1apiVersion: v1
2kind: Namespace
3metadata:
4 name: envctl
5 labels:
6 platform.edge.ncr.com/component: 'envctl'
7 workload.edge.ncr.com: 'platform'
8 annotations:
9 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
10 pallet.edge.ncr.com/name: envctl
11 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
12 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
13 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
14 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
15---
16apiVersion: apiextensions.k8s.io/v1
17kind: CustomResourceDefinition
18metadata:
19 name: persistence.edge.ncr.com
20 annotations:
21 controller-gen.kubebuilder.io/version: (unknown)
22 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
23 pallet.edge.ncr.com/name: envctl
24 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
25 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
26 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
27 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
28 labels: {}
29spec:
30 group: edge.ncr.com
31 names:
32 kind: Persistence
33 listKind: PersistenceList
34 plural: persistence
35 singular: persistence
36 scope: Namespaced
37 versions:
38 - name: v1alpha1
39 schema:
40 openAPIV3Schema:
41 type: object
42 description: Persistence is the Schema for the Persistence API
43 properties:
44 apiVersion:
45 type: string
46 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
47 kind:
48 type: string
49 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
50 metadata:
51 type: object
52 spec:
53 type: object
54 description: PersistencSpec defines the desired state of Persistence
55 properties:
56 nameSubstitution:
57 type: string
58 nodeSelectorTerms:
59 type: array
60 items:
61 type: object
62 description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
63 properties:
64 matchExpressions:
65 type: array
66 description: A list of node selector requirements by node's labels.
67 items:
68 type: object
69 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
70 properties:
71 key:
72 type: string
73 description: The label key that the selector applies to.
74 operator:
75 type: string
76 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
77 values:
78 type: array
79 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
80 items:
81 type: string
82 required:
83 - key
84 - operator
85 matchFields:
86 type: array
87 description: A list of node selector requirements by node's fields.
88 items:
89 type: object
90 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
91 properties:
92 key:
93 type: string
94 description: The label key that the selector applies to.
95 operator:
96 type: string
97 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
98 values:
99 type: array
100 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
101 items:
102 type: string
103 required:
104 - key
105 - operator
106 statefulSet:
107 type: object
108 description: "StatefulSet represents a set of pods with consistent identities. Identities are defined as: - Network: A single stable DNS and hostname. - Storage: As many VolumeClaims as requested. \n The StatefulSet guarantees that a given network identity will always map to the same storage identity."
109 properties:
110 apiVersion:
111 type: string
112 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
113 kind:
114 type: string
115 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
116 metadata:
117 type: object
118 description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
119 properties:
120 name:
121 type: string
122 namespace:
123 type: string
124 labels:
125 type: object
126 additionalProperties:
127 type: string
128 annotations:
129 type: object
130 additionalProperties:
131 type: string
132 finalizers:
133 type: array
134 items:
135 type: string
136 spec:
137 type: object
138 description: Spec defines the desired identities of pods in this set.
139 properties:
140 replicas:
141 type: integer
142 description: 'replicas is the desired number of replicas of the given Template. These are replicas in the sense that they are instantiations of the same Template, but individual replicas also have a consistent identity. If unspecified, defaults to 1. TODO: Consider a rename of this field.'
143 format: int32
144 selector:
145 type: object
146 description: 'selector is a label query over pods that should match the replica count. It must match the pod template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors'
147 properties:
148 matchExpressions:
149 type: array
150 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
151 items:
152 type: object
153 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
154 properties:
155 key:
156 type: string
157 description: key is the label key that the selector applies to.
158 operator:
159 type: string
160 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
161 values:
162 type: array
163 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
164 items:
165 type: string
166 required:
167 - key
168 - operator
169 matchLabels:
170 type: object
171 additionalProperties:
172 type: string
173 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
174 template:
175 type: object
176 description: template is the object that describes the pod that will be created if insufficient replicas are detected. Each pod stamped out by the StatefulSet will fulfill this Template, but have a unique identity from the rest of the StatefulSet.
177 properties:
178 metadata:
179 type: object
180 description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
181 properties:
182 name:
183 type: string
184 namespace:
185 type: string
186 labels:
187 type: object
188 additionalProperties:
189 type: string
190 annotations:
191 type: object
192 additionalProperties:
193 type: string
194 finalizers:
195 type: array
196 items:
197 type: string
198 spec:
199 type: object
200 description: 'Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
201 properties:
202 restartPolicy:
203 type: string
204 description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
205 terminationGracePeriodSeconds:
206 type: integer
207 description: Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.
208 format: int64
209 activeDeadlineSeconds:
210 type: integer
211 description: Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.
212 format: int64
213 dnsPolicy:
214 type: string
215 description: Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
216 serviceAccountName:
217 type: string
218 description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/'
219 serviceAccount:
220 type: string
221 description: 'DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.'
222 automountServiceAccountToken:
223 type: boolean
224 description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
225 nodeName:
226 type: string
227 description: NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.
228 hostNetwork:
229 type: boolean
230 description: Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false.
231 hostPID:
232 type: boolean
233 description: 'Use the host''s pid namespace. Optional: Default to false.'
234 hostIPC:
235 type: boolean
236 description: 'Use the host''s ipc namespace. Optional: Default to false.'
237 shareProcessNamespace:
238 type: boolean
239 description: 'Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false.'
240 hostname:
241 type: string
242 description: Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.
243 subdomain:
244 type: string
245 description: If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all.
246 schedulerName:
247 type: string
248 description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.
249 priorityClassName:
250 type: string
251 description: If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.
252 priority:
253 type: integer
254 description: The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.
255 format: int32
256 runtimeClassName:
257 type: string
258 description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
259 enableServiceLinks:
260 type: boolean
261 description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Defaults to true.'
262 nodeSelector:
263 type: object
264 additionalProperties:
265 type: string
266 description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
267 x-kubernetes-map-type: atomic
268 hostAliases:
269 type: array
270 description: HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods.
271 items:
272 type: object
273 description: HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.
274 properties:
275 hostnames:
276 type: array
277 description: Hostnames for the above IP address.
278 items:
279 type: string
280 ip:
281 type: string
282 description: IP address of the host file entry.
283 initContainers:
284 type: array
285 description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
286 items:
287 type: object
288 description: A single application container that you want to run within a pod.
289 properties:
290 name:
291 type: string
292 description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
293 image:
294 type: string
295 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.'
296 command:
297 type: array
298 description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
299 items:
300 type: string
301 args:
302 type: array
303 description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
304 items:
305 type: string
306 workingDir:
307 type: string
308 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
309 ports:
310 type: array
311 description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
312 items:
313 type: object
314 description: ContainerPort represents a network port in a single container.
315 properties:
316 name:
317 type: string
318 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
319 protocol:
320 type: string
321 default: TCP
322 description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
323 hostPort:
324 type: integer
325 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
326 format: int32
327 containerPort:
328 type: integer
329 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
330 format: int32
331 hostIP:
332 type: string
333 description: What host IP to bind the external port to.
334 required:
335 - containerPort
336 x-kubernetes-list-map-keys:
337 - containerPort
338 - protocol
339 x-kubernetes-list-type: map
340 envFrom:
341 type: array
342 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
343 items:
344 type: object
345 description: EnvFromSource represents the source of a set of ConfigMaps
346 properties:
347 prefix:
348 type: string
349 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
350 configMapRef:
351 type: object
352 description: The ConfigMap to select from
353 properties:
354 name:
355 type: string
356 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
357 optional:
358 type: boolean
359 description: Specify whether the ConfigMap must be defined
360 secretRef:
361 type: object
362 description: The Secret to select from
363 properties:
364 name:
365 type: string
366 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
367 optional:
368 type: boolean
369 description: Specify whether the Secret must be defined
370 env:
371 type: array
372 description: List of environment variables to set in the container. Cannot be updated.
373 items:
374 type: object
375 description: EnvVar represents an environment variable present in a Container.
376 properties:
377 name:
378 type: string
379 description: Name of the environment variable. Must be a C_IDENTIFIER.
380 value:
381 type: string
382 description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".'
383 valueFrom:
384 type: object
385 description: Source for the environment variable's value. Cannot be used if value is not empty.
386 properties:
387 fieldRef:
388 type: object
389 description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.'
390 properties:
391 apiVersion:
392 type: string
393 description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
394 fieldPath:
395 type: string
396 description: Path of the field to select in the specified API version.
397 required:
398 - fieldPath
399 resourceFieldRef:
400 type: object
401 description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.'
402 properties:
403 containerName:
404 type: string
405 description: 'Container name: required for volumes, optional for env vars'
406 divisor:
407 anyOf:
408 - type: integer
409 - type: string
410 description: Specifies the output format of the exposed resources, defaults to "1"
411 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
412 x-kubernetes-int-or-string: true
413 resource:
414 type: string
415 description: 'Required: resource to select'
416 required:
417 - resource
418 configMapKeyRef:
419 type: object
420 description: Selects a key of a ConfigMap.
421 properties:
422 name:
423 type: string
424 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
425 key:
426 type: string
427 description: The key to select.
428 optional:
429 type: boolean
430 description: Specify whether the ConfigMap or its key must be defined
431 required:
432 - key
433 secretKeyRef:
434 type: object
435 description: Selects a key of a secret in the pod's namespace
436 properties:
437 name:
438 type: string
439 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
440 key:
441 type: string
442 description: The key of the secret to select from. Must be a valid secret key.
443 optional:
444 type: boolean
445 description: Specify whether the Secret or its key must be defined
446 required:
447 - key
448 required:
449 - name
450 resources:
451 type: object
452 description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
453 properties:
454 limits:
455 type: object
456 additionalProperties:
457 anyOf:
458 - type: integer
459 - type: string
460 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
461 x-kubernetes-int-or-string: true
462 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
463 requests:
464 type: object
465 additionalProperties:
466 anyOf:
467 - type: integer
468 - type: string
469 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
470 x-kubernetes-int-or-string: true
471 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
472 volumeMounts:
473 type: array
474 description: Pod volumes to mount into the container's filesystem. Cannot be updated.
475 items:
476 type: object
477 description: VolumeMount describes a mounting of a Volume within a container.
478 properties:
479 name:
480 type: string
481 description: This must match the Name of a Volume.
482 readOnly:
483 type: boolean
484 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
485 mountPath:
486 type: string
487 description: Path within the container at which the volume should be mounted. Must not contain ':'.
488 subPath:
489 type: string
490 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
491 subPathExpr:
492 type: string
493 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
494 mountPropagation:
495 type: string
496 description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
497 required:
498 - mountPath
499 - name
500 volumeDevices:
501 type: array
502 description: volumeDevices is the list of block devices to be used by the container.
503 items:
504 type: object
505 description: volumeDevice describes a mapping of a raw block device within a container.
506 properties:
507 name:
508 type: string
509 description: name must match the name of a persistentVolumeClaim in the pod
510 devicePath:
511 type: string
512 description: devicePath is the path inside of the container that the device will be mapped to.
513 required:
514 - devicePath
515 - name
516 livenessProbe:
517 type: object
518 description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
519 properties:
520 terminationGracePeriodSeconds:
521 type: integer
522 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
523 format: int64
524 exec:
525 type: object
526 description: Exec specifies the action to take.
527 properties:
528 command:
529 type: array
530 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
531 items:
532 type: string
533 failureThreshold:
534 type: integer
535 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
536 format: int32
537 grpc:
538 type: object
539 description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
540 properties:
541 service:
542 type: string
543 description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC."
544 port:
545 type: integer
546 description: Port number of the gRPC service. Number must be in the range 1 to 65535.
547 format: int32
548 required:
549 - port
550 httpGet:
551 type: object
552 description: HTTPGet specifies the http request to perform.
553 properties:
554 port:
555 anyOf:
556 - type: integer
557 - type: string
558 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
559 x-kubernetes-int-or-string: true
560 host:
561 type: string
562 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
563 httpHeaders:
564 type: array
565 description: Custom headers to set in the request. HTTP allows repeated headers.
566 items:
567 type: object
568 description: HTTPHeader describes a custom header to be used in HTTP probes
569 properties:
570 name:
571 type: string
572 description: The header field name
573 value:
574 type: string
575 description: The header field value
576 required:
577 - name
578 - value
579 path:
580 type: string
581 description: Path to access on the HTTP server.
582 scheme:
583 type: string
584 description: Scheme to use for connecting to the host. Defaults to HTTP.
585 required:
586 - port
587 initialDelaySeconds:
588 type: integer
589 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
590 format: int32
591 periodSeconds:
592 type: integer
593 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
594 format: int32
595 successThreshold:
596 type: integer
597 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
598 format: int32
599 tcpSocket:
600 type: object
601 description: TCPSocket specifies an action involving a TCP port.
602 properties:
603 port:
604 anyOf:
605 - type: integer
606 - type: string
607 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
608 x-kubernetes-int-or-string: true
609 host:
610 type: string
611 description: 'Optional: Host name to connect to, defaults to the pod IP.'
612 required:
613 - port
614 timeoutSeconds:
615 type: integer
616 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
617 format: int32
618 readinessProbe:
619 type: object
620 description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
621 properties:
622 terminationGracePeriodSeconds:
623 type: integer
624 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
625 format: int64
626 exec:
627 type: object
628 description: Exec specifies the action to take.
629 properties:
630 command:
631 type: array
632 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
633 items:
634 type: string
635 failureThreshold:
636 type: integer
637 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
638 format: int32
639 grpc:
640 type: object
641 description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
642 properties:
643 service:
644 type: string
645 description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC."
646 port:
647 type: integer
648 description: Port number of the gRPC service. Number must be in the range 1 to 65535.
649 format: int32
650 required:
651 - port
652 httpGet:
653 type: object
654 description: HTTPGet specifies the http request to perform.
655 properties:
656 port:
657 anyOf:
658 - type: integer
659 - type: string
660 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
661 x-kubernetes-int-or-string: true
662 host:
663 type: string
664 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
665 httpHeaders:
666 type: array
667 description: Custom headers to set in the request. HTTP allows repeated headers.
