1/*
2Copyright The Kubernetes Authors.
3
4Licensed under the Apache License, Version 2.0 (the "License");
5you may not use this file except in compliance with the License.
6You may obtain a copy of the License at
7
8 http://www.apache.org/licenses/LICENSE-2.0
9
10Unless required by applicable law or agreed to in writing, software
11distributed under the License is distributed on an "AS IS" BASIS,
12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13See the License for the specific language governing permissions and
14limitations under the License.
15*/
16
17
18// This file was autogenerated by go-to-protobuf. Do not edit it manually!
19
20syntax = "proto2";
21
22package k8s.io.api.core.v1;
23
24import "k8s.io/apimachinery/pkg/api/resource/generated.proto";
25import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
26import "k8s.io/apimachinery/pkg/runtime/generated.proto";
27import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
28import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
29
30// Package-wide variables from generator "generated".
31option go_package = "k8s.io/api/core/v1";
32
33// Represents a Persistent Disk resource in AWS.
34//
35// An AWS EBS disk must exist before mounting to a container. The disk
36// must also be in the same AWS zone as the kubelet. An AWS EBS disk
37// can only be mounted as read/write once. AWS EBS volumes support
38// ownership management and SELinux relabeling.
39message AWSElasticBlockStoreVolumeSource {
40 // volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
41 // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
42 optional string volumeID = 1;
43
44 // fsType is the filesystem type of the volume that you want to mount.
45 // Tip: Ensure that the filesystem type is supported by the host operating system.
46 // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
47 // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
48 // TODO: how do we prevent errors in the filesystem from compromising the machine
49 // +optional
50 optional string fsType = 2;
51
52 // partition is the partition in the volume that you want to mount.
53 // If omitted, the default is to mount by volume name.
54 // Examples: For volume /dev/sda1, you specify the partition as "1".
55 // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
56 // +optional
57 optional int32 partition = 3;
58
59 // readOnly value true will force the readOnly setting in VolumeMounts.
60 // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
61 // +optional
62 optional bool readOnly = 4;
63}
64
65// Affinity is a group of affinity scheduling rules.
66message Affinity {
67 // Describes node affinity scheduling rules for the pod.
68 // +optional
69 optional NodeAffinity nodeAffinity = 1;
70
71 // Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
72 // +optional
73 optional PodAffinity podAffinity = 2;
74
75 // Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
76 // +optional
77 optional PodAntiAffinity podAntiAffinity = 3;
78}
79
80// AppArmorProfile defines a pod or container's AppArmor settings.
81// +union
82message AppArmorProfile {
83 // type indicates which kind of AppArmor profile will be applied.
84 // Valid options are:
85 // Localhost - a profile pre-loaded on the node.
86 // RuntimeDefault - the container runtime's default profile.
87 // Unconfined - no AppArmor enforcement.
88 // +unionDiscriminator
89 optional string type = 1;
90
91 // localhostProfile indicates a profile loaded on the node that should be used.
92 // The profile must be preconfigured on the node to work.
93 // Must match the loaded name of the profile.
94 // Must be set if and only if type is "Localhost".
95 // +optional
96 optional string localhostProfile = 2;
97}
98
99// AttachedVolume describes a volume attached to a node
100message AttachedVolume {
101 // Name of the attached volume
102 optional string name = 1;
103
104 // DevicePath represents the device path where the volume should be available
105 optional string devicePath = 2;
106}
107
108// AvoidPods describes pods that should avoid this node. This is the value for a
109// Node annotation with key scheduler.alpha.kubernetes.io/preferAvoidPods and
110// will eventually become a field of NodeStatus.
111message AvoidPods {
112 // Bounded-sized list of signatures of pods that should avoid this node, sorted
113 // in timestamp order from oldest to newest. Size of the slice is unspecified.
114 // +optional
115 // +listType=atomic
116 repeated PreferAvoidPodsEntry preferAvoidPods = 1;
117}
118
119// AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
120message AzureDiskVolumeSource {
121 // diskName is the Name of the data disk in the blob storage
122 optional string diskName = 1;
123
124 // diskURI is the URI of data disk in the blob storage
125 optional string diskURI = 2;
126
127 // cachingMode is the Host Caching mode: None, Read Only, Read Write.
128 // +optional
129 optional string cachingMode = 3;
130
131 // fsType is Filesystem type to mount.
132 // Must be a filesystem type supported by the host operating system.
133 // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
134 // +optional
135 optional string fsType = 4;
136
137 // readOnly Defaults to false (read/write). ReadOnly here will force
138 // the ReadOnly setting in VolumeMounts.
139 // +optional
140 optional bool readOnly = 5;
141
142 // kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared
143 optional string kind = 6;
144}
145
146// AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
147message AzureFilePersistentVolumeSource {
148 // secretName is the name of secret that contains Azure Storage Account Name and Key
149 optional string secretName = 1;
150
151 // shareName is the azure Share Name
152 optional string shareName = 2;
153
154 // readOnly defaults to false (read/write). ReadOnly here will force
155 // the ReadOnly setting in VolumeMounts.
156 // +optional
157 optional bool readOnly = 3;
158
159 // secretNamespace is the namespace of the secret that contains Azure Storage Account Name and Key
160 // default is the same as the Pod
161 // +optional
162 optional string secretNamespace = 4;
163}
164
165// AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
166message AzureFileVolumeSource {
167 // secretName is the name of secret that contains Azure Storage Account Name and Key
168 optional string secretName = 1;
169
170 // shareName is the azure share Name
171 optional string shareName = 2;
172
173 // readOnly defaults to false (read/write). ReadOnly here will force
174 // the ReadOnly setting in VolumeMounts.
175 // +optional
176 optional bool readOnly = 3;
177}
178
179// Binding ties one object to another; for example, a pod is bound to a node by a scheduler.
180// Deprecated in 1.7, please use the bindings subresource of pods instead.
181message Binding {
182 // Standard object's metadata.
183 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
184 // +optional
185 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
186
187 // The target object that you want to bind to the standard object.
188 optional ObjectReference target = 2;
189}
190
191// Represents storage that is managed by an external CSI volume driver (Beta feature)
192message CSIPersistentVolumeSource {
193 // driver is the name of the driver to use for this volume.
194 // Required.
195 optional string driver = 1;
196
197 // volumeHandle is the unique volume name returned by the CSI volume
198 // plugin’s CreateVolume to refer to the volume on all subsequent calls.
199 // Required.
200 optional string volumeHandle = 2;
201
202 // readOnly value to pass to ControllerPublishVolumeRequest.
203 // Defaults to false (read/write).
204 // +optional
205 optional bool readOnly = 3;
206
207 // fsType to mount. Must be a filesystem type supported by the host operating system.
208 // Ex. "ext4", "xfs", "ntfs".
209 // +optional
210 optional string fsType = 4;
211
212 // volumeAttributes of the volume to publish.
213 // +optional
214 map<string, string> volumeAttributes = 5;
215
216 // controllerPublishSecretRef is a reference to the secret object containing
217 // sensitive information to pass to the CSI driver to complete the CSI
218 // ControllerPublishVolume and ControllerUnpublishVolume calls.
219 // This field is optional, and may be empty if no secret is required. If the
220 // secret object contains more than one secret, all secrets are passed.
221 // +optional
222 optional SecretReference controllerPublishSecretRef = 6;
223
224 // nodeStageSecretRef is a reference to the secret object containing sensitive
225 // information to pass to the CSI driver to complete the CSI NodeStageVolume
226 // and NodeStageVolume and NodeUnstageVolume calls.
227 // This field is optional, and may be empty if no secret is required. If the
228 // secret object contains more than one secret, all secrets are passed.
229 // +optional
230 optional SecretReference nodeStageSecretRef = 7;
231
232 // nodePublishSecretRef is a reference to the secret object containing
233 // sensitive information to pass to the CSI driver to complete the CSI
234 // NodePublishVolume and NodeUnpublishVolume calls.
235 // This field is optional, and may be empty if no secret is required. If the
236 // secret object contains more than one secret, all secrets are passed.
237 // +optional
238 optional SecretReference nodePublishSecretRef = 8;
239
240 // controllerExpandSecretRef is a reference to the secret object containing
241 // sensitive information to pass to the CSI driver to complete the CSI
242 // ControllerExpandVolume call.
243 // This field is optional, and may be empty if no secret is required. If the
244 // secret object contains more than one secret, all secrets are passed.
245 // +optional
246 optional SecretReference controllerExpandSecretRef = 9;
247
248 // nodeExpandSecretRef is a reference to the secret object containing
249 // sensitive information to pass to the CSI driver to complete the CSI
250 // NodeExpandVolume call.
251 // This field is optional, may be omitted if no secret is required. If the
252 // secret object contains more than one secret, all secrets are passed.
253 // +optional
254 optional SecretReference nodeExpandSecretRef = 10;
255}
256
257// Represents a source location of a volume to mount, managed by an external CSI driver
258message CSIVolumeSource {
259 // driver is the name of the CSI driver that handles this volume.
260 // Consult with your admin for the correct name as registered in the cluster.
261 optional string driver = 1;
262
263 // readOnly specifies a read-only configuration for the volume.
264 // Defaults to false (read/write).
265 // +optional
266 optional bool readOnly = 2;
267
268 // fsType to mount. Ex. "ext4", "xfs", "ntfs".
269 // If not provided, the empty value is passed to the associated CSI driver
270 // which will determine the default filesystem to apply.
271 // +optional
272 optional string fsType = 3;
273
274 // volumeAttributes stores driver-specific properties that are passed to the CSI
275 // driver. Consult your driver's documentation for supported values.
