to correlate between logs, traces and metrics. port: type: integer description: Proxy port when logs are not directly forwarded to Datadog and ssl is not used format: int32 maximum: 65535 minimum: 1 apiKey: type: object description: This parameter is required in order to authenticate your fluent agent. properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic compressionLevel: type: integer description: Set the log compression level for HTTP (1 to 9, 9 being the best ratio) format: int32 ddHostname: type: string description: Used by Datadog to identify the host submitting the logs. ddSource: type: string description: This tells Datadog what integration it is ddSourcecategory: type: string description: Multiple value attribute. Can be used to refine the source attribute ddTags: type: string description: Custom tags with the following format "key1:value1, key2:value2" host: type: string description: Proxy endpoint when logs are not directly forwarded to Datadog httpProxy: type: string description: HTTP proxy, only takes effect if HTTP forwarding is enabled (use_http). Defaults to HTTP_PROXY/http_proxy env vars. includeTagKey: type: boolean description: Automatically include the Fluentd tag in the record. maxBackoff: type: integer description: The maximum time waited between each retry in seconds format: int32 maxRetries: type: integer description: The number of retries before the output plugin stops. Set to -1 for unlimited retries format: int32 noSSLValidation: type: boolean description: Disable SSL validation (useful for proxy forwarding) sslPort: type: integer description: Port used to send logs over a SSL encrypted connection to Datadog. If use_http is disabled, use 10516 for the US region and 443 for the EU region. format: int32 maximum: 65535 minimum: 1 tagKey: type: string description: Where to store the Fluentd tag. timestampKey: type: string description: Name of the attribute which will contain timestamp of the log event. If nil, timestamp attribute is not added. useCompression: type: boolean description: Enable log compression for HTTP useHTTP: type: boolean description: Enable HTTP forwarding. If you disable it, make sure to change the port to 10514 or ssl_port to 10516 useJson: type: boolean description: Event format, if true, the event is sent in json format. Othwerwise, in plain text. useSSL: type: boolean description: If true, the agent initializes a secure connection to Datadog. In clear TCP otherwise. elasticsearch: type: object description: out_es plugin properties: port: type: integer description: 'The port number of your Elasticsearch node (default: 9200).' format: int32 maximum: 65535 minimum: 1 host: type: string description: 'The hostname of your Elasticsearch node (default: localhost).' hosts: type: string description: Hosts defines a list of hosts if you want to connect to more than one Elasticsearch nodes indexName: type: string description: IndexName defines the placeholder syntax of Fluentd plugin API. See https://docs.fluentd.org/configuration/buffer-section. logstashFormat: type: boolean description: 'If true, Fluentd uses the conventional index name format logstash-%Y.%m.%d (default: false). This option supersedes the index_name option.' logstashPrefix: type: string description: 'LogstashPrefix defines the logstash prefix index name to write events when logstash_format is true (default: logstash).' password: type: object description: Optional, The login credentials to connect to Elasticsearch properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic path: type: string description: 'Path defines the REST API endpoint of Elasticsearch to post write requests (default: nil).' scheme: type: string description: 'Specify https if your Elasticsearch endpoint supports SSL (default: http).' user: type: object description: Optional, The login credentials to connect to Elasticsearch properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic format: type: object description: format section properties: type: type: string description: The @type parameter specifies the type of the plugin. enum: - out_file - json - ltsv - csv - msgpack - hash - single_value delimiter: type: string description: Delimiter for each field. id: type: string description: The @id parameter specifies a unique name for the configuration. localtime: type: boolean description: If true, uses local time. logLevel: type: string description: The @log_level parameter specifies the plugin-specific logging level newline: type: string description: Specify newline characters. enum: - lf - crlf outputTag: type: boolean description: Output tag field if true. outputTime: type: boolean description: Output time field if true. timeFormat: type: string description: Process value according to the specified format. This is available only when time_type is string timeFormatFallbacks: type: string description: Uses the specified time format as a fallback in the specified order. You can parse undetermined time format by using time_format_fallbacks. This options is enabled when time_type is mixed. timeType: type: string description: parses/formats value according to this type, default is string enum: - float - unixtime - string - mixed timezone: type: string description: Uses the specified timezone. utc: type: boolean description: If true, uses UTC. forward: type: object description: out_forward plugin properties: ackResponseTimeout: type: string description: This option is used when require_ack_response is true. This default value is based on popular tcp_syn_retries. pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ connectTimeout: type: string description: The connection timeout for the socket. When the connection is timed out during the connection establishment, Errno::ETIMEDOUT error is raised. pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ dnsRoundRobin: type: boolean description: Enable client-side DNS round robin. Uniform randomly pick an IP address to send data when a hostname has several IP addresses. heartbeat_type udp is not available with dns_round_robintrue. Use heartbeat_type tcp or heartbeat_type none. expireDnsCache: type: string description: Sets TTL to expire DNS cache in seconds. Set 0 not to use DNS Cache. pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ hardTimeout: type: string description: The hard timeout used to detect server failure. The default value is equal to the send_timeout parameter. pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ heartbeatInterval: type: string description: The interval of the heartbeat packer. pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ heartbeatType: type: string description: Specifies the transport protocol for heartbeats. Set none to disable. enum: - transport - tcp - udp - none ignoreNetworkErrorsAtStartup: type: boolean description: Ignores DNS resolution and errors at startup time. keepalive: type: boolean description: Enables the keepalive connection. keepaliveTimeout: type: string description: Timeout for keepalive. Default value is nil which means to keep the connection alive as long as possible. pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ phiFailureDetector: type: boolean description: Use the "Phi accrual failure detector" to detect server failure. phiThreshold: type: integer description: The threshold parameter used to detect server faults. recoverWait: type: string description: The wait time before accepting a server fault recovery. pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ requireAckResponse: type: boolean description: Changes the protocol to at-least-once. The plugin waits the ack from destination's in_forward plugin. security: type: object description: ServiceDiscovery defines the security section properties: allowAnonymousSource: type: string description: Allows the anonymous source. sections are required, if disabled. selfHostname: type: string description: The hostname. sharedKey: type: string description: The shared key for authentication. user: type: object description: Defines user section directly. properties: password: type: object description: Secret defines the key of a value. properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic username: type: object description: Secret defines the key of a value. properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic userAuth: type: string description: If true, user-based authentication is used. sendTimeout: type: string description: The timeout time when sending event logs. pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ servers: type: array description: Servers defines the servers section, at least one is required items: type: object description: Server defines the common parameters for the server plugin properties: name: type: string description: Name defines the name of the server. Used for logging and certificate verification in TLS transport (when the host is the address). type: type: string description: The @type parameter specifies the type of the plugin. port: type: string description: Port defines the port number of the host. Note that both TCP packets (event stream) and UDP packets (heartbeat messages) are sent to this port. host: type: string description: Host defines the IP address or host name of the server. id: type: string description: The @id parameter specifies a unique name for the configuration. logLevel: type: string description: The @log_level parameter specifies the plugin-specific logging level password: type: object description: Password defines the password for authentication. properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic sharedKey: type: string description: SharedKey defines the shared key per server. standby: type: string description: Standby marks a node as the standby node for an Active-Standby model between Fluentd nodes. username: type: object description: Username defines the username for authentication. properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic weight: type: string description: Weight defines the load balancing weight serviceDiscovery: type: object description: ServiceDiscovery defines the service_discovery section properties: type: type: string description: The @type parameter specifies the type of the plugin. enum: - static - file - srv service: type: string description: Service without the underscore in RFC2782. hostname: type: string description: The name in RFC2782. confEncoding: type: string description: The encoding of the configuration file. dnsLookup: type: string description: DnsLookup resolves the hostname to IP address of the SRV's Target. dnsServerHost: type: string description: DnsServerHost defines the hostname of the DNS server to request the SRV record. id: type: string description: The @id parameter specifies a unique name for the configuration. interval: type: string description: Interval defines the interval of sending requests to DNS server. logLevel: type: string description: The @log_level parameter specifies the plugin-specific logging level path: type: string description: The path of the target list. Default is '/etc/fluent/sd.yaml' proto: type: string description: Proto without the underscore in RFC2782. server: type: object description: The server section of this plugin properties: name: type: string description: Name defines the name of the server. Used for logging and certificate verification in TLS transport (when the host is the address). type: type: string description: The @type parameter specifies the type of the plugin. port: type: string description: Port defines the port number of the host. Note that both TCP packets (event stream) and UDP packets (heartbeat messages) are sent to this port. host: type: string description: Host defines the IP address or host name of the server. id: type: string description: The @id parameter specifies a unique name for the configuration. logLevel: type: string description: The @log_level parameter specifies the plugin-specific logging level password: type: object description: Password defines the password for authentication. properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic sharedKey: type: string description: SharedKey defines the shared key per server. standby: type: string description: Standby marks a node as the standby node for an Active-Standby model between Fluentd nodes. username: type: object description: Username defines the username for authentication. properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic weight: type: string description: Weight defines the load balancing weight required: - type tlsAllowSelfSignedCert: type: boolean description: Allows self-signed certificates or not. tlsCertLogicalStoreName: type: string description: The certificate logical store name on Windows system certstore. This parameter is for Windows only. tlsCertPath: type: string description: The additional CA certificate path for TLS. tlsCertThumbprint: type: string description: The certificate thumbprint for searching from Windows system certstore. This parameter is for Windows only. tlsCertUseEnterpriseStore: type: boolean description: Enables the certificate enterprise store on Windows system certstore. This parameter is for Windows only. tlsCiphers: type: string description: The cipher configuration of TLS transport. tlsClientCertPath: type: string description: The client certificate path for TLS. tlsClientPrivateKeyPassphrase: type: string description: The TLS private key passphrase for the client. tlsClientPrivateKeyPath: type: string description: The client private key path for TLS. tlsInsecureMode: type: boolean description: Skips all verification of certificates or not. tlsVerifyHostname: type: boolean description: Verifies hostname of servers and certificates or not in TLS transport. tlsVersion: type: string description: The default version of TLS transport. enum: - TLSv1_1 - TLSv1_2 verifyConnectionAtStartup: type: boolean description: Verify that a connection can be made with one of out_forward nodes at the time of startup. required: - servers http: type: object description: out_http plugin properties: auth: type: object description: Auth section for this plugin properties: auth: type: string description: The method for HTTP authentication. Now only basic. password: type: object description: The password for basic authentication. properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic username: type: object description: The username for basic authentication. properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic contentType: type: string description: ContentType defines Content-Type for HTTP request. out_http automatically set Content-Type for built-in formatters when this parameter is not specified. endpoint: type: string description: Endpoint defines the endpoint for HTTP request. If you want to use HTTPS, use https prefix. errorResponseAsUnrecoverable: type: boolean description: Raise UnrecoverableError when the response code is not SUCCESS. headers: type: string description: Headers defines the additional headers for HTTP request. headersFromPlaceholders: type: string description: Additional placeholder based headers for HTTP request. If you want to use tag or record field, use this parameter instead of headers. httpMethod: type: string description: HttpMethod defines the method for HTTP request. enum: - post - put jsonArray: type: boolean description: JsonArray defines whether to use the array format of JSON or not openTimeout: type: integer description: OpenTimeout defines the connection open timeout in seconds. proxy: type: string description: Proxy defines the proxy for HTTP request. readTimeout: type: integer description: ReadTimeout defines the read timeout in seconds. retryableResponseCodes: type: string description: The list of retryable response codes. If the response code is included in this list, out_http retries the buffer flush. sslTimeout: type: integer description: SslTimeout defines the TLS timeout in seconds. tlsCaCertPath: type: string description: TlsCaCertPath defines the CA certificate path for TLS. tlsCiphers: type: string description: TlsCiphers defines the cipher suites configuration of TLS. tlsClientCertPath: type: string description: TlsClientCertPath defines the client certificate path for TLS. tlsPrivateKeyPassphrase: type: string description: TlsPrivateKeyPassphrase defines the client private key passphrase for TLS. tlsPrivateKeyPath: type: string description: TlsPrivateKeyPath defines the client private key path for TLS. tlsVerifyMode: type: string description: TlsVerifyMode defines the verify mode of TLS. enum: - peer - none tlsVersion: type: string description: TlsVersion defines the default version of TLS transport. enum: - TLSv1_1 - TLSv1_2 inject: type: object description: inject section properties: hostname: type: string description: Hostname value hostnameKey: type: string description: The field name to inject hostname inline: type: object description: Time section properties: localtime: type: boolean description: If true, uses local time. timeFormat: type: string description: Process value according to the specified format. This is available only when time_type is string timeFormatFallbacks: type: string description: Uses the specified time format as a fallback in the specified order. You can parse undetermined time format by using time_format_fallbacks. This options is enabled when time_type is mixed. timeType: type: string description: parses/formats value according to this type, default is string enum: - float - unixtime - string - mixed timezone: type: string description: Uses the specified timezone. utc: type: boolean description: If true, uses UTC. tagKey: type: string description: The field name to inject tag timeKey: type: string description: The field name to inject time workerIdKey: type: string description: The field name to inject worker_id kafka: type: object description: out_kafka plugin properties: brokers: type: string description: 'The list of all seed brokers, with their host and port information. Default: localhost:9092' compressionCodec: type: string description: 'The codec the producer uses to compress messages (default: nil).' enum: - gzip - snappy defaultTopic: type: string description: 'The name of the default topic. (default: nil)' requiredAcks: type: integer description: The number of acks required per request. topicKey: type: string description: The field name for the target topic. If the field value is app, this plugin writes events to the app topic. useEventTime: type: boolean description: Set fluentd event time to Kafka's CreateTime. logLevel: type: string description: The @log_level parameter specifies the plugin-specific logging level loki: type: object description: out_loki plugin properties: labels: type: array description: Stream labels for API request. It can be multiple comma separated of strings specifying key=value pairs. In addition to fixed parameters, it also allows to add custom record keys (similar to label_keys property). items: type: string dropSingleKey: type: boolean description: If a record only has 1 key, then just set the log line to the value and discard the key. extractKubernetesLabels: type: boolean description: If set to true, it will add all Kubernetes labels to the Stream labels. httpPassword: type: object description: Password for user defined in HTTP_User Set HTTP basic authentication password properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic httpUser: type: object description: Set HTTP basic authentication user name. properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic includeThreadLabel: type: boolean description: Whether or not to include the fluentd_thread label when multiple threads are used for flushing insecure: type: boolean description: Disable certificate validation labelKeys: type: array description: Optional list of record keys that will be placed as stream labels. This configuration property is for records key only. items: type: string lineFormat: type: string description: Format to use when flattening the record to a log line. Valid values are json or key_value. If set to json, the log line sent to Loki will be the Fluentd record dumped as JSON. If set to key_value, the log line will be each item in the record concatenated together (separated by a single space) in the format. enum: - json - key_value removeKeys: type: array description: Optional list of record keys that will be removed from stream labels. This configuration property is for records key only. items: type: string tenantID: type: object description: Tenant ID used by default to push logs to Loki. If omitted or empty it assumes Loki is running in single-tenant mode and no X-Scope-OrgID header is sent. properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic tlsCaCertFile: type: string description: TlsCaCert defines the CA certificate file for TLS. tlsClientCertFile: type: string description: TlsClientCert defines the client certificate file for TLS. tlsPrivateKeyFile: type: string description: TlsPrivateKey defines the client private key file for TLS. url: type: string description: Loki URL. required: - url opensearch: type: object description: out_opensearch plugin properties: port: type: integer description: 'The port number of your Opensearch node (default: 9200).' format: int32 maximum: 65535 minimum: 1 host: type: string description: 'The hostname of your Opensearch node (default: localhost).' hosts: type: string description: Hosts defines a list of hosts if you want to connect to more than one Openearch nodes indexName: type: string description: IndexName defines the placeholder syntax of Fluentd plugin API. See https://docs.fluentd.org/configuration/buffer-section. logstashFormat: type: boolean description: 'If true, Fluentd uses the conventional index name format logstash-%Y.%m.%d (default: false). This option supersedes the index_name option.' logstashPrefix: type: string description: 'LogstashPrefix defines the logstash prefix index name to write events when logstash_format is true (default: logstash).' password: type: object description: Optional, The login credentials to connect to Opensearch properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic path: type: string description: 'Path defines the REST API endpoint of Opensearch to post write requests (default: nil).' scheme: type: string description: 'Specify https if your Opensearch endpoint supports SSL (default: http).' user: type: object description: Optional, The login credentials to connect to Opensearch properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic s3: type: object description: out_s3 plugin properties: awsKeyId: type: string description: The AWS access key id. awsSecKey: type: string description: The AWS secret key. path: type: string description: The path prefix of the files on S3. proxyUri: type: string description: The proxy URL. s3Bucket: type: string description: The Amazon S3 bucket name. s3ObjectKeyFormat: type: string description: The actual S3 path. This is interpolated to the actual path. s3Region: type: string description: The Amazon S3 region name sslVerifyPeer: type: boolean description: Verify the SSL certificate of the endpoint. storeAs: type: string description: The compression type. enum: - gzip - lzo - json - txt stdout: type: object description: out_stdout plugin tag: type: string description: Which tag to be matched. status: type: object description: ClusterOutputStatus defines the observed state of ClusterOutput served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: clusterparsers.fluentbit.fluent.io annotations: controller-gen.kubebuilder.io/version: v0.11.3 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: fluent-operator pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-logging' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: group: fluentbit.fluent.io names: kind: ClusterParser listKind: ClusterParserList plural: clusterparsers shortNames: - cfbp singular: clusterparser scope: Cluster versions: - name: v1alpha2 schema: openAPIV3Schema: type: object description: ClusterParser is the Schema for the cluster-level parsers API properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object description: ParserSpec defines the desired state of ClusterParser properties: decoders: type: array description: 'Decoders are a built-in feature available through the Parsers file, each Parser definition can optionally set one or multiple decoders. There are two type of decoders type: Decode_Field and Decode_Field_As.' items: type: object properties: decodeField: type: string description: If the content can be decoded in a structured message, append that structure message (keys and values) to the original log message. decodeFieldAs: type: string description: Any content decoded (unstructured or structured) will be replaced in the same key/value, no extra keys are added. json: type: object description: JSON defines json parser configuration. properties: timeFormat: type: string description: Time_Format, eg. %Y-%m-%dT%H:%M:%S %z timeKeep: type: boolean description: Time_Keep timeKey: type: string description: Time_Key logfmt: type: object description: Logfmt defines logfmt parser configuration. ltsv: type: object description: LTSV defines ltsv parser configuration. properties: timeFormat: type: string description: Time_Format, eg. %Y-%m-%dT%H:%M:%S %z timeKeep: type: boolean description: Time_Keep timeKey: type: string description: Time_Key types: type: string regex: type: object description: Regex defines regex parser configuration. properties: regex: type: string timeFormat: type: string description: Time_Format, eg. %Y-%m-%dT%H:%M:%S %z timeKeep: type: boolean description: Time_Keep timeKey: type: string description: Time_Key timeOffset: type: string description: Time_Offset, eg. +0200 types: type: string served: true storage: true --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: collectors.fluentbit.fluent.io annotations: controller-gen.kubebuilder.io/version: v0.11.3 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: fluent-operator pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-logging' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: group: fluentbit.fluent.io names: kind: Collector listKind: CollectorList plural: collectors shortNames: - co singular: collector scope: Namespaced versions: - name: v1alpha2 schema: openAPIV3Schema: type: object description: Collector is the Schema for the fluentbits API properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object description: CollectorSpec defines the desired state of FluentBit properties: annotations: type: object additionalProperties: type: string description: Annotations to add to each Fluentbit pod. service: type: object description: Service represents configurations on the fluent-bit service. properties: name: type: string description: Name is the name of the FluentBit service. labels: type: object additionalProperties: type: string description: Labels to add to each FluentBit service annotations: type: object additionalProperties: type: string description: Annotations to add to each Fluentbit service. hostNetwork: type: boolean description: Host networking is requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. schedulerName: type: string description: SchedulerName represents the desired scheduler for the Fluentbit collector pods priorityClassName: type: string description: PriorityClassName represents the pod's priority class. runtimeClassName: type: string description: RuntimeClassName represents the container runtime configuration. nodeSelector: type: object additionalProperties: type: string description: NodeSelector volumes: type: array description: List of volumes that can be mounted by containers belonging to the pod. items: type: object description: Volume represents a named volume in a pod that may be accessed by any container in the pod. properties: name: type: string description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' awsElasticBlockStore: type: object description: 'awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: readOnly: type: boolean description: 'readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' fsType: type: string description: 'fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' partition: type: integer description: 'partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' format: int32 volumeID: type: string description: 'volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' required: - volumeID azureDisk: type: object description: azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. properties: kind: type: string description: 'kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' readOnly: type: boolean description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. cachingMode: type: string description: 'cachingMode is the Host Caching mode: None, Read Only, Read Write.' diskName: type: string description: diskName is the Name of the data disk in the blob storage diskURI: type: string description: diskURI is the URI of data disk in the blob storage fsType: type: string description: fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. required: - diskName - diskURI azureFile: type: object description: azureFile represents an Azure File Service mount on the host and bind mount to the pod. properties: readOnly: type: boolean description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. secretName: type: string description: secretName is the name of secret that contains Azure Storage Account Name and Key shareName: type: string description: shareName is the azure share Name required: - secretName - shareName cephfs: type: object description: cephFS represents a Ceph FS mount on the host that shares a pod's lifetime properties: readOnly: type: boolean description: 'readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' secretRef: type: object description: 'secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic monitors: type: array description: 'monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string path: type: string description: 'path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /' secretFile: type: string description: 'secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' user: type: string description: 'user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' required: - monitors cinder: type: object description: 'cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: readOnly: type: boolean description: 'readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' secretRef: type: object description: 'secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.' properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic fsType: type: string description: 'fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' volumeID: type: string description: 'volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' required: - volumeID configMap: type: object description: configMap represents a configMap that should populate this volume properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' defaultMode: type: integer description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 items: type: array description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: type: object description: Maps a string key to a path within a volume. properties: key: type: string description: key is the key to project. mode: type: integer description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 path: type: string description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. required: - key - path optional: type: boolean description: optional specify whether the ConfigMap or its keys must be defined x-kubernetes-map-type: atomic csi: type: object description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). properties: readOnly: type: boolean description: readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). driver: type: string description: driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. fsType: type: string description: fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. nodePublishSecretRef: type: object description: nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic volumeAttributes: type: object additionalProperties: type: string description: volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. required: - driver downwardAPI: type: object description: downwardAPI represents downward API about the pod that should populate this volume properties: defaultMode: type: integer description: 'Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 items: type: array description: Items is a list of downward API volume file items: type: object description: DownwardAPIVolumeFile represents information to create the file containing the pod field properties: fieldRef: type: object description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' properties: apiVersion: type: string description: Version of the schema the FieldPath is written in terms of, defaults to "v1". fieldPath: type: string description: Path of the field to select in the specified API version. required: - fieldPath x-kubernetes-map-type: atomic resourceFieldRef: type: object description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' properties: containerName: type: string description: 'Container name: required for volumes, optional for env vars' divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string description: 'Required: resource to select' required: - resource x-kubernetes-map-type: atomic mode: type: integer description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 path: type: string description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' required: - path emptyDir: type: object description: 'emptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: type: string description: 'medium represents what type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' sizeLimit: anyOf: - type: integer - type: string description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeral: type: object description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." properties: volumeClaimTemplate: type: object description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." properties: metadata: type: object description: May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. properties: name: type: string namespace: type: string labels: type: object additionalProperties: type: string annotations: type: object additionalProperties: type: string finalizers: type: array items: type: string spec: type: object description: The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. properties: selector: type: object description: selector is a label query over volumes to consider for binding. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic resources: type: object description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: type: array description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: type: object description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: type: string description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. required: - name x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' requests: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' accessModes: type: array description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string dataSource: type: object description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.' properties: name: type: string description: Name is the name of resource being referenced kind: type: string description: Kind is the type of resource being referenced apiGroup: type: string description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. required: - kind - name x-kubernetes-map-type: atomic dataSourceRef: type: object description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: name: type: string description: Name is the name of resource being referenced namespace: type: string description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. kind: type: string description: Kind is the type of resource being referenced apiGroup: type: string description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. required: - kind - name storageClassName: type: string description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' volumeMode: type: string description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. volumeName: type: string description: volumeName is the binding reference to the PersistentVolume backing this claim. required: - spec fc: type: object description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. properties: readOnly: type: boolean description: 'readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' fsType: type: string description: 'fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' lun: type: integer description: 'lun is Optional: FC target lun number' format: int32 targetWWNs: type: array description: 'targetWWNs is Optional: FC target worldwide names (WWNs)' items: type: string wwids: type: array description: 'wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' items: type: string flexVolume: type: object description: flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. properties: readOnly: type: boolean description: 'readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' secretRef: type: object description: 'secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic driver: type: string description: driver is the name of the driver to use for this volume. fsType: type: string description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. options: type: object additionalProperties: type: string description: 'options is Optional: this field holds extra command options if any.' required: - driver flocker: type: object description: flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running properties: datasetName: type: string description: datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated datasetUUID: type: string description: datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset gcePersistentDisk: type: object description: 'gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: readOnly: type: boolean description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' fsType: type: string description: 'fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' partition: type: integer description: 'partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 pdName: type: string description: 'pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' required: - pdName gitRepo: type: object description: 'gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' properties: revision: type: string description: revision is the commit hash for the specified revision. directory: type: string description: directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. repository: type: string description: repository is the URL required: - repository glusterfs: type: object description: 'glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: readOnly: type: boolean description: 'readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' endpoints: type: string description: 'endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' path: type: string description: 'path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' required: - endpoints - path hostPath: type: object description: 'hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' properties: type: type: string description: 'type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' path: type: string description: 'path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' required: - path iscsi: type: object description: 'iscsi represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: readOnly: type: boolean description: readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. secretRef: type: object description: secretRef is the CHAP Secret for iSCSI target and initiator authentication properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic chapAuthDiscovery: type: boolean description: chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication chapAuthSession: type: boolean description: chapAuthSession defines whether support iSCSI Session CHAP authentication fsType: type: string description: 'fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' initiatorName: type: string description: initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. iqn: type: string description: iqn is the target iSCSI Qualified Name. iscsiInterface: type: string description: iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). lun: type: integer description: lun represents iSCSI Target Lun number. format: int32 portals: type: array description: portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). items: type: string targetPortal: type: string description: targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). required: - iqn - lun - targetPortal nfs: type: object description: 'nfs represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: readOnly: type: boolean description: 'readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' path: type: string description: 'path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' server: type: string description: 'server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' required: - path - server persistentVolumeClaim: type: object description: 'persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: readOnly: type: boolean description: readOnly Will force the ReadOnly setting in VolumeMounts. Default false. claimName: type: string description: 'claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' required: - claimName photonPersistentDisk: type: object description: photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine properties: fsType: type: string description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. pdID: type: string description: pdID is the ID that identifies Photon Controller persistent disk required: - pdID portworxVolume: type: object description: portworxVolume represents a portworx volume attached and mounted on kubelets host machine properties: readOnly: type: boolean description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. fsType: type: string description: fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. volumeID: type: string description: volumeID uniquely identifies a Portworx volume required: - volumeID projected: type: object description: projected items for all in one resources secrets, configmaps, and downward API properties: defaultMode: type: integer description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. format: int32 sources: type: array description: sources is the list of volume projections items: type: object description: Projection that may be projected along with other supported volume types properties: configMap: type: object description: configMap information about the configMap data to project properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' items: type: array description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: type: object description: Maps a string key to a path within a volume. properties: key: type: string description: key is the key to project. mode: type: integer description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 path: type: string description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. required: - key - path optional: type: boolean description: optional specify whether the ConfigMap or its keys must be defined x-kubernetes-map-type: atomic downwardAPI: type: object description: downwardAPI information about the downwardAPI data to project properties: items: type: array description: Items is a list of DownwardAPIVolume file items: type: object description: DownwardAPIVolumeFile represents information to create the file containing the pod field properties: fieldRef: type: object description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' properties: apiVersion: type: string description: Version of the schema the FieldPath is written in terms of, defaults to "v1". fieldPath: type: string description: Path of the field to select in the specified API version. required: - fieldPath x-kubernetes-map-type: atomic resourceFieldRef: type: object description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' properties: containerName: type: string description: 'Container name: required for volumes, optional for env vars' divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string description: 'Required: resource to select' required: - resource x-kubernetes-map-type: atomic mode: type: integer description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 path: type: string description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' required: - path secret: type: object description: secret information about the secret data to project properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' items: type: array description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: type: object description: Maps a string key to a path within a volume. properties: key: type: string description: key is the key to project. mode: type: integer description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 path: type: string description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. required: - key - path optional: type: boolean description: optional field specify whether the Secret or its key must be defined x-kubernetes-map-type: atomic serviceAccountToken: type: object description: serviceAccountToken is information about the serviceAccountToken data to project properties: audience: type: string description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. expirationSeconds: type: integer description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. format: int64 path: type: string description: path is the path relative to the mount point of the file to project the token into. required: - path quobyte: type: object description: quobyte represents a Quobyte mount on the host that shares a pod's lifetime properties: readOnly: type: boolean description: readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. group: type: string description: group to map volume access to Default is no group registry: type: string description: registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes tenant: type: string description: tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin user: type: string description: user to map volume access to Defaults to serivceaccount user volume: type: string description: volume is a string that references an already created Quobyte volume by name. required: - registry - volume rbd: type: object description: 'rbd represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: image: type: string description: 'image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' readOnly: type: boolean description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' secretRef: type: object description: 'secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic fsType: type: string description: 'fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' keyring: type: string description: 'keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' monitors: type: array description: 'monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string pool: type: string description: 'pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' user: type: string description: 'user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' required: - image - monitors scaleIO: type: object description: scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. properties: readOnly: type: boolean description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. secretRef: type: object description: secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic fsType: type: string description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". gateway: type: string description: gateway is the host address of the ScaleIO API Gateway. protectionDomain: type: string description: protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. sslEnabled: type: boolean description: sslEnabled Flag enable/disable SSL communication with Gateway, default false storageMode: type: string description: storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. storagePool: type: string description: storagePool is the ScaleIO Storage Pool associated with the protection domain. system: type: string description: system is the name of the storage system as configured in ScaleIO. volumeName: type: string description: volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source. required: - gateway - secretRef - system secret: type: object description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: type: integer description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 items: type: array description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: type: object description: Maps a string key to a path within a volume. properties: key: type: string description: key is the key to project. mode: type: integer description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 path: type: string description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. required: - key - path optional: type: boolean description: optional field specify whether the Secret or its keys must be defined secretName: type: string description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' storageos: type: object description: storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. properties: readOnly: type: boolean description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. secretRef: type: object description: secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic fsType: type: string description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. volumeName: type: string description: volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. volumeNamespace: type: string description: volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. vsphereVolume: type: object description: vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine properties: fsType: type: string description: fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. storagePolicyID: type: string description: storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. storagePolicyName: type: string description: storagePolicyName is the storage Policy Based Management (SPBM) profile name. volumePath: type: string description: volumePath is the path that identifies vSphere volume vmdk required: - volumePath required: - name imagePullSecrets: type: array description: Fluent Bit image pull secret items: type: object description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic affinity: type: object description: Pod's scheduling constraints. properties: nodeAffinity: type: object description: Describes node affinity scheduling rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: type: array description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. items: type: object description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: type: object description: A node selector term, associated with the corresponding weight. properties: matchExpressions: type: array description: A list of node selector requirements by node's labels. items: type: object description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: The label key that the selector applies to. operator: type: string description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. values: type: array description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchFields: type: array description: A list of node selector requirements by node's fields. items: type: object description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: The label key that the selector applies to. operator: type: string description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. values: type: array description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string required: - key - operator x-kubernetes-map-type: atomic weight: type: integer description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. format: int32 required: - preference - weight requiredDuringSchedulingIgnoredDuringExecution: type: object description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: type: array description: Required. A list of node selector terms. The terms are ORed. items: type: object description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: type: array description: A list of node selector requirements by node's labels. items: type: object description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: The label key that the selector applies to. operator: type: string description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. values: type: array description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchFields: type: array description: A list of node selector requirements by node's fields. items: type: object description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: The label key that the selector applies to. operator: type: string description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. values: type: array description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string required: - key - operator x-kubernetes-map-type: atomic required: - nodeSelectorTerms x-kubernetes-map-type: atomic podAffinity: type: object description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: type: array description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: type: object description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: type: object description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: type: object description: A label query over a set of resources, in this case pods. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic namespaceSelector: type: object description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic namespaces: type: array description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string topologyKey: type: string description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. required: - topologyKey weight: type: integer description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. format: int32 required: - podAffinityTerm - weight requiredDuringSchedulingIgnoredDuringExecution: type: array description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. items: type: object description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running properties: labelSelector: type: object description: A label query over a set of resources, in this case pods. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic namespaceSelector: type: object description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic namespaces: type: array description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string topologyKey: type: string description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. required: - topologyKey podAntiAffinity: type: object description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: type: array description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: type: object description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: type: object description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: type: object description: A label query over a set of resources, in this case pods. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic namespaceSelector: type: object description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic namespaces: type: array description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string topologyKey: type: string description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. required: - topologyKey weight: type: integer description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. format: int32 required: - podAffinityTerm - weight requiredDuringSchedulingIgnoredDuringExecution: type: array description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. items: type: object description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running properties: labelSelector: type: object description: A label query over a set of resources, in this case pods. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic namespaceSelector: type: object description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic namespaces: type: array description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string topologyKey: type: string description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. required: - topologyKey tolerations: type: array description: Tolerations items: type: object description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . properties: value: type: string description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. effect: type: string description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. key: type: string description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. operator: type: string description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. tolerationSeconds: type: integer description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. format: int64 image: type: string description: Fluent Bit image. args: type: array description: Fluent Bit Watcher command line arguments. items: type: string ports: type: array description: Ports represents the pod's ports. items: type: object description: ContainerPort represents a network port in a single container. properties: name: type: string description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. protocol: type: string default: TCP description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". hostPort: type: integer description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. format: int32 containerPort: type: integer description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. format: int32 hostIP: type: string description: What host IP to bind the external port to. required: - containerPort resources: type: object description: Compute Resources required by container. properties: claims: type: array description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: type: object description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: type: string description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. required: - name x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' requests: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' imagePullPolicy: type: string description: Fluent Bit image pull policy. securityContext: type: object description: SecurityContext holds pod-level security attributes and common container settings. properties: fsGroup: type: integer description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows." format: int64 fsGroupChangePolicy: type: string description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.' runAsGroup: type: integer description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. format: int64 runAsNonRoot: type: boolean description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. runAsUser: type: integer description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. format: int64 seLinuxOptions: type: object description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. properties: type: type: string description: Type is a SELinux type label that applies to the container. level: type: string description: Level is SELinux level label that applies to the container. role: type: string description: Role is a SELinux role label that applies to the container. user: type: string description: User is a SELinux user label that applies to the container. seccompProfile: type: object description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. properties: type: type: string description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." localhostProfile: type: string description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". required: - type supplementalGroups: type: array description: A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. items: type: integer format: int64 sysctls: type: array description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. items: type: object description: Sysctl defines a kernel parameter to be set properties: name: type: string description: Name of a property to set value: type: string description: Value of a property to set required: - name - value windowsOptions: type: object description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: type: string description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. gmsaCredentialSpecName: type: string description: GMSACredentialSpecName is the name of the GMSA credential spec to use. hostProcess: type: boolean description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. runAsUserName: type: string description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. bufferPath: type: string description: The path where buffer chunks are stored. disableService: type: boolean description: By default will build the related service according to the globalinputs definition. fluentBitConfigName: type: string description: Fluentbitconfig object associated with this Fluentbit pvc: type: object description: PVC definition properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' properties: name: type: string namespace: type: string labels: type: object additionalProperties: type: string annotations: type: object additionalProperties: type: string finalizers: type: array items: type: string spec: type: object description: 'spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: selector: type: object description: selector is a label query over volumes to consider for binding. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic resources: type: object description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: type: array description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: type: object description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: type: string description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. required: - name x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' requests: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' accessModes: type: array description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string dataSource: type: object description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.' properties: name: type: string description: Name is the name of resource being referenced kind: type: string description: Kind is the type of resource being referenced apiGroup: type: string description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. required: - kind - name x-kubernetes-map-type: atomic dataSourceRef: type: object description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: name: type: string description: Name is the name of resource being referenced namespace: type: string description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. kind: type: string description: Kind is the type of resource being referenced apiGroup: type: string description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. required: - kind - name storageClassName: type: string description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' volumeMode: type: string description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. volumeName: type: string description: volumeName is the binding reference to the PersistentVolume backing this claim. status: type: object description: 'status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: type: array description: 'accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string allocatedResources: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. capacity: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: capacity represents the actual resources of the underlying volume. conditions: type: array description: conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. items: type: object description: PersistentVolumeClaimCondition contails details about state of pvc properties: type: type: string description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type status: type: string lastProbeTime: type: string description: lastProbeTime is the time we probed the condition. format: date-time lastTransitionTime: type: string description: lastTransitionTime is the time the condition transitioned from one status to another. format: date-time message: type: string description: message is the human-readable message indicating details about last transition. reason: type: string description: reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. required: - status - type phase: type: string description: phase represents the current phase of PersistentVolumeClaim. resizeStatus: type: string description: resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. rbacRules: type: array description: RBACRules represents additional rbac rules which will be applied to the fluent-bit clusterrole. items: type: object description: PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to. properties: resources: type: array description: Resources is a list of resources this rule applies to. '*' represents all resources. items: type: string apiGroups: type: array description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups. items: type: string nonResourceURLs: type: array description: NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. items: type: string resourceNames: type: array description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. items: type: string verbs: type: array description: Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs. items: type: string required: - verbs secrets: type: array description: The Secrets are mounted into /fluent-bit/secrets/. items: type: string serviceAccountAnnotations: type: object additionalProperties: type: string description: Annotations to add to the Fluentbit service account volumesMounts: type: array description: Pod volumes to mount into the container's filesystem. items: type: object description: VolumeMount describes a mounting of a Volume within a container. properties: name: type: string description: This must match the Name of a Volume. readOnly: type: boolean description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. mountPath: type: string description: Path within the container at which the volume should be mounted. Must not contain ':'. subPath: type: string description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). subPathExpr: type: string description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. mountPropagation: type: string description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. required: - mountPath - name status: type: object description: CollectorStatus defines the observed state of FluentBit served: true storage: true --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: filters.fluentbit.fluent.io annotations: controller-gen.kubebuilder.io/version: v0.11.3 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: fluent-operator pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-logging' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: group: fluentbit.fluent.io names: kind: Filter listKind: FilterList plural: filters shortNames: - fbf singular: filter scope: Namespaced versions: - name: v1alpha2 schema: openAPIV3Schema: type: object description: Filter is the Schema for namespace level filter API properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object description: FilterSpec defines the desired state of ClusterFilter properties: filters: type: array description: A set of filter plugins in order. items: type: object properties: aws: type: object description: Aws defines a Aws configuration. properties: accountID: type: boolean description: The account ID for current EC2 instance.Default is false. alias: type: string description: Alias for the plugin amiID: type: boolean description: The EC2 instance image id.Default is false. az: type: boolean description: The availability zone; for example, "us-east-1a". Default is true. ec2InstanceID: type: boolean description: The EC2 instance ID.Default is true. ec2InstanceType: type: boolean description: The EC2 instance type.Default is false. hostName: type: boolean description: The hostname for current EC2 instance.Default is false. imdsVersion: type: string description: Specify which version of the instance metadata service to use. Valid values are 'v1' or 'v2'. enum: - v1 - v2 privateIP: type: boolean description: The EC2 instance private ip.Default is false. retryLimit: type: string description: 'RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1.' pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ vpcID: type: boolean description: The VPC ID for current EC2 instance.Default is false. customPlugin: type: object description: CustomPlugin defines a Custom plugin configuration. properties: config: type: string grep: type: object description: Grep defines Grep Filter configuration. properties: alias: type: string description: Alias for the plugin exclude: type: string description: 'Exclude records which field matches the regular expression. Value Format: FIELD REGEX' regex: type: string description: 'Keep records which field matches the regular expression. Value Format: FIELD REGEX' retryLimit: type: string description: 'RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1.' pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ kubernetes: type: object description: Kubernetes defines Kubernetes Filter configuration. properties: labels: type: boolean description: Include Kubernetes resource labels in the extra metadata. annotations: type: boolean description: Include Kubernetes resource annotations in the extra metadata. alias: type: string description: Alias for the plugin bufferSize: type: string description: Set the buffer size for HTTP client when reading responses from Kubernetes API server. pattern: ^\d+(k|K|KB|kb|m|M|MB|mb|g|G|GB|gb)?$ cacheUseDockerId: type: boolean description: When enabled, metadata will be fetched from K8s when docker_id is changed. dnsRetries: type: integer description: DNS lookup retries N times until the network start working format: int32 dnsWaitTime: type: integer description: DNS lookup interval between network status checks format: int32 dummyMeta: type: boolean description: If set, use dummy-meta data (for test/dev purposes) k8sLoggingExclude: type: boolean description: Allow Kubernetes Pods to exclude their logs from the log processor (read more about it in Kubernetes Annotations section). k8sLoggingParser: type: boolean description: Allow Kubernetes Pods to suggest a pre-defined Parser (read more about it in Kubernetes Annotations section) keepLog: type: boolean description: When Keep_Log is disabled, the log field is removed from the incoming message once it has been successfully merged (Merge_Log must be enabled as well). kubeCAFile: type: string description: CA certificate file kubeCAPath: type: string description: Absolute path to scan for certificate files kubeMetaCacheTTL: type: string description: configurable TTL for K8s cached metadata. By default, it is set to 0 which means TTL for cache entries is disabled and cache entries are evicted at random when capacity is reached. In order to enable this option, you should set the number to a time interval. For example, set this value to 60 or 60s and cache entries which have been created more than 60s will be evicted. kubeMetaPreloadCacheDir: type: string description: If set, Kubernetes meta-data can be cached/pre-loaded from files in JSON format in this directory, named as namespace-pod.meta kubeTagPrefix: type: string description: When the source records comes from Tail input plugin, this option allows to specify what's the prefix used in Tail configuration. kubeTokenFile: type: string description: Token file kubeTokenTTL: type: string description: configurable 'time to live' for the K8s token. By default, it is set to 600 seconds. After this time, the token is reloaded from Kube_Token_File or the Kube_Token_Command. kubeURL: type: string description: API Server end-point kubeletHost: type: string description: kubelet host using for HTTP request, this only works when Use_Kubelet set to On. kubeletPort: type: integer description: kubelet port using for HTTP request, this only works when useKubelet is set to On. format: int32 mergeLog: type: boolean description: When enabled, it checks if the log field content is a JSON string map, if so, it append the map fields as part of the log structure. mergeLogKey: type: string description: When Merge_Log is enabled, the filter tries to assume the log field from the incoming message is a JSON string message and make a structured representation of it at the same level of the log field in the map. Now if Merge_Log_Key is set (a string name), all the new structured fields taken from the original log content are inserted under the new key. mergeLogTrim: type: boolean description: When Merge_Log is enabled, trim (remove possible \n or \r) field values. mergeParser: type: string description: Optional parser name to specify how to parse the data contained in the log key. Recommended use is for developers or testing only. regexParser: type: string description: Set an alternative Parser to process record Tag and extract pod_name, namespace_name, container_name and docker_id. The parser must be registered in a parsers file (refer to parser filter-kube-test as an example). retryLimit: type: string description: 'RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1.' pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ tlsDebug: type: integer description: Debug level between 0 (nothing) and 4 (every detail). format: int32 tlsVerify: type: boolean description: When enabled, turns on certificate validation when connecting to the Kubernetes API server. useJournal: type: boolean description: When enabled, the filter reads logs coming in Journald format. useKubelet: type: boolean description: This is an optional feature flag to get metadata information from kubelet instead of calling Kube Server API to enhance the log. This could mitigate the Kube API heavy traffic issue for large cluster. lua: type: object description: Lua defines Lua Filter configuration. properties: alias: type: string description: Alias for the plugin call: type: string description: Lua function name that will be triggered to do filtering. It's assumed that the function is declared inside the Script defined above. protectedMode: type: boolean description: If enabled, Lua script will be executed in protected mode. It prevents to crash when invalid Lua script is executed. Default is true. retryLimit: type: string description: 'RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1.' pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ script: type: object description: Path to the Lua script that will be used. properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key to select. optional: type: boolean description: Specify whether the ConfigMap or its key must be defined required: - key x-kubernetes-map-type: atomic timeAsTable: type: boolean description: By default when the Lua script is invoked, the record timestamp is passed as a Floating number which might lead to loss precision when the data is converted back. If you desire timestamp precision enabling this option will pass the timestamp as a Lua table with keys sec for seconds since epoch and nsec for nanoseconds. typeIntKey: type: array description: If these keys are matched, the fields are converted to integer. If more than one key, delimit by space. Note that starting from Fluent Bit v1.6 integer data types are preserved and not converted to double as in previous versions. items: type: string required: - call - script modify: type: object description: Modify defines Modify Filter configuration. properties: alias: type: string description: Alias for the plugin conditions: type: array description: All conditions have to be true for the rules to be applied. items: type: object description: The plugin supports the following conditions properties: aKeyMatches: type: string description: Is true if a key matches regex KEY keyDoesNotExist: type: object additionalProperties: type: string description: Is true if KEY does not exist keyExists: type: string description: Is true if KEY exists keyValueDoesNotEqual: type: object additionalProperties: type: string description: Is true if KEY exists and its value is not VALUE keyValueDoesNotMatch: type: object additionalProperties: type: string description: Is true if key KEY exists and its value does not match VALUE keyValueEquals: type: object additionalProperties: type: string description: Is true if KEY exists and its value is VALUE keyValueMatches: type: object additionalProperties: type: string description: Is true if key KEY exists and its value matches VALUE matchingKeysDoNotHaveMatchingValues: type: object additionalProperties: type: string description: Is true if all keys matching KEY have values that do not match VALUE matchingKeysHaveMatchingValues: type: object additionalProperties: type: string description: Is true if all keys matching KEY have values that match VALUE noKeyMatches: type: string description: Is true if no key matches regex KEY retryLimit: type: string description: 'RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1.' pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ rules: type: array description: Rules are applied in the order they appear, with each rule operating on the result of the previous rule. items: type: object description: The plugin supports the following rules properties: add: type: object additionalProperties: type: string description: Add a key/value pair with key KEY and value VALUE if KEY does not exist copy: type: object additionalProperties: type: string description: Copy a key/value pair with key KEY to COPIED_KEY if KEY exists AND COPIED_KEY does not exist hardCopy: type: object additionalProperties: type: string description: Copy a key/value pair with key KEY to COPIED_KEY if KEY exists. If COPIED_KEY already exists, this field is overwritten hardRename: type: object additionalProperties: type: string description: Rename a key/value pair with key KEY to RENAMED_KEY if KEY exists. If RENAMED_KEY already exists, this field is overwritten remove: type: string description: Remove a key/value pair with key KEY if it exists removeRegex: type: string description: Remove all key/value pairs with key matching regexp KEY removeWildcard: type: string description: Remove all key/value pairs with key matching wildcard KEY rename: type: object additionalProperties: type: string description: Rename a key/value pair with key KEY to RENAMED_KEY if KEY exists AND RENAMED_KEY does not exist set: type: object additionalProperties: type: string description: Add a key/value pair with key KEY and value VALUE. If KEY already exists, this field is overwritten multiline: type: object description: Multiline defines a Multiline configuration. properties: alias: type: string description: Alias for the plugin keyContent: type: string description: Key name that holds the content to process. Note that a Multiline Parser definition can already specify the key_content to use, but this option allows to overwrite that value for the purpose of the filter. parser: type: string description: Specify one or multiple Multiline Parsing definitions to apply to the content. You can specify multiple multiline parsers to detect different formats by separating them with a comma. retryLimit: type: string description: 'RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1.' pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ required: - parser nest: type: object description: Nest defines Nest Filter configuration. properties: addPrefix: type: string description: Prefix affected keys with this string alias: type: string description: Alias for the plugin nestUnder: type: string description: Nest records matching the Wildcard under this key nestedUnder: type: string description: Lift records nested under the Nested_under key operation: type: string description: Select the operation nest or lift enum: - nest - lift removePrefix: type: string description: Remove prefix from affected keys if it matches this string retryLimit: type: string description: 'RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1.' pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ wildcard: type: array description: Nest records which field matches the wildcard items: type: string parser: type: object description: Parser defines Parser Filter configuration. properties: alias: type: string description: Alias for the plugin keyName: type: string description: Specify field name in record to parse. parser: type: string description: Specify the parser name to interpret the field. Multiple Parser entries are allowed (split by comma). preserveKey: type: boolean description: Keep original Key_Name field in the parsed result. If false, the field will be removed. reserveData: type: boolean description: Keep all other original fields in the parsed result. If false, all other original fields will be removed. retryLimit: type: string description: 'RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1.' pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ unescapeKey: type: boolean description: 'If the key is a escaped string (e.g: stringify JSON), unescape the string before to apply the parser.' recordModifier: type: object description: RecordModifier defines Record Modifier Filter configuration. properties: alias: type: string description: Alias for the plugin allowlistKeys: type: array description: If the key is not matched, that field is removed. items: type: string records: type: array description: Append fields. This parameter needs key and value pair. items: type: string removeKeys: type: array description: If the key is matched, that field is removed. items: type: string retryLimit: type: string description: 'RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1.' pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ uuidKeys: type: array description: If set, the plugin appends uuid to each record. The value assigned becomes the key in the map. items: type: string whitelistKeys: type: array description: An alias of allowlistKeys for backwards compatibility. items: type: string rewriteTag: type: object description: RewriteTag defines a RewriteTag configuration. properties: alias: type: string description: Alias for the plugin emitterName: type: string description: When the filter emits a record under the new Tag, there is an internal emitter plugin that takes care of the job. Since this emitter expose metrics as any other component of the pipeline, you can use this property to configure an optional name for it. retryLimit: type: string description: 'RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1.' pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ rules: type: array description: 'Defines the matching criteria and the format of the Tag for the matching record. The Rule format have four components: KEY REGEX NEW_TAG KEEP.' items: type: string throttle: type: object description: Throttle defines a Throttle configuration. properties: alias: type: string description: Alias for the plugin interval: type: string description: Interval is the time interval expressed in "sleep" format. e.g. 3s, 1.5m, 0.5h, etc. pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ printStatus: type: boolean description: PrintStatus represents whether to print status messages with current rate and the limits to information logs. rate: type: integer description: Rate is the amount of messages for the time. format: int64 retryLimit: type: string description: 'RetryLimit describes how many times fluent-bit should retry to send data to a specific output. If set to false fluent-bit will try indefinetly. If set to any integer N>0 it will try at most N+1 times. Leading zeros are not allowed (values such as 007, 0150, 01 do not work). If this property is not defined fluent-bit will use the default value: 1.' pattern: ^(((f|F)alse)|(no_limits)|(no_retries)|([1-9]+[0-9]*))$ window: type: integer description: Window is the amount of intervals to calculate average over. format: int64 logLevel: type: string enum: - "off" - error - warning - info - debug - trace match: type: string description: A pattern to match against the tags of incoming records. It's case-sensitive and support the star (*) character as a wildcard. matchRegex: type: string description: A regular expression to match against the tags of incoming records. Use this option if you want to use the full regex syntax. served: true storage: true --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: filters.fluentd.fluent.io annotations: controller-gen.kubebuilder.io/version: v0.11.3 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: fluent-operator pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-logging' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: group: fluentd.fluent.io names: kind: Filter listKind: FilterList plural: filters shortNames: - fdf singular: filter scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: type: object description: Filter is the Schema for the filters API properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object description: FilterSpec defines the desired state of Filter properties: filters: type: array items: type: object description: Filter defines all available filter plugins and their parameters. properties: customPlugin: type: object description: Custom plugin type properties: config: type: string required: - config grep: type: object description: The filter_grep filter plugin properties: and: type: array items: type: object description: And defines the parameters for the "and" plugin properties: exclude: type: object description: Exclude defines the parameters for the exclude plugin properties: key: type: string pattern: type: string regexp: type: object description: Regexp defines the parameters for the regexp plugin properties: key: type: string pattern: type: string exclude: type: array items: type: object description: Exclude defines the parameters for the exclude plugin properties: key: type: string pattern: type: string or: type: array items: type: object description: Or defines the parameters for the "or" plugin properties: exclude: type: object description: Exclude defines the parameters for the exclude plugin properties: key: type: string pattern: type: string regexp: type: object description: Regexp defines the parameters for the regexp plugin properties: key: type: string pattern: type: string regexp: type: array items: type: object description: Regexp defines the parameters for the regexp plugin properties: key: type: string pattern: type: string logLevel: type: string description: The @log_level parameter specifies the plugin-specific logging level parser: type: object description: The filter_parser filter plugin properties: emitInvalidRecordToError: type: boolean description: 'Emits invalid record to @ERROR label. Invalid cases are: key does not exist;the format is not matched;an unexpected error. If you want to ignore these errors, set false.' hashValueField: type: string description: Stores the parsed values as a hash value in a field. injectKeyPrefix: type: string description: Stores the parsed values with the specified key name prefix. keyName: type: string description: 'Specifies the field name in the record to parse. Required parameter. i.e: If set keyName to log, {"key":"value","log":"{\"time\":1622473200,\"user\":1}"} => {"user":1}' parse: type: object description: Parse defines various parameters for the parse plugin properties: type: type: string description: The @type parameter specifies the type of the plugin. enum: - regexp - apache2 - apache_error - nginx - syslog - csv - tsv - ltsv - json - multiline - none estimateCurrentEvent: type: boolean description: If true, use Fluent::Eventnow(current time) as a timestamp when time_key is specified. expression: type: string description: Specifies the regular expression for matching logs. Regular expression also supports i and m suffix. id: type: string description: The @id parameter specifies a unique name for the configuration. keepTimeKey: type: boolean description: If true, keep time field in th record. localtime: type: boolean description: If true, uses local time. logLevel: type: string description: The @log_level parameter specifies the plugin-specific logging level timeFormat: type: string description: Process value according to the specified format. This is available only when time_type is string timeFormatFallbacks: type: string description: Uses the specified time format as a fallback in the specified order. You can parse undetermined time format by using time_format_fallbacks. This options is enabled when time_type is mixed. timeKey: type: string description: Specify time field for event time. If the event doesn't have this field, current time is used. timeType: type: string description: parses/formats value according to this type, default is string enum: - float - unixtime - string - mixed timeout: type: string description: Specify timeout for parse processing. pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ timezone: type: string description: Uses the specified timezone. types: type: string description: 'Specify types for converting field into another, i.e: types user_id:integer,paid:bool,paid_usd_amount:float' utc: type: boolean description: If true, uses UTC. required: - type removeKeyNameField: type: boolean description: Removes key_name field when parsing is succeeded. replaceInvalidSequence: type: boolean description: If true, invalid string is replaced with safe characters and re-parse it. reserveData: type: boolean description: 'Keeps the original key-value pair in the parsed result. Default is false. i.e: If set keyName to log, reverseData to true, {"key":"value","log":"{\"user\":1,\"num\":2}"} => {"key":"value","log":"{\"user\":1,\"num\":2}","user":1,"num":2}' reserveTime: type: boolean description: Keeps the original event time in the parsed result. Default is false. required: - keyName - parse recordTransformer: type: object description: The filter_record_transformer filter plugin properties: autoTypecast: type: boolean description: Automatically casts the field types. Default is false. This option is effective only for field values comprised of a single placeholder. enableRuby: type: boolean description: 'When set to true, the full Ruby syntax is enabled in the ${...