668 items:
669 type: object
670 description: HTTPHeader describes a custom header to be used in HTTP probes
671 properties:
672 name:
673 type: string
674 description: The header field name
675 value:
676 type: string
677 description: The header field value
678 required:
679 - name
680 - value
681 path:
682 type: string
683 description: Path to access on the HTTP server.
684 scheme:
685 type: string
686 description: Scheme to use for connecting to the host. Defaults to HTTP.
687 required:
688 - port
689 initialDelaySeconds:
690 type: integer
691 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
692 format: int32
693 periodSeconds:
694 type: integer
695 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
696 format: int32
697 successThreshold:
698 type: integer
699 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
700 format: int32
701 tcpSocket:
702 type: object
703 description: TCPSocket specifies an action involving a TCP port.
704 properties:
705 port:
706 anyOf:
707 - type: integer
708 - type: string
709 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
710 x-kubernetes-int-or-string: true
711 host:
712 type: string
713 description: 'Optional: Host name to connect to, defaults to the pod IP.'
714 required:
715 - port
716 timeoutSeconds:
717 type: integer
718 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
719 format: int32
720 lifecycle:
721 type: object
722 description: Actions that the management system should take in response to container lifecycle events. Cannot be updated.
723 properties:
724 postStart:
725 type: object
726 description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
727 properties:
728 exec:
729 type: object
730 description: Exec specifies the action to take.
731 properties:
732 command:
733 type: array
734 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
735 items:
736 type: string
737 httpGet:
738 type: object
739 description: HTTPGet specifies the http request to perform.
740 properties:
741 port:
742 anyOf:
743 - type: integer
744 - type: string
745 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
746 x-kubernetes-int-or-string: true
747 host:
748 type: string
749 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
750 httpHeaders:
751 type: array
752 description: Custom headers to set in the request. HTTP allows repeated headers.
753 items:
754 type: object
755 description: HTTPHeader describes a custom header to be used in HTTP probes
756 properties:
757 name:
758 type: string
759 description: The header field name
760 value:
761 type: string
762 description: The header field value
763 required:
764 - name
765 - value
766 path:
767 type: string
768 description: Path to access on the HTTP server.
769 scheme:
770 type: string
771 description: Scheme to use for connecting to the host. Defaults to HTTP.
772 required:
773 - port
774 tcpSocket:
775 type: object
776 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
777 properties:
778 port:
779 anyOf:
780 - type: integer
781 - type: string
782 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
783 x-kubernetes-int-or-string: true
784 host:
785 type: string
786 description: 'Optional: Host name to connect to, defaults to the pod IP.'
787 required:
788 - port
789 preStop:
790 type: object
791 description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod''s termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
792 properties:
793 exec:
794 type: object
795 description: Exec specifies the action to take.
796 properties:
797 command:
798 type: array
799 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
800 items:
801 type: string
802 httpGet:
803 type: object
804 description: HTTPGet specifies the http request to perform.
805 properties:
806 port:
807 anyOf:
808 - type: integer
809 - type: string
810 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
811 x-kubernetes-int-or-string: true
812 host:
813 type: string
814 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
815 httpHeaders:
816 type: array
817 description: Custom headers to set in the request. HTTP allows repeated headers.
818 items:
819 type: object
820 description: HTTPHeader describes a custom header to be used in HTTP probes
821 properties:
822 name:
823 type: string
824 description: The header field name
825 value:
826 type: string
827 description: The header field value
828 required:
829 - name
830 - value
831 path:
832 type: string
833 description: Path to access on the HTTP server.
834 scheme:
835 type: string
836 description: Scheme to use for connecting to the host. Defaults to HTTP.
837 required:
838 - port
839 tcpSocket:
840 type: object
841 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
842 properties:
843 port:
844 anyOf:
845 - type: integer
846 - type: string
847 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
848 x-kubernetes-int-or-string: true
849 host:
850 type: string
851 description: 'Optional: Host name to connect to, defaults to the pod IP.'
852 required:
853 - port
854 terminationMessagePath:
855 type: string
856 description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
857 terminationMessagePolicy:
858 type: string
859 description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
860 imagePullPolicy:
861 type: string
862 description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
863 securityContext:
864 type: object
865 description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
866 properties:
867 allowPrivilegeEscalation:
868 type: boolean
869 description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.'
870 capabilities:
871 type: object
872 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
873 properties:
874 add:
875 type: array
876 description: Added capabilities
877 items:
878 type: string
879 description: Capability represent POSIX capabilities type
880 drop:
881 type: array
882 description: Removed capabilities
883 items:
884 type: string
885 description: Capability represent POSIX capabilities type
886 privileged:
887 type: boolean
888 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
889 procMount:
890 type: string
891 description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
892 readOnlyRootFilesystem:
893 type: boolean
894 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
895 runAsGroup:
896 type: integer
897 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
898 format: int64
899 runAsNonRoot:
900 type: boolean
901 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
902 runAsUser:
903 type: integer
904 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
905 format: int64
906 seLinuxOptions:
907 type: object
908 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
909 properties:
910 type:
911 type: string
912 description: Type is a SELinux type label that applies to the container.
913 level:
914 type: string
915 description: Level is SELinux level label that applies to the container.
916 role:
917 type: string
918 description: Role is a SELinux role label that applies to the container.
919 user:
920 type: string
921 description: User is a SELinux user label that applies to the container.
922 seccompProfile:
923 type: object
924 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
925 properties:
926 type:
927 type: string
928 description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
929 localhostProfile:
930 type: string
931 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
932 required:
933 - type
934 windowsOptions:
935 type: object
936 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
937 properties:
938 gmsaCredentialSpec:
939 type: string
940 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
941 gmsaCredentialSpecName:
942 type: string
943 description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
944 hostProcess:
945 type: boolean
946 description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
947 runAsUserName:
948 type: string
949 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
950 stdin:
951 type: boolean
952 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
953 stdinOnce:
954 type: boolean
955 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
956 tty:
957 type: boolean
958 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
959 startupProbe:
960 type: object
961 description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
962 properties:
963 terminationGracePeriodSeconds:
964 type: integer
965 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
966 format: int64
967 exec:
968 type: object
969 description: Exec specifies the action to take.
970 properties:
971 command:
972 type: array
973 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
974 items:
975 type: string
976 failureThreshold:
977 type: integer
978 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
979 format: int32
980 grpc:
981 type: object
982 description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
983 properties:
984 service:
985 type: string
986 description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC."
987 port:
988 type: integer
989 description: Port number of the gRPC service. Number must be in the range 1 to 65535.
990 format: int32
991 required:
992 - port
993 httpGet:
994 type: object
995 description: HTTPGet specifies the http request to perform.
996 properties:
997 port:
998 anyOf:
999 - type: integer
1000 - type: string
1001 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
1002 x-kubernetes-int-or-string: true
1003 host:
1004 type: string
1005 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
1006 httpHeaders:
1007 type: array
1008 description: Custom headers to set in the request. HTTP allows repeated headers.
1009 items:
1010 type: object
1011 description: HTTPHeader describes a custom header to be used in HTTP probes
1012 properties:
1013 name:
1014 type: string
1015 description: The header field name
1016 value:
1017 type: string
1018 description: The header field value
1019 required:
1020 - name
1021 - value
1022 path:
1023 type: string
1024 description: Path to access on the HTTP server.
1025 scheme:
1026 type: string
1027 description: Scheme to use for connecting to the host. Defaults to HTTP.
1028 required:
1029 - port
1030 initialDelaySeconds:
1031 type: integer
1032 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
1033 format: int32
1034 periodSeconds:
1035 type: integer
1036 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
1037 format: int32
1038 successThreshold:
1039 type: integer
1040 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
1041 format: int32
1042 tcpSocket:
1043 type: object
1044 description: TCPSocket specifies an action involving a TCP port.
1045 properties:
1046 port:
1047 anyOf:
1048 - type: integer
1049 - type: string
1050 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
1051 x-kubernetes-int-or-string: true
1052 host:
1053 type: string
1054 description: 'Optional: Host name to connect to, defaults to the pod IP.'
1055 required:
1056 - port
1057 timeoutSeconds:
1058 type: integer
1059 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
1060 format: int32
1061 required:
1062 - name
1063 containers:
1064 type: array
1065 description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.
1066 items:
1067 type: object
1068 description: A single application container that you want to run within a pod.
1069 properties:
1070 name:
1071 type: string
1072 description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
1073 image:
1074 type: string
1075 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.'
1076 command:
1077 type: array
1078 description: 'Entrypoint array. Not executed within a shell. The container image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
1079 items:
1080 type: string
1081 args:
1082 type: array
1083 description: 'Arguments to the entrypoint. The container image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
1084 items:
1085 type: string
1086 workingDir:
1087 type: string
1088 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
1089 ports:
1090 type: array
1091 description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
1092 items:
1093 type: object
1094 description: ContainerPort represents a network port in a single container.
1095 properties:
1096 name:
1097 type: string
1098 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
1099 protocol:
1100 type: string
1101 default: TCP
1102 description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
1103 hostPort:
1104 type: integer
1105 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
1106 format: int32
1107 containerPort:
1108 type: integer
1109 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
1110 format: int32
1111 hostIP:
1112 type: string
1113 description: What host IP to bind the external port to.
1114 required:
1115 - containerPort
1116 x-kubernetes-list-map-keys:
1117 - containerPort
1118 - protocol
1119 x-kubernetes-list-type: map
1120 envFrom:
1121 type: array
1122 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
1123 items:
1124 type: object
1125 description: EnvFromSource represents the source of a set of ConfigMaps
1126 properties:
1127 prefix:
1128 type: string
1129 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
1130 configMapRef:
1131 type: object
1132 description: The ConfigMap to select from
1133 properties:
1134 name:
1135 type: string
1136 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
1137 optional:
1138 type: boolean
1139 description: Specify whether the ConfigMap must be defined
1140 secretRef:
1141 type: object
1142 description: The Secret to select from
1143 properties:
1144 name:
1145 type: string
1146 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
1147 optional:
1148 type: boolean
1149 description: Specify whether the Secret must be defined
1150 env:
1151 type: array
1152 description: List of environment variables to set in the container. Cannot be updated.
1153 items:
1154 type: object
1155 description: EnvVar represents an environment variable present in a Container.
1156 properties:
1157 name:
1158 type: string
1159 description: Name of the environment variable. Must be a C_IDENTIFIER.
1160 value:
1161 type: string
1162 description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".'
1163 valueFrom:
1164 type: object
1165 description: Source for the environment variable's value. Cannot be used if value is not empty.
1166 properties:
1167 fieldRef:
1168 type: object
1169 description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.'
1170 properties:
1171 apiVersion:
1172 type: string
1173 description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
1174 fieldPath:
1175 type: string
1176 description: Path of the field to select in the specified API version.
1177 required:
1178 - fieldPath
1179 resourceFieldRef:
1180 type: object
1181 description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.'
1182 properties:
1183 containerName:
1184 type: string
1185 description: 'Container name: required for volumes, optional for env vars'
1186 divisor:
1187 anyOf:
1188 - type: integer
1189 - type: string
1190 description: Specifies the output format of the exposed resources, defaults to "1"
1191 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
1192 x-kubernetes-int-or-string: true
1193 resource:
1194 type: string
1195 description: 'Required: resource to select'
1196 required:
1197 - resource
1198 configMapKeyRef:
1199 type: object
1200 description: Selects a key of a ConfigMap.
1201 properties:
1202 name:
1203 type: string
1204 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
1205 key:
1206 type: string
1207 description: The key to select.
1208 optional:
1209 type: boolean
1210 description: Specify whether the ConfigMap or its key must be defined
1211 required:
1212 - key
1213 secretKeyRef:
1214 type: object
1215 description: Selects a key of a secret in the pod's namespace
1216 properties:
1217 name:
1218 type: string
1219 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
1220 key:
1221 type: string
1222 description: The key of the secret to select from. Must be a valid secret key.
1223 optional:
1224 type: boolean
1225 description: Specify whether the Secret or its key must be defined
1226 required:
1227 - key
1228 required:
1229 - name
1230 resources:
1231 type: object
1232 description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
1233 properties:
1234 limits:
1235 type: object
1236 additionalProperties:
1237 anyOf:
1238 - type: integer
1239 - type: string
1240 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
1241 x-kubernetes-int-or-string: true
1242 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
1243 requests:
1244 type: object
1245 additionalProperties:
1246 anyOf:
1247 - type: integer
1248 - type: string
1249 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
1250 x-kubernetes-int-or-string: true
1251 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
1252 volumeMounts:
1253 type: array
1254 description: Pod volumes to mount into the container's filesystem. Cannot be updated.
1255 items:
1256 type: object
1257 description: VolumeMount describes a mounting of a Volume within a container.
1258 properties:
1259 name:
1260 type: string
1261 description: This must match the Name of a Volume.
1262 readOnly:
1263 type: boolean
1264 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
1265 mountPath:
1266 type: string
1267 description: Path within the container at which the volume should be mounted. Must not contain ':'.
1268 subPath:
1269 type: string
1270 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
1271 subPathExpr:
1272 type: string
1273 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
1274 mountPropagation:
1275 type: string
1276 description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
1277 required:
1278 - mountPath
1279 - name
1280 volumeDevices:
1281 type: array
1282 description: volumeDevices is the list of block devices to be used by the container.
1283 items:
1284 type: object
1285 description: volumeDevice describes a mapping of a raw block device within a container.
1286 properties:
1287 name:
1288 type: string
1289 description: name must match the name of a persistentVolumeClaim in the pod
1290 devicePath:
1291 type: string
1292 description: devicePath is the path inside of the container that the device will be mapped to.
1293 required:
1294 - devicePath
1295 - name
1296 livenessProbe:
1297 type: object
1298 description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
1299 properties:
1300 terminationGracePeriodSeconds:
1301 type: integer
1302 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
1303 format: int64
1304 exec:
1305 type: object
1306 description: Exec specifies the action to take.