276 // +optional
277 map<string, string> volumeAttributes = 4;
278
279 // nodePublishSecretRef is a reference to the secret object containing
280 // sensitive information to pass to the CSI driver to complete the CSI
281 // NodePublishVolume and NodeUnpublishVolume calls.
282 // This field is optional, and may be empty if no secret is required. If the
283 // secret object contains more than one secret, all secret references are passed.
284 // +optional
285 optional LocalObjectReference nodePublishSecretRef = 5;
286}
287
288// Adds and removes POSIX capabilities from running containers.
289message Capabilities {
290 // Added capabilities
291 // +optional
292 // +listType=atomic
293 repeated string add = 1;
294
295 // Removed capabilities
296 // +optional
297 // +listType=atomic
298 repeated string drop = 2;
299}
300
301// Represents a Ceph Filesystem mount that lasts the lifetime of a pod
302// Cephfs volumes do not support ownership management or SELinux relabeling.
303message CephFSPersistentVolumeSource {
304 // monitors is Required: Monitors is a collection of Ceph monitors
305 // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
306 // +listType=atomic
307 repeated string monitors = 1;
308
309 // path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
310 // +optional
311 optional string path = 2;
312
313 // user is Optional: User is the rados user name, default is admin
314 // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
315 // +optional
316 optional string user = 3;
317
318 // secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
319 // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
320 // +optional
321 optional string secretFile = 4;
322
323 // secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
324 // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
325 // +optional
326 optional SecretReference secretRef = 5;
327
328 // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
329 // the ReadOnly setting in VolumeMounts.
330 // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
331 // +optional
332 optional bool readOnly = 6;
333}
334
335// Represents a Ceph Filesystem mount that lasts the lifetime of a pod
336// Cephfs volumes do not support ownership management or SELinux relabeling.
337message CephFSVolumeSource {
338 // monitors is Required: Monitors is a collection of Ceph monitors
339 // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
340 // +listType=atomic
341 repeated string monitors = 1;
342
343 // path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
344 // +optional
345 optional string path = 2;
346
347 // user is optional: User is the rados user name, default is admin
348 // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
349 // +optional
350 optional string user = 3;
351
352 // secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
353 // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
354 // +optional
355 optional string secretFile = 4;
356
357 // secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
358 // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
359 // +optional
360 optional LocalObjectReference secretRef = 5;
361
362 // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
363 // the ReadOnly setting in VolumeMounts.
364 // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
365 // +optional
366 optional bool readOnly = 6;
367}
368
369// Represents a cinder volume resource in Openstack.
370// A Cinder volume must exist before mounting to a container.
371// The volume must also be in the same region as the kubelet.
372// Cinder volumes support ownership management and SELinux relabeling.
373message CinderPersistentVolumeSource {
374 // volumeID used to identify the volume in cinder.
375 // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
376 optional string volumeID = 1;
377
378 // fsType Filesystem type to mount.
379 // Must be a filesystem type supported by the host operating system.
380 // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
381 // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
382 // +optional
383 optional string fsType = 2;
384
385 // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
386 // the ReadOnly setting in VolumeMounts.
387 // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
388 // +optional
389 optional bool readOnly = 3;
390
391 // secretRef is Optional: points to a secret object containing parameters used to connect
392 // to OpenStack.
393 // +optional
394 optional SecretReference secretRef = 4;
395}
396
397// Represents a cinder volume resource in Openstack.
398// A Cinder volume must exist before mounting to a container.
399// The volume must also be in the same region as the kubelet.
400// Cinder volumes support ownership management and SELinux relabeling.
401message CinderVolumeSource {
402 // volumeID used to identify the volume in cinder.
403 // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
404 optional string volumeID = 1;
405
406 // fsType is the filesystem type to mount.
407 // Must be a filesystem type supported by the host operating system.
408 // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
409 // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
410 // +optional
411 optional string fsType = 2;
412
413 // readOnly defaults to false (read/write). ReadOnly here will force
414 // the ReadOnly setting in VolumeMounts.
415 // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
416 // +optional
417 optional bool readOnly = 3;
418
419 // secretRef is optional: points to a secret object containing parameters used to connect
420 // to OpenStack.
421 // +optional
422 optional LocalObjectReference secretRef = 4;
423}
424
425// ClaimSource describes a reference to a ResourceClaim.
426//
427// Exactly one of these fields should be set. Consumers of this type must
428// treat an empty object as if it has an unknown value.
429message ClaimSource {
430 // ResourceClaimName is the name of a ResourceClaim object in the same
431 // namespace as this pod.
432 optional string resourceClaimName = 1;
433
434 // ResourceClaimTemplateName is the name of a ResourceClaimTemplate
435 // object in the same namespace as this pod.
436 //
437 // The template will be used to create a new ResourceClaim, which will
438 // be bound to this pod. When this pod is deleted, the ResourceClaim
439 // will also be deleted. The pod name and resource name, along with a
440 // generated component, will be used to form a unique name for the
441 // ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.
442 //
443 // This field is immutable and no changes will be made to the
444 // corresponding ResourceClaim by the control plane after creating the
445 // ResourceClaim.
446 optional string resourceClaimTemplateName = 2;
447}
448
449// ClientIPConfig represents the configurations of Client IP based session affinity.
450message ClientIPConfig {
451 // timeoutSeconds specifies the seconds of ClientIP type session sticky time.
452 // The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP".
453 // Default value is 10800(for 3 hours).
454 // +optional
455 optional int32 timeoutSeconds = 1;
456}
457
458// ClusterTrustBundleProjection describes how to select a set of
459// ClusterTrustBundle objects and project their contents into the pod
460// filesystem.
461message ClusterTrustBundleProjection {
462 // Select a single ClusterTrustBundle by object name. Mutually-exclusive
463 // with signerName and labelSelector.
464 // +optional
465 optional string name = 1;
466
467 // Select all ClusterTrustBundles that match this signer name.
468 // Mutually-exclusive with name. The contents of all selected
469 // ClusterTrustBundles will be unified and deduplicated.
470 // +optional
471 optional string signerName = 2;
472
473 // Select all ClusterTrustBundles that match this label selector. Only has
474 // effect if signerName is set. Mutually-exclusive with name. If unset,
475 // interpreted as "match nothing". If set but empty, interpreted as "match
476 // everything".
477 // +optional
478 optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector labelSelector = 3;
479
480 // If true, don't block pod startup if the referenced ClusterTrustBundle(s)
481 // aren't available. If using name, then the named ClusterTrustBundle is
482 // allowed not to exist. If using signerName, then the combination of
483 // signerName and labelSelector is allowed to match zero
484 // ClusterTrustBundles.
485 // +optional
486 optional bool optional = 5;
487
488 // Relative path from the volume root to write the bundle.
489 optional string path = 4;
490}
491
492// Information about the condition of a component.
493message ComponentCondition {
494 // Type of condition for a component.
495 // Valid value: "Healthy"
496 optional string type = 1;
497
498 // Status of the condition for a component.
499 // Valid values for "Healthy": "True", "False", or "Unknown".
500 optional string status = 2;
501
502 // Message about the condition for a component.
503 // For example, information about a health check.
504 // +optional
505 optional string message = 3;
506
507 // Condition error code for a component.
508 // For example, a health check error code.
509 // +optional
510 optional string error = 4;
511}
512
513// ComponentStatus (and ComponentStatusList) holds the cluster validation info.
514// Deprecated: This API is deprecated in v1.19+
515message ComponentStatus {
516 // Standard object's metadata.
517 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
518 // +optional
519 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
520
521 // List of component conditions observed
522 // +optional
523 // +patchMergeKey=type
524 // +patchStrategy=merge
525 // +listType=map
526 // +listMapKey=type
527 repeated ComponentCondition conditions = 2;
528}
529
530// Status of all the conditions for the component as a list of ComponentStatus objects.
531// Deprecated: This API is deprecated in v1.19+
532message ComponentStatusList {
533 // Standard list metadata.
534 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
535 // +optional
536 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
537
538 // List of ComponentStatus objects.
539 repeated ComponentStatus items = 2;
540}
541
542// ConfigMap holds configuration data for pods to consume.
543message ConfigMap {
544 // Standard object's metadata.
545 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
546 // +optional
547 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
548
549 // Immutable, if set to true, ensures that data stored in the ConfigMap cannot
550 // be updated (only object metadata can be modified).
551 // If not set to true, the field can be modified at any time.
552 // Defaulted to nil.
553 // +optional
554 optional bool immutable = 4;
555
556 // Data contains the configuration data.
557 // Each key must consist of alphanumeric characters, '-', '_' or '.'.
558 // Values with non-UTF-8 byte sequences must use the BinaryData field.
559 // The keys stored in Data must not overlap with the keys in
560 // the BinaryData field, this is enforced during validation process.
561 // +optional
562 map<string, string> data = 2;
563
564 // BinaryData contains the binary data.
565 // Each key must consist of alphanumeric characters, '-', '_' or '.'.
566 // BinaryData can contain byte sequences that are not in the UTF-8 range.
567 // The keys stored in BinaryData must not overlap with the ones in
568 // the Data field, this is enforced during validation process.
569 // Using this field will require 1.10+ apiserver and
570 // kubelet.
571 // +optional
572 map<string, bytes> binaryData = 3;
573}
574
575// ConfigMapEnvSource selects a ConfigMap to populate the environment
576// variables with.
577//
578// The contents of the target ConfigMap's Data field will represent the
579// key-value pairs as environment variables.
580message ConfigMapEnvSource {
581 // The ConfigMap to select from.
582 optional LocalObjectReference localObjectReference = 1;
583
584 // Specify whether the ConfigMap must be defined
585 // +optional
586 optional bool optional = 2;
587}
588
589// Selects a key from a ConfigMap.