} expression. The default value is false. i.e: jsonized_record ${record.to_json}' keepKeys: type: string description: A list of keys to keep. Only relevant if renew_record is set to true. records: type: array items: type: object description: The parameters inside directives are considered to be new key-value pairs properties: value: type: string description: The value must from Record properties. See https://docs.fluentd.org/filter/record_transformer#less-than-record-greater-than-directive key: type: string description: New field can be defined as key required: - key - value removeKeys: type: string description: A list of keys to delete. Supports nested field via record_accessor syntax since v1.1.0. renewRecord: type: boolean description: By default, the record transformer filter mutates the incoming data. However, if this parameter is set to true, it modifies a new empty hash instead. renewTimeKey: type: string description: renew_time_key foo overwrites the time of events with a value of the record field foo if exists. The value of foo must be a Unix timestamp. stdout: type: object description: The filter_stdout filter plugin properties: format: type: object description: The format section properties: type: type: string description: The @type parameter specifies the type of the plugin. enum: - out_file - json - ltsv - csv - msgpack - hash - single_value delimiter: type: string description: Delimiter for each field. id: type: string description: The @id parameter specifies a unique name for the configuration. localtime: type: boolean description: If true, uses local time. logLevel: type: string description: The @log_level parameter specifies the plugin-specific logging level newline: type: string description: Specify newline characters. enum: - lf - crlf outputTag: type: boolean description: Output tag field if true. outputTime: type: boolean description: Output time field if true. timeFormat: type: string description: Process value according to the specified format. This is available only when time_type is string timeFormatFallbacks: type: string description: Uses the specified time format as a fallback in the specified order. You can parse undetermined time format by using time_format_fallbacks. This options is enabled when time_type is mixed. timeType: type: string description: parses/formats value according to this type, default is string enum: - float - unixtime - string - mixed timezone: type: string description: Uses the specified timezone. utc: type: boolean description: If true, uses UTC. inject: type: object description: The inject section properties: hostname: type: string description: Hostname value hostnameKey: type: string description: The field name to inject hostname inline: type: object description: Time section properties: localtime: type: boolean description: If true, uses local time. timeFormat: type: string description: Process value according to the specified format. This is available only when time_type is string timeFormatFallbacks: type: string description: Uses the specified time format as a fallback in the specified order. You can parse undetermined time format by using time_format_fallbacks. This options is enabled when time_type is mixed. timeType: type: string description: parses/formats value according to this type, default is string enum: - float - unixtime - string - mixed timezone: type: string description: Uses the specified timezone. utc: type: boolean description: If true, uses UTC. tagKey: type: string description: The field name to inject tag timeKey: type: string description: The field name to inject time workerIdKey: type: string description: The field name to inject worker_id tag: type: string description: Which tag to be matched. status: type: object description: FilterStatus defines the observed state of Filter served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: fluentbitconfigs.fluentbit.fluent.io annotations: controller-gen.kubebuilder.io/version: v0.11.3 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: fluent-operator pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-logging' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: group: fluentbit.fluent.io names: kind: FluentBitConfig listKind: FluentBitConfigList plural: fluentbitconfigs shortNames: - fbc singular: fluentbitconfig scope: Namespaced versions: - name: v1alpha2 schema: openAPIV3Schema: type: object description: FluentBitConfig is the Schema for the API properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object description: NamespacedFluentBitCfgSpec defines the desired state of FluentBit properties: clusterParserSelector: type: object description: Select cluster level parser config properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic filterSelector: type: object description: Select filter plugins properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic outputSelector: type: object description: Select output plugins properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic parserSelector: type: object description: Select parser plugins properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic served: true storage: true --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: fluentbits.fluentbit.fluent.io annotations: controller-gen.kubebuilder.io/version: v0.11.3 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: fluent-operator pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-logging' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: group: fluentbit.fluent.io names: kind: FluentBit listKind: FluentBitList plural: fluentbits shortNames: - fb singular: fluentbit scope: Namespaced versions: - name: v1alpha2 schema: openAPIV3Schema: type: object description: FluentBit is the Schema for the fluentbits API properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object description: FluentBitSpec defines the desired state of FluentBit properties: labels: type: object additionalProperties: type: string description: Labels to add to each FluentBit pod annotations: type: object additionalProperties: type: string description: Annotations to add to each Fluentbit pod. service: type: object description: Service represents configurations on the fluent-bit service. properties: name: type: string description: Name is the name of the FluentBit service. labels: type: object additionalProperties: type: string description: Labels to add to each FluentBit service annotations: type: object additionalProperties: type: string description: Annotations to add to each Fluentbit service. dnsPolicy: type: string description: Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. hostNetwork: type: boolean description: Host networking is requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. schedulerName: type: string description: SchedulerName represents the desired scheduler for fluent-bit pods. priorityClassName: type: string description: PriorityClassName represents the pod's priority class. runtimeClassName: type: string description: RuntimeClassName represents the container runtime configuration. nodeSelector: type: object additionalProperties: type: string description: NodeSelector initContainers: type: array description: InitContainers represents the pod's init containers. items: type: object description: A single application container that you want to run within a pod. properties: name: type: string description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. image: type: string description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' command: type: array description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string args: type: array description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string workingDir: type: string description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. ports: type: array description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. items: type: object description: ContainerPort represents a network port in a single container. properties: name: type: string description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. protocol: type: string default: TCP description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". hostPort: type: integer description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. format: int32 containerPort: type: integer description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. format: int32 hostIP: type: string description: What host IP to bind the external port to. required: - containerPort x-kubernetes-list-map-keys: - containerPort - protocol x-kubernetes-list-type: map envFrom: type: array description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. items: type: object description: EnvFromSource represents the source of a set of ConfigMaps properties: prefix: type: string description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. configMapRef: type: object description: The ConfigMap to select from properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' optional: type: boolean description: Specify whether the ConfigMap must be defined x-kubernetes-map-type: atomic secretRef: type: object description: The Secret to select from properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' optional: type: boolean description: Specify whether the Secret must be defined x-kubernetes-map-type: atomic env: type: array description: List of environment variables to set in the container. Cannot be updated. items: type: object description: EnvVar represents an environment variable present in a Container. properties: name: type: string description: Name of the environment variable. Must be a C_IDENTIFIER. value: type: string description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' valueFrom: type: object description: Source for the environment variable's value. Cannot be used if value is not empty. properties: fieldRef: type: object description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: type: string description: Version of the schema the FieldPath is written in terms of, defaults to "v1". fieldPath: type: string description: Path of the field to select in the specified API version. required: - fieldPath x-kubernetes-map-type: atomic resourceFieldRef: type: object description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' properties: containerName: type: string description: 'Container name: required for volumes, optional for env vars' divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string description: 'Required: resource to select' required: - resource x-kubernetes-map-type: atomic configMapKeyRef: type: object description: Selects a key of a ConfigMap. properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key to select. optional: type: boolean description: Specify whether the ConfigMap or its key must be defined required: - key x-kubernetes-map-type: atomic secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic required: - name resources: type: object description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: claims: type: array description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: type: object description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: type: string description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. required: - name x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' requests: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' volumeMounts: type: array description: Pod volumes to mount into the container's filesystem. Cannot be updated. items: type: object description: VolumeMount describes a mounting of a Volume within a container. properties: name: type: string description: This must match the Name of a Volume. readOnly: type: boolean description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. mountPath: type: string description: Path within the container at which the volume should be mounted. Must not contain ':'. subPath: type: string description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). subPathExpr: type: string description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. mountPropagation: type: string description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. required: - mountPath - name volumeDevices: type: array description: volumeDevices is the list of block devices to be used by the container. items: type: object description: volumeDevice describes a mapping of a raw block device within a container. properties: name: type: string description: name must match the name of a persistentVolumeClaim in the pod devicePath: type: string description: devicePath is the path inside of the container that the device will be mapped to. required: - devicePath - name livenessProbe: type: object description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: terminationGracePeriodSeconds: type: integer description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 exec: type: object description: Exec specifies the action to take. properties: command: type: array description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string failureThreshold: type: integer description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 grpc: type: object description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. properties: service: type: string description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." port: type: integer description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 required: - port httpGet: type: object description: HTTPGet specifies the http request to perform. properties: port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true host: type: string description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. httpHeaders: type: array description: Custom headers to set in the request. HTTP allows repeated headers. items: type: object description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: type: string description: The header field name value: type: string description: The header field value required: - name - value path: type: string description: Path to access on the HTTP server. scheme: type: string description: Scheme to use for connecting to the host. Defaults to HTTP. required: - port initialDelaySeconds: type: integer description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 periodSeconds: type: integer description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 successThreshold: type: integer description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 tcpSocket: type: object description: TCPSocket specifies an action involving a TCP port. properties: port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true host: type: string description: 'Optional: Host name to connect to, defaults to the pod IP.' required: - port timeoutSeconds: type: integer description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 readinessProbe: type: object description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: terminationGracePeriodSeconds: type: integer description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 exec: type: object description: Exec specifies the action to take. properties: command: type: array description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string failureThreshold: type: integer description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 grpc: type: object description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. properties: service: type: string description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." port: type: integer description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 required: - port httpGet: type: object description: HTTPGet specifies the http request to perform. properties: port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true host: type: string description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. httpHeaders: type: array description: Custom headers to set in the request. HTTP allows repeated headers. items: type: object description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: type: string description: The header field name value: type: string description: The header field value required: - name - value path: type: string description: Path to access on the HTTP server. scheme: type: string description: Scheme to use for connecting to the host. Defaults to HTTP. required: - port initialDelaySeconds: type: integer description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 periodSeconds: type: integer description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 successThreshold: type: integer description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 tcpSocket: type: object description: TCPSocket specifies an action involving a TCP port. properties: port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true host: type: string description: 'Optional: Host name to connect to, defaults to the pod IP.' required: - port timeoutSeconds: type: integer description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 lifecycle: type: object description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. properties: postStart: type: object description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: type: object description: Exec specifies the action to take. properties: command: type: array description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string httpGet: type: object description: HTTPGet specifies the http request to perform. properties: port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true host: type: string description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. httpHeaders: type: array description: Custom headers to set in the request. HTTP allows repeated headers. items: type: object description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: type: string description: The header field name value: type: string description: The header field value required: - name - value path: type: string description: Path to access on the HTTP server. scheme: type: string description: Scheme to use for connecting to the host. Defaults to HTTP. required: - port tcpSocket: type: object description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. properties: port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true host: type: string description: 'Optional: Host name to connect to, defaults to the pod IP.' required: - port preStop: type: object description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod''s termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: type: object description: Exec specifies the action to take. properties: command: type: array description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string httpGet: type: object description: HTTPGet specifies the http request to perform. properties: port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true host: type: string description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. httpHeaders: type: array description: Custom headers to set in the request. HTTP allows repeated headers. items: type: object description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: type: string description: The header field name value: type: string description: The header field value required: - name - value path: type: string description: Path to access on the HTTP server. scheme: type: string description: Scheme to use for connecting to the host. Defaults to HTTP. required: - port tcpSocket: type: object description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. properties: port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true host: type: string description: 'Optional: Host name to connect to, defaults to the pod IP.' required: - port terminationMessagePath: type: string description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' terminationMessagePolicy: type: string description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. imagePullPolicy: type: string description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' securityContext: type: object description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: type: boolean description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' capabilities: type: object description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. properties: add: type: array description: Added capabilities items: type: string description: Capability represent POSIX capabilities type drop: type: array description: Removed capabilities items: type: string description: Capability represent POSIX capabilities type privileged: type: boolean description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. procMount: type: string description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. readOnlyRootFilesystem: type: boolean description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. runAsGroup: type: integer description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. format: int64 runAsNonRoot: type: boolean description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. runAsUser: type: integer description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. format: int64 seLinuxOptions: type: object description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. properties: type: type: string description: Type is a SELinux type label that applies to the container. level: type: string description: Level is SELinux level label that applies to the container. role: type: string description: Role is a SELinux role label that applies to the container. user: type: string description: User is a SELinux user label that applies to the container. seccompProfile: type: object description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. properties: type: type: string description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." localhostProfile: type: string description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". required: - type windowsOptions: type: object description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: type: string description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. gmsaCredentialSpecName: type: string description: GMSACredentialSpecName is the name of the GMSA credential spec to use. hostProcess: type: boolean description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. runAsUserName: type: string description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. stdin: type: boolean description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. stdinOnce: type: boolean description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false tty: type: boolean description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. startupProbe: type: object description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: terminationGracePeriodSeconds: type: integer description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 exec: type: object description: Exec specifies the action to take. properties: command: type: array description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string failureThreshold: type: integer description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 grpc: type: object description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. properties: service: type: string description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." port: type: integer description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 required: - port httpGet: type: object description: HTTPGet specifies the http request to perform. properties: port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true host: type: string description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. httpHeaders: type: array description: Custom headers to set in the request. HTTP allows repeated headers. items: type: object description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: type: string description: The header field name value: type: string description: The header field value required: - name - value path: type: string description: Path to access on the HTTP server. scheme: type: string description: Scheme to use for connecting to the host. Defaults to HTTP. required: - port initialDelaySeconds: type: integer description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 periodSeconds: type: integer description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 successThreshold: type: integer description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 tcpSocket: type: object description: TCPSocket specifies an action involving a TCP port. properties: port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true host: type: string description: 'Optional: Host name to connect to, defaults to the pod IP.' required: - port timeoutSeconds: type: integer description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 required: - name volumes: type: array description: List of volumes that can be mounted by containers belonging to the pod. items: type: object description: Volume represents a named volume in a pod that may be accessed by any container in the pod. properties: name: type: string description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' awsElasticBlockStore: type: object description: 'awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: readOnly: type: boolean description: 'readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' fsType: type: string description: 'fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' partition: type: integer description: 'partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' format: int32 volumeID: type: string description: 'volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' required: - volumeID azureDisk: type: object description: azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. properties: kind: type: string description: 'kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' readOnly: type: boolean description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. cachingMode: type: string description: 'cachingMode is the Host Caching mode: None, Read Only, Read Write.' diskName: type: string description: diskName is the Name of the data disk in the blob storage diskURI: type: string description: diskURI is the URI of data disk in the blob storage fsType: type: string description: fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. required: - diskName - diskURI azureFile: type: object description: azureFile represents an Azure File Service mount on the host and bind mount to the pod. properties: readOnly: type: boolean description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. secretName: type: string description: secretName is the name of secret that contains Azure Storage Account Name and Key shareName: type: string description: shareName is the azure share Name required: - secretName - shareName cephfs: type: object description: cephFS represents a Ceph FS mount on the host that shares a pod's lifetime properties: readOnly: type: boolean description: 'readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' secretRef: type: object description: 'secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic monitors: type: array description: 'monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string path: type: string description: 'path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /' secretFile: type: string description: 'secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' user: type: string description: 'user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' required: - monitors cinder: type: object description: 'cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: readOnly: type: boolean description: 'readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' secretRef: type: object description: 'secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.' properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic fsType: type: string description: 'fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' volumeID: type: string description: 'volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' required: - volumeID configMap: type: object description: configMap represents a configMap that should populate this volume properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' defaultMode: type: integer description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 items: type: array description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: type: object description: Maps a string key to a path within a volume. properties: key: type: string description: key is the key to project. mode: type: integer description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 path: type: string description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. required: - key - path optional: type: boolean description: optional specify whether the ConfigMap or its keys must be defined x-kubernetes-map-type: atomic csi: type: object description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). properties: readOnly: type: boolean description: readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). driver: type: string description: driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. fsType: type: string description: fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. nodePublishSecretRef: type: object description: nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic volumeAttributes: type: object additionalProperties: type: string description: volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. required: - driver downwardAPI: type: object description: downwardAPI represents downward API about the pod that should populate this volume properties: defaultMode: type: integer description: 'Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 items: type: array description: Items is a list of downward API volume file items: type: object description: DownwardAPIVolumeFile represents information to create the file containing the pod field properties: fieldRef: type: object description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' properties: apiVersion: type: string description: Version of the schema the FieldPath is written in terms of, defaults to "v1". fieldPath: type: string description: Path of the field to select in the specified API version. required: - fieldPath x-kubernetes-map-type: atomic resourceFieldRef: type: object description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' properties: containerName: type: string description: 'Container name: required for volumes, optional for env vars' divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string description: 'Required: resource to select' required: - resource x-kubernetes-map-type: atomic mode: type: integer description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 path: type: string description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' required: - path emptyDir: type: object description: 'emptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: type: string description: 'medium represents what type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' sizeLimit: anyOf: - type: integer - type: string description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeral: type: object description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." properties: volumeClaimTemplate: type: object description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." properties: metadata: type: object description: May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. properties: name: type: string namespace: type: string labels: type: object additionalProperties: type: string annotations: type: object additionalProperties: type: string finalizers: type: array items: type: string spec: type: object description: The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. properties: selector: type: object description: selector is a label query over volumes to consider for binding. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic resources: type: object description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: type: array description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: type: object description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: type: string description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. required: - name x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' requests: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' accessModes: type: array description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string dataSource: type: object description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.' properties: name: type: string description: Name is the name of resource being referenced kind: type: string description: Kind is the type of resource being referenced apiGroup: type: string description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. required: - kind - name x-kubernetes-map-type: atomic dataSourceRef: type: object description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: name: type: string description: Name is the name of resource being referenced namespace: type: string description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. kind: type: string description: Kind is the type of resource being referenced apiGroup: type: string description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. required: - kind - name storageClassName: type: string description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' volumeMode: type: string description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. volumeName: type: string description: volumeName is the binding reference to the PersistentVolume backing this claim. required: - spec fc: type: object description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. properties: readOnly: type: boolean description: 'readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' fsType: type: string description: 'fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' lun: type: integer description: 'lun is Optional: FC target lun number' format: int32 targetWWNs: type: array description: 'targetWWNs is Optional: FC target worldwide names (WWNs)' items: type: string wwids: type: array description: 'wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' items: type: string flexVolume: type: object description: flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. properties: readOnly: type: boolean description: 'readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' secretRef: type: object description: 'secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic driver: type: string description: driver is the name of the driver to use for this volume. fsType: type: string description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. options: type: object additionalProperties: type: string description: 'options is Optional: this field holds extra command options if any.' required: - driver flocker: type: object description: flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running properties: datasetName: type: string description: datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated datasetUUID: type: string description: datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset gcePersistentDisk: type: object description: 'gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: readOnly: type: boolean description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' fsType: type: string description: 'fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' partition: type: integer description: 'partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 pdName: type: string description: 'pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' required: - pdName gitRepo: type: object description: 'gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' properties: revision: type: string description: revision is the commit hash for the specified revision. directory: type: string description: directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. repository: type: string description: repository is the URL required: - repository glusterfs: type: object description: 'glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: readOnly: type: boolean description: 'readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' endpoints: type: string description: 'endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' path: type: string description: 'path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' required: - endpoints - path hostPath: type: object description: 'hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' properties: type: type: string description: 'type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' path: type: string description: 'path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' required: - path iscsi: type: object description: 'iscsi represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: readOnly: type: boolean description: readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. secretRef: type: object description: secretRef is the CHAP Secret for iSCSI target and initiator authentication properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic chapAuthDiscovery: type: boolean description: chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication chapAuthSession: type: boolean description: chapAuthSession defines whether support iSCSI Session CHAP authentication fsType: type: string description: 'fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' initiatorName: type: string description: initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. iqn: type: string description: iqn is the target iSCSI Qualified Name. iscsiInterface: type: string description: iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). lun: type: integer description: lun represents iSCSI Target Lun number. format: int32 portals: type: array description: portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). items: type: string targetPortal: type: string description: targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). required: - iqn - lun - targetPortal nfs: type: object description: 'nfs represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: readOnly: type: boolean description: 'readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' path: type: string description: 'path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' server: type: string description: 'server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' required: - path - server persistentVolumeClaim: type: object description: 'persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: readOnly: type: boolean description: readOnly Will force the ReadOnly setting in VolumeMounts. Default false. claimName: type: string description: 'claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' required: - claimName photonPersistentDisk: type: object description: photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine properties: fsType: type: string description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. pdID: type: string description: pdID is the ID that identifies Photon Controller persistent disk required: - pdID portworxVolume: type: object description: portworxVolume represents a portworx volume attached and mounted on kubelets host machine properties: readOnly: type: boolean description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. fsType: type: string description: fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. volumeID: type: string description: volumeID uniquely identifies a Portworx volume required: - volumeID projected: type: object description: projected items for all in one resources secrets, configmaps, and downward API properties: defaultMode: type: integer description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. format: int32 sources: type: array description: sources is the list of volume projections items: type: object description: Projection that may be projected along with other supported volume types properties: configMap: type: object description: configMap information about the configMap data to project properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' items: type: array description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: type: object description: Maps a string key to a path within a volume. properties: key: type: string description: key is the key to project. mode: type: integer description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 path: type: string description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. required: - key - path optional: type: boolean description: optional specify whether the ConfigMap or its keys must be defined x-kubernetes-map-type: atomic downwardAPI: type: object description: downwardAPI information about the downwardAPI data to project properties: items: type: array description: Items is a list of DownwardAPIVolume file items: type: object description: DownwardAPIVolumeFile represents information to create the file containing the pod field properties: fieldRef: type: object description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' properties: apiVersion: type: string description: Version of the schema the FieldPath is written in terms of, defaults to "v1". fieldPath: type: string description: Path of the field to select in the specified API version. required: - fieldPath x-kubernetes-map-type: atomic resourceFieldRef: type: object description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' properties: containerName: type: string description: 'Container name: required for volumes, optional for env vars' divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string description: 'Required: resource to select' required: - resource x-kubernetes-map-type: atomic mode: type: integer description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 path: type: string description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' required: - path secret: type: object description: secret information about the secret data to project properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' items: type: array description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: type: object description: Maps a string key to a path within a volume. properties: key: type: string description: key is the key to project. mode: type: integer description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 path: type: string description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. required: - key - path optional: type: boolean description: optional field specify whether the Secret or its key must be defined x-kubernetes-map-type: atomic serviceAccountToken: type: object description: serviceAccountToken is information about the serviceAccountToken data to project properties: audience: type: string description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. expirationSeconds: type: integer description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. format: int64 path: type: string description: path is the path relative to the mount point of the file to project the token into. required: - path quobyte: type: object description: quobyte represents a Quobyte mount on the host that shares a pod's lifetime properties: readOnly: type: boolean description: readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. group: type: string description: group to map volume access to Default is no group registry: type: string description: registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes tenant: type: string description: tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin user: type: string description: user to map volume access to Defaults to serivceaccount user volume: type: string description: volume is a string that references an already created Quobyte volume by name. required: - registry - volume rbd: type: object description: 'rbd represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: image: type: string description: 'image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' readOnly: type: boolean description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' secretRef: type: object description: 'secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic fsType: type: string description: 'fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' keyring: type: string description: 'keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' monitors: type: array description: 'monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string pool: type: string description: 'pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' user: type: string description: 'user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' required: - image - monitors scaleIO: type: object description: scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. properties: readOnly: type: boolean description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. secretRef: type: object description: secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic fsType: type: string description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". gateway: type: string description: gateway is the host address of the ScaleIO API Gateway. protectionDomain: type: string description: protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. sslEnabled: type: boolean description: sslEnabled Flag enable/disable SSL communication with Gateway, default false storageMode: type: string description: storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. storagePool: type: string description: storagePool is the ScaleIO Storage Pool associated with the protection domain. system: type: string description: system is the name of the storage system as configured in ScaleIO. volumeName: type: string description: volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source. required: - gateway - secretRef - system secret: type: object description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: type: integer description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 items: type: array description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: type: object description: Maps a string key to a path within a volume. properties: key: type: string description: key is the key to project. mode: type: integer description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 path: type: string description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. required: - key - path optional: type: boolean description: optional field specify whether the Secret or its keys must be defined secretName: type: string description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' storageos: type: object description: storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. properties: readOnly: type: boolean description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. secretRef: type: object description: secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic fsType: type: string description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. volumeName: type: string description: volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. volumeNamespace: type: string description: volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. vsphereVolume: type: object description: vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine properties: fsType: type: string description: fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. storagePolicyID: type: string description: storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. storagePolicyName: type: string description: storagePolicyName is the storage Policy Based Management (SPBM) profile name. volumePath: type: string description: volumePath is the path that identifies vSphere volume vmdk required: - volumePath required: - name imagePullSecrets: type: array description: Fluent Bit image pull secret items: type: object description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic affinity: type: object description: Pod's scheduling constraints. properties: nodeAffinity: type: object description: Describes node affinity scheduling rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: type: array description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. items: type: object description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: type: object description: A node selector term, associated with the corresponding weight. properties: matchExpressions: type: array description: A list of node selector requirements by node's labels. items: type: object description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: The label key that the selector applies to. operator: type: string description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. values: type: array description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchFields: type: array description: A list of node selector requirements by node's fields. items: type: object description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: The label key that the selector applies to. operator: type: string description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. values: type: array description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string required: - key - operator x-kubernetes-map-type: atomic weight: type: integer description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. format: int32 required: - preference - weight requiredDuringSchedulingIgnoredDuringExecution: type: object description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: type: array description: Required. A list of node selector terms. The terms are ORed. items: type: object description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: type: array description: A list of node selector requirements by node's labels. items: type: object description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: The label key that the selector applies to. operator: type: string description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. values: type: array description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchFields: type: array description: A list of node selector requirements by node's fields. items: type: object description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: The label key that the selector applies to. operator: type: string description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. values: type: array description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string required: - key - operator x-kubernetes-map-type: atomic required: - nodeSelectorTerms x-kubernetes-map-type: atomic podAffinity: type: object description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: type: array description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: type: object description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: type: object description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: type: object description: A label query over a set of resources, in this case pods. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic namespaceSelector: type: object description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic namespaces: type: array description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string topologyKey: type: string description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. required: - topologyKey weight: type: integer description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. format: int32 required: - podAffinityTerm - weight requiredDuringSchedulingIgnoredDuringExecution: type: array description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. items: type: object description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running properties: labelSelector: type: object description: A label query over a set of resources, in this case pods. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic namespaceSelector: type: object description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic namespaces: type: array description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string topologyKey: type: string description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. required: - topologyKey podAntiAffinity: type: object description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: type: array description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: type: object description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: type: object description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: type: object description: A label query over a set of resources, in this case pods. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic namespaceSelector: type: object description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic namespaces: type: array description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string topologyKey: type: string description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. required: - topologyKey weight: type: integer description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. format: int32 required: - podAffinityTerm - weight requiredDuringSchedulingIgnoredDuringExecution: type: array description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. items: type: object description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running properties: labelSelector: type: object description: A label query over a set of resources, in this case pods. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic namespaceSelector: type: object description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic namespaces: type: array description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string topologyKey: type: string description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. required: - topologyKey tolerations: type: array description: Tolerations items: type: object description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . properties: value: type: string description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. effect: type: string description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. key: type: string description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. operator: type: string description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. tolerationSeconds: type: integer description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. format: int64 image: type: string description: Fluent Bit image. command: type: array description: Fluent Bit Watcher command. items: type: string args: type: array description: Fluent Bit Watcher command line arguments. items: type: string ports: type: array description: Ports represents the pod's ports. items: type: object description: ContainerPort represents a network port in a single container. properties: name: type: string description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. protocol: type: string default: TCP description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". hostPort: type: integer description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. format: int32 containerPort: type: integer description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. format: int32 hostIP: type: string description: What host IP to bind the external port to. required: - containerPort resources: type: object description: Compute Resources required by container. properties: claims: type: array description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: type: object description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: type: string description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. required: - name x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' requests: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' livenessProbe: type: object description: LivenessProbe represents the pod's liveness probe. properties: terminationGracePeriodSeconds: type: integer description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 exec: type: object description: Exec specifies the action to take. properties: command: type: array description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string failureThreshold: type: integer description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 grpc: type: object description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. properties: service: type: string description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." port: type: integer description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 required: - port httpGet: type: object description: HTTPGet specifies the http request to perform. properties: port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true host: type: string description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. httpHeaders: type: array description: Custom headers to set in the request. HTTP allows repeated headers. items: type: object description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: type: string description: The header field name value: type: string description: The header field value required: - name - value path: type: string description: Path to access on the HTTP server. scheme: type: string description: Scheme to use for connecting to the host. Defaults to HTTP. required: - port initialDelaySeconds: type: integer description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 periodSeconds: type: integer description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 successThreshold: type: integer description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 tcpSocket: type: object description: TCPSocket specifies an action involving a TCP port. properties: port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true host: type: string description: 'Optional: Host name to connect to, defaults to the pod IP.' required: - port timeoutSeconds: type: integer description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 readinessProbe: type: object description: ReadinessProbe represents the pod's readiness probe. properties: terminationGracePeriodSeconds: type: integer description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 exec: type: object description: Exec specifies the action to take. properties: command: type: array description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string failureThreshold: type: integer description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 grpc: type: object description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate. properties: service: type: string description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC." port: type: integer description: Port number of the gRPC service. Number must be in the range 1 to 65535. format: int32 required: - port httpGet: type: object description: HTTPGet specifies the http request to perform. properties: port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true host: type: string description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. httpHeaders: type: array description: Custom headers to set in the request. HTTP allows repeated headers. items: type: object description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: type: string description: The header field name value: type: string description: The header field value required: - name - value path: type: string description: Path to access on the HTTP server. scheme: type: string description: Scheme to use for connecting to the host. Defaults to