1307 properties:
1308 command:
1309 type: array
1310 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
1311 items:
1312 type: string
1313 failureThreshold:
1314 type: integer
1315 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
1316 format: int32
1317 grpc:
1318 type: object
1319 description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
1320 properties:
1321 service:
1322 type: string
1323 description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC."
1324 port:
1325 type: integer
1326 description: Port number of the gRPC service. Number must be in the range 1 to 65535.
1327 format: int32
1328 required:
1329 - port
1330 httpGet:
1331 type: object
1332 description: HTTPGet specifies the http request to perform.
1333 properties:
1334 port:
1335 anyOf:
1336 - type: integer
1337 - type: string
1338 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
1339 x-kubernetes-int-or-string: true
1340 host:
1341 type: string
1342 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
1343 httpHeaders:
1344 type: array
1345 description: Custom headers to set in the request. HTTP allows repeated headers.
1346 items:
1347 type: object
1348 description: HTTPHeader describes a custom header to be used in HTTP probes
1349 properties:
1350 name:
1351 type: string
1352 description: The header field name
1353 value:
1354 type: string
1355 description: The header field value
1356 required:
1357 - name
1358 - value
1359 path:
1360 type: string
1361 description: Path to access on the HTTP server.
1362 scheme:
1363 type: string
1364 description: Scheme to use for connecting to the host. Defaults to HTTP.
1365 required:
1366 - port
1367 initialDelaySeconds:
1368 type: integer
1369 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
1370 format: int32
1371 periodSeconds:
1372 type: integer
1373 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
1374 format: int32
1375 successThreshold:
1376 type: integer
1377 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
1378 format: int32
1379 tcpSocket:
1380 type: object
1381 description: TCPSocket specifies an action involving a TCP port.
1382 properties:
1383 port:
1384 anyOf:
1385 - type: integer
1386 - type: string
1387 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
1388 x-kubernetes-int-or-string: true
1389 host:
1390 type: string
1391 description: 'Optional: Host name to connect to, defaults to the pod IP.'
1392 required:
1393 - port
1394 timeoutSeconds:
1395 type: integer
1396 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
1397 format: int32
1398 readinessProbe:
1399 type: object
1400 description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
1401 properties:
1402 terminationGracePeriodSeconds:
1403 type: integer
1404 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
1405 format: int64
1406 exec:
1407 type: object
1408 description: Exec specifies the action to take.
1409 properties:
1410 command:
1411 type: array
1412 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
1413 items:
1414 type: string
1415 failureThreshold:
1416 type: integer
1417 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
1418 format: int32
1419 grpc:
1420 type: object
1421 description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
1422 properties:
1423 service:
1424 type: string
1425 description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC."
1426 port:
1427 type: integer
1428 description: Port number of the gRPC service. Number must be in the range 1 to 65535.
1429 format: int32
1430 required:
1431 - port
1432 httpGet:
1433 type: object
1434 description: HTTPGet specifies the http request to perform.
1435 properties:
1436 port:
1437 anyOf:
1438 - type: integer
1439 - type: string
1440 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
1441 x-kubernetes-int-or-string: true
1442 host:
1443 type: string
1444 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
1445 httpHeaders:
1446 type: array
1447 description: Custom headers to set in the request. HTTP allows repeated headers.
1448 items:
1449 type: object
1450 description: HTTPHeader describes a custom header to be used in HTTP probes
1451 properties:
1452 name:
1453 type: string
1454 description: The header field name
1455 value:
1456 type: string
1457 description: The header field value
1458 required:
1459 - name
1460 - value
1461 path:
1462 type: string
1463 description: Path to access on the HTTP server.
1464 scheme:
1465 type: string
1466 description: Scheme to use for connecting to the host. Defaults to HTTP.
1467 required:
1468 - port
1469 initialDelaySeconds:
1470 type: integer
1471 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
1472 format: int32
1473 periodSeconds:
1474 type: integer
1475 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
1476 format: int32
1477 successThreshold:
1478 type: integer
1479 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
1480 format: int32
1481 tcpSocket:
1482 type: object
1483 description: TCPSocket specifies an action involving a TCP port.
1484 properties:
1485 port:
1486 anyOf:
1487 - type: integer
1488 - type: string
1489 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
1490 x-kubernetes-int-or-string: true
1491 host:
1492 type: string
1493 description: 'Optional: Host name to connect to, defaults to the pod IP.'
1494 required:
1495 - port
1496 timeoutSeconds:
1497 type: integer
1498 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
1499 format: int32
1500 lifecycle:
1501 type: object
1502 description: Actions that the management system should take in response to container lifecycle events. Cannot be updated.
1503 properties:
1504 postStart:
1505 type: object
1506 description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
1507 properties:
1508 exec:
1509 type: object
1510 description: Exec specifies the action to take.
1511 properties:
1512 command:
1513 type: array
1514 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
1515 items:
1516 type: string
1517 httpGet:
1518 type: object
1519 description: HTTPGet specifies the http request to perform.
1520 properties:
1521 port:
1522 anyOf:
1523 - type: integer
1524 - type: string
1525 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
1526 x-kubernetes-int-or-string: true
1527 host:
1528 type: string
1529 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
1530 httpHeaders:
1531 type: array
1532 description: Custom headers to set in the request. HTTP allows repeated headers.
1533 items:
1534 type: object
1535 description: HTTPHeader describes a custom header to be used in HTTP probes
1536 properties:
1537 name:
1538 type: string
1539 description: The header field name
1540 value:
1541 type: string
1542 description: The header field value
1543 required:
1544 - name
1545 - value
1546 path:
1547 type: string
1548 description: Path to access on the HTTP server.
1549 scheme:
1550 type: string
1551 description: Scheme to use for connecting to the host. Defaults to HTTP.
1552 required:
1553 - port
1554 tcpSocket:
1555 type: object
1556 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
1557 properties:
1558 port:
1559 anyOf:
1560 - type: integer
1561 - type: string
1562 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
1563 x-kubernetes-int-or-string: true
1564 host:
1565 type: string
1566 description: 'Optional: Host name to connect to, defaults to the pod IP.'
1567 required:
1568 - port
1569 preStop:
1570 type: object
1571 description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod''s termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
1572 properties:
1573 exec:
1574 type: object
1575 description: Exec specifies the action to take.
1576 properties:
1577 command:
1578 type: array
1579 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
1580 items:
1581 type: string
1582 httpGet:
1583 type: object
1584 description: HTTPGet specifies the http request to perform.
1585 properties:
1586 port:
1587 anyOf:
1588 - type: integer
1589 - type: string
1590 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
1591 x-kubernetes-int-or-string: true
1592 host:
1593 type: string
1594 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
1595 httpHeaders:
1596 type: array
1597 description: Custom headers to set in the request. HTTP allows repeated headers.
1598 items:
1599 type: object
1600 description: HTTPHeader describes a custom header to be used in HTTP probes
1601 properties:
1602 name:
1603 type: string
1604 description: The header field name
1605 value:
1606 type: string
1607 description: The header field value
1608 required:
1609 - name
1610 - value
1611 path:
1612 type: string
1613 description: Path to access on the HTTP server.
1614 scheme:
1615 type: string
1616 description: Scheme to use for connecting to the host. Defaults to HTTP.
1617 required:
1618 - port
1619 tcpSocket:
1620 type: object
1621 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
1622 properties:
1623 port:
1624 anyOf:
1625 - type: integer
1626 - type: string
1627 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
1628 x-kubernetes-int-or-string: true
1629 host:
1630 type: string
1631 description: 'Optional: Host name to connect to, defaults to the pod IP.'
1632 required:
1633 - port
1634 terminationMessagePath:
1635 type: string
1636 description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
1637 terminationMessagePolicy:
1638 type: string
1639 description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
1640 imagePullPolicy:
1641 type: string
1642 description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
1643 securityContext:
1644 type: object
1645 description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
1646 properties:
1647 allowPrivilegeEscalation:
1648 type: boolean
1649 description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.'
1650 capabilities:
1651 type: object
1652 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
1653 properties:
1654 add:
1655 type: array
1656 description: Added capabilities
1657 items:
1658 type: string
1659 description: Capability represent POSIX capabilities type
1660 drop:
1661 type: array
1662 description: Removed capabilities
1663 items:
1664 type: string
1665 description: Capability represent POSIX capabilities type
1666 privileged:
1667 type: boolean
1668 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
1669 procMount:
1670 type: string
1671 description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
1672 readOnlyRootFilesystem:
1673 type: boolean
1674 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
1675 runAsGroup:
1676 type: integer
1677 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
1678 format: int64
1679 runAsNonRoot:
1680 type: boolean
1681 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
1682 runAsUser:
1683 type: integer
1684 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
1685 format: int64
1686 seLinuxOptions:
1687 type: object
1688 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
1689 properties:
1690 type:
1691 type: string
1692 description: Type is a SELinux type label that applies to the container.
1693 level:
1694 type: string
1695 description: Level is SELinux level label that applies to the container.
1696 role:
1697 type: string
1698 description: Role is a SELinux role label that applies to the container.
1699 user:
1700 type: string
1701 description: User is a SELinux user label that applies to the container.
1702 seccompProfile:
1703 type: object
1704 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
1705 properties:
1706 type:
1707 type: string
1708 description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
1709 localhostProfile:
1710 type: string
1711 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
1712 required:
1713 - type
1714 windowsOptions:
1715 type: object
1716 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
1717 properties:
1718 gmsaCredentialSpec:
1719 type: string
1720 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
1721 gmsaCredentialSpecName:
1722 type: string
1723 description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
1724 hostProcess:
1725 type: boolean
1726 description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
1727 runAsUserName:
1728 type: string
1729 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
1730 stdin:
1731 type: boolean
1732 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
1733 stdinOnce:
1734 type: boolean
1735 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
1736 tty:
1737 type: boolean
1738 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
1739 startupProbe:
1740 type: object
1741 description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
1742 properties:
1743 terminationGracePeriodSeconds:
1744 type: integer
1745 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
1746 format: int64
1747 exec:
1748 type: object
1749 description: Exec specifies the action to take.
1750 properties:
1751 command:
1752 type: array
1753 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
1754 items:
1755 type: string
1756 failureThreshold:
1757 type: integer
1758 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
1759 format: int32
1760 grpc:
1761 type: object
1762 description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
1763 properties:
1764 service:
1765 type: string
1766 description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC."
1767 port:
1768 type: integer
1769 description: Port number of the gRPC service. Number must be in the range 1 to 65535.
1770 format: int32
1771 required:
1772 - port
1773 httpGet:
1774 type: object
1775 description: HTTPGet specifies the http request to perform.
1776 properties:
1777 port:
1778 anyOf:
1779 - type: integer
1780 - type: string
1781 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
1782 x-kubernetes-int-or-string: true
1783 host:
1784 type: string
1785 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
1786 httpHeaders:
1787 type: array
1788 description: Custom headers to set in the request. HTTP allows repeated headers.
1789 items:
1790 type: object
1791 description: HTTPHeader describes a custom header to be used in HTTP probes
1792 properties:
1793 name:
1794 type: string
1795 description: The header field name
1796 value:
1797 type: string
1798 description: The header field value
1799 required:
1800 - name
1801 - value
1802 path:
1803 type: string
1804 description: Path to access on the HTTP server.
1805 scheme:
1806 type: string
1807 description: Scheme to use for connecting to the host. Defaults to HTTP.
1808 required:
1809 - port
1810 initialDelaySeconds:
1811 type: integer
1812 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
1813 format: int32
1814 periodSeconds:
1815 type: integer
1816 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
1817 format: int32
1818 successThreshold:
1819 type: integer
1820 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
1821 format: int32
1822 tcpSocket:
1823 type: object
1824 description: TCPSocket specifies an action involving a TCP port.
1825 properties:
1826 port:
1827 anyOf:
1828 - type: integer
1829 - type: string
1830 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
1831 x-kubernetes-int-or-string: true
1832 host:
1833 type: string
1834 description: 'Optional: Host name to connect to, defaults to the pod IP.'
1835 required:
1836 - port
1837 timeoutSeconds:
1838 type: integer
1839 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
1840 format: int32
1841 required:
1842 - name
1843 volumes:
1844 type: array
1845 description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
1846 items:
1847 type: object
1848 description: Volume represents a named volume in a pod that may be accessed by any container in the pod.
1849 properties:
1850 name:
1851 type: string
1852 description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
1853 awsElasticBlockStore:
1854 type: object
1855 description: 'awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
1856 properties:
1857 readOnly:
1858 type: boolean
1859 description: 'readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
1860 fsType:
1861 type: string
1862 description: 'fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine'
1863 partition:
1864 type: integer
1865 description: 'partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).'
1866 format: int32
1867 volumeID:
1868 type: string
1869 description: 'volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
1870 required:
1871 - volumeID
1872 azureDisk:
1873 type: object
1874 description: azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
1875 properties:
1876 kind:
1877 type: string
1878 description: 'kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared'
1879 readOnly:
1880 type: boolean
1881 description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
1882 cachingMode:
1883 type: string
1884 description: 'cachingMode is the Host Caching mode: None, Read Only, Read Write.'
1885 diskName:
1886 type: string
1887 description: diskName is the Name of the data disk in the blob storage
1888 diskURI:
1889 type: string
1890 description: diskURI is the URI of data disk in the blob storage
1891 fsType:
1892 type: string
1893 description: fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
1894 required:
1895 - diskName
1896 - diskURI
1897 azureFile:
1898 type: object
1899 description: azureFile represents an Azure File Service mount on the host and bind mount to the pod.
1900 properties:
1901 readOnly:
1902 type: boolean
1903 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
1904 secretName:
1905 type: string
1906 description: secretName is the name of secret that contains Azure Storage Account Name and Key
1907 shareName:
1908 type: string
1909 description: shareName is the azure share Name
1910 required:
1911 - secretName
1912 - shareName
1913 cephfs:
1914 type: object
1915 description: cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
1916 properties:
1917 readOnly:
1918 type: boolean
1919 description: 'readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
1920 secretRef:
1921 type: object
1922 description: 'secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
1923 properties:
1924 name:
1925 type: string
1926 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
1927 monitors:
1928 type: array
1929 description: 'monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
1930 items:
1931 type: string
1932 path:
1933 type: string
1934 description: 'path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /'
1935 secretFile:
1936 type: string
1937 description: 'secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
1938 user:
1939 type: string
1940 description: 'user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
1941 required:
1942 - monitors
1943 cinder:
1944 type: object
1945 description: 'cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
1946 properties:
1947 readOnly:
1948 type: boolean
1949 description: 'readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
1950 secretRef:
1951 type: object
1952 description: 'secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.'