590// +structType=atomic
591message ConfigMapKeySelector {
592 // The ConfigMap to select from.
593 optional LocalObjectReference localObjectReference = 1;
594
595 // The key to select.
596 optional string key = 2;
597
598 // Specify whether the ConfigMap or its key must be defined
599 // +optional
600 optional bool optional = 3;
601}
602
603// ConfigMapList is a resource containing a list of ConfigMap objects.
604message ConfigMapList {
605 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
606 // +optional
607 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
608
609 // Items is the list of ConfigMaps.
610 repeated ConfigMap items = 2;
611}
612
613// ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.
614// This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration
615message ConfigMapNodeConfigSource {
616 // Namespace is the metadata.namespace of the referenced ConfigMap.
617 // This field is required in all cases.
618 optional string namespace = 1;
619
620 // Name is the metadata.name of the referenced ConfigMap.
621 // This field is required in all cases.
622 optional string name = 2;
623
624 // UID is the metadata.UID of the referenced ConfigMap.
625 // This field is forbidden in Node.Spec, and required in Node.Status.
626 // +optional
627 optional string uid = 3;
628
629 // ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap.
630 // This field is forbidden in Node.Spec, and required in Node.Status.
631 // +optional
632 optional string resourceVersion = 4;
633
634 // KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure
635 // This field is required in all cases.
636 optional string kubeletConfigKey = 5;
637}
638
639// Adapts a ConfigMap into a projected volume.
640//
641// The contents of the target ConfigMap's Data field will be presented in a
642// projected volume as files using the keys in the Data field as the file names,
643// unless the items element is populated with specific mappings of keys to paths.
644// Note that this is identical to a configmap volume source without the default
645// mode.
646message ConfigMapProjection {
647 optional LocalObjectReference localObjectReference = 1;
648
649 // items if unspecified, each key-value pair in the Data field of the referenced
650 // ConfigMap will be projected into the volume as a file whose name is the
651 // key and content is the value. If specified, the listed keys will be
652 // projected into the specified paths, and unlisted keys will not be
653 // present. If a key is specified which is not present in the ConfigMap,
654 // the volume setup will error unless it is marked optional. Paths must be
655 // relative and may not contain the '..' path or start with '..'.
656 // +optional
657 // +listType=atomic
658 repeated KeyToPath items = 2;
659
660 // optional specify whether the ConfigMap or its keys must be defined
661 // +optional
662 optional bool optional = 4;
663}
664
665// Adapts a ConfigMap into a volume.
666//
667// The contents of the target ConfigMap's Data field will be presented in a
668// volume as files using the keys in the Data field as the file names, unless
669// the items element is populated with specific mappings of keys to paths.
670// ConfigMap volumes support ownership management and SELinux relabeling.
671message ConfigMapVolumeSource {
672 optional LocalObjectReference localObjectReference = 1;
673
674 // items if unspecified, each key-value pair in the Data field of the referenced
675 // ConfigMap will be projected into the volume as a file whose name is the
676 // key and content is the value. If specified, the listed keys will be
677 // projected into the specified paths, and unlisted keys will not be
678 // present. If a key is specified which is not present in the ConfigMap,
679 // the volume setup will error unless it is marked optional. Paths must be
680 // relative and may not contain the '..' path or start with '..'.
681 // +optional
682 // +listType=atomic
683 repeated KeyToPath items = 2;
684
685 // defaultMode is optional: mode bits used to set permissions on created files by default.
686 // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
687 // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
688 // Defaults to 0644.
689 // Directories within the path are not affected by this setting.
690 // This might be in conflict with other options that affect the file
691 // mode, like fsGroup, and the result can be other mode bits set.
692 // +optional
693 optional int32 defaultMode = 3;
694
695 // optional specify whether the ConfigMap or its keys must be defined
696 // +optional
697 optional bool optional = 4;
698}
699
700// A single application container that you want to run within a pod.
701message Container {
702 // Name of the container specified as a DNS_LABEL.
703 // Each container in a pod must have a unique name (DNS_LABEL).
704 // Cannot be updated.
705 optional string name = 1;
706
707 // Container image name.
708 // More info: https://kubernetes.io/docs/concepts/containers/images
709 // This field is optional to allow higher level config management to default or override
710 // container images in workload controllers like Deployments and StatefulSets.
711 // +optional
712 optional string image = 2;
713
714 // Entrypoint array. Not executed within a shell.
715 // The container image's ENTRYPOINT is used if this is not provided.
716 // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
717 // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
718 // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
719 // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
720 // of whether the variable exists or not. Cannot be updated.
721 // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
722 // +optional
723 // +listType=atomic
724 repeated string command = 3;
725
726 // Arguments to the entrypoint.
727 // The container image's CMD is used if this is not provided.
728 // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
729 // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
730 // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
731 // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
732 // of whether the variable exists or not. Cannot be updated.
733 // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
734 // +optional
735 // +listType=atomic
736 repeated string args = 4;
737
738 // Container's working directory.
739 // If not specified, the container runtime's default will be used, which
740 // might be configured in the container image.
741 // Cannot be updated.
742 // +optional
743 optional string workingDir = 5;
744
745 // List of ports to expose from the container. Not specifying a port here
746 // DOES NOT prevent that port from being exposed. Any port which is
747 // listening on the default "0.0.0.0" address inside a container will be
748 // accessible from the network.
749 // Modifying this array with strategic merge patch may corrupt the data.
750 // For more information See https://github.com/kubernetes/kubernetes/issues/108255.
751 // Cannot be updated.
752 // +optional
753 // +patchMergeKey=containerPort
754 // +patchStrategy=merge
755 // +listType=map
756 // +listMapKey=containerPort
757 // +listMapKey=protocol
758 repeated ContainerPort ports = 6;
759
760 // List of sources to populate environment variables in the container.
761 // The keys defined within a source must be a C_IDENTIFIER. All invalid keys
762 // will be reported as an event when the container is starting. When a key exists in multiple
763 // sources, the value associated with the last source will take precedence.
764 // Values defined by an Env with a duplicate key will take precedence.
765 // Cannot be updated.
766 // +optional
767 // +listType=atomic
768 repeated EnvFromSource envFrom = 19;
769
770 // List of environment variables to set in the container.
771 // Cannot be updated.
772 // +optional
773 // +patchMergeKey=name
774 // +patchStrategy=merge
775 // +listType=map
776 // +listMapKey=name
777 repeated EnvVar env = 7;
778
779 // Compute Resources required by this container.
780 // Cannot be updated.
781 // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
782 // +optional
783 optional ResourceRequirements resources = 8;
784
785 // Resources resize policy for the container.
786 // +featureGate=InPlacePodVerticalScaling
787 // +optional
788 // +listType=atomic
789 repeated ContainerResizePolicy resizePolicy = 23;
790
791 // RestartPolicy defines the restart behavior of individual containers in a pod.
792 // This field may only be set for init containers, and the only allowed value is "Always".
793 // For non-init containers or when this field is not specified,
794 // the restart behavior is defined by the Pod's restart policy and the container type.
795 // Setting the RestartPolicy as "Always" for the init container will have the following effect:
796 // this init container will be continually restarted on
797 // exit until all regular containers have terminated. Once all regular
798 // containers have completed, all init containers with restartPolicy "Always"
799 // will be shut down. This lifecycle differs from normal init containers and
800 // is often referred to as a "sidecar" container. Although this init
801 // container still starts in the init container sequence, it does not wait
802 // for the container to complete before proceeding to the next init
803 // container. Instead, the next init container starts immediately after this
804 // init container is started, or after any startupProbe has successfully
805 // completed.
806 // +featureGate=SidecarContainers
807 // +optional
808 optional string restartPolicy = 24;
809
810 // Pod volumes to mount into the container's filesystem.
811 // Cannot be updated.
812 // +optional
813 // +patchMergeKey=mountPath
814 // +patchStrategy=merge
815 // +listType=map
816 // +listMapKey=mountPath
817 repeated VolumeMount volumeMounts = 9;
818
819 // volumeDevices is the list of block devices to be used by the container.
820 // +patchMergeKey=devicePath
821 // +patchStrategy=merge
822 // +listType=map
823 // +listMapKey=devicePath
824 // +optional
825 repeated VolumeDevice volumeDevices = 21;
826
827 // Periodic probe of container liveness.
828 // Container will be restarted if the probe fails.
829 // Cannot be updated.
830 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
831 // +optional
832 optional Probe livenessProbe = 10;
833
834 // Periodic probe of container service readiness.
835 // Container will be removed from service endpoints if the probe fails.
836 // Cannot be updated.
837 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
838 // +optional
839 optional Probe readinessProbe = 11;
840
841 // StartupProbe indicates that the Pod has successfully initialized.
842 // If specified, no other probes are executed until this completes successfully.
843 // If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
844 // This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
845 // when it might take a long time to load data or warm a cache, than during steady-state operation.
846 // This cannot be updated.
847 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
848 // +optional
849 optional Probe startupProbe = 22;
850
851 // Actions that the management system should take in response to container lifecycle events.
852 // Cannot be updated.
853 // +optional
854 optional Lifecycle lifecycle = 12;
855
856 // Optional: Path at which the file to which the container's termination message
857 // will be written is mounted into the container's filesystem.
858 // Message written is intended to be brief final status, such as an assertion failure message.
859 // Will be truncated by the node if greater than 4096 bytes. The total message length across
860 // all containers will be limited to 12kb.
861 // Defaults to /dev/termination-log.
862 // Cannot be updated.
863 // +optional
864 optional string terminationMessagePath = 13;
865
866 // Indicate how the termination message should be populated. File will use the contents of
867 // terminationMessagePath to populate the container status message on both success and failure.