HTTP. required: - port initialDelaySeconds: type: integer description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 periodSeconds: type: integer description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 successThreshold: type: integer description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 tcpSocket: type: object description: TCPSocket specifies an action involving a TCP port. properties: port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true host: type: string description: 'Optional: Host name to connect to, defaults to the pod IP.' required: - port timeoutSeconds: type: integer description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 imagePullPolicy: type: string description: Fluent Bit image pull policy. securityContext: type: object description: SecurityContext holds pod-level security attributes and common container settings. properties: fsGroup: type: integer description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows." format: int64 fsGroupChangePolicy: type: string description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.' runAsGroup: type: integer description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. format: int64 runAsNonRoot: type: boolean description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. runAsUser: type: integer description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. format: int64 seLinuxOptions: type: object description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. properties: type: type: string description: Type is a SELinux type label that applies to the container. level: type: string description: Level is SELinux level label that applies to the container. role: type: string description: Role is a SELinux role label that applies to the container. user: type: string description: User is a SELinux user label that applies to the container. seccompProfile: type: object description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. properties: type: type: string description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." localhostProfile: type: string description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". required: - type supplementalGroups: type: array description: A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. items: type: integer format: int64 sysctls: type: array description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. items: type: object description: Sysctl defines a kernel parameter to be set properties: name: type: string description: Name of a property to set value: type: string description: Value of a property to set required: - name - value windowsOptions: type: object description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: type: string description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. gmsaCredentialSpecName: type: string description: GMSACredentialSpecName is the name of the GMSA credential spec to use. hostProcess: type: boolean description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. runAsUserName: type: string description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. containerLogRealPath: type: string description: Container log path containerSecurityContext: type: object description: ContainerSecurityContext holds container-level security attributes. properties: allowPrivilegeEscalation: type: boolean description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.' capabilities: type: object description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. properties: add: type: array description: Added capabilities items: type: string description: Capability represent POSIX capabilities type drop: type: array description: Removed capabilities items: type: string description: Capability represent POSIX capabilities type privileged: type: boolean description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. procMount: type: string description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. readOnlyRootFilesystem: type: boolean description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. runAsGroup: type: integer description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. format: int64 runAsNonRoot: type: boolean description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. runAsUser: type: integer description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. format: int64 seLinuxOptions: type: object description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. properties: type: type: string description: Type is a SELinux type label that applies to the container. level: type: string description: Level is SELinux level label that applies to the container. role: type: string description: Role is a SELinux role label that applies to the container. user: type: string description: User is a SELinux user label that applies to the container. seccompProfile: type: object description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. properties: type: type: string description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." localhostProfile: type: string description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". required: - type windowsOptions: type: object description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: type: string description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. gmsaCredentialSpecName: type: string description: GMSACredentialSpecName is the name of the GMSA credential spec to use. hostProcess: type: boolean description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. runAsUserName: type: string description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. disableService: type: boolean description: DisableService tells if the fluentbit service should be deployed. envVars: type: array description: EnvVars represent environment variables that can be passed to fluentbit pods. items: type: object description: EnvVar represents an environment variable present in a Container. properties: name: type: string description: Name of the environment variable. Must be a C_IDENTIFIER. value: type: string description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' valueFrom: type: object description: Source for the environment variable's value. Cannot be used if value is not empty. properties: fieldRef: type: object description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: type: string description: Version of the schema the FieldPath is written in terms of, defaults to "v1". fieldPath: type: string description: Path of the field to select in the specified API version. required: - fieldPath x-kubernetes-map-type: atomic resourceFieldRef: type: object description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' properties: containerName: type: string description: 'Container name: required for volumes, optional for env vars' divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string description: 'Required: resource to select' required: - resource x-kubernetes-map-type: atomic configMapKeyRef: type: object description: Selects a key of a ConfigMap. properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key to select. optional: type: boolean description: Specify whether the ConfigMap or its key must be defined required: - key x-kubernetes-map-type: atomic secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic required: - name fluentBitConfigName: type: string description: Fluentbitconfig object associated with this Fluentbit internalMountPropagation: type: string description: MountPropagation option for internal mounts enum: - None - HostToContainer - Bidirectional metricsPort: type: integer description: MetricsPort is the port used by the metrics server. If this option is set, HttpPort from ClusterFluentBitConfig needs to match this value. Default is 2020. format: int32 namespaceFluentBitCfgSelector: type: object description: NamespacedFluentBitCfgSelector selects the namespace FluentBitConfig associated with this FluentBit properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic positionDB: type: object description: Storage for position db. You will use it if tail input is enabled. properties: awsElasticBlockStore: type: object description: 'awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: readOnly: type: boolean description: 'readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' fsType: type: string description: 'fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' partition: type: integer description: 'partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' format: int32 volumeID: type: string description: 'volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' required: - volumeID azureDisk: type: object description: azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. properties: kind: type: string description: 'kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' readOnly: type: boolean description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. cachingMode: type: string description: 'cachingMode is the Host Caching mode: None, Read Only, Read Write.' diskName: type: string description: diskName is the Name of the data disk in the blob storage diskURI: type: string description: diskURI is the URI of data disk in the blob storage fsType: type: string description: fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. required: - diskName - diskURI azureFile: type: object description: azureFile represents an Azure File Service mount on the host and bind mount to the pod. properties: readOnly: type: boolean description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. secretName: type: string description: secretName is the name of secret that contains Azure Storage Account Name and Key shareName: type: string description: shareName is the azure share Name required: - secretName - shareName cephfs: type: object description: cephFS represents a Ceph FS mount on the host that shares a pod's lifetime properties: readOnly: type: boolean description: 'readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' secretRef: type: object description: 'secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic monitors: type: array description: 'monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string path: type: string description: 'path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /' secretFile: type: string description: 'secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' user: type: string description: 'user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' required: - monitors cinder: type: object description: 'cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: readOnly: type: boolean description: 'readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' secretRef: type: object description: 'secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.' properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic fsType: type: string description: 'fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' volumeID: type: string description: 'volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' required: - volumeID configMap: type: object description: configMap represents a configMap that should populate this volume properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' defaultMode: type: integer description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 items: type: array description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: type: object description: Maps a string key to a path within a volume. properties: key: type: string description: key is the key to project. mode: type: integer description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 path: type: string description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. required: - key - path optional: type: boolean description: optional specify whether the ConfigMap or its keys must be defined x-kubernetes-map-type: atomic csi: type: object description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). properties: readOnly: type: boolean description: readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). driver: type: string description: driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. fsType: type: string description: fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. nodePublishSecretRef: type: object description: nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic volumeAttributes: type: object additionalProperties: type: string description: volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. required: - driver downwardAPI: type: object description: downwardAPI represents downward API about the pod that should populate this volume properties: defaultMode: type: integer description: 'Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 items: type: array description: Items is a list of downward API volume file items: type: object description: DownwardAPIVolumeFile represents information to create the file containing the pod field properties: fieldRef: type: object description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' properties: apiVersion: type: string description: Version of the schema the FieldPath is written in terms of, defaults to "v1". fieldPath: type: string description: Path of the field to select in the specified API version. required: - fieldPath x-kubernetes-map-type: atomic resourceFieldRef: type: object description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' properties: containerName: type: string description: 'Container name: required for volumes, optional for env vars' divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string description: 'Required: resource to select' required: - resource x-kubernetes-map-type: atomic mode: type: integer description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 path: type: string description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' required: - path emptyDir: type: object description: 'emptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: type: string description: 'medium represents what type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' sizeLimit: anyOf: - type: integer - type: string description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeral: type: object description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." properties: volumeClaimTemplate: type: object description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." properties: metadata: type: object description: May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. properties: name: type: string namespace: type: string labels: type: object additionalProperties: type: string annotations: type: object additionalProperties: type: string finalizers: type: array items: type: string spec: type: object description: The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. properties: selector: type: object description: selector is a label query over volumes to consider for binding. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic resources: type: object description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: type: array description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: type: object description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: type: string description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. required: - name x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' requests: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' accessModes: type: array description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string dataSource: type: object description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.' properties: name: type: string description: Name is the name of resource being referenced kind: type: string description: Kind is the type of resource being referenced apiGroup: type: string description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. required: - kind - name x-kubernetes-map-type: atomic dataSourceRef: type: object description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: name: type: string description: Name is the name of resource being referenced namespace: type: string description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. kind: type: string description: Kind is the type of resource being referenced apiGroup: type: string description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. required: - kind - name storageClassName: type: string description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' volumeMode: type: string description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. volumeName: type: string description: volumeName is the binding reference to the PersistentVolume backing this claim. required: - spec fc: type: object description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. properties: readOnly: type: boolean description: 'readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' fsType: type: string description: 'fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' lun: type: integer description: 'lun is Optional: FC target lun number' format: int32 targetWWNs: type: array description: 'targetWWNs is Optional: FC target worldwide names (WWNs)' items: type: string wwids: type: array description: 'wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' items: type: string flexVolume: type: object description: flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. properties: readOnly: type: boolean description: 'readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' secretRef: type: object description: 'secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic driver: type: string description: driver is the name of the driver to use for this volume. fsType: type: string description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. options: type: object additionalProperties: type: string description: 'options is Optional: this field holds extra command options if any.' required: - driver flocker: type: object description: flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running properties: datasetName: type: string description: datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated datasetUUID: type: string description: datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset gcePersistentDisk: type: object description: 'gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: readOnly: type: boolean description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' fsType: type: string description: 'fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' partition: type: integer description: 'partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 pdName: type: string description: 'pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' required: - pdName gitRepo: type: object description: 'gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' properties: revision: type: string description: revision is the commit hash for the specified revision. directory: type: string description: directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. repository: type: string description: repository is the URL required: - repository glusterfs: type: object description: 'glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: readOnly: type: boolean description: 'readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' endpoints: type: string description: 'endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' path: type: string description: 'path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' required: - endpoints - path hostPath: type: object description: 'hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' properties: type: type: string description: 'type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' path: type: string description: 'path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' required: - path iscsi: type: object description: 'iscsi represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: readOnly: type: boolean description: readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. secretRef: type: object description: secretRef is the CHAP Secret for iSCSI target and initiator authentication properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic chapAuthDiscovery: type: boolean description: chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication chapAuthSession: type: boolean description: chapAuthSession defines whether support iSCSI Session CHAP authentication fsType: type: string description: 'fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' initiatorName: type: string description: initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. iqn: type: string description: iqn is the target iSCSI Qualified Name. iscsiInterface: type: string description: iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). lun: type: integer description: lun represents iSCSI Target Lun number. format: int32 portals: type: array description: portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). items: type: string targetPortal: type: string description: targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). required: - iqn - lun - targetPortal nfs: type: object description: 'nfs represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: readOnly: type: boolean description: 'readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' path: type: string description: 'path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' server: type: string description: 'server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' required: - path - server persistentVolumeClaim: type: object description: 'persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: readOnly: type: boolean description: readOnly Will force the ReadOnly setting in VolumeMounts. Default false. claimName: type: string description: 'claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' required: - claimName photonPersistentDisk: type: object description: photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine properties: fsType: type: string description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. pdID: type: string description: pdID is the ID that identifies Photon Controller persistent disk required: - pdID portworxVolume: type: object description: portworxVolume represents a portworx volume attached and mounted on kubelets host machine properties: readOnly: type: boolean description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. fsType: type: string description: fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. volumeID: type: string description: volumeID uniquely identifies a Portworx volume required: - volumeID projected: type: object description: projected items for all in one resources secrets, configmaps, and downward API properties: defaultMode: type: integer description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. format: int32 sources: type: array description: sources is the list of volume projections items: type: object description: Projection that may be projected along with other supported volume types properties: configMap: type: object description: configMap information about the configMap data to project properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' items: type: array description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: type: object description: Maps a string key to a path within a volume. properties: key: type: string description: key is the key to project. mode: type: integer description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 path: type: string description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. required: - key - path optional: type: boolean description: optional specify whether the ConfigMap or its keys must be defined x-kubernetes-map-type: atomic downwardAPI: type: object description: downwardAPI information about the downwardAPI data to project properties: items: type: array description: Items is a list of DownwardAPIVolume file items: type: object description: DownwardAPIVolumeFile represents information to create the file containing the pod field properties: fieldRef: type: object description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' properties: apiVersion: type: string description: Version of the schema the FieldPath is written in terms of, defaults to "v1". fieldPath: type: string description: Path of the field to select in the specified API version. required: - fieldPath x-kubernetes-map-type: atomic resourceFieldRef: type: object description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' properties: containerName: type: string description: 'Container name: required for volumes, optional for env vars' divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string description: 'Required: resource to select' required: - resource x-kubernetes-map-type: atomic mode: type: integer description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 path: type: string description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' required: - path secret: type: object description: secret information about the secret data to project properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' items: type: array description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: type: object description: Maps a string key to a path within a volume. properties: key: type: string description: key is the key to project. mode: type: integer description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 path: type: string description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. required: - key - path optional: type: boolean description: optional field specify whether the Secret or its key must be defined x-kubernetes-map-type: atomic serviceAccountToken: type: object description: serviceAccountToken is information about the serviceAccountToken data to project properties: audience: type: string description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. expirationSeconds: type: integer description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. format: int64 path: type: string description: path is the path relative to the mount point of the file to project the token into. required: - path quobyte: type: object description: quobyte represents a Quobyte mount on the host that shares a pod's lifetime properties: readOnly: type: boolean description: readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. group: type: string description: group to map volume access to Default is no group registry: type: string description: registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes tenant: type: string description: tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin user: type: string description: user to map volume access to Defaults to serivceaccount user volume: type: string description: volume is a string that references an already created Quobyte volume by name. required: - registry - volume rbd: type: object description: 'rbd represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: image: type: string description: 'image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' readOnly: type: boolean description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' secretRef: type: object description: 'secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic fsType: type: string description: 'fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' keyring: type: string description: 'keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' monitors: type: array description: 'monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string pool: type: string description: 'pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' user: type: string description: 'user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' required: - image - monitors scaleIO: type: object description: scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. properties: readOnly: type: boolean description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. secretRef: type: object description: secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic fsType: type: string description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". gateway: type: string description: gateway is the host address of the ScaleIO API Gateway. protectionDomain: type: string description: protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. sslEnabled: type: boolean description: sslEnabled Flag enable/disable SSL communication with Gateway, default false storageMode: type: string description: storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. storagePool: type: string description: storagePool is the ScaleIO Storage Pool associated with the protection domain. system: type: string description: system is the name of the storage system as configured in ScaleIO. volumeName: type: string description: volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source. required: - gateway - secretRef - system secret: type: object description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: type: integer description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 items: type: array description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: type: object description: Maps a string key to a path within a volume. properties: key: type: string description: key is the key to project. mode: type: integer description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 path: type: string description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. required: - key - path optional: type: boolean description: optional field specify whether the Secret or its keys must be defined secretName: type: string description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' storageos: type: object description: storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. properties: readOnly: type: boolean description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. secretRef: type: object description: secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic fsType: type: string description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. volumeName: type: string description: volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. volumeNamespace: type: string description: volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. vsphereVolume: type: object description: vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine properties: fsType: type: string description: fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. storagePolicyID: type: string description: storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. storagePolicyName: type: string description: storagePolicyName is the storage Policy Based Management (SPBM) profile name. volumePath: type: string description: volumePath is the path that identifies vSphere volume vmdk required: - volumePath rbacRules: type: array description: RBACRules represents additional rbac rules which will be applied to the fluent-bit clusterrole. items: type: object description: PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to. properties: resources: type: array description: Resources is a list of resources this rule applies to. '*' represents all resources. items: type: string apiGroups: type: array description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups. items: type: string nonResourceURLs: type: array description: NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. items: type: string resourceNames: type: array description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. items: type: string verbs: type: array description: Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs. items: type: string required: - verbs secrets: type: array description: The Secrets are mounted into /fluent-bit/secrets/. items: type: string serviceAccountAnnotations: type: object additionalProperties: type: string description: Annotations to add to the Fluentbit service account volumesMounts: type: array description: Pod volumes to mount into the container's filesystem. items: type: object description: VolumeMount describes a mounting of a Volume within a container. properties: name: type: string description: This must match the Name of a Volume. readOnly: type: boolean description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. mountPath: type: string description: Path within the container at which the volume should be mounted. Must not contain ':'. subPath: type: string description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). subPathExpr: type: string description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. mountPropagation: type: string description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. required: - mountPath - name status: type: object description: FluentBitStatus defines the observed state of FluentBit served: true storage: true --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: fluentdconfigs.fluentd.fluent.io annotations: controller-gen.kubebuilder.io/version: v0.11.3 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: fluent-operator pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-logging' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: group: fluentd.fluent.io names: kind: FluentdConfig listKind: FluentdConfigList plural: fluentdconfigs shortNames: - fdc singular: fluentdconfig scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: type: object description: FluentdConfig is the Schema for the fluentdconfigs API properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object description: FluentdConfigSpec defines the desired state of FluentdConfig properties: clusterFilterSelector: type: object description: Select cluster filter plugins properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic clusterOutputSelector: type: object description: Select cluster output plugins properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic emit_mode: type: string description: 'Emit mode. If batch, the plugin will emit events per labels matched. Enum: record, batch. will make no effect if EnableFilterKubernetes is set false.' enum: - record - batch filterSelector: type: object description: Select namespaced filter plugins properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic outputSelector: type: object description: Select namespaced output plugins properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic stickyTags: type: string description: Sticky tags will match only one record from an event stream. The same tag will be treated the same way. will make no effect if EnableFilterKubernetes is set false. watchedConstainers: type: array description: A set of container names. Ignored if left empty. items: type: string watchedHosts: type: array description: A set of hosts. Ignored if left empty. items: type: string watchedLabels: type: object additionalProperties: type: string description: Use this field to filter the logs, will make no effect if EnableFilterKubernetes is set false. status: type: object description: FluentdConfigStatus defines the observed state of FluentdConfig properties: messages: type: string description: Messages defines the plugin errors which is selected by this fluentdconfig state: type: string description: The state of this fluentd config served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: fluentds.fluentd.fluent.io annotations: controller-gen.kubebuilder.io/version: v0.11.3 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: fluent-operator pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-logging' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: group: fluentd.fluent.io names: kind: Fluentd listKind: FluentdList plural: fluentds shortNames: - fd singular: fluentd scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: type: object description: Fluentd is the Schema for the fluentds API properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object description: FluentdSpec defines the desired state of Fluentd properties: annotations: type: object additionalProperties: type: string description: Annotations to add to each Fluentd pod. replicas: type: integer description: Numbers of the Fluentd instance format: int32 volumeClaimTemplates: type: array description: volumeClaimTemplates is a list of claims that pods are allowed to reference. The StatefulSet controller is responsible for mapping network identities to claims in a way that maintains the identity of a pod. Every claim in this list must have at least one matching (by name) volumeMount in one container in the template. items: type: object description: PersistentVolumeClaim is a user's request for and claim to a persistent volume properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' properties: name: type: string namespace: type: string labels: type: object additionalProperties: type: string annotations: type: object additionalProperties: type: string finalizers: type: array items: type: string spec: type: object description: 'spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: selector: type: object description: selector is a label query over volumes to consider for binding. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic resources: type: object description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: type: array description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: type: object description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: type: string description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. required: - name x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' requests: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' accessModes: type: array description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string dataSource: type: object description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.' properties: name: type: string description: Name is the name of resource being referenced kind: type: string description: Kind is the type of resource being referenced apiGroup: type: string description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. required: - kind - name x-kubernetes-map-type: atomic dataSourceRef: type: object description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: name: type: string description: Name is the name of resource being referenced namespace: type: string description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. kind: type: string description: Kind is the type of resource being referenced apiGroup: type: string description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. required: - kind - name storageClassName: type: string description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' volumeMode: type: string description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. volumeName: type: string description: volumeName is the binding reference to the PersistentVolume backing this claim. status: type: object description: 'status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: type: array description: 'accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string allocatedResources: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. capacity: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: capacity represents the actual resources of the underlying volume. conditions: type: array description: conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. items: type: object description: PersistentVolumeClaimCondition contails details about state of pvc properties: type: type: string description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type status: type: string lastProbeTime: type: string description: lastProbeTime is the time we probed the condition. format: date-time lastTransitionTime: type: string description: lastTransitionTime is the time the condition transitioned from one status to another. format: date-time message: type: string description: message is the human-readable message indicating details about last transition. reason: type: string description: reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. required: - status - type phase: type: string description: phase represents the current phase of PersistentVolumeClaim. resizeStatus: type: string description: resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. service: type: object description: Service represents configurations on the fluentd service. properties: name: type: string description: Name is the name of the FluentD service. labels: type: object additionalProperties: type: string description: Labels to add to each FluentD service annotations: type: object additionalProperties: type: string description: Annotations to add to each FluentD service. schedulerName: type: string description: SchedulerName represents the desired scheduler for fluentd pods. priorityClassName: type: string description: PriorityClassName represents the pod's priority class. runtimeClassName: type: string description: RuntimeClassName represents the container runtime configuration. nodeSelector: type: object additionalProperties: type: string description: NodeSelector volumes: type: array description: List of volumes that can be mounted by containers belonging to the pod. items: type: object description: Volume represents a named volume in a pod that may be accessed by any container in the pod. properties: name: type: string description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' awsElasticBlockStore: type: object description: 'awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: readOnly: type: boolean description: 'readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' fsType: type: string description: 'fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' partition: type: integer description: 'partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' format: int32 volumeID: type: string description: 'volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' required: - volumeID azureDisk: type: object description: azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. properties: kind: type: string description: 'kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' readOnly: type: boolean description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. cachingMode: type: string description: 'cachingMode is the Host Caching mode: None, Read Only, Read Write.' diskName: type: string description: diskName is the Name of the data disk in the blob storage diskURI: type: string description: diskURI is the URI of data disk in the blob storage fsType: type: string description: fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. required: - diskName - diskURI azureFile: type: object description: azureFile represents an Azure File Service mount on the host and bind mount to the pod. properties: readOnly: type: boolean description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. secretName: type: string description: secretName is the name of secret that contains Azure Storage Account Name and Key shareName: type: string description: shareName is the azure share Name required: - secretName - shareName cephfs: type: object description: cephFS represents a Ceph FS mount on the host that shares a pod's lifetime properties: readOnly: type: boolean description: 'readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' secretRef: type: object description: 'secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic monitors: type: array description: 'monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string path: type: string description: 'path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /' secretFile: type: string description: 'secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' user: type: string description: 'user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' required: - monitors cinder: type: object description: 'cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: readOnly: type: boolean description: 'readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' secretRef: type: object description: 'secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.' properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic fsType: type: string description: 'fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' volumeID: type: string description: 'volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' required: - volumeID configMap: type: object description: configMap represents a configMap that should populate this volume properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' defaultMode: type: integer description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 items: type: array description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: type: object description: Maps a string key to a path within a volume. properties: key: type: string description: key is the key to project. mode: type: integer description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 path: type: string description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. required: - key - path optional: type: boolean description: optional specify whether the ConfigMap or its keys must be defined x-kubernetes-map-type: atomic csi: type: object description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). properties: readOnly: type: boolean description: readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). driver: type: string description: driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. fsType: type: string description: fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. nodePublishSecretRef: type: object description: nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic volumeAttributes: type: object additionalProperties: type: string description: volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. required: - driver downwardAPI: type: object description: downwardAPI represents downward API about the pod that should populate this volume properties: defaultMode: type: integer description: 'Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 items: type: array description: Items is a list of downward API volume file items: type: object description: DownwardAPIVolumeFile represents information to create the file containing the pod field properties: fieldRef: type: object description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' properties: apiVersion: type: string description: Version of the schema the FieldPath is written in terms of, defaults to "v1". fieldPath: type: string description: Path of the field to select in the specified API version. required: - fieldPath x-kubernetes-map-type: atomic resourceFieldRef: type: object description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' properties: containerName: type: string description: 'Container name: required for volumes, optional for env vars' divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string description: 'Required: resource to select' required: - resource x-kubernetes-map-type: atomic mode: type: integer description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 path: type: string description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' required: - path emptyDir: type: object description: 'emptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: type: string description: 'medium represents what type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' sizeLimit: anyOf: - type: integer - type: string description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeral: type: object description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." properties: volumeClaimTemplate: type: object description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." properties: metadata: type: object description: May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. properties: name: type: string namespace: type: string labels: type: object additionalProperties: type: string annotations: type: object additionalProperties: type: string finalizers: type: array items: type: string spec: type: object description: The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. properties: selector: type: object description: selector is a label query over volumes to consider for binding. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic resources: type: object description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: type: array description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: type: object description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: type: string description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. required: - name x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' requests: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' accessModes: type: array description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string dataSource: type: object description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.' properties: name: type: string description: Name is the name of resource being referenced kind: type: string description: Kind is the type of resource being referenced apiGroup: type: string description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. required: - kind - name x-kubernetes-map-type: atomic dataSourceRef: type: object description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: name: type: string description: Name is the name of resource being referenced namespace: type: string description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. kind: type: string description: Kind is the type of resource being referenced apiGroup: type: string description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. required: - kind - name storageClassName: type: string description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' volumeMode: type: string description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. volumeName: type: string description: volumeName is the binding reference to the PersistentVolume backing this claim. required: - spec fc: type: object description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. properties: readOnly: type: boolean description: 'readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' fsType: type: string description: 'fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' lun: type: integer description: 'lun is Optional: FC target lun number' format: int32 targetWWNs: type: array description: 'targetWWNs is Optional: FC target worldwide names (WWNs)' items: type: string wwids: type: array description: 'wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' items: type: string flexVolume: type: object description: flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. properties: readOnly: type: boolean description: 'readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' secretRef: type: object description: 'secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic driver: type: string description: driver is the name of the driver to use for this volume. fsType: type: string description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. options: type: object additionalProperties: type: string description: 'options is Optional: this field holds extra command options if any.' required: - driver flocker: type: object description: flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running properties: datasetName: type: string description: datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated datasetUUID: type: string description: datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset gcePersistentDisk: type: object description: 'gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: readOnly: type: boolean description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' fsType: type: string description: 'fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' partition: type: integer description: 'partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 pdName: type: string description: 'pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' required: - pdName gitRepo: type: object description: 'gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' properties: revision: type: string description: revision is the commit hash for the specified revision. directory: type: string description: directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. repository: type: string description: repository is the URL required: - repository glusterfs: type: object description: 'glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: readOnly: type: boolean description: 'readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' endpoints: type: string description: 'endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' path: type: string description: 'path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' required: - endpoints - path hostPath: type: object description: 'hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' properties: type: type: string description: 'type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' path: type: string description: 'path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' required: - path iscsi: type: object description: 'iscsi represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: readOnly: type: boolean description: readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. secretRef: type: object description: secretRef is the CHAP Secret for iSCSI target and initiator authentication properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic chapAuthDiscovery: type: boolean description: chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication chapAuthSession: type: boolean description: chapAuthSession defines whether support iSCSI Session CHAP authentication fsType: type: string description: 'fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' initiatorName: type: string description: initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. iqn: type: string description: iqn is the target iSCSI Qualified Name. iscsiInterface: type: string description: iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). lun: type: integer description: lun represents iSCSI Target Lun number. format: int32 portals: type: array description: portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). items: type: string targetPortal: type: string description: targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). required: - iqn - lun - targetPortal nfs: type: object description: 'nfs represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: readOnly: type: boolean description: 'readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' path: type: string description: 'path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' server: type: string description: 'server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' required: - path - server persistentVolumeClaim: type: object description: 'persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: readOnly: type: boolean description: readOnly Will force the ReadOnly setting in VolumeMounts. Default false. claimName: type: string description: 'claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' required: - claimName photonPersistentDisk: type: object description: photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine properties: fsType: type: string description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. pdID: type: string description: pdID is the ID that identifies Photon Controller persistent disk required: - pdID portworxVolume: type: object description: portworxVolume represents a portworx volume attached and mounted on kubelets host machine properties: readOnly: type: boolean description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. fsType: type: string description: fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. volumeID: type: string description: volumeID uniquely identifies a Portworx volume required: - volumeID projected: type: object description: projected items for all in one resources secrets, configmaps, and downward API properties: defaultMode: type: integer description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. format: int32 sources: type: array description: sources is the list of volume projections items: type: object description: Projection that may be projected along with other supported volume types properties: configMap: type: object description: configMap information about the configMap data to project properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' items: type: array description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: type: object description: Maps a string key to a path within a volume. properties: key: type: string description: key is the key to project. mode: type: integer description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 path: type: string description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. required: - key - path optional: type: boolean description: optional specify whether the ConfigMap or its keys must be defined x-kubernetes-map-type: atomic downwardAPI: type: object description: downwardAPI information about the downwardAPI data to project properties: items: type: array description: Items is a list of DownwardAPIVolume file items: type: object description: DownwardAPIVolumeFile represents information to create the file containing the pod field properties: fieldRef: type: object description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' properties: apiVersion: type: string description: Version of the schema the FieldPath is written in terms of, defaults to "v1". fieldPath: type: string description: Path of the field to select in the specified API version. required: - fieldPath x-kubernetes-map-type: atomic resourceFieldRef: type: object description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' properties: containerName: type: string description: 'Container name: required for volumes, optional for env vars' divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string description: 'Required: resource to select' required: - resource x-kubernetes-map-type: atomic mode: type: integer description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 path: type: string description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' required: - path secret: type: object description: secret information about the secret data to project properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' items: type: array description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: type: object description: Maps a string key to a path within a volume. properties: key: type: string description: key is the key to project. mode: type: integer description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 path: type: string description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. required: - key - path optional: type: boolean description: optional field specify whether the Secret or its key must be defined x-kubernetes-map-type: atomic serviceAccountToken: type: object description: serviceAccountToken is information about the serviceAccountToken data to project properties: audience: type: string description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. expirationSeconds: type: integer description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. format: int64 path: type: string description: path is the path relative to the mount point of the file to project the token into. required: - path quobyte: type: object description: quobyte represents a Quobyte mount on the host that shares a pod's lifetime properties: readOnly: type: boolean description: readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. group: type: string description: group to map volume access to Default is no group registry: type: string description: registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes tenant: type: string description: tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin user: type: string description: user to map volume access to Defaults to serivceaccount user volume: type: string description: volume is a string that references an already created Quobyte volume by name. required: - registry - volume rbd: type: object description: 'rbd represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: image: type: string description: 'image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' readOnly: type: boolean description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' secretRef: type: object description: 'secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic fsType: type: string description: 'fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' keyring: type: string description: 'keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' monitors: type: array description: 'monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string pool: type: string description: 'pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' user: type: string description: 'user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' required: - image - monitors scaleIO: type: object description: scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. properties: readOnly: type: boolean description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. secretRef: type: object description: secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic fsType: type: string description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". gateway: type: string description: gateway is the host address of the ScaleIO API Gateway. protectionDomain: type: string description: protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. sslEnabled: type: boolean description: sslEnabled Flag enable/disable SSL communication with Gateway, default false storageMode: type: string description: storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. storagePool: type: string description: storagePool is the ScaleIO Storage Pool associated with the protection domain. system: type: string description: system is the name of the storage system as configured in ScaleIO. volumeName: type: string description: volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source. required: - gateway - secretRef - system secret: type: object description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: type: integer description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 items: type: array description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. items: type: object description: Maps a string key to a path within a volume. properties: key: type: string description: key is the key to project. mode: type: integer description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' format: int32 path: type: string description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. required: - key - path optional: type: boolean description: optional field specify whether the Secret or its keys must be defined secretName: type: string description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' storageos: type: object description: storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. properties: readOnly: type: boolean description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. secretRef: type: object description: secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic fsType: type: string description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. volumeName: type: string description: volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. volumeNamespace: type: string description: volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. vsphereVolume: type: object description: vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine properties: fsType: type: string description: fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. storagePolicyID: type: string description: storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. storagePolicyName: type: string description: storagePolicyName is the storage Policy Based Management (SPBM) profile name. volumePath: type: string description: volumePath is the path that identifies vSphere volume vmdk required: - volumePath required: - name imagePullSecrets: type: array description: Fluentd image pull secret items: type: object description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' x-kubernetes-map-type: atomic affinity: type: object description: Pod's scheduling constraints. properties: nodeAffinity: type: object description: Describes node affinity scheduling rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: type: array description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. items: type: object description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: type: object description: A node selector term, associated with the corresponding weight. properties: matchExpressions: type: array description: A list of node selector requirements by node's labels. items: type: object description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: The label key that the selector applies to. operator: type: string description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. values: type: array description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchFields: type: array description: A list of node selector requirements by node's fields. items: type: object description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: The label key that the selector applies to. operator: type: string description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. values: type: array description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string required: - key - operator x-kubernetes-map-type: atomic weight: type: integer description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. format: int32 required: - preference - weight requiredDuringSchedulingIgnoredDuringExecution: type: object description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: type: array description: Required. A list of node selector terms. The terms are ORed. items: type: object description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: type: array description: A list of node selector requirements by node's labels. items: type: object description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: The label key that the selector applies to. operator: type: string description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. values: type: array description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchFields: type: array description: A list of node selector requirements by node's fields. items: type: object description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: The label key that the selector applies to. operator: type: string description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. values: type: array description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string required: - key - operator x-kubernetes-map-type: atomic required: - nodeSelectorTerms x-kubernetes-map-type: atomic podAffinity: type: object description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: type: array description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: type: object description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: type: object description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: type: object description: A label query over a set of resources, in this case pods. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic namespaceSelector: type: object description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic namespaces: type: array description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string topologyKey: type: string description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. required: - topologyKey weight: type: integer description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. format: int32 required: - podAffinityTerm - weight requiredDuringSchedulingIgnoredDuringExecution: type: array description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. items: type: object description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running properties: labelSelector: type: object description: A label query over a set of resources, in this case pods. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic namespaceSelector: type: object description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic namespaces: type: array description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string topologyKey: type: string description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. required: - topologyKey podAntiAffinity: type: object description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: type: array description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. items: type: object description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: type: object description: Required. A pod affinity term, associated with the corresponding weight. properties: labelSelector: type: object description: A label query over a set of resources, in this case pods. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic namespaceSelector: type: object description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic namespaces: type: array description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string topologyKey: type: string description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. required: - topologyKey weight: type: integer description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. format: int32 required: - podAffinityTerm - weight requiredDuringSchedulingIgnoredDuringExecution: type: array description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. items: type: object description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running properties: labelSelector: type: object description: A label query over a set of resources, in this case pods. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic namespaceSelector: type: object description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic namespaces: type: array description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string topologyKey: type: string description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. required: - topologyKey tolerations: type: array description: Tolerations items: type: object description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . properties: value: type: string description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. effect: type: string description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. key: type: string description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. operator: type: string description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. tolerationSeconds: type: integer description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. format: int64 image: type: string description: Fluentd image. args: type: array description: Fluentd Watcher command line arguments. items: type: string resources: type: object description: Compute Resources required by container. properties: claims: type: array description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: type: object description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: type: string description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. required: - name x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' requests: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' volumeMounts: type: array description: Pod volumes to mount into the container's filesystem. Cannot be updated. items: type: object description: VolumeMount describes a mounting of a Volume within a container. properties: name: type: string description: This must match the Name of a Volume. readOnly: type: boolean description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. mountPath: type: string description: Path within the container at which the volume should be mounted. Must not contain ':'. subPath: type: string description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). subPathExpr: type: string description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. mountPropagation: type: string description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. required: - mountPath - name imagePullPolicy: type: string description: Fluentd image pull policy. securityContext: type: object description: PodSecurityContext represents the security context for the fluentd pods. properties: fsGroup: type: integer description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows." format: int64 fsGroupChangePolicy: type: string description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.' runAsGroup: type: integer description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. format: int64 runAsNonRoot: type: boolean description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. runAsUser: type: integer description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. format: int64 seLinuxOptions: type: object description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. properties: type: type: string description: Type is a SELinux type label that applies to the container. level: type: string description: Level is SELinux level label that applies to the container. role: type: string description: Role is a SELinux role label that applies to the container. user: type: string description: User is a SELinux user label that applies to the container. seccompProfile: type: object description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. properties: type: type: string description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." localhostProfile: type: string description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". required: - type supplementalGroups: type: array description: A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. items: type: integer format: int64 sysctls: type: array description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. items: type: object description: Sysctl defines a kernel parameter to be set properties: name: type: string description: Name of a property to set value: type: string description: Value of a property to set required: - name - value windowsOptions: type: object description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: type: string description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. gmsaCredentialSpecName: type: string description: GMSACredentialSpecName is the name of the GMSA credential spec to use. hostProcess: type: boolean description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. runAsUserName: type: string description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. buffer: type: object description: Buffer definition properties: disableBufferVolume: type: boolean description: Enabled buffer pvc by default. emptyDir: type: object description: Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling. properties: medium: type: string description: 'medium represents what type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' sizeLimit: anyOf: - type: integer - type: string description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true hostPath: type: object description: Volume definition. properties: type: type: string description: 'type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' path: type: string description: 'path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' required: - path pvc: type: object description: PVC definition properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' properties: name: type: string namespace: type: string labels: type: object additionalProperties: type: string annotations: type: object additionalProperties: type: string finalizers: type: array items: type: string spec: type: object description: 'spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: selector: type: object description: selector is a label query over volumes to consider for binding. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic resources: type: object description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: type: array description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: type: object description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: type: string description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. required: - name x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' requests: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' accessModes: type: array description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string dataSource: type: object description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.' properties: name: type: string description: Name is the name of resource being referenced kind: type: string description: Kind is the type of resource being referenced apiGroup: type: string description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. required: - kind - name x-kubernetes-map-type: atomic dataSourceRef: type: object description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn''t specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn''t set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: name: type: string description: Name is the name of resource being referenced namespace: type: string description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. kind: type: string description: Kind is the type of resource being referenced apiGroup: type: string description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. required: - kind - name storageClassName: type: string description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' volumeMode: type: string description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. volumeName: type: string description: volumeName is the binding reference to the PersistentVolume backing this claim. status: type: object description: 'status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: type: array description: 'accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string allocatedResources: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. capacity: type: object additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: capacity represents the actual resources of the underlying volume. conditions: type: array description: conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. items: type: object description: PersistentVolumeClaimCondition contails details about state of pvc properties: type: type: string description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type status: type: string lastProbeTime: type: string description: lastProbeTime is the time we probed the condition. format: date-time lastTransitionTime: type: string description: lastTransitionTime is the time the condition transitioned from one status to another. format: date-time message: type: string description: message is the human-readable message indicating details about last transition. reason: type: string description: reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. required: - status - type phase: type: string description: phase represents the current phase of PersistentVolumeClaim. resizeStatus: type: string description: resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. defaultFilterSelector: type: object description: Select cluster filter plugins used to filter for the default cluster output properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic defaultOutputSelector: type: object description: Select cluster output plugins used to send all logs that did not match any route to the matching outputs properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic disableService: type: boolean description: By default will build the related service according to the globalinputs definition. envVars: type: array description: EnvVars represent environment variables that can be passed to fluentd pods. items: type: object description: EnvVar represents an environment variable present in a Container. properties: name: type: string description: Name of the environment variable. Must be a C_IDENTIFIER. value: type: string description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' valueFrom: type: object description: Source for the environment variable's value. Cannot be used if value is not empty. properties: fieldRef: type: object description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' properties: apiVersion: type: string description: Version of the schema the FieldPath is written in terms of, defaults to "v1". fieldPath: type: string description: Path of the field to select in the specified API version. required: - fieldPath x-kubernetes-map-type: atomic resourceFieldRef: type: object description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' properties: containerName: type: string description: 'Container name: required for volumes, optional for env vars' divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string description: 'Required: resource to select' required: - resource x-kubernetes-map-type: atomic configMapKeyRef: type: object description: Selects a key of a ConfigMap. properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key to select. optional: type: boolean description: Specify whether the ConfigMap or its key must be defined required: - key x-kubernetes-map-type: atomic secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic required: - name fluentdCfgSelector: type: object description: FluentdCfgSelector defines the selectors to select the fluentd config CRs. properties: matchExpressions: type: array description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: type: object description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: type: string description: key is the label key that the selector applies to. operator: type: string description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. values: type: array description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string required: - key - operator matchLabels: type: object additionalProperties: type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. x-kubernetes-map-type: atomic globalInputs: type: array description: Fluentd global inputs. items: type: object description: Input defines all available input plugins and their parameters properties: forward: type: object description: in_forward plugin properties: port: type: integer description: The port to listen to, default is 24224. format: int32 maximum: 65535 minimum: 1 addTagPrefix: type: string description: Adds the prefix to the incoming event's tag. bind: type: string description: The port to listen to, default is "0.0.0.0" chunkSizeLimit: type: string description: The size limit of the received chunk. If the chunk size is larger than this value, the received chunk is dropped. pattern: ^\d+(KB|MB|GB|TB)$ chunkSizeWarnLimit: type: string description: The warning size limit of the received chunk. If the chunk size is larger than this value, a warning message will be sent. pattern: ^\d+(KB|MB|GB|TB)$ client: type: object description: The security section of client plugin properties: host: type: string description: The IP address or hostname of the client. This is exclusive with Network. network: type: string description: The network address specification. This is exclusive with Host. sharedKey: type: string description: The shared key per client. users: type: string description: The array of usernames. denyKeepalive: type: boolean description: The connections will be disconnected right after receiving a message, if true. lingerTimeout: type: integer description: The timeout used to set the linger option. resolveHostname: type: boolean description: Tries to resolve hostname from IP addresses or not. security: type: object description: The security section of forward plugin properties: allowAnonymousSource: type: string description: Allows the anonymous source. sections are required, if disabled. selfHostname: type: string description: The hostname. sharedKey: type: string description: The shared key for authentication. user: type: object description: Defines user section directly. properties: password: type: object description: Secret defines the key of a value. properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic username: type: object description: Secret defines the key of a value. properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic userAuth: type: string description: If true, user-based authentication is used. sendKeepalivePacket: type: boolean description: Enables the TCP keepalive for sockets. skipInvalidEvent: type: boolean description: Skips the invalid incoming event. sourceAddressKey: type: string description: The field name of the client's source address. If set, the client's address will be set to its key. sourceHostnameKey: type: string description: The field name of the client's hostname. If set, the client's hostname will be set to its key. tag: type: string description: in_forward uses incoming event's tag by default (See Protocol Section). If the tag parameter is set, its value is used instead. transport: type: object description: The transport section of forward plugin properties: protocol: type: string description: 'The protocal name of this plugin, i.e: tls' caCertPath: type: string description: for Cert generated caPath: type: string description: for Cert signed by public CA caPrivateKeyPassphrase: type: string caPrivateKeyPath: type: string certPath: type: string certVerifier: type: string description: other parameters ciphers: type: string clientCertAuth: type: boolean insecure: type: boolean privateKeyPassphrase: type: string privateKeyPath: type: string version: type: string user: type: object description: The security section of user plugin properties: password: type: object description: Secret defines the key of a value. properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic username: type: object description: Secret defines the key of a value. properties: valueFrom: type: object description: ValueSource defines how to find a value's key. properties: secretKeyRef: type: object description: Selects a key of a secret in the pod's namespace properties: name: type: string description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' key: type: string description: The key of the secret to select from. Must be a valid secret key. optional: type: boolean description: Specify whether the Secret or its key must be defined required: - key x-kubernetes-map-type: atomic http: type: object description: in_http plugin properties: port: type: integer description: The port to listen to, default is 9880. format: int32 maximum: 65535 minimum: 1 addHttpHeaders: type: boolean description: Adds HTTP_ prefix headers to the record. addRemoteAddr: type: string description: 'Adds REMOTE_ADDR field to the record. The value of REMOTE_ADDR is the client''s address. i.e: X-Forwarded-For: host1, host2' bind: type: string description: The port to listen to, default is "0.0.0.0" bodySizeLimit: type: string description: The size limit of the POSTed element. pattern: ^\d+(KB|MB|GB|TB)$ corsAllOrigins: type: string description: Whitelist domains for CORS. corsAllowCredentials: type: string description: Add Access-Control-Allow-Credentials header. It's needed when a request's credentials mode is include keepaliveTimeout: type: string description: The timeout limit for keeping the connection alive. pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ parse: type: object description: The parse section of http plugin properties: type: type: string description: The @type parameter specifies the type of the plugin. enum: - regexp - apache2 - apache_error - nginx - syslog - csv - tsv - ltsv - json - multiline - none estimateCurrentEvent: type: boolean description: If true, use Fluent::Eventnow(current time) as a timestamp when time_key is specified. expression: type: string description: Specifies the regular expression for matching logs. Regular expression also supports i and m suffix. id: type: string description: The @id parameter specifies a unique name for the configuration. keepTimeKey: type: boolean description: If true, keep time field in th record. localtime: type: boolean description: If true, uses local time. logLevel: type: string description: The @log_level parameter specifies the plugin-specific logging level timeFormat: type: string description: Process value according to the specified format. This is available only when time_type is string timeFormatFallbacks: type: string description: Uses the specified time format as a fallback in the specified order. You can parse undetermined time format by using time_format_fallbacks. This options is enabled when time_type is mixed. timeKey: type: string description: Specify time field for event time. If the event doesn't have this field, current time is used. timeType: type: string description: parses/formats value according to this type, default is string enum: - float - unixtime - string - mixed timeout: type: string description: Specify timeout for parse processing. pattern: ^\d+(\.[0-9]{0,2})?(s|m|h|d)?$ timezone: type: string description: Uses the specified timezone. types: type: string description: 'Specify types for converting field into another, i.e: types user_id:integer,paid:bool,paid_usd_amount:float' utc: type: boolean description: If true, uses UTC. required: - type respondsWithEmptyImg: type: boolean description: Responds with an empty GIF image of 1x1 pixel (rather than an empty string). transport: type: object description: The transport section of http plugin properties: protocol: type: string description: 'The protocal name of this plugin, i.e: tls' caCertPath: type: string description: for Cert generated caPath: type: string description: for Cert signed by public CA caPrivateKeyPassphrase: type: string caPrivateKeyPath: type: string certPath: type: string certVerifier: type: string description: other parameters ciphers: type: string clientCertAuth: type: boolean insecure: type: boolean privateKeyPassphrase: type: string privateKeyPath: type: string version: type: string id: type: string description: The @id parameter specifies a unique name for the configuration. label: type: string description: The @label parameter is to route the input events to