1953 properties:
1954 name:
1955 type: string
1956 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
1957 fsType:
1958 type: string
1959 description: 'fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
1960 volumeID:
1961 type: string
1962 description: 'volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
1963 required:
1964 - volumeID
1965 configMap:
1966 type: object
1967 description: configMap represents a configMap that should populate this volume
1968 properties:
1969 name:
1970 type: string
1971 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
1972 defaultMode:
1973 type: integer
1974 description: 'defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
1975 format: int32
1976 items:
1977 type: array
1978 description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
1979 items:
1980 type: object
1981 description: Maps a string key to a path within a volume.
1982 properties:
1983 key:
1984 type: string
1985 description: key is the key to project.
1986 mode:
1987 type: integer
1988 description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
1989 format: int32
1990 path:
1991 type: string
1992 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
1993 required:
1994 - key
1995 - path
1996 optional:
1997 type: boolean
1998 description: optional specify whether the ConfigMap or its keys must be defined
1999 csi:
2000 type: object
2001 description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
2002 properties:
2003 readOnly:
2004 type: boolean
2005 description: readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
2006 driver:
2007 type: string
2008 description: driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
2009 fsType:
2010 type: string
2011 description: fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
2012 nodePublishSecretRef:
2013 type: object
2014 description: nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.
2015 properties:
2016 name:
2017 type: string
2018 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
2019 volumeAttributes:
2020 type: object
2021 additionalProperties:
2022 type: string
2023 description: volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
2024 required:
2025 - driver
2026 downwardAPI:
2027 type: object
2028 description: downwardAPI represents downward API about the pod that should populate this volume
2029 properties:
2030 defaultMode:
2031 type: integer
2032 description: 'Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
2033 format: int32
2034 items:
2035 type: array
2036 description: Items is a list of downward API volume file
2037 items:
2038 type: object
2039 description: DownwardAPIVolumeFile represents information to create the file containing the pod field
2040 properties:
2041 fieldRef:
2042 type: object
2043 description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.'
2044 properties:
2045 apiVersion:
2046 type: string
2047 description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
2048 fieldPath:
2049 type: string
2050 description: Path of the field to select in the specified API version.
2051 required:
2052 - fieldPath
2053 resourceFieldRef:
2054 type: object
2055 description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.'
2056 properties:
2057 containerName:
2058 type: string
2059 description: 'Container name: required for volumes, optional for env vars'
2060 divisor:
2061 anyOf:
2062 - type: integer
2063 - type: string
2064 description: Specifies the output format of the exposed resources, defaults to "1"
2065 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
2066 x-kubernetes-int-or-string: true
2067 resource:
2068 type: string
2069 description: 'Required: resource to select'
2070 required:
2071 - resource
2072 mode:
2073 type: integer
2074 description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
2075 format: int32
2076 path:
2077 type: string
2078 description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..'''
2079 required:
2080 - path
2081 emptyDir:
2082 type: object
2083 description: 'emptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
2084 properties:
2085 medium:
2086 type: string
2087 description: 'medium represents what type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
2088 sizeLimit:
2089 anyOf:
2090 - type: integer
2091 - type: string
2092 description: 'sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
2093 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
2094 x-kubernetes-int-or-string: true
2095 ephemeral:
2096 type: object
2097 description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time."
2098 properties:
2099 volumeClaimTemplate:
2100 type: object
2101 description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `<pod name>-<volume name>` where `<volume name>` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil."
2102 properties:
2103 metadata:
2104 type: object
2105 description: May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.
2106 properties:
2107 name:
2108 type: string
2109 namespace:
2110 type: string
2111 labels:
2112 type: object
2113 additionalProperties:
2114 type: string
2115 annotations:
2116 type: object
2117 additionalProperties:
2118 type: string
2119 finalizers:
2120 type: array
2121 items:
2122 type: string
2123 spec:
2124 type: object
2125 description: The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.
2126 properties:
2127 selector:
2128 type: object
2129 description: selector is a label query over volumes to consider for binding.
2130 properties:
2131 matchExpressions:
2132 type: array
2133 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
2134 items:
2135 type: object
2136 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
2137 properties:
2138 key:
2139 type: string
2140 description: key is the label key that the selector applies to.
2141 operator:
2142 type: string
2143 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
2144 values:
2145 type: array
2146 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
2147 items:
2148 type: string
2149 required:
2150 - key
2151 - operator
2152 matchLabels:
2153 type: object
2154 additionalProperties:
2155 type: string
2156 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
2157 resources:
2158 type: object
2159 description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
2160 properties:
2161 limits:
2162 type: object
2163 additionalProperties:
2164 anyOf:
2165 - type: integer
2166 - type: string
2167 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
2168 x-kubernetes-int-or-string: true
2169 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
2170 requests:
2171 type: object
2172 additionalProperties:
2173 anyOf:
2174 - type: integer
2175 - type: string
2176 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
2177 x-kubernetes-int-or-string: true
2178 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
2179 accessModes:
2180 type: array
2181 description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
2182 items:
2183 type: string
2184 dataSource:
2185 type: object
2186 description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.'
2187 properties:
2188 name:
2189 type: string
2190 description: Name is the name of resource being referenced
2191 kind:
2192 type: string
2193 description: Kind is the type of resource being referenced
2194 apiGroup:
2195 type: string
2196 description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
2197 required:
2198 - kind
2199 - name
2200 dataSourceRef:
2201 type: object
2202 description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.'
2203 properties:
2204 name:
2205 type: string
2206 description: Name is the name of resource being referenced
2207 kind:
2208 type: string
2209 description: Kind is the type of resource being referenced
2210 apiGroup:
2211 type: string
2212 description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
2213 required:
2214 - kind
2215 - name
2216 storageClassName:
2217 type: string
2218 description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
2219 volumeMode:
2220 type: string
2221 description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
2222 volumeName:
2223 type: string
2224 description: volumeName is the binding reference to the PersistentVolume backing this claim.
2225 required:
2226 - spec
2227 fc:
2228 type: object
2229 description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
2230 properties:
2231 readOnly:
2232 type: boolean
2233 description: 'readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.'
2234 fsType:
2235 type: string
2236 description: 'fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine'
2237 lun:
2238 type: integer
2239 description: 'lun is Optional: FC target lun number'
2240 format: int32
2241 targetWWNs:
2242 type: array
2243 description: 'targetWWNs is Optional: FC target worldwide names (WWNs)'
2244 items:
2245 type: string
2246 wwids:
2247 type: array
2248 description: 'wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.'
2249 items:
2250 type: string
2251 flexVolume:
2252 type: object
2253 description: flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
2254 properties:
2255 readOnly:
2256 type: boolean
2257 description: 'readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.'
2258 secretRef:
2259 type: object
2260 description: 'secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.'
2261 properties:
2262 name:
2263 type: string
2264 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
2265 driver:
2266 type: string
2267 description: driver is the name of the driver to use for this volume.
2268 fsType:
2269 type: string
2270 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
2271 options:
2272 type: object
2273 additionalProperties:
2274 type: string
2275 description: 'options is Optional: this field holds extra command options if any.'
2276 required:
2277 - driver
2278 flocker:
2279 type: object
2280 description: flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running
2281 properties:
2282 datasetName:
2283 type: string
2284 description: datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
2285 datasetUUID:
2286 type: string
2287 description: datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
2288 gcePersistentDisk:
2289 type: object
2290 description: 'gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
2291 properties:
2292 readOnly:
2293 type: boolean
2294 description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
2295 fsType:
2296 type: string
2297 description: 'fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine'
2298 partition:
2299 type: integer
2300 description: 'partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
2301 format: int32
2302 pdName:
2303 type: string
2304 description: 'pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
2305 required:
2306 - pdName
2307 gitRepo:
2308 type: object
2309 description: 'gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.'
2310 properties:
2311 revision:
2312 type: string
2313 description: revision is the commit hash for the specified revision.
2314 directory:
2315 type: string
2316 description: directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
2317 repository:
2318 type: string
2319 description: repository is the URL
2320 required:
2321 - repository
2322 glusterfs:
2323 type: object
2324 description: 'glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
2325 properties:
2326 readOnly:
2327 type: boolean
2328 description: 'readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
2329 endpoints:
2330 type: string
2331 description: 'endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
2332 path:
2333 type: string
2334 description: 'path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
2335 required:
2336 - endpoints
2337 - path
2338 hostPath:
2339 type: object
2340 description: 'hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.'
2341 properties:
2342 type:
2343 type: string
2344 description: 'type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
2345 path:
2346 type: string
2347 description: 'path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
2348 required:
2349 - path
2350 iscsi:
2351 type: object
2352 description: 'iscsi represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
2353 properties:
2354 readOnly:
2355 type: boolean
2356 description: readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
2357 secretRef:
2358 type: object
2359 description: secretRef is the CHAP Secret for iSCSI target and initiator authentication
2360 properties:
2361 name:
2362 type: string
2363 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
2364 chapAuthDiscovery:
2365 type: boolean
2366 description: chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
2367 chapAuthSession:
2368 type: boolean
2369 description: chapAuthSession defines whether support iSCSI Session CHAP authentication
2370 fsType:
2371 type: string
2372 description: 'fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine'
2373 initiatorName:
2374 type: string
2375 description: initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.
2376 iqn:
2377 type: string
2378 description: iqn is the target iSCSI Qualified Name.
2379 iscsiInterface:
2380 type: string
2381 description: iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
2382 lun:
2383 type: integer
2384 description: lun represents iSCSI Target Lun number.
2385 format: int32
2386 portals:
2387 type: array
2388 description: portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
2389 items:
2390 type: string
2391 targetPortal:
2392 type: string
2393 description: targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
2394 required:
2395 - iqn
2396 - lun
2397 - targetPortal
2398 nfs:
2399 type: object
2400 description: 'nfs represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
2401 properties:
2402 readOnly:
2403 type: boolean
2404 description: 'readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
2405 path:
2406 type: string
2407 description: 'path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
2408 server:
2409 type: string
2410 description: 'server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
2411 required:
2412 - path
2413 - server
2414 persistentVolumeClaim:
2415 type: object
2416 description: 'persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
2417 properties:
2418 readOnly:
2419 type: boolean
2420 description: readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
2421 claimName:
2422 type: string
2423 description: 'claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
2424 required:
2425 - claimName
2426 photonPersistentDisk:
2427 type: object
2428 description: photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
2429 properties:
2430 fsType:
2431 type: string
2432 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
2433 pdID:
2434 type: string
2435 description: pdID is the ID that identifies Photon Controller persistent disk
2436 required:
2437 - pdID
2438 portworxVolume:
2439 type: object
2440 description: portworxVolume represents a portworx volume attached and mounted on kubelets host machine
2441 properties:
2442 readOnly:
2443 type: boolean
2444 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
2445 fsType:
2446 type: string
2447 description: fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
2448 volumeID:
2449 type: string
2450 description: volumeID uniquely identifies a Portworx volume
2451 required:
2452 - volumeID
2453 projected:
2454 type: object
2455 description: projected items for all in one resources secrets, configmaps, and downward API
2456 properties:
2457 defaultMode:
2458 type: integer
2459 description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
2460 format: int32
2461 sources:
2462 type: array
2463 description: sources is the list of volume projections
2464 items:
2465 type: object
2466 description: Projection that may be projected along with other supported volume types
2467 properties:
2468 configMap:
2469 type: object
2470 description: configMap information about the configMap data to project
2471 properties:
2472 name:
2473 type: string
2474 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
2475 items:
2476 type: array
2477 description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
2478 items:
2479 type: object
2480 description: Maps a string key to a path within a volume.
2481 properties:
2482 key:
2483 type: string
2484 description: key is the key to project.
2485 mode:
2486 type: integer
2487 description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
2488 format: int32
2489 path:
2490 type: string
2491 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
2492 required:
2493 - key
2494 - path
2495 optional:
2496 type: boolean
2497 description: optional specify whether the ConfigMap or its keys must be defined
2498 downwardAPI:
2499 type: object
2500 description: downwardAPI information about the downwardAPI data to project
2501 properties:
2502 items:
2503 type: array
2504 description: Items is a list of DownwardAPIVolume file
2505 items:
2506 type: object
2507 description: DownwardAPIVolumeFile represents information to create the file containing the pod field
2508 properties:
2509 fieldRef:
2510 type: object
2511 description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.'
2512 properties:
2513 apiVersion:
2514 type: string
2515 description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
2516 fieldPath:
2517 type: string
2518 description: Path of the field to select in the specified API version.
2519 required:
2520 - fieldPath
2521 resourceFieldRef:
2522 type: object
2523 description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.'
2524 properties:
2525 containerName:
2526 type: string
2527 description: 'Container name: required for volumes, optional for env vars'
2528 divisor:
2529 anyOf:
2530 - type: integer
2531 - type: string
2532 description: Specifies the output format of the exposed resources, defaults to "1"
2533 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
2534 x-kubernetes-int-or-string: true
2535 resource:
2536 type: string
2537 description: 'Required: resource to select'
2538 required:
2539 - resource
2540 mode:
2541 type: integer
2542 description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
2543 format: int32
2544 path:
2545 type: string
2546 description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..'''
2547 required:
2548 - path
2549 secret:
2550 type: object
2551 description: secret information about the secret data to project
2552 properties:
2553 name:
2554 type: string
2555 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
2556 items:
2557 type: array
2558 description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
2559 items:
2560 type: object
2561 description: Maps a string key to a path within a volume.
2562 properties:
2563 key:
2564 type: string
2565 description: key is the key to project.