868 // FallbackToLogsOnError will use the last chunk of container log output if the termination
869 // message file is empty and the container exited with an error.
870 // The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
871 // Defaults to File.
872 // Cannot be updated.
873 // +optional
874 optional string terminationMessagePolicy = 20;
875
876 // Image pull policy.
877 // One of Always, Never, IfNotPresent.
878 // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
879 // Cannot be updated.
880 // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
881 // +optional
882 optional string imagePullPolicy = 14;
883
884 // SecurityContext defines the security options the container should be run with.
885 // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
886 // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
887 // +optional
888 optional SecurityContext securityContext = 15;
889
890 // Whether this container should allocate a buffer for stdin in the container runtime. If this
891 // is not set, reads from stdin in the container will always result in EOF.
892 // Default is false.
893 // +optional
894 optional bool stdin = 16;
895
896 // Whether the container runtime should close the stdin channel after it has been opened by
897 // a single attach. When stdin is true the stdin stream will remain open across multiple attach
898 // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
899 // first client attaches to stdin, and then remains open and accepts data until the client disconnects,
900 // at which time stdin is closed and remains closed until the container is restarted. If this
901 // flag is false, a container processes that reads from stdin will never receive an EOF.
902 // Default is false
903 // +optional
904 optional bool stdinOnce = 17;
905
906 // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
907 // Default is false.
908 // +optional
909 optional bool tty = 18;
910}
911
912// Describe a container image
913message ContainerImage {
914 // Names by which this image is known.
915 // e.g. ["kubernetes.example/hyperkube:v1.0.7", "cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7"]
916 // +optional
917 // +listType=atomic
918 repeated string names = 1;
919
920 // The size of the image in bytes.
921 // +optional
922 optional int64 sizeBytes = 2;
923}
924
925// ContainerPort represents a network port in a single container.
926message ContainerPort {
927 // If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
928 // named port in a pod must have a unique name. Name for the port that can be
929 // referred to by services.
930 // +optional
931 optional string name = 1;
932
933 // Number of port to expose on the host.
934 // If specified, this must be a valid port number, 0 < x < 65536.
935 // If HostNetwork is specified, this must match ContainerPort.
936 // Most containers do not need this.
937 // +optional
938 optional int32 hostPort = 2;
939
940 // Number of port to expose on the pod's IP address.
941 // This must be a valid port number, 0 < x < 65536.
942 optional int32 containerPort = 3;
943
944 // Protocol for port. Must be UDP, TCP, or SCTP.
945 // Defaults to "TCP".
946 // +optional
947 // +default="TCP"
948 optional string protocol = 4;
949
950 // What host IP to bind the external port to.
951 // +optional
952 optional string hostIP = 5;
953}
954
955// ContainerResizePolicy represents resource resize policy for the container.
956message ContainerResizePolicy {
957 // Name of the resource to which this resource resize policy applies.
958 // Supported values: cpu, memory.
959 optional string resourceName = 1;
960
961 // Restart policy to apply when specified resource is resized.
962 // If not specified, it defaults to NotRequired.
963 optional string restartPolicy = 2;
964}
965
966// ContainerState holds a possible state of container.
967// Only one of its members may be specified.
968// If none of them is specified, the default one is ContainerStateWaiting.
969message ContainerState {
970 // Details about a waiting container
971 // +optional
972 optional ContainerStateWaiting waiting = 1;
973
974 // Details about a running container
975 // +optional
976 optional ContainerStateRunning running = 2;
977
978 // Details about a terminated container
979 // +optional
980 optional ContainerStateTerminated terminated = 3;
981}
982
983// ContainerStateRunning is a running state of a container.
984message ContainerStateRunning {
985 // Time at which the container was last (re-)started
986 // +optional
987 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time startedAt = 1;
988}
989
990// ContainerStateTerminated is a terminated state of a container.
991message ContainerStateTerminated {
992 // Exit status from the last termination of the container
993 optional int32 exitCode = 1;
994
995 // Signal from the last termination of the container
996 // +optional
997 optional int32 signal = 2;
998
999 // (brief) reason from the last termination of the container
1000 // +optional
1001 optional string reason = 3;
1002
1003 // Message regarding the last termination of the container
1004 // +optional
1005 optional string message = 4;
1006
1007 // Time at which previous execution of the container started
1008 // +optional
1009 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time startedAt = 5;
1010
1011 // Time at which the container last terminated
1012 // +optional
1013 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time finishedAt = 6;
1014
1015 // Container's ID in the format '<type>://<container_id>'
1016 // +optional
1017 optional string containerID = 7;
1018}
1019
1020// ContainerStateWaiting is a waiting state of a container.
1021message ContainerStateWaiting {
1022 // (brief) reason the container is not yet running.
1023 // +optional
1024 optional string reason = 1;
1025
1026 // Message regarding why the container is not yet running.
1027 // +optional
1028 optional string message = 2;
1029}
1030
1031// ContainerStatus contains details for the current status of this container.
1032message ContainerStatus {
1033 // Name is a DNS_LABEL representing the unique name of the container.
1034 // Each container in a pod must have a unique name across all container types.
1035 // Cannot be updated.
1036 optional string name = 1;
1037
1038 // State holds details about the container's current condition.
1039 // +optional
1040 optional ContainerState state = 2;
1041
1042 // LastTerminationState holds the last termination state of the container to
1043 // help debug container crashes and restarts. This field is not
1044 // populated if the container is still running and RestartCount is 0.
1045 // +optional
1046 optional ContainerState lastState = 3;
1047
1048 // Ready specifies whether the container is currently passing its readiness check.
1049 // The value will change as readiness probes keep executing. If no readiness
1050 // probes are specified, this field defaults to true once the container is
1051 // fully started (see Started field).
1052 //
1053 // The value is typically used to determine whether a container is ready to
1054 // accept traffic.
1055 optional bool ready = 4;
1056
1057 // RestartCount holds the number of times the container has been restarted.
1058 // Kubelet makes an effort to always increment the value, but there
1059 // are cases when the state may be lost due to node restarts and then the value
1060 // may be reset to 0. The value is never negative.
1061 optional int32 restartCount = 5;
1062
1063 // Image is the name of container image that the container is running.
1064 // The container image may not match the image used in the PodSpec,
1065 // as it may have been resolved by the runtime.
1066 // More info: https://kubernetes.io/docs/concepts/containers/images.
1067 optional string image = 6;
1068
1069 // ImageID is the image ID of the container's image. The image ID may not
1070 // match the image ID of the image used in the PodSpec, as it may have been
1071 // resolved by the runtime.
1072 optional string imageID = 7;
1073
1074 // ContainerID is the ID of the container in the format '<type>://<container_id>'.
1075 // Where type is a container runtime identifier, returned from Version call of CRI API
1076 // (for example "containerd").
1077 // +optional
1078 optional string containerID = 8;
1079
1080 // Started indicates whether the container has finished its postStart lifecycle hook
1081 // and passed its startup probe.
1082 // Initialized as false, becomes true after startupProbe is considered
1083 // successful. Resets to false when the container is restarted, or if kubelet
1084 // loses state temporarily. In both cases, startup probes will run again.
1085 // Is always true when no startupProbe is defined and container is running and
1086 // has passed the postStart lifecycle hook. The null value must be treated the
1087 // same as false.
1088 // +optional
1089 optional bool started = 9;
1090
1091 // AllocatedResources represents the compute resources allocated for this container by the
1092 // node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission
1093 // and after successfully admitting desired pod resize.
1094 // +featureGate=InPlacePodVerticalScaling
1095 // +optional
1096 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> allocatedResources = 10;
1097
1098 // Resources represents the compute resource requests and limits that have been successfully
1099 // enacted on the running container after it has been started or has been successfully resized.
1100 // +featureGate=InPlacePodVerticalScaling
1101 // +optional
1102 optional ResourceRequirements resources = 11;
1103
1104 // Status of volume mounts.
1105 // +optional
1106 // +patchMergeKey=mountPath
1107 // +patchStrategy=merge
1108 // +listType=map
1109 // +listMapKey=mountPath
1110 // +featureGate=RecursiveReadOnlyMounts
1111 repeated VolumeMountStatus volumeMounts = 12;
1112}
1113
1114// DaemonEndpoint contains information about a single Daemon endpoint.
1115message DaemonEndpoint {
1116 // Port number of the given endpoint.
1117 optional int32 Port = 1;
1118}
1119
1120// Represents downward API info for projecting into a projected volume.
1121// Note that this is identical to a downwardAPI volume source without the default
1122// mode.
1123message DownwardAPIProjection {
1124 // Items is a list of DownwardAPIVolume file
1125 // +optional
1126 // +listType=atomic
1127 repeated DownwardAPIVolumeFile items = 1;
1128}
1129
1130// DownwardAPIVolumeFile represents information to create the file containing the pod field
1131message DownwardAPIVolumeFile {
1132 // Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
1133 optional string path = 1;
1134
1135 // Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
1136 // +optional
1137 optional ObjectFieldSelector fieldRef = 2;
1138
1139 // Selects a resource of the container: only resources limits and requests
1140 // (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
1141 // +optional
1142 optional ResourceFieldSelector resourceFieldRef = 3;
1143
1144 // Optional: mode bits used to set permissions on this file, must be an octal value
1145 // between 0000 and 0777 or a decimal value between 0 and 511.
1146 // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
1147 // If not specified, the volume defaultMode will be used.
1148 // This might be in conflict with other options that affect the file
1149 // mode, like fsGroup, and the result can be other mode bits set.