2566 mode:
2567 type: integer
2568 description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
2569 format: int32
2570 path:
2571 type: string
2572 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
2573 required:
2574 - key
2575 - path
2576 optional:
2577 type: boolean
2578 description: optional field specify whether the Secret or its key must be defined
2579 serviceAccountToken:
2580 type: object
2581 description: serviceAccountToken is information about the serviceAccountToken data to project
2582 properties:
2583 audience:
2584 type: string
2585 description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
2586 expirationSeconds:
2587 type: integer
2588 description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
2589 format: int64
2590 path:
2591 type: string
2592 description: path is the path relative to the mount point of the file to project the token into.
2593 required:
2594 - path
2595 quobyte:
2596 type: object
2597 description: quobyte represents a Quobyte mount on the host that shares a pod's lifetime
2598 properties:
2599 readOnly:
2600 type: boolean
2601 description: readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
2602 group:
2603 type: string
2604 description: group to map volume access to Default is no group
2605 registry:
2606 type: string
2607 description: registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
2608 tenant:
2609 type: string
2610 description: tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
2611 user:
2612 type: string
2613 description: user to map volume access to Defaults to serivceaccount user
2614 volume:
2615 type: string
2616 description: volume is a string that references an already created Quobyte volume by name.
2617 required:
2618 - registry
2619 - volume
2620 rbd:
2621 type: object
2622 description: 'rbd represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
2623 properties:
2624 image:
2625 type: string
2626 description: 'image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
2627 readOnly:
2628 type: boolean
2629 description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
2630 secretRef:
2631 type: object
2632 description: 'secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
2633 properties:
2634 name:
2635 type: string
2636 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
2637 fsType:
2638 type: string
2639 description: 'fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine'
2640 keyring:
2641 type: string
2642 description: 'keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
2643 monitors:
2644 type: array
2645 description: 'monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
2646 items:
2647 type: string
2648 pool:
2649 type: string
2650 description: 'pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
2651 user:
2652 type: string
2653 description: 'user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
2654 required:
2655 - image
2656 - monitors
2657 scaleIO:
2658 type: object
2659 description: scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
2660 properties:
2661 readOnly:
2662 type: boolean
2663 description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
2664 secretRef:
2665 type: object
2666 description: secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.
2667 properties:
2668 name:
2669 type: string
2670 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
2671 fsType:
2672 type: string
2673 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
2674 gateway:
2675 type: string
2676 description: gateway is the host address of the ScaleIO API Gateway.
2677 protectionDomain:
2678 type: string
2679 description: protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
2680 sslEnabled:
2681 type: boolean
2682 description: sslEnabled Flag enable/disable SSL communication with Gateway, default false
2683 storageMode:
2684 type: string
2685 description: storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
2686 storagePool:
2687 type: string
2688 description: storagePool is the ScaleIO Storage Pool associated with the protection domain.
2689 system:
2690 type: string
2691 description: system is the name of the storage system as configured in ScaleIO.
2692 volumeName:
2693 type: string
2694 description: volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
2695 required:
2696 - gateway
2697 - secretRef
2698 - system
2699 secret:
2700 type: object
2701 description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
2702 properties:
2703 defaultMode:
2704 type: integer
2705 description: 'defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
2706 format: int32
2707 items:
2708 type: array
2709 description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
2710 items:
2711 type: object
2712 description: Maps a string key to a path within a volume.
2713 properties:
2714 key:
2715 type: string
2716 description: key is the key to project.
2717 mode:
2718 type: integer
2719 description: 'mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.'
2720 format: int32
2721 path:
2722 type: string
2723 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
2724 required:
2725 - key
2726 - path
2727 optional:
2728 type: boolean
2729 description: optional field specify whether the Secret or its keys must be defined
2730 secretName:
2731 type: string
2732 description: 'secretName is the name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
2733 storageos:
2734 type: object
2735 description: storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
2736 properties:
2737 readOnly:
2738 type: boolean
2739 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
2740 secretRef:
2741 type: object
2742 description: secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.
2743 properties:
2744 name:
2745 type: string
2746 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
2747 fsType:
2748 type: string
2749 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
2750 volumeName:
2751 type: string
2752 description: volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.
2753 volumeNamespace:
2754 type: string
2755 description: volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
2756 vsphereVolume:
2757 type: object
2758 description: vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
2759 properties:
2760 fsType:
2761 type: string
2762 description: fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
2763 storagePolicyID:
2764 type: string
2765 description: storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
2766 storagePolicyName:
2767 type: string
2768 description: storagePolicyName is the storage Policy Based Management (SPBM) profile name.
2769 volumePath:
2770 type: string
2771 description: volumePath is the path that identifies vSphere volume vmdk
2772 required:
2773 - volumePath
2774 required:
2775 - name
2776 imagePullSecrets:
2777 type: array
2778 description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
2779 items:
2780 type: object
2781 description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
2782 properties:
2783 name:
2784 type: string
2785 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
2786 affinity:
2787 type: object
2788 description: If specified, the pod's scheduling constraints
2789 properties:
2790 nodeAffinity:
2791 type: object
2792 description: Describes node affinity scheduling rules for the pod.
2793 properties:
2794 preferredDuringSchedulingIgnoredDuringExecution:
2795 type: array
2796 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
2797 items:
2798 type: object
2799 description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
2800 properties:
2801 preference:
2802 type: object
2803 description: A node selector term, associated with the corresponding weight.
2804 properties:
2805 matchExpressions:
2806 type: array
2807 description: A list of node selector requirements by node's labels.
2808 items:
2809 type: object
2810 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
2811 properties:
2812 key:
2813 type: string
2814 description: The label key that the selector applies to.
2815 operator:
2816 type: string
2817 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
2818 values:
2819 type: array
2820 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
2821 items:
2822 type: string
2823 required:
2824 - key
2825 - operator
2826 matchFields:
2827 type: array
2828 description: A list of node selector requirements by node's fields.
2829 items:
2830 type: object
2831 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
2832 properties:
2833 key:
2834 type: string
2835 description: The label key that the selector applies to.
2836 operator:
2837 type: string
2838 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
2839 values:
2840 type: array
2841 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
2842 items:
2843 type: string
2844 required:
2845 - key
2846 - operator
2847 weight:
2848 type: integer
2849 description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
2850 format: int32
2851 required:
2852 - preference
2853 - weight
2854 requiredDuringSchedulingIgnoredDuringExecution:
2855 type: object
2856 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
2857 properties:
2858 nodeSelectorTerms:
2859 type: array
2860 description: Required. A list of node selector terms. The terms are ORed.
2861 items:
2862 type: object
2863 description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
2864 properties:
2865 matchExpressions:
2866 type: array
2867 description: A list of node selector requirements by node's labels.
2868 items:
2869 type: object
2870 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
2871 properties:
2872 key:
2873 type: string
2874 description: The label key that the selector applies to.
2875 operator:
2876 type: string
2877 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
2878 values:
2879 type: array
2880 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
2881 items:
2882 type: string
2883 required:
2884 - key
2885 - operator
2886 matchFields:
2887 type: array
2888 description: A list of node selector requirements by node's fields.
2889 items:
2890 type: object
2891 description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
2892 properties:
2893 key:
2894 type: string
2895 description: The label key that the selector applies to.
2896 operator:
2897 type: string
2898 description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
2899 values:
2900 type: array
2901 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
2902 items:
2903 type: string
2904 required:
2905 - key
2906 - operator
2907 required:
2908 - nodeSelectorTerms
2909 podAffinity:
2910 type: object
2911 description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
2912 properties:
2913 preferredDuringSchedulingIgnoredDuringExecution:
2914 type: array
2915 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
2916 items:
2917 type: object
2918 description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
2919 properties:
2920 podAffinityTerm:
2921 type: object
2922 description: Required. A pod affinity term, associated with the corresponding weight.
2923 properties:
2924 labelSelector:
2925 type: object
2926 description: A label query over a set of resources, in this case pods.
2927 properties:
2928 matchExpressions:
2929 type: array
2930 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
2931 items:
2932 type: object
2933 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
2934 properties:
2935 key:
2936 type: string
2937 description: key is the label key that the selector applies to.
2938 operator:
2939 type: string
2940 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
2941 values:
2942 type: array
2943 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
2944 items:
2945 type: string
2946 required:
2947 - key
2948 - operator
2949 matchLabels:
2950 type: object
2951 additionalProperties:
2952 type: string
2953 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
2954 namespaceSelector:
2955 type: object
2956 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
2957 properties:
2958 matchExpressions:
2959 type: array
2960 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
2961 items:
2962 type: object
2963 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
2964 properties:
2965 key:
2966 type: string
2967 description: key is the label key that the selector applies to.
2968 operator:
2969 type: string
2970 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
2971 values:
2972 type: array
2973 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
2974 items:
2975 type: string
2976 required:
2977 - key
2978 - operator
2979 matchLabels:
2980 type: object
2981 additionalProperties:
2982 type: string
2983 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
2984 namespaces:
2985 type: array
2986 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
2987 items:
2988 type: string
2989 topologyKey:
2990 type: string
2991 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
2992 required:
2993 - topologyKey
2994 weight:
2995 type: integer
2996 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
2997 format: int32
2998 required:
2999 - podAffinityTerm
3000 - weight
3001 requiredDuringSchedulingIgnoredDuringExecution:
3002 type: array
3003 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
3004 items:
3005 type: object
3006 description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
3007 properties:
3008 labelSelector:
3009 type: object
3010 description: A label query over a set of resources, in this case pods.
3011 properties:
3012 matchExpressions:
3013 type: array
3014 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
3015 items:
3016 type: object
3017 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
3018 properties:
3019 key:
3020 type: string
3021 description: key is the label key that the selector applies to.
3022 operator:
3023 type: string
3024 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
3025 values:
3026 type: array
3027 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
3028 items:
3029 type: string
3030 required:
3031 - key
3032 - operator
3033 matchLabels:
3034 type: object
3035 additionalProperties:
3036 type: string
3037 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
3038 namespaceSelector:
3039 type: object
3040 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
3041 properties:
3042 matchExpressions:
3043 type: array
3044 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
3045 items:
3046 type: object
3047 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
3048 properties:
3049 key:
3050 type: string
3051 description: key is the label key that the selector applies to.
3052 operator:
3053 type: string
3054 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
3055 values:
3056 type: array
3057 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
3058 items:
3059 type: string
3060 required:
3061 - key
3062 - operator
3063 matchLabels:
3064 type: object
3065 additionalProperties:
3066 type: string
3067 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
3068 namespaces:
3069 type: array
3070 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
3071 items:
3072 type: string
3073 topologyKey:
3074 type: string
3075 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
3076 required:
3077 - topologyKey
3078 podAntiAffinity:
3079 type: object
3080 description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
3081 properties:
3082 preferredDuringSchedulingIgnoredDuringExecution:
3083 type: array
3084 description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
3085 items:
3086 type: object
3087 description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
3088 properties:
3089 podAffinityTerm:
3090 type: object
3091 description: Required. A pod affinity term, associated with the corresponding weight.
3092 properties:
3093 labelSelector:
3094 type: object
3095 description: A label query over a set of resources, in this case pods.
3096 properties:
3097 matchExpressions:
3098 type: array
3099 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
3100 items:
3101 type: object
3102 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
3103 properties:
3104 key:
3105 type: string
3106 description: key is the label key that the selector applies to.
3107 operator:
3108 type: string
3109 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
3110 values:
3111 type: array
3112 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
3113 items:
3114 type: string
3115 required:
3116 - key
3117 - operator
3118 matchLabels:
3119 type: object
3120 additionalProperties:
3121 type: string
3122 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
3123 namespaceSelector:
3124 type: object
3125 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
3126 properties:
3127 matchExpressions:
3128 type: array
3129 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
3130 items:
3131 type: object
3132 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
3133 properties:
3134 key:
3135 type: string
3136 description: key is the label key that the selector applies to.
3137 operator:
3138 type: string
3139 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
3140 values:
3141 type: array
3142 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
3143 items:
3144 type: string
3145 required:
3146 - key
3147 - operator
3148 matchLabels:
3149 type: object
3150 additionalProperties:
3151 type: string
3152 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
3153 namespaces:
3154 type: array
3155 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
3156 items:
3157 type: string
3158 topologyKey:
3159 type: string
3160 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
3161 required:
3162 - topologyKey
3163 weight:
3164 type: integer
3165 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
3166 format: int32
3167 required:
3168 - podAffinityTerm
3169 - weight
3170 requiredDuringSchedulingIgnoredDuringExecution:
3171 type: array
3172 description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
3173 items:
3174 type: object
3175 description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running
3176 properties:
3177 labelSelector:
3178 type: object
3179 description: A label query over a set of resources, in this case pods.
3180 properties:
3181 matchExpressions:
3182 type: array
3183 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
3184 items:
3185 type: object
3186 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
3187 properties:
3188 key:
3189 type: string
3190 description: key is the label key that the selector applies to.
3191 operator:
3192 type: string
3193 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
3194 values:
3195 type: array
3196 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
3197 items:
3198 type: string
3199 required:
3200 - key
3201 - operator
3202 matchLabels:
3203 type: object
3204 additionalProperties:
3205 type: string
3206 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
3207 namespaceSelector:
3208 type: object
3209 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces.
3210 properties:
3211 matchExpressions:
3212 type: array
3213 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
3214 items:
3215 type: object
3216 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
3217 properties:
3218 key:
3219 type: string
3220 description: key is the label key that the selector applies to.
3221 operator:
3222 type: string
3223 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
3224 values:
3225 type: array
3226 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
3227 items:
3228 type: string
3229 required:
3230 - key
3231 - operator
3232 matchLabels:
3233 type: object
3234 additionalProperties:
3235 type: string
3236 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
3237 namespaces:
3238 type: array
3239 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
3240 items:
3241 type: string
3242 topologyKey:
3243 type: string
3244 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
3245 required:
3246 - topologyKey
3247 tolerations:
3248 type: array
3249 description: If specified, the pod's tolerations.
3250 items:
3251 type: object
3252 description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
3253 properties:
3254 value:
3255 type: string
3256 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
3257 effect:
3258 type: string
3259 description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
3260 key:
3261 type: string
3262 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
3263 operator:
3264 type: string
3265 description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
3266 tolerationSeconds:
3267 type: integer
3268 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
3269 format: int64
3270 dnsConfig:
3271 type: object
3272 description: Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.
3273 properties:
3274 nameservers:
3275 type: array
3276 description: A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.
3277 items:
3278 type: string
3279 options:
3280 type: array
3281 description: A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.
3282 items:
3283 type: object
3284 description: PodDNSConfigOption defines DNS resolver options of a pod.
3285 properties:
3286 name:
3287 type: string
3288 description: Required.
3289 value:
3290 type: string
3291 searches:
3292 type: array
3293 description: A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.
3294 items:
3295 type: string
3296 readinessGates:
3297 type: array
3298 description: 'If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates'
3299 items:
3300 type: object
3301 description: PodReadinessGate contains the reference to a pod condition
3302 properties:
3303 conditionType:
3304 type: string
3305 description: ConditionType refers to a condition in the pod's condition list with matching type.
3306 required:
3307 - conditionType
3308 securityContext:
3309 type: object
3310 description: 'SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.'
3311 properties:
3312 fsGroup:
3313 type: integer
3314 description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows."
3315 format: int64
3316 fsGroupChangePolicy:
3317 type: string
3318 description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.'
3319 runAsGroup:
3320 type: integer
3321 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
3322 format: int64
3323 runAsNonRoot:
3324 type: boolean
3325 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
3326 runAsUser:
3327 type: integer
3328 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
3329 format: int64
3330 seLinuxOptions:
3331 type: object
3332 description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
3333 properties:
3334 type:
3335 type: string
3336 description: Type is a SELinux type label that applies to the container.
3337 level:
3338 type: string
3339 description: Level is SELinux level label that applies to the container.
3340 role:
3341 type: string
3342 description: Role is a SELinux role label that applies to the container.
3343 user:
3344 type: string
3345 description: User is a SELinux user label that applies to the container.
3346 seccompProfile:
3347 type: object
3348 description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
3349 properties:
3350 type:
3351 type: string
3352 description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
3353 localhostProfile:
3354 type: string
3355 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
3356 required:
3357 - type
3358 supplementalGroups:
3359 type: array
3360 description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows.
3361 items:
3362 type: integer
3363 format: int64
3364 sysctls:
3365 type: array
3366 description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
3367 items:
3368 type: object
3369 description: Sysctl defines a kernel parameter to be set
3370 properties:
3371 name:
3372 type: string
3373 description: Name of a property to set
3374 value:
3375 type: string
3376 description: Value of a property to set
3377 required:
3378 - name
3379 - value
3380 windowsOptions:
3381 type: object
3382 description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
3383 properties:
3384 gmsaCredentialSpec:
3385 type: string
3386 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
3387 gmsaCredentialSpecName:
3388 type: string
3389 description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
3390 hostProcess:
3391 type: boolean
3392 description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
3393 runAsUserName:
3394 type: string
3395 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
3396 ephemeralContainers:
3397 type: array
3398 description: List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
3399 items:
3400 type: object
3401 description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a Pod is removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the Pod to exceed its resource allocation. \n To add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod. Ephemeral containers may not be removed or restarted."
3402 properties:
3403 name:
3404 type: string
3405 description: Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.
3406 image:
3407 type: string
3408 description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images'
3409 command:
3410 type: array
3411 description: 'Entrypoint array. Not executed within a shell. The image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
3412 items:
3413 type: string
3414 args:
3415 type: array
3416 description: 'Arguments to the entrypoint. The image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
3417 items:
3418 type: string
3419 workingDir:
3420 type: string
3421 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
3422 ports:
3423 type: array
3424 description: Ports are not allowed for ephemeral containers.
3425 items:
3426 type: object
3427 description: ContainerPort represents a network port in a single container.
3428 properties:
3429 name:
3430 type: string
3431 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
3432 protocol:
3433 type: string
3434 default: TCP
3435 description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
3436 hostPort:
3437 type: integer
3438 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
3439 format: int32
3440 containerPort:
3441 type: integer
3442 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
3443 format: int32
3444 hostIP:
3445 type: string
3446 description: What host IP to bind the external port to.
3447 required:
3448 - containerPort
3449 x-kubernetes-list-map-keys:
3450 - containerPort
3451 - protocol
3452 x-kubernetes-list-type: map
3453 envFrom:
3454 type: array
3455 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
3456 items:
3457 type: object
3458 description: EnvFromSource represents the source of a set of ConfigMaps
3459 properties:
3460 prefix:
3461 type: string
3462 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
3463 configMapRef:
3464 type: object
3465 description: The ConfigMap to select from
3466 properties:
3467 name:
3468 type: string
3469 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
3470 optional:
3471 type: boolean
3472 description: Specify whether the ConfigMap must be defined
3473 secretRef:
3474 type: object
3475 description: The Secret to select from
3476 properties:
3477 name:
3478 type: string
3479 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
3480 optional:
3481 type: boolean
3482 description: Specify whether the Secret must be defined
3483 env:
3484 type: array
3485 description: List of environment variables to set in the container. Cannot be updated.
3486 items:
3487 type: object
3488 description: EnvVar represents an environment variable present in a Container.
3489 properties:
3490 name:
3491 type: string
3492 description: Name of the environment variable. Must be a C_IDENTIFIER.
3493 value:
3494 type: string
3495 description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".'
3496 valueFrom:
3497 type: object
3498 description: Source for the environment variable's value. Cannot be used if value is not empty.
3499 properties:
3500 fieldRef:
3501 type: object
3502 description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.'
3503 properties:
3504 apiVersion:
3505 type: string
3506 description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
3507 fieldPath:
3508 type: string
3509 description: Path of the field to select in the specified API version.
3510 required:
3511 - fieldPath
3512 resourceFieldRef:
3513 type: object
3514 description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.'
3515 properties:
3516 containerName:
3517 type: string
3518 description: 'Container name: required for volumes, optional for env vars'
3519 divisor:
3520 anyOf:
3521 - type: integer
3522 - type: string
3523 description: Specifies the output format of the exposed resources, defaults to "1"
3524 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
3525 x-kubernetes-int-or-string: true
3526 resource:
3527 type: string
3528 description: 'Required: resource to select'
3529 required:
3530 - resource
3531 configMapKeyRef:
3532 type: object
3533 description: Selects a key of a ConfigMap.
3534 properties:
3535 name:
3536 type: string
3537 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
3538 key:
3539 type: string
3540 description: The key to select.
3541 optional:
3542 type: boolean
3543 description: Specify whether the ConfigMap or its key must be defined
3544 required:
3545 - key
3546 secretKeyRef:
3547 type: object
3548 description: Selects a key of a secret in the pod's namespace
3549 properties:
3550 name:
3551 type: string
3552 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
3553 key:
3554 type: string
3555 description: The key of the secret to select from. Must be a valid secret key.
3556 optional:
3557 type: boolean
3558 description: Specify whether the Secret or its key must be defined
3559 required:
3560 - key
3561 required:
3562 - name
3563 resources:
3564 type: object
3565 description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.
3566 properties:
3567 limits:
3568 type: object
3569 additionalProperties:
3570 anyOf:
3571 - type: integer
3572 - type: string
3573 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
3574 x-kubernetes-int-or-string: true
3575 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
3576 requests:
3577 type: object
3578 additionalProperties:
3579 anyOf:
3580 - type: integer
3581 - type: string
3582 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
3583 x-kubernetes-int-or-string: true
3584 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
3585 volumeMounts:
3586 type: array
3587 description: Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated.
3588 items:
3589 type: object
3590 description: VolumeMount describes a mounting of a Volume within a container.
3591 properties:
3592 name:
3593 type: string
3594 description: This must match the Name of a Volume.
3595 readOnly:
3596 type: boolean
3597 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
3598 mountPath:
3599 type: string
3600 description: Path within the container at which the volume should be mounted. Must not contain ':'.
3601 subPath:
3602 type: string
3603 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
3604 subPathExpr:
3605 type: string
3606 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
3607 mountPropagation:
3608 type: string
3609 description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.
3610 required:
3611 - mountPath
3612 - name
3613 volumeDevices:
3614 type: array
3615 description: volumeDevices is the list of block devices to be used by the container.
3616 items:
3617 type: object
3618 description: volumeDevice describes a mapping of a raw block device within a container.
3619 properties:
3620 name:
3621 type: string
3622 description: name must match the name of a persistentVolumeClaim in the pod
3623 devicePath:
3624 type: string
3625 description: devicePath is the path inside of the container that the device will be mapped to.
3626 required:
3627 - devicePath
3628 - name
3629 livenessProbe:
3630 type: object
3631 description: Probes are not allowed for ephemeral containers.
3632 properties:
3633 terminationGracePeriodSeconds:
3634 type: integer
3635 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
3636 format: int64
3637 exec:
3638 type: object
3639 description: Exec specifies the action to take.
3640 properties:
3641 command:
3642 type: array
3643 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
3644 items:
3645 type: string
3646 failureThreshold:
3647 type: integer
3648 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
3649 format: int32
3650 grpc:
3651 type: object
3652 description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
3653 properties:
3654 service:
3655 type: string
3656 description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC."
3657 port:
3658 type: integer
3659 description: Port number of the gRPC service. Number must be in the range 1 to 65535.
3660 format: int32
3661 required:
3662 - port
3663 httpGet:
3664 type: object
3665 description: HTTPGet specifies the http request to perform.
3666 properties:
3667 port:
3668 anyOf:
3669 - type: integer
3670 - type: string
3671 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
3672 x-kubernetes-int-or-string: true
3673 host:
3674 type: string
3675 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
3676 httpHeaders:
3677 type: array
3678 description: Custom headers to set in the request. HTTP allows repeated headers.
3679 items:
3680 type: object
3681 description: HTTPHeader describes a custom header to be used in HTTP probes
3682 properties:
3683 name:
3684 type: string
3685 description: The header field name
3686 value:
3687 type: string
3688 description: The header field value
3689 required:
3690 - name
3691 - value
3692 path:
3693 type: string
3694 description: Path to access on the HTTP server.
3695 scheme:
3696 type: string
3697 description: Scheme to use for connecting to the host. Defaults to HTTP.
3698 required:
3699 - port
3700 initialDelaySeconds:
3701 type: integer
3702 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
3703 format: int32
3704 periodSeconds:
3705 type: integer
3706 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
3707 format: int32
3708 successThreshold:
3709 type: integer
3710 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
3711 format: int32
3712 tcpSocket:
3713 type: object
3714 description: TCPSocket specifies an action involving a TCP port.
3715 properties:
3716 port:
3717 anyOf:
3718 - type: integer
3719 - type: string
3720 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
3721 x-kubernetes-int-or-string: true
3722 host:
3723 type: string
3724 description: 'Optional: Host name to connect to, defaults to the pod IP.'
3725 required:
3726 - port
3727 timeoutSeconds:
3728 type: integer
3729 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
3730 format: int32
3731 readinessProbe:
3732 type: object
3733 description: Probes are not allowed for ephemeral containers.
3734 properties:
3735 terminationGracePeriodSeconds:
3736 type: integer
3737 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
3738 format: int64
3739 exec:
3740 type: object
3741 description: Exec specifies the action to take.
3742 properties:
3743 command:
3744 type: array
3745 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
3746 items:
3747 type: string
3748 failureThreshold:
3749 type: integer
3750 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
3751 format: int32
3752 grpc:
3753 type: object
3754 description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
3755 properties:
3756 service:
3757 type: string
3758 description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC."
3759 port:
3760 type: integer
3761 description: Port number of the gRPC service. Number must be in the range 1 to 65535.
3762 format: int32
3763 required:
3764 - port
3765 httpGet:
3766 type: object
3767 description: HTTPGet specifies the http request to perform.
3768 properties:
3769 port:
3770 anyOf:
3771 - type: integer
3772 - type: string
3773 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
3774 x-kubernetes-int-or-string: true
3775 host:
3776 type: string
3777 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
3778 httpHeaders:
3779 type: array
3780 description: Custom headers to set in the request. HTTP allows repeated headers.
3781 items:
3782 type: object
3783 description: HTTPHeader describes a custom header to be used in HTTP probes
3784 properties:
3785 name:
3786 type: string
3787 description: The header field name
3788 value:
3789 type: string
3790 description: The header field value
3791 required:
3792 - name
3793 - value
3794 path:
3795 type: string
3796 description: Path to access on the HTTP server.
3797 scheme:
3798 type: string
3799 description: Scheme to use for connecting to the host. Defaults to HTTP.
3800 required:
3801 - port
3802 initialDelaySeconds:
3803 type: integer
3804 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
3805 format: int32
3806 periodSeconds:
3807 type: integer
3808 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
3809 format: int32
3810 successThreshold:
3811 type: integer
3812 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
3813 format: int32
3814 tcpSocket:
3815 type: object
3816 description: TCPSocket specifies an action involving a TCP port.
3817 properties:
3818 port:
3819 anyOf:
3820 - type: integer
3821 - type: string
3822 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
3823 x-kubernetes-int-or-string: true
3824 host:
3825 type: string
3826 description: 'Optional: Host name to connect to, defaults to the pod IP.'
3827 required:
3828 - port
3829 timeoutSeconds:
3830 type: integer
3831 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
3832 format: int32
3833 lifecycle:
3834 type: object
3835 description: Lifecycle is not allowed for ephemeral containers.
3836 properties:
3837 postStart:
3838 type: object
3839 description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
3840 properties:
3841 exec:
3842 type: object
3843 description: Exec specifies the action to take.
3844 properties:
3845 command:
3846 type: array
3847 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
3848 items:
3849 type: string
3850 httpGet:
3851 type: object
3852 description: HTTPGet specifies the http request to perform.