1150 // +optional
1151 optional int32 mode = 4;
1152}
1153
1154// DownwardAPIVolumeSource represents a volume containing downward API info.
1155// Downward API volumes support ownership management and SELinux relabeling.
1156message DownwardAPIVolumeSource {
1157 // Items is a list of downward API volume file
1158 // +optional
1159 // +listType=atomic
1160 repeated DownwardAPIVolumeFile items = 1;
1161
1162 // Optional: mode bits to use on created files by default. Must be a
1163 // Optional: mode bits used to set permissions on created files by default.
1164 // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
1165 // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
1166 // Defaults to 0644.
1167 // Directories within the path are not affected by this setting.
1168 // This might be in conflict with other options that affect the file
1169 // mode, like fsGroup, and the result can be other mode bits set.
1170 // +optional
1171 optional int32 defaultMode = 2;
1172}
1173
1174// Represents an empty directory for a pod.
1175// Empty directory volumes support ownership management and SELinux relabeling.
1176message EmptyDirVolumeSource {
1177 // medium represents what type of storage medium should back this directory.
1178 // The default is "" which means to use the node's default medium.
1179 // Must be an empty string (default) or Memory.
1180 // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
1181 // +optional
1182 optional string medium = 1;
1183
1184 // sizeLimit is the total amount of local storage required for this EmptyDir volume.
1185 // The size limit is also applicable for memory medium.
1186 // The maximum usage on memory medium EmptyDir would be the minimum value between
1187 // the SizeLimit specified here and the sum of memory limits of all containers in a pod.
1188 // The default is nil which means that the limit is undefined.
1189 // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
1190 // +optional
1191 optional k8s.io.apimachinery.pkg.api.resource.Quantity sizeLimit = 2;
1192}
1193
1194// EndpointAddress is a tuple that describes single IP address.
1195// +structType=atomic
1196message EndpointAddress {
1197 // The IP of this endpoint.
1198 // May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10),
1199 // or link-local multicast (224.0.0.0/24 or ff02::/16).
1200 optional string ip = 1;
1201
1202 // The Hostname of this endpoint
1203 // +optional
1204 optional string hostname = 3;
1205
1206 // Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node.
1207 // +optional
1208 optional string nodeName = 4;
1209
1210 // Reference to object providing the endpoint.
1211 // +optional
1212 optional ObjectReference targetRef = 2;
1213}
1214
1215// EndpointPort is a tuple that describes a single port.
1216// +structType=atomic
1217message EndpointPort {
1218 // The name of this port. This must match the 'name' field in the
1219 // corresponding ServicePort.
1220 // Must be a DNS_LABEL.
1221 // Optional only if one port is defined.
1222 // +optional
1223 optional string name = 1;
1224
1225 // The port number of the endpoint.
1226 optional int32 port = 2;
1227
1228 // The IP protocol for this port.
1229 // Must be UDP, TCP, or SCTP.
1230 // Default is TCP.
1231 // +optional
1232 optional string protocol = 3;
1233
1234 // The application protocol for this port.
1235 // This is used as a hint for implementations to offer richer behavior for protocols that they understand.
1236 // This field follows standard Kubernetes label syntax.
1237 // Valid values are either:
1238 //
1239 // * Un-prefixed protocol names - reserved for IANA standard service names (as per
1240 // RFC-6335 and https://www.iana.org/assignments/service-names).
1241 //
1242 // * Kubernetes-defined prefixed names:
1243 // * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
1244 // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
1245 // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
1246 //
1247 // * Other protocols should use implementation-defined prefixed names such as
1248 // mycompany.com/my-custom-protocol.
1249 // +optional
1250 optional string appProtocol = 4;
1251}
1252
1253// EndpointSubset is a group of addresses with a common set of ports. The
1254// expanded set of endpoints is the Cartesian product of Addresses x Ports.
1255// For example, given:
1256//
1257// {
1258// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
1259// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}]
1260// }
1261//
1262// The resulting set of endpoints can be viewed as:
1263//
1264// a: [ 10.10.1.1:8675, 10.10.2.2:8675 ],
1265// b: [ 10.10.1.1:309, 10.10.2.2:309 ]
1266message EndpointSubset {
1267 // IP addresses which offer the related ports that are marked as ready. These endpoints
1268 // should be considered safe for load balancers and clients to utilize.
1269 // +optional
1270 // +listType=atomic
1271 repeated EndpointAddress addresses = 1;
1272
1273 // IP addresses which offer the related ports but are not currently marked as ready
1274 // because they have not yet finished starting, have recently failed a readiness check,
1275 // or have recently failed a liveness check.
1276 // +optional
1277 // +listType=atomic
1278 repeated EndpointAddress notReadyAddresses = 2;
1279
1280 // Port numbers available on the related IP addresses.
1281 // +optional
1282 // +listType=atomic
1283 repeated EndpointPort ports = 3;
1284}
1285
1286// Endpoints is a collection of endpoints that implement the actual service. Example:
1287//
1288// Name: "mysvc",
1289// Subsets: [
1290// {
1291// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
1292// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}]
1293// },
1294// {
1295// Addresses: [{"ip": "10.10.3.3"}],
1296// Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}]
1297// },
1298// ]
1299message Endpoints {
1300 // Standard object's metadata.
1301 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
1302 // +optional
1303 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
1304
1305 // The set of all endpoints is the union of all subsets. Addresses are placed into
1306 // subsets according to the IPs they share. A single address with multiple ports,
1307 // some of which are ready and some of which are not (because they come from
1308 // different containers) will result in the address being displayed in different
1309 // subsets for the different ports. No address will appear in both Addresses and
1310 // NotReadyAddresses in the same subset.
1311 // Sets of addresses and ports that comprise a service.
1312 // +optional
1313 // +listType=atomic
1314 repeated EndpointSubset subsets = 2;
1315}
1316
1317// EndpointsList is a list of endpoints.
1318message EndpointsList {
1319 // Standard list metadata.
1320 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1321 // +optional
1322 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
1323
1324 // List of endpoints.
1325 repeated Endpoints items = 2;
1326}
1327
1328// EnvFromSource represents the source of a set of ConfigMaps
1329message EnvFromSource {
1330 // An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
1331 // +optional
1332 optional string prefix = 1;
1333
1334 // The ConfigMap to select from
1335 // +optional
1336 optional ConfigMapEnvSource configMapRef = 2;
1337
1338 // The Secret to select from
1339 // +optional
1340 optional SecretEnvSource secretRef = 3;
1341}
1342
1343// EnvVar represents an environment variable present in a Container.
1344message EnvVar {
1345 // Name of the environment variable. Must be a C_IDENTIFIER.
1346 optional string name = 1;
1347
1348 // Variable references $(VAR_NAME) are expanded
1349 // using the previously defined environment variables in the container and
1350 // any service environment variables. If a variable cannot be resolved,
1351 // the reference in the input string will be unchanged. Double $$ are reduced
1352 // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
1353 // "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
1354 // Escaped references will never be expanded, regardless of whether the variable
1355 // exists or not.
1356 // Defaults to "".
1357 // +optional
1358 optional string value = 2;
1359
1360 // Source for the environment variable's value. Cannot be used if value is not empty.
1361 // +optional
1362 optional EnvVarSource valueFrom = 3;
1363}
1364
1365// EnvVarSource represents a source for the value of an EnvVar.
1366message EnvVarSource {
1367 // Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
1368 // spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
1369 // +optional
1370 optional ObjectFieldSelector fieldRef = 1;
1371
1372 // Selects a resource of the container: only resources limits and requests
1373 // (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
1374 // +optional
1375 optional ResourceFieldSelector resourceFieldRef = 2;
1376
1377 // Selects a key of a ConfigMap.
1378 // +optional
1379 optional ConfigMapKeySelector configMapKeyRef = 3;
1380
1381 // Selects a key of a secret in the pod's namespace
1382 // +optional
1383 optional SecretKeySelector secretKeyRef = 4;
1384}
1385
1386// An EphemeralContainer is a temporary container that you may add to an existing Pod for
1387// user-initiated activities such as debugging. Ephemeral containers have no resource or
1388// scheduling guarantees, and they will not be restarted when they exit or when a Pod is
1389// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the
1390// Pod to exceed its resource allocation.
1391//
1392// To add an ephemeral container, use the ephemeralcontainers subresource of an existing
1393// Pod. Ephemeral containers may not be removed or restarted.
1394message EphemeralContainer {
1395 // Ephemeral containers have all of the fields of Container, plus additional fields
1396 // specific to ephemeral containers. Fields in common with Container are in the
1397 // following inlined struct so than an EphemeralContainer may easily be converted
1398 // to a Container.
1399 optional EphemeralContainerCommon ephemeralContainerCommon = 1;
1400
1401 // If set, the name of the container from PodSpec that this ephemeral container targets.
1402 // The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.
1403 // If not set then the ephemeral container uses the namespaces configured in the Pod spec.
1404 //
1405 // The container runtime must implement support for this feature. If the runtime does not
1406 // support namespace targeting then the result of setting this field is undefined.
1407 // +optional
1408 optional string targetContainerName = 2;
1409}
1410
1411// EphemeralContainerCommon is a copy of all fields in Container to be inlined in
1412// EphemeralContainer. This separate type allows easy conversion from EphemeralContainer
1413// to Container and allows separate documentation for the fields of EphemeralContainer.
1414// When a new field is added to Container it must be added here as well.
1415message EphemeralContainerCommon {
1416 // Name of the ephemeral container specified as a DNS_LABEL.
1417 // This name must be unique among all containers, init containers and ephemeral containers.
1418 optional string name = 1;
1419
1420 // Container image name.
1421 // More info: https://kubernetes.io/docs/concepts/containers/images
1422 optional string image = 2;
1423
1424 // Entrypoint array. Not executed within a shell.