3853 properties:
3854 port:
3855 anyOf:
3856 - type: integer
3857 - type: string
3858 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
3859 x-kubernetes-int-or-string: true
3860 host:
3861 type: string
3862 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
3863 httpHeaders:
3864 type: array
3865 description: Custom headers to set in the request. HTTP allows repeated headers.
3866 items:
3867 type: object
3868 description: HTTPHeader describes a custom header to be used in HTTP probes
3869 properties:
3870 name:
3871 type: string
3872 description: The header field name
3873 value:
3874 type: string
3875 description: The header field value
3876 required:
3877 - name
3878 - value
3879 path:
3880 type: string
3881 description: Path to access on the HTTP server.
3882 scheme:
3883 type: string
3884 description: Scheme to use for connecting to the host. Defaults to HTTP.
3885 required:
3886 - port
3887 tcpSocket:
3888 type: object
3889 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
3890 properties:
3891 port:
3892 anyOf:
3893 - type: integer
3894 - type: string
3895 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
3896 x-kubernetes-int-or-string: true
3897 host:
3898 type: string
3899 description: 'Optional: Host name to connect to, defaults to the pod IP.'
3900 required:
3901 - port
3902 preStop:
3903 type: object
3904 description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod''s termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
3905 properties:
3906 exec:
3907 type: object
3908 description: Exec specifies the action to take.
3909 properties:
3910 command:
3911 type: array
3912 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
3913 items:
3914 type: string
3915 httpGet:
3916 type: object
3917 description: HTTPGet specifies the http request to perform.
3918 properties:
3919 port:
3920 anyOf:
3921 - type: integer
3922 - type: string
3923 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
3924 x-kubernetes-int-or-string: true
3925 host:
3926 type: string
3927 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
3928 httpHeaders:
3929 type: array
3930 description: Custom headers to set in the request. HTTP allows repeated headers.
3931 items:
3932 type: object
3933 description: HTTPHeader describes a custom header to be used in HTTP probes
3934 properties:
3935 name:
3936 type: string
3937 description: The header field name
3938 value:
3939 type: string
3940 description: The header field value
3941 required:
3942 - name
3943 - value
3944 path:
3945 type: string
3946 description: Path to access on the HTTP server.
3947 scheme:
3948 type: string
3949 description: Scheme to use for connecting to the host. Defaults to HTTP.
3950 required:
3951 - port
3952 tcpSocket:
3953 type: object
3954 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.
3955 properties:
3956 port:
3957 anyOf:
3958 - type: integer
3959 - type: string
3960 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
3961 x-kubernetes-int-or-string: true
3962 host:
3963 type: string
3964 description: 'Optional: Host name to connect to, defaults to the pod IP.'
3965 required:
3966 - port
3967 terminationMessagePath:
3968 type: string
3969 description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
3970 terminationMessagePolicy:
3971 type: string
3972 description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
3973 imagePullPolicy:
3974 type: string
3975 description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
3976 securityContext:
3977 type: object
3978 description: 'Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.'
3979 properties:
3980 allowPrivilegeEscalation:
3981 type: boolean
3982 description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.'
3983 capabilities:
3984 type: object
3985 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
3986 properties:
3987 add:
3988 type: array
3989 description: Added capabilities
3990 items:
3991 type: string
3992 description: Capability represent POSIX capabilities type
3993 drop:
3994 type: array
3995 description: Removed capabilities
3996 items:
3997 type: string
3998 description: Capability represent POSIX capabilities type
3999 privileged:
4000 type: boolean
4001 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
4002 procMount:
4003 type: string
4004 description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
4005 readOnlyRootFilesystem:
4006 type: boolean
4007 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
4008 runAsGroup:
4009 type: integer
4010 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
4011 format: int64
4012 runAsNonRoot:
4013 type: boolean
4014 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
4015 runAsUser:
4016 type: integer
4017 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
4018 format: int64
4019 seLinuxOptions:
4020 type: object
4021 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
4022 properties:
4023 type:
4024 type: string
4025 description: Type is a SELinux type label that applies to the container.
4026 level:
4027 type: string
4028 description: Level is SELinux level label that applies to the container.
4029 role:
4030 type: string
4031 description: Role is a SELinux role label that applies to the container.
4032 user:
4033 type: string
4034 description: User is a SELinux user label that applies to the container.
4035 seccompProfile:
4036 type: object
4037 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
4038 properties:
4039 type:
4040 type: string
4041 description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied."
4042 localhostProfile:
4043 type: string
4044 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
4045 required:
4046 - type
4047 windowsOptions:
4048 type: object
4049 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
4050 properties:
4051 gmsaCredentialSpec:
4052 type: string
4053 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
4054 gmsaCredentialSpecName:
4055 type: string
4056 description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
4057 hostProcess:
4058 type: boolean
4059 description: HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
4060 runAsUserName:
4061 type: string
4062 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
4063 stdin:
4064 type: boolean
4065 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
4066 stdinOnce:
4067 type: boolean
4068 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
4069 tty:
4070 type: boolean
4071 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
4072 startupProbe:
4073 type: object
4074 description: Probes are not allowed for ephemeral containers.
4075 properties:
4076 terminationGracePeriodSeconds:
4077 type: integer
4078 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
4079 format: int64
4080 exec:
4081 type: object
4082 description: Exec specifies the action to take.
4083 properties:
4084 command:
4085 type: array
4086 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
4087 items:
4088 type: string
4089 failureThreshold:
4090 type: integer
4091 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
4092 format: int32
4093 grpc:
4094 type: object
4095 description: GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.
4096 properties:
4097 service:
4098 type: string
4099 description: "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC."
4100 port:
4101 type: integer
4102 description: Port number of the gRPC service. Number must be in the range 1 to 65535.
4103 format: int32
4104 required:
4105 - port
4106 httpGet:
4107 type: object
4108 description: HTTPGet specifies the http request to perform.
4109 properties:
4110 port:
4111 anyOf:
4112 - type: integer
4113 - type: string
4114 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
4115 x-kubernetes-int-or-string: true
4116 host:
4117 type: string
4118 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
4119 httpHeaders:
4120 type: array
4121 description: Custom headers to set in the request. HTTP allows repeated headers.
4122 items:
4123 type: object
4124 description: HTTPHeader describes a custom header to be used in HTTP probes
4125 properties:
4126 name:
4127 type: string
4128 description: The header field name
4129 value:
4130 type: string
4131 description: The header field value
4132 required:
4133 - name
4134 - value
4135 path:
4136 type: string
4137 description: Path to access on the HTTP server.
4138 scheme:
4139 type: string
4140 description: Scheme to use for connecting to the host. Defaults to HTTP.
4141 required:
4142 - port
4143 initialDelaySeconds:
4144 type: integer
4145 description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
4146 format: int32
4147 periodSeconds:
4148 type: integer
4149 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
4150 format: int32
4151 successThreshold:
4152 type: integer
4153 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
4154 format: int32
4155 tcpSocket:
4156 type: object
4157 description: TCPSocket specifies an action involving a TCP port.
4158 properties:
4159 port:
4160 anyOf:
4161 - type: integer
4162 - type: string
4163 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
4164 x-kubernetes-int-or-string: true
4165 host:
4166 type: string
4167 description: 'Optional: Host name to connect to, defaults to the pod IP.'
4168 required:
4169 - port
4170 timeoutSeconds:
4171 type: integer
4172 description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
4173 format: int32
4174 targetContainerName:
4175 type: string
4176 description: "If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container uses the namespaces configured in the Pod spec. \n The container runtime must implement support for this feature. If the runtime does not support namespace targeting then the result of setting this field is undefined."
4177 required:
4178 - name
4179 hostUsers:
4180 type: boolean
4181 description: 'Use the host''s user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.'
4182 os:
4183 type: object
4184 description: "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set. \n If the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions \n If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup"
4185 properties:
4186 name:
4187 type: string
4188 description: 'Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: null'
4189 required:
4190 - name
4191 overhead:
4192 type: object
4193 additionalProperties:
4194 anyOf:
4195 - type: integer
4196 - type: string
4197 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
4198 x-kubernetes-int-or-string: true
4199 description: 'Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md'
4200 preemptionPolicy:
4201 type: string
4202 description: PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
4203 setHostnameAsFQDN:
4204 type: boolean
4205 description: If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false.
4206 topologySpreadConstraints:
4207 type: array
4208 description: TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.
4209 items:
4210 type: object
4211 description: TopologySpreadConstraint specifies how to spread matching pods among the given topology.
4212 properties:
4213 labelSelector:
4214 type: object
4215 description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.
4216 properties:
4217 matchExpressions:
4218 type: array
4219 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
4220 items:
4221 type: object
4222 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
4223 properties:
4224 key:
4225 type: string
4226 description: key is the label key that the selector applies to.
4227 operator:
4228 type: string
4229 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
4230 values:
4231 type: array
4232 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
4233 items:
4234 type: string
4235 required:
4236 - key
4237 - operator
4238 matchLabels:
4239 type: object
4240 additionalProperties:
4241 type: string
4242 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
4243 matchLabelKeys:
4244 type: array
4245 description: MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
4246 items:
4247 type: string
4248 x-kubernetes-list-type: atomic
4249 maxSkew:
4250 type: integer
4251 description: 'MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It''s a required field. Default value is 1 and 0 is not allowed.'
4252 format: int32
4253 minDomains:
4254 type: integer
4255 description: "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. \n This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default)."
4256 format: int32
4257 nodeAffinityPolicy:
4258 type: string
4259 description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag."
4260 nodeTaintsPolicy:
4261 type: string
4262 description: "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag."
4263 topologyKey:
4264 type: string
4265 description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field.
4266 whenUnsatisfiable:
4267 type: string
4268 description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.'
4269 required:
4270 - maxSkew
4271 - topologyKey
4272 - whenUnsatisfiable
4273 x-kubernetes-list-map-keys:
4274 - topologyKey
4275 - whenUnsatisfiable
4276 x-kubernetes-list-type: map
4277 required:
4278 - containers
4279 volumeClaimTemplates:
4280 type: array
4281 description: 'volumeClaimTemplates is a list of claims that pods are allowed to reference. The StatefulSet controller is responsible for mapping network identities to claims in a way that maintains the identity of a pod. Every claim in this list must have at least one matching (by name) volumeMount in one container in the template. A claim in this list takes precedence over any volumes in the template, with the same name. TODO: Define the behavior if a claim already exists with the same name.'
4282 items:
4283 type: object
4284 description: PersistentVolumeClaim is a user's request for and claim to a persistent volume
4285 properties:
4286 apiVersion:
4287 type: string
4288 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
4289 kind:
4290 type: string
4291 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
4292 metadata:
4293 type: object
4294 description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
4295 properties:
4296 name:
4297 type: string
4298 namespace:
4299 type: string
4300 labels:
4301 type: object
4302 additionalProperties:
4303 type: string
4304 annotations:
4305 type: object
4306 additionalProperties:
4307 type: string
4308 finalizers:
4309 type: array
4310 items:
4311 type: string
4312 spec:
4313 type: object
4314 description: 'spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
4315 properties:
4316 selector:
4317 type: object
4318 description: selector is a label query over volumes to consider for binding.
4319 properties:
4320 matchExpressions:
4321 type: array
4322 description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
4323 items:
4324 type: object
4325 description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
4326 properties:
4327 key:
4328 type: string
4329 description: key is the label key that the selector applies to.
4330 operator:
4331 type: string
4332 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
4333 values:
4334 type: array
4335 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
4336 items:
4337 type: string
4338 required:
4339 - key
4340 - operator
4341 matchLabels:
4342 type: object
4343 additionalProperties:
4344 type: string
4345 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
4346 resources:
4347 type: object
4348 description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
4349 properties:
4350 limits:
4351 type: object
4352 additionalProperties:
4353 anyOf:
4354 - type: integer
4355 - type: string
4356 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
4357 x-kubernetes-int-or-string: true
4358 description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
4359 requests:
4360 type: object
4361 additionalProperties:
4362 anyOf:
4363 - type: integer
4364 - type: string
4365 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
4366 x-kubernetes-int-or-string: true
4367 description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
4368 accessModes:
4369 type: array
4370 description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
4371 items:
4372 type: string
4373 dataSource:
4374 type: object
4375 description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.'
4376 properties:
4377 name:
4378 type: string
4379 description: Name is the name of resource being referenced
4380 kind:
4381 type: string
4382 description: Kind is the type of resource being referenced
4383 apiGroup:
4384 type: string
4385 description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
4386 required:
4387 - kind
4388 - name
4389 dataSourceRef:
4390 type: object
4391 description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.'
4392 properties:
4393 name:
4394 type: string
4395 description: Name is the name of resource being referenced
4396 kind:
4397 type: string
4398 description: Kind is the type of resource being referenced
4399 apiGroup:
4400 type: string
4401 description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
4402 required:
4403 - kind
4404 - name
4405 storageClassName:
4406 type: string
4407 description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
4408 volumeMode:
4409 type: string
4410 description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
4411 volumeName:
4412 type: string
4413 description: volumeName is the binding reference to the PersistentVolume backing this claim.
4414 status:
4415 type: object
4416 description: 'status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
4417 properties:
4418 accessModes:
4419 type: array
4420 description: 'accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
4421 items:
4422 type: string
4423 allocatedResources:
4424 type: object
4425 additionalProperties:
4426 anyOf:
4427 - type: integer
4428 - type: string
4429 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
4430 x-kubernetes-int-or-string: true
4431 description: allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
4432 capacity:
4433 type: object
4434 additionalProperties:
4435 anyOf:
4436 - type: integer
4437 - type: string
4438 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
4439 x-kubernetes-int-or-string: true
4440 description: capacity represents the actual resources of the underlying volume.
4441 conditions:
4442 type: array
4443 description: conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.
4444 items:
4445 type: object
4446 description: PersistentVolumeClaimCondition contails details about state of pvc
4447 properties:
4448 type:
4449 type: string
4450 description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type
4451 status:
4452 type: string
4453 lastProbeTime:
4454 type: string
4455 description: lastProbeTime is the time we probed the condition.