1425 // The image's ENTRYPOINT is used if this is not provided.
1426 // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
1427 // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
1428 // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
1429 // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
1430 // of whether the variable exists or not. Cannot be updated.
1431 // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
1432 // +optional
1433 // +listType=atomic
1434 repeated string command = 3;
1435
1436 // Arguments to the entrypoint.
1437 // The image's CMD is used if this is not provided.
1438 // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
1439 // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
1440 // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
1441 // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
1442 // of whether the variable exists or not. Cannot be updated.
1443 // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
1444 // +optional
1445 // +listType=atomic
1446 repeated string args = 4;
1447
1448 // Container's working directory.
1449 // If not specified, the container runtime's default will be used, which
1450 // might be configured in the container image.
1451 // Cannot be updated.
1452 // +optional
1453 optional string workingDir = 5;
1454
1455 // Ports are not allowed for ephemeral containers.
1456 // +optional
1457 // +patchMergeKey=containerPort
1458 // +patchStrategy=merge
1459 // +listType=map
1460 // +listMapKey=containerPort
1461 // +listMapKey=protocol
1462 repeated ContainerPort ports = 6;
1463
1464 // List of sources to populate environment variables in the container.
1465 // The keys defined within a source must be a C_IDENTIFIER. All invalid keys
1466 // will be reported as an event when the container is starting. When a key exists in multiple
1467 // sources, the value associated with the last source will take precedence.
1468 // Values defined by an Env with a duplicate key will take precedence.
1469 // Cannot be updated.
1470 // +optional
1471 // +listType=atomic
1472 repeated EnvFromSource envFrom = 19;
1473
1474 // List of environment variables to set in the container.
1475 // Cannot be updated.
1476 // +optional
1477 // +patchMergeKey=name
1478 // +patchStrategy=merge
1479 // +listType=map
1480 // +listMapKey=name
1481 repeated EnvVar env = 7;
1482
1483 // Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources
1484 // already allocated to the pod.
1485 // +optional
1486 optional ResourceRequirements resources = 8;
1487
1488 // Resources resize policy for the container.
1489 // +featureGate=InPlacePodVerticalScaling
1490 // +optional
1491 // +listType=atomic
1492 repeated ContainerResizePolicy resizePolicy = 23;
1493
1494 // Restart policy for the container to manage the restart behavior of each
1495 // container within a pod.
1496 // This may only be set for init containers. You cannot set this field on
1497 // ephemeral containers.
1498 // +featureGate=SidecarContainers
1499 // +optional
1500 optional string restartPolicy = 24;
1501
1502 // Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.
1503 // Cannot be updated.
1504 // +optional
1505 // +patchMergeKey=mountPath
1506 // +patchStrategy=merge
1507 // +listType=map
1508 // +listMapKey=mountPath
1509 repeated VolumeMount volumeMounts = 9;
1510
1511 // volumeDevices is the list of block devices to be used by the container.
1512 // +patchMergeKey=devicePath
1513 // +patchStrategy=merge
1514 // +listType=map
1515 // +listMapKey=devicePath
1516 // +optional
1517 repeated VolumeDevice volumeDevices = 21;
1518
1519 // Probes are not allowed for ephemeral containers.
1520 // +optional
1521 optional Probe livenessProbe = 10;
1522
1523 // Probes are not allowed for ephemeral containers.
1524 // +optional
1525 optional Probe readinessProbe = 11;
1526
1527 // Probes are not allowed for ephemeral containers.
1528 // +optional
1529 optional Probe startupProbe = 22;
1530
1531 // Lifecycle is not allowed for ephemeral containers.
1532 // +optional
1533 optional Lifecycle lifecycle = 12;
1534
1535 // Optional: Path at which the file to which the container's termination message
1536 // will be written is mounted into the container's filesystem.
1537 // Message written is intended to be brief final status, such as an assertion failure message.
1538 // Will be truncated by the node if greater than 4096 bytes. The total message length across
1539 // all containers will be limited to 12kb.
1540 // Defaults to /dev/termination-log.
1541 // Cannot be updated.
1542 // +optional
1543 optional string terminationMessagePath = 13;
1544
1545 // Indicate how the termination message should be populated. File will use the contents of
1546 // terminationMessagePath to populate the container status message on both success and failure.
1547 // FallbackToLogsOnError will use the last chunk of container log output if the termination
1548 // message file is empty and the container exited with an error.
1549 // The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
1550 // Defaults to File.
1551 // Cannot be updated.
1552 // +optional
1553 optional string terminationMessagePolicy = 20;
1554
1555 // Image pull policy.
1556 // One of Always, Never, IfNotPresent.
1557 // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
1558 // Cannot be updated.
1559 // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
1560 // +optional
1561 optional string imagePullPolicy = 14;
1562
1563 // Optional: SecurityContext defines the security options the ephemeral container should be run with.
1564 // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
1565 // +optional
1566 optional SecurityContext securityContext = 15;
1567
1568 // Whether this container should allocate a buffer for stdin in the container runtime. If this
1569 // is not set, reads from stdin in the container will always result in EOF.
1570 // Default is false.
1571 // +optional
1572 optional bool stdin = 16;
1573
1574 // Whether the container runtime should close the stdin channel after it has been opened by
1575 // a single attach. When stdin is true the stdin stream will remain open across multiple attach
1576 // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
1577 // first client attaches to stdin, and then remains open and accepts data until the client disconnects,
1578 // at which time stdin is closed and remains closed until the container is restarted. If this
1579 // flag is false, a container processes that reads from stdin will never receive an EOF.
1580 // Default is false
1581 // +optional
1582 optional bool stdinOnce = 17;
1583
1584 // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
1585 // Default is false.
1586 // +optional
1587 optional bool tty = 18;
1588}
1589
1590// Represents an ephemeral volume that is handled by a normal storage driver.
1591message EphemeralVolumeSource {
1592 // Will be used to create a stand-alone PVC to provision the volume.
1593 // The pod in which this EphemeralVolumeSource is embedded will be the
1594 // owner of the PVC, i.e. the PVC will be deleted together with the
1595 // pod. The name of the PVC will be `<pod name>-<volume name>` where
1596 // `<volume name>` is the name from the `PodSpec.Volumes` array
1597 // entry. Pod validation will reject the pod if the concatenated name
1598 // is not valid for a PVC (for example, too long).
1599 //
1600 // An existing PVC with that name that is not owned by the pod
1601 // will *not* be used for the pod to avoid using an unrelated
1602 // volume by mistake. Starting the pod is then blocked until
1603 // the unrelated PVC is removed. If such a pre-created PVC is
1604 // meant to be used by the pod, the PVC has to updated with an
1605 // owner reference to the pod once the pod exists. Normally
1606 // this should not be necessary, but it may be useful when
1607 // manually reconstructing a broken cluster.
1608 //
1609 // This field is read-only and no changes will be made by Kubernetes
1610 // to the PVC after it has been created.
1611 //
1612 // Required, must not be nil.
1613 optional PersistentVolumeClaimTemplate volumeClaimTemplate = 1;
1614}
1615
1616// Event is a report of an event somewhere in the cluster. Events
1617// have a limited retention time and triggers and messages may evolve
1618// with time. Event consumers should not rely on the timing of an event
1619// with a given Reason reflecting a consistent underlying trigger, or the
1620// continued existence of events with that Reason. Events should be
1621// treated as informative, best-effort, supplemental data.
1622message Event {
1623 // Standard object's metadata.
1624 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
1625 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
1626
1627 // The object that this event is about.
1628 optional ObjectReference involvedObject = 2;
1629
1630 // This should be a short, machine understandable string that gives the reason
1631 // for the transition into the object's current status.
1632 // TODO: provide exact specification for format.
1633 // +optional
1634 optional string reason = 3;
1635
1636 // A human-readable description of the status of this operation.
1637 // TODO: decide on maximum length.
1638 // +optional
1639 optional string message = 4;
1640
1641 // The component reporting this event. Should be a short machine understandable string.
1642 // +optional
1643 optional EventSource source = 5;
1644
1645 // The time at which the event was first recorded. (Time of server receipt is in TypeMeta.)
1646 // +optional
1647 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time firstTimestamp = 6;
1648
1649 // The time at which the most recent occurrence of this event was recorded.
1650 // +optional
1651 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTimestamp = 7;
1652
1653 // The number of times this event has occurred.
1654 // +optional
1655 optional int32 count = 8;
1656
1657 // Type of this event (Normal, Warning), new types could be added in the future
1658 // +optional
1659 optional string type = 9;
1660
1661 // Time when this Event was first observed.
1662 // +optional
1663 optional k8s.io.apimachinery.pkg.apis.meta.v1.MicroTime eventTime = 10;
1664
1665 // Data about the Event series this event represents or nil if it's a singleton Event.
1666 // +optional
1667 optional EventSeries series = 11;
1668
1669 // What action was taken/failed regarding to the Regarding object.
1670 // +optional
1671 optional string action = 12;
1672
1673 // Optional secondary object for more complex actions.
1674 // +optional
1675 optional ObjectReference related = 13;
1676
1677 // Name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`.
1678 // +optional
1679 optional string reportingComponent = 14;
1680
1681 // ID of the controller instance, e.g. `kubelet-xyzf`.
1682 // +optional
1683 optional string reportingInstance = 15;
1684}
1685
1686// EventList is a list of events.
1687message EventList {
1688 // Standard list metadata.
1689 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1690 // +optional
1691 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
1692
1693 // List of events
1694 repeated Event items = 2;
1695}
1696
1697// EventSeries contain information on series of events, i.e. thing that was/is happening
1698// continuously for some time.
1699message EventSeries {
1700 // Number of occurrences in this series up to the last heartbeat time
1701 optional int32 count = 1;
1702
1703 // Time of the last occurrence observed
1704 optional k8s.io.apimachinery.pkg.apis.meta.v1.MicroTime lastObservedTime = 2;
1705}
1706
1707// EventSource contains information for an event.
1708message EventSource {
1709 // Component from which the event is generated.
1710 // +optional
1711 optional string component = 1;
1712
1713 // Node name on which the event is generated.
1714 // +optional
1715 optional string host = 2;
1716}
1717
1718// ExecAction describes a "run in container" action.
1719message ExecAction {
1720 // Command is the command line to execute inside the container, the working directory for the
1721 // command is root ('/') in the container's filesystem. The command is simply exec'd, it is
1722 // not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
1723 // a shell, you need to explicitly call out to that shell.
1724 // Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
1725 // +optional
1726 // +listType=atomic
1727 repeated string command = 1;
1728}
1729
1730// Represents a Fibre Channel volume.
1731// Fibre Channel volumes can only be mounted as read/write once.
1732// Fibre Channel volumes support ownership management and SELinux relabeling.
1733message FCVolumeSource {
1734 // targetWWNs is Optional: FC target worldwide names (WWNs)
1735 // +optional
1736 // +listType=atomic
1737 repeated string targetWWNs = 1;
1738
1739 // lun is Optional: FC target lun number
1740 // +optional
1741 optional int32 lun = 2;
1742
1743 // fsType is the filesystem type to mount.
1744 // Must be a filesystem type supported by the host operating system.
1745 // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
1746 // TODO: how do we prevent errors in the filesystem from compromising the machine
1747 // +optional
1748 optional string fsType = 3;
1749
1750 // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
1751 // the ReadOnly setting in VolumeMounts.
1752 // +optional
1753 optional bool readOnly = 4;
1754
1755 // wwids Optional: FC volume world wide identifiers (wwids)
1756 // Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
1757 // +optional
1758 // +listType=atomic
1759 repeated string wwids = 5;
1760}
1761
1762// FlexPersistentVolumeSource represents a generic persistent volume resource that is
1763// provisioned/attached using an exec based plugin.
1764message FlexPersistentVolumeSource {
1765 // driver is the name of the driver to use for this volume.
1766 optional string driver = 1;
1767
1768 // fsType is the Filesystem type to mount.
1769 // Must be a filesystem type supported by the host operating system.
1770 // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
1771 // +optional
1772 optional string fsType = 2;
1773
1774 // secretRef is Optional: SecretRef is reference to the secret object containing
1775 // sensitive information to pass to the plugin scripts. This may be
1776 // empty if no secret object is specified. If the secret object
1777 // contains more than one secret, all secrets are passed to the plugin
1778 // scripts.
1779 // +optional
1780 optional SecretReference secretRef = 3;
1781
1782 // readOnly is Optional: defaults to false (read/write). ReadOnly here will force
1783 // the ReadOnly setting in VolumeMounts.
1784 // +optional
1785 optional bool readOnly = 4;
1786
1787 // options is Optional: this field holds extra command options if any.
1788 // +optional
1789 map<string, string> options = 5;
1790}
1791
1792// FlexVolume represents a generic volume resource that is
1793// provisioned/attached using an exec based plugin.
1794message FlexVolumeSource {
1795 // driver is the name of the driver to use for this volume.
1796 optional string driver = 1;
1797
1798 // fsType is the filesystem type to mount.
1799 // Must be a filesystem type supported by the host operating system.
1800 // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
1801 // +optional
1802 optional string fsType = 2;
1803
1804 // secretRef is Optional: secretRef is reference to the secret object containing
1805 // sensitive information to pass to the plugin scripts. This may be
1806 // empty if no secret object is specified. If the secret object
1807 // contains more than one secret, all secrets are passed to the plugin
1808 // scripts.
1809 // +optional
1810 optional LocalObjectReference secretRef = 3;
1811
1812 // readOnly is Optional: defaults to false (read/write). ReadOnly here will force
1813 // the ReadOnly setting in VolumeMounts.
1814 // +optional
1815 optional bool readOnly = 4;
1816
1817 // options is Optional: this field holds extra command options if any.
1818 // +optional
1819 map<string, string> options = 5;
1820}
1821
1822// Represents a Flocker volume mounted by the Flocker agent.
1823// One and only one of datasetName and datasetUUID should be set.
1824// Flocker volumes do not support ownership management or SELinux relabeling.
1825message FlockerVolumeSource {
1826 // datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
1827 // should be considered as deprecated
1828 // +optional
1829 optional string datasetName = 1;
1830
1831 // datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
1832 // +optional
1833 optional string datasetUUID = 2;
1834}
1835
1836// Represents a Persistent Disk resource in Google Compute Engine.
1837//
1838// A GCE PD must exist before mounting to a container. The disk must
1839// also be in the same GCE project and zone as the kubelet. A GCE PD
1840// can only be mounted as read/write once or read-only many times. GCE
1841// PDs support ownership management and SELinux relabeling.
1842message GCEPersistentDiskVolumeSource {
1843 // pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
1844 // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
1845 optional string pdName = 1;
1846
1847 // fsType is filesystem type of the volume that you want to mount.
1848 // Tip: Ensure that the filesystem type is supported by the host operating system.
1849 // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
1850 // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
1851 // TODO: how do we prevent errors in the filesystem from compromising the machine
1852 // +optional
1853 optional string fsType = 2;
1854
1855 // partition is the partition in the volume that you want to mount.
1856 // If omitted, the default is to mount by volume name.
1857 // Examples: For volume /dev/sda1, you specify the partition as "1".
1858 // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
1859 // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
1860 // +optional
1861 optional int32 partition = 3;
1862
1863 // readOnly here will force the ReadOnly setting in VolumeMounts.
1864 // Defaults to false.
1865 // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
1866 // +optional
1867 optional bool readOnly = 4;
1868}
1869
1870message GRPCAction {
1871 // Port number of the gRPC service. Number must be in the range 1 to 65535.
1872 optional int32 port = 1;
1873
1874 // Service is the name of the service to place in the gRPC HealthCheckRequest
1875 // (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
1876 //
1877 // If this is not specified, the default behavior is defined by gRPC.
1878 // +optional
1879 // +default=""
1880 optional string service = 2;
1881}
1882
1883// Represents a volume that is populated with the contents of a git repository.
1884// Git repo volumes do not support ownership management.
1885// Git repo volumes support SELinux relabeling.
1886//
1887// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
1888// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
1889// into the Pod's container.
1890message GitRepoVolumeSource {
1891 // repository is the URL
1892 optional string repository = 1;
1893
1894 // revision is the commit hash for the specified revision.
1895 // +optional
1896 optional string revision = 2;
1897
1898 // directory is the target directory name.
1899 // Must not contain or start with '..'. If '.' is supplied, the volume directory will be the
1900 // git repository. Otherwise, if specified, the volume will contain the git repository in
1901 // the subdirectory with the given name.
1902 // +optional
1903 optional string directory = 3;
1904}
1905
1906// Represents a Glusterfs mount that lasts the lifetime of a pod.
1907// Glusterfs volumes do not support ownership management or SELinux relabeling.
1908message GlusterfsPersistentVolumeSource {
1909 // endpoints is the endpoint name that details Glusterfs topology.
1910 // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
1911 optional string endpoints = 1;
1912
1913 // path is the Glusterfs volume path.
1914 // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
1915 optional string path = 2;
1916
1917 // readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
1918 // Defaults to false.
1919 // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
1920 // +optional
1921 optional bool readOnly = 3;
1922
1923 // endpointsNamespace is the namespace that contains Glusterfs endpoint.
1924 // If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC.
1925 // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
1926 // +optional
1927 optional string endpointsNamespace = 4;
1928}
1929
1930// Represents a Glusterfs mount that lasts the lifetime of a pod.
1931// Glusterfs volumes do not support ownership management or SELinux relabeling.
1932message GlusterfsVolumeSource {
1933 // endpoints is the endpoint name that details Glusterfs topology.
1934 // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
1935 optional string endpoints = 1;
1936
1937 // path is the Glusterfs volume path.
1938 // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
1939 optional string path = 2;
1940
1941 // readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
1942 // Defaults to false.
1943 // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
1944 // +optional
1945 optional bool readOnly = 3;
1946}
1947
1948// HTTPGetAction describes an action based on HTTP Get requests.
1949message HTTPGetAction {
1950 // Path to access on the HTTP server.
1951 // +optional
1952 optional string path = 1;
1953
1954 // Name or number of the port to access on the container.
1955 // Number must be in the range 1 to 65535.
1956 // Name must be an IANA_SVC_NAME.
1957 optional k8s.io.apimachinery.pkg.util.intstr.IntOrString port = 2;
1958
1959 // Host name to connect to, defaults to the pod IP. You probably want to set
1960 // "Host" in httpHeaders instead.
1961 // +optional
1962 optional string host = 3;
1963
1964 // Scheme to use for connecting to the host.
1965 // Defaults to HTTP.
1966 // +optional
1967 optional string scheme = 4;
1968
1969 // Custom headers to set in the request. HTTP allows repeated headers.
1970 // +optional
1971 // +listType=atomic
1972 repeated HTTPHeader httpHeaders = 5;
1973}
1974
1975// HTTPHeader describes a custom header to be used in HTTP probes
1976message HTTPHeader {
1977 // The header field name.
1978 // This will be canonicalized upon output, so case-variant names will be understood as the same header.
1979 optional string name = 1;
1980
1981 // The header field value
1982 optional string value = 2;
1983}
1984
1985// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
1986// pod's hosts file.