4456 format: date-time
4457 lastTransitionTime:
4458 type: string
4459 description: lastTransitionTime is the time the condition transitioned from one status to another.
4460 format: date-time
4461 message:
4462 type: string
4463 description: message is the human-readable message indicating details about last transition.
4464 reason:
4465 type: string
4466 description: reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized.
4467 required:
4468 - status
4469 - type
4470 phase:
4471 type: string
4472 description: phase represents the current phase of PersistentVolumeClaim.
4473 resizeStatus:
4474 type: string
4475 description: resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
4476 serviceName:
4477 type: string
4478 description: 'serviceName is the name of the service that governs this StatefulSet. This service must exist before the StatefulSet, and is responsible for the network identity of the set. Pods get DNS/hostnames that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local where "pod-specific-string" is managed by the StatefulSet controller.'
4479 podManagementPolicy:
4480 type: string
4481 description: podManagementPolicy controls how pods are created during initial scale up, when replacing pods on nodes, or when scaling down. The default policy is `OrderedReady`, where pods are created in increasing order (pod-0, then pod-1, etc) and the controller will wait until each pod is ready before continuing. When scaling down, the pods are removed in the opposite order. The alternative policy is `Parallel` which will create pods in parallel to match the desired scale without waiting, and on scale down will delete all pods at once.
4482 updateStrategy:
4483 type: object
4484 description: updateStrategy indicates the StatefulSetUpdateStrategy that will be employed to update Pods in the StatefulSet when a revision is made to Template.
4485 properties:
4486 type:
4487 type: string
4488 description: Type indicates the type of the StatefulSetUpdateStrategy. Default is RollingUpdate.
4489 rollingUpdate:
4490 type: object
4491 description: RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType.
4492 properties:
4493 maxUnavailable:
4494 anyOf:
4495 - type: integer
4496 - type: string
4497 description: 'The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding up. This can not be 0. Defaults to 1. This field is alpha-level and is only honored by servers that enable the MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it will be counted towards MaxUnavailable.'
4498 x-kubernetes-int-or-string: true
4499 partition:
4500 type: integer
4501 description: Partition indicates the ordinal at which the StatefulSet should be partitioned for updates. During a rolling update, all pods from ordinal Replicas-1 to Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. This is helpful in being able to do a canary based deployment. The default value is 0.
4502 format: int32
4503 minReadySeconds:
4504 type: integer
4505 description: Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)
4506 format: int32
4507 revisionHistoryLimit:
4508 type: integer
4509 description: revisionHistoryLimit is the maximum number of revisions that will be maintained in the StatefulSet's revision history. The revision history consists of all revisions not represented by a currently applied StatefulSetSpec version. The default value is 10.
4510 format: int32
4511 persistentVolumeClaimRetentionPolicy:
4512 type: object
4513 description: persistentVolumeClaimRetentionPolicy describes the lifecycle of persistent volume claims created from volumeClaimTemplates. By default, all persistent volume claims are created as needed and retained until manually deleted. This policy allows the lifecycle to be altered, for example by deleting persistent volume claims when their stateful set is deleted, or when their pod is scaled down. This requires the StatefulSetAutoDeletePVC feature gate to be enabled, which is alpha. +optional
4514 properties:
4515 whenDeleted:
4516 type: string
4517 description: WhenDeleted specifies what happens to PVCs created from StatefulSet VolumeClaimTemplates when the StatefulSet is deleted. The default policy of `Retain` causes PVCs to not be affected by StatefulSet deletion. The `Delete` policy causes those PVCs to be deleted.
4518 whenScaled:
4519 type: string
4520 description: WhenScaled specifies what happens to PVCs created from StatefulSet VolumeClaimTemplates when the StatefulSet is scaled down. The default policy of `Retain` causes PVCs to not be affected by a scaledown. The `Delete` policy causes the associated PVCs for any excess pods above the replica count to be deleted.
4521 required:
4522 - selector
4523 - serviceName
4524 - template
4525 status:
4526 type: object
4527 description: Status is the current status of Pods in this StatefulSet. This data may be out of date by some window of time.
4528 properties:
4529 replicas:
4530 type: integer
4531 description: replicas is the number of Pods created by the StatefulSet controller.
4532 format: int32
4533 availableReplicas:
4534 type: integer
4535 description: Total number of available pods (ready for at least minReadySeconds) targeted by this statefulset.
4536 format: int32
4537 collisionCount:
4538 type: integer
4539 description: collisionCount is the count of hash collisions for the StatefulSet. The StatefulSet controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ControllerRevision.
4540 format: int32
4541 conditions:
4542 type: array
4543 description: Represents the latest available observations of a statefulset's current state.
4544 items:
4545 type: object
4546 description: StatefulSetCondition describes the state of a statefulset at a certain point.
4547 properties:
4548 type:
4549 type: string
4550 description: Type of statefulset condition.
4551 status:
4552 type: string
4553 description: Status of the condition, one of True, False, Unknown.
4554 lastTransitionTime:
4555 type: string
4556 description: Last time the condition transitioned from one status to another.
4557 format: date-time
4558 message:
4559 type: string
4560 description: A human readable message indicating details about the transition.
4561 reason:
4562 type: string
4563 description: The reason for the condition's last transition.
4564 required:
4565 - status
4566 - type
4567 currentReplicas:
4568 type: integer
4569 description: currentReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version indicated by currentRevision.
4570 format: int32
4571 currentRevision:
4572 type: string
4573 description: currentRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence [0,currentReplicas).
4574 observedGeneration:
4575 type: integer
4576 description: observedGeneration is the most recent generation observed for this StatefulSet. It corresponds to the StatefulSet's generation, which is updated on mutation by the API Server.
4577 format: int64
4578 readyReplicas:
4579 type: integer
4580 description: readyReplicas is the number of pods created for this StatefulSet with a Ready Condition.
4581 format: int32
4582 updateRevision:
4583 type: string
4584 description: updateRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence [replicas-updatedReplicas,replicas)
4585 updatedReplicas:
4586 type: integer
4587 description: updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version indicated by updateRevision.
4588 format: int32
4589 required:
4590 - replicas
4591 required:
4592 - statefulSet
4593 status:
4594 type: object
4595 default:
4596 observedGeneration: -1
4597 description: PersistenceStatus defines the observed state of a Persistence
4598 properties:
4599 conditions:
4600 type: array
4601 items:
4602 type: object
4603 description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
4604 properties:
4605 type:
4606 type: string
4607 description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
4608 maxLength: 316
4609 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
4610 status:
4611 type: string
4612 description: status of the condition, one of True, False, Unknown.
4613 enum:
4614 - "True"
4615 - "False"
4616 - Unknown
4617 lastTransitionTime:
4618 type: string
4619 description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
4620 format: date-time
4621 message:
4622 type: string
4623 description: message is a human readable message indicating details about the transition. This may be an empty string.
4624 maxLength: 32768
4625 observedGeneration:
4626 type: integer
4627 description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
4628 format: int64
4629 minimum: 0
4630 reason:
4631 type: string
4632 description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
4633 maxLength: 1024
4634 minLength: 1
4635 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
4636 required:
4637 - lastTransitionTime
4638 - message
4639 - reason
4640 - status
4641 - type
4642 inventory:
4643 type: object
4644 description: ResourceInventory contains a list of Kubernetes resource object references that have been applied.
4645 properties:
4646 entries:
4647 type: array
4648 description: Entries of Kubernetes resource object references.
4649 items:
4650 type: object
4651 description: ResourceRef contains the information necessary to locate a resource within a cluster.
4652 properties:
4653 id:
4654 type: string
4655 description: ID is the string representation of the Kubernetes resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'.
4656 v:
4657 type: string
4658 description: Version is the API version of the Kubernetes resource object's kind.
4659 required:
4660 - id
4661 - v
4662 observedGeneration:
4663 type: integer
4664 format: int64
4665 served: true
4666 storage: true
4667 subresources:
4668 status: {}
4669---
4670apiVersion: v1
4671kind: ServiceAccount
4672metadata:
4673 name: envctl
4674 namespace: envctl
4675 labels:
4676 platform.edge.ncr.com/component: 'envctl'
4677 annotations:
4678 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
4679 pallet.edge.ncr.com/name: envctl
4680 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
4681 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
4682 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
4683 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
4684imagePullSecrets:
4685- name: edge-docker-pull-secret
4686---
4687apiVersion: rbac.authorization.k8s.io/v1
4688kind: ClusterRole
4689metadata:
4690 name: envctl
4691 annotations:
4692 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
4693 pallet.edge.ncr.com/name: envctl
4694 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
4695 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
4696 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
4697 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
4698 labels: {}
4699rules:
4700- resources:
4701 - namespaces
4702 apiGroups:
4703 - ""
4704 verbs:
4705 - create
4706 - get
4707 - list
4708 - patch
4709 - update
4710 - watch
4711- resources:
4712 - namespaces/status
4713 apiGroups:
4714 - ""
4715 verbs:
4716 - get
4717 - patch
4718 - update
4719- resources:
4720 - nodes
4721 apiGroups:
4722 - ""
4723 verbs:
4724 - get
4725 - list
4726 - update
4727 - watch
4728- resources:
4729 - nodes/status
4730 apiGroups:
4731 - ""
4732 verbs:
4733 - get
4734- resources:
4735 - statefulsets
4736 apiGroups:
4737 - apps
4738 verbs:
4739 - create
4740 - delete
4741 - get
4742 - list
4743 - patch
4744 - update
4745 - watch
4746- resources:
4747 - statefulsets/status
4748 apiGroups:
4749 - apps
4750 verbs:
4751 - get
4752- resources:
4753 - persistence
4754 apiGroups:
4755 - edge.ncr.com
4756 verbs:
4757 - create
4758 - get
4759 - list
4760 - patch
4761 - update
4762 - watch
4763- resources:
4764 - persistence/status
4765 apiGroups:
4766 - edge.ncr.com
4767 verbs:
4768 - get
4769 - patch
4770 - update
4771---
4772apiVersion: rbac.authorization.k8s.io/v1
4773kind: ClusterRoleBinding
4774metadata:
4775 name: envctl
4776 labels:
4777 platform.edge.ncr.com/component: 'envctl'
4778 annotations:
4779 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
4780 pallet.edge.ncr.com/name: envctl
4781 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
4782 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
4783 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
4784 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
4785roleRef:
4786 name: envctl
4787 kind: ClusterRole
4788 apiGroup: rbac.authorization.k8s.io
4789subjects:
4790- name: envctl
4791 namespace: envctl
4792 kind: ServiceAccount
4793---
4794apiVersion: v1
4795kind: Service
4796metadata:
4797 name: envctl
4798 namespace: envctl
4799 labels:
4800 platform.edge.ncr.com/component: envctl
4801 annotations:
4802 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
4803 pallet.edge.ncr.com/name: envctl
4804 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
4805 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
4806 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
4807 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
4808spec:
4809 selector:
4810 platform.edge.ncr.com/component: envctl
4811 ports:
4812 - name: metrics
4813 port: 8080
4814---
4815apiVersion: apps/v1
4816kind: Deployment
4817metadata:
4818 name: envctl
4819 namespace: envctl
4820 labels:
4821 platform.edge.ncr.com/component: envctl
4822 annotations:
4823 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
4824 pallet.edge.ncr.com/name: envctl
4825 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
4826 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
4827 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
4828 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
4829spec:
4830 replicas: 1
4831 selector:
4832 matchLabels:
4833 platform.edge.ncr.com/component: envctl
4834 template:
4835 metadata:
4836 labels:
4837 platform.edge.ncr.com/component: envctl
4838 annotations:
4839 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
4840 pallet.edge.ncr.com/name: envctl
4841 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
4842 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
4843 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
4844 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
4845 spec:
4846 serviceAccountName: envctl
4847 containers:
4848 - name: envctl
4849 image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/workloads/envctl@sha256:d65278daf0b3a67480da28a665bf4fab01e892113ad8e2299f4fa3c811d5da3f
4850 ports:
4851 - name: metrics
4852 containerPort: 8080
4853 resources:
4854 limits:
4855 cpu: "100m"
4856 imagePullPolicy: IfNotPresent
4857---
4858apiVersion: monitoring.coreos.com/v1
4859kind: ServiceMonitor
4860metadata:
4861 name: envctl
4862 namespace: envctl
4863 labels:
4864 platform.edge.ncr.com/component: envctl
4865 annotations:
4866 monitoring.edge.ncr.com/allowed-metrics: |
4867 edge_envctl_reconcile_condition_status
4868 edge_envctl_reconcile_duration_seconds_sum
4869 edge_envctl_reconcile_duration_seconds_count
4870 edge_envctl_reconcile_duration_seconds_bucket
4871 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
4872 pallet.edge.ncr.com/name: envctl
4873 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
4874 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
4875 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
4876 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
4877spec:
4878 selector:
4879 matchLabels:
4880 platform.edge.ncr.com/component: envctl
4881 endpoints:
4882 - port: metrics
4883---
4884apiVersion: policy.linkerd.io/v1beta1
4885kind: Server
4886metadata:
4887 name: envctl
4888 namespace: envctl
4889 labels:
4890 platform.edge.ncr.com/component: envctl
4891 annotations:
4892 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
4893 pallet.edge.ncr.com/name: envctl
4894 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
4895 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
4896 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
4897 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
4898spec:
4899 port: metrics
4900 podSelector:
4901 matchLabels:
4902 platform.edge.ncr.com/component: envctl
4903 proxyProtocol: HTTP/1
4904---
4905apiVersion: policy.linkerd.io/v1beta1
4906kind: ServerAuthorization
4907metadata:
4908 name: envctl
4909 namespace: envctl
4910 labels:
4911 platform.edge.ncr.com/component: envctl
4912 annotations:
4913 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
4914 pallet.edge.ncr.com/name: envctl
4915 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
4916 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
4917 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-infra'
4918 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
4919spec:
4920 client:
4921 meshTLS:
4922 serviceAccounts:
4923 - name: prometheus
4924 namespace: monitoring
4925 server:
4926 name: envctl
View as plain text