1987message HostAlias {
1988 // IP address of the host file entry.
1989 // +required
1990 optional string ip = 1;
1991
1992 // Hostnames for the above IP address.
1993 // +listType=atomic
1994 repeated string hostnames = 2;
1995}
1996
1997// HostIP represents a single IP address allocated to the host.
1998message HostIP {
1999 // IP is the IP address assigned to the host
2000 optional string ip = 1;
2001}
2002
2003// Represents a host path mapped into a pod.
2004// Host path volumes do not support ownership management or SELinux relabeling.
2005message HostPathVolumeSource {
2006 // path of the directory on the host.
2007 // If the path is a symlink, it will follow the link to the real path.
2008 // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
2009 optional string path = 1;
2010
2011 // type for HostPath Volume
2012 // Defaults to ""
2013 // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
2014 // +optional
2015 optional string type = 2;
2016}
2017
2018// ISCSIPersistentVolumeSource represents an ISCSI disk.
2019// ISCSI volumes can only be mounted as read/write once.
2020// ISCSI volumes support ownership management and SELinux relabeling.
2021message ISCSIPersistentVolumeSource {
2022 // targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
2023 // is other than default (typically TCP ports 860 and 3260).
2024 optional string targetPortal = 1;
2025
2026 // iqn is Target iSCSI Qualified Name.
2027 optional string iqn = 2;
2028
2029 // lun is iSCSI Target Lun number.
2030 optional int32 lun = 3;
2031
2032 // iscsiInterface is the interface Name that uses an iSCSI transport.
2033 // Defaults to 'default' (tcp).
2034 // +optional
2035 optional string iscsiInterface = 4;
2036
2037 // fsType is the filesystem type of the volume that you want to mount.
2038 // Tip: Ensure that the filesystem type is supported by the host operating system.
2039 // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
2040 // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
2041 // TODO: how do we prevent errors in the filesystem from compromising the machine
2042 // +optional
2043 optional string fsType = 5;
2044
2045 // readOnly here will force the ReadOnly setting in VolumeMounts.
2046 // Defaults to false.
2047 // +optional
2048 optional bool readOnly = 6;
2049
2050 // portals is the iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port
2051 // is other than default (typically TCP ports 860 and 3260).
2052 // +optional
2053 // +listType=atomic
2054 repeated string portals = 7;
2055
2056 // chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
2057 // +optional
2058 optional bool chapAuthDiscovery = 8;
2059
2060 // chapAuthSession defines whether support iSCSI Session CHAP authentication
2061 // +optional
2062 optional bool chapAuthSession = 11;
2063
2064 // secretRef is the CHAP Secret for iSCSI target and initiator authentication
2065 // +optional
2066 optional SecretReference secretRef = 10;
2067
2068 // initiatorName is the custom iSCSI Initiator Name.
2069 // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
2070 // <target portal>:<volume name> will be created for the connection.
2071 // +optional
2072 optional string initiatorName = 12;
2073}
2074
2075// Represents an ISCSI disk.
2076// ISCSI volumes can only be mounted as read/write once.
2077// ISCSI volumes support ownership management and SELinux relabeling.
2078message ISCSIVolumeSource {
2079 // targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
2080 // is other than default (typically TCP ports 860 and 3260).
2081 optional string targetPortal = 1;
2082
2083 // iqn is the target iSCSI Qualified Name.
2084 optional string iqn = 2;
2085
2086 // lun represents iSCSI Target Lun number.
2087 optional int32 lun = 3;
2088
2089 // iscsiInterface is the interface Name that uses an iSCSI transport.
2090 // Defaults to 'default' (tcp).
2091 // +optional
2092 optional string iscsiInterface = 4;
2093
2094 // fsType is the filesystem type of the volume that you want to mount.
2095 // Tip: Ensure that the filesystem type is supported by the host operating system.
2096 // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
2097 // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
2098 // TODO: how do we prevent errors in the filesystem from compromising the machine
2099 // +optional
2100 optional string fsType = 5;
2101
2102 // readOnly here will force the ReadOnly setting in VolumeMounts.
2103 // Defaults to false.
2104 // +optional
2105 optional bool readOnly = 6;
2106
2107 // portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
2108 // is other than default (typically TCP ports 860 and 3260).
2109 // +optional
2110 // +listType=atomic
2111 repeated string portals = 7;
2112
2113 // chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
2114 // +optional
2115 optional bool chapAuthDiscovery = 8;
2116
2117 // chapAuthSession defines whether support iSCSI Session CHAP authentication
2118 // +optional
2119 optional bool chapAuthSession = 11;
2120
2121 // secretRef is the CHAP Secret for iSCSI target and initiator authentication
2122 // +optional
2123 optional LocalObjectReference secretRef = 10;
2124
2125 // initiatorName is the custom iSCSI Initiator Name.
2126 // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
2127 // <target portal>:<volume name> will be created for the connection.
2128 // +optional
2129 optional string initiatorName = 12;
2130}
2131
2132// Maps a string key to a path within a volume.
2133message KeyToPath {
2134 // key is the key to project.
2135 optional string key = 1;
2136
2137 // path is the relative path of the file to map the key to.
2138 // May not be an absolute path.
2139 // May not contain the path element '..'.
2140 // May not start with the string '..'.
2141 optional string path = 2;
2142
2143 // mode is Optional: mode bits used to set permissions on this file.
2144 // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
2145 // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
2146 // If not specified, the volume defaultMode will be used.
2147 // This might be in conflict with other options that affect the file
2148 // mode, like fsGroup, and the result can be other mode bits set.
2149 // +optional
2150 optional int32 mode = 3;
2151}
2152
2153// Lifecycle describes actions that the management system should take in response to container lifecycle
2154// events. For the PostStart and PreStop lifecycle handlers, management of the container blocks
2155// until the action is complete, unless the container process fails, in which case the handler is aborted.
2156message Lifecycle {
2157 // PostStart is called immediately after a container is created. If the handler fails,
2158 // the container is terminated and restarted according to its restart policy.
2159 // Other management of the container blocks until the hook completes.
2160 // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
2161 // +optional
2162 optional LifecycleHandler postStart = 1;
2163
2164 // PreStop is called immediately before a container is terminated due to an
2165 // API request or management event such as liveness/startup probe failure,
2166 // preemption, resource contention, etc. The handler is not called if the
2167 // container crashes or exits. The Pod's termination grace period countdown begins before the
2168 // PreStop hook is executed. Regardless of the outcome of the handler, the
2169 // container will eventually terminate within the Pod's termination grace
2170 // period (unless delayed by finalizers). Other management of the container blocks until the hook completes
2171 // or until the termination grace period is reached.
2172 // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
2173 // +optional
2174 optional LifecycleHandler preStop = 2;
2175}
2176
2177// LifecycleHandler defines a specific action that should be taken in a lifecycle
2178// hook. One and only one of the fields, except TCPSocket must be specified.
2179message LifecycleHandler {
2180 // Exec specifies the action to take.
2181 // +optional
2182 optional ExecAction exec = 1;
2183
2184 // HTTPGet specifies the http request to perform.
2185 // +optional
2186 optional HTTPGetAction httpGet = 2;
2187
2188 // Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
2189 // for the backward compatibility. There are no validation of this field and
2190 // lifecycle hooks will fail in runtime when tcp handler is specified.
2191 // +optional
2192 optional TCPSocketAction tcpSocket = 3;
2193
2194 // Sleep represents the duration that the container should sleep before being terminated.
2195 // +featureGate=PodLifecycleSleepAction
2196 // +optional
2197 optional SleepAction sleep = 4;
2198}
2199
2200// LimitRange sets resource usage limits for each kind of resource in a Namespace.
2201message LimitRange {
2202 // Standard object's metadata.
2203 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
2204 // +optional
2205 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
2206
2207 // Spec defines the limits enforced.
2208 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
2209 // +optional
2210 optional LimitRangeSpec spec = 2;
2211}
2212
2213// LimitRangeItem defines a min/max usage limit for any resource that matches on kind.
2214message LimitRangeItem {
2215 // Type of resource that this limit applies to.
2216 optional string type = 1;
2217
2218 // Max usage constraints on this kind by resource name.
2219 // +optional
2220 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> max = 2;
2221
2222 // Min usage constraints on this kind by resource name.
2223 // +optional
2224 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> min = 3;
2225
2226 // Default resource requirement limit value by resource name if resource limit is omitted.
2227 // +optional
2228 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> default = 4;
2229
2230 // DefaultRequest is the default resource requirement request value by resource name if resource request is omitted.
2231 // +optional
2232 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> defaultRequest = 5;
2233
2234 // MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource.
2235 // +optional
2236 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> maxLimitRequestRatio = 6;
2237}
2238
2239// LimitRangeList is a list of LimitRange items.
2240message LimitRangeList {
2241 // Standard list metadata.
2242 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2243 // +optional
2244 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
2245
2246 // Items is a list of LimitRange objects.
2247 // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
2248 repeated LimitRange items = 2;
2249}
2250
2251// LimitRangeSpec defines a min/max usage limit for resources that match on kind.
2252message LimitRangeSpec {
2253 // Limits is the list of LimitRangeItem objects that are enforced.
2254 // +listType=atomic
2255 repeated LimitRangeItem limits = 1;
2256}
2257
2258// List holds a list of objects, which may not be known by the server.
2259message List {
2260 // Standard list metadata.
2261 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2262 // +optional
2263 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
2264
2265 // List of objects
2266 repeated k8s.io.apimachinery.pkg.runtime.RawExtension items = 2;
2267}
2268
2269// LoadBalancerIngress represents the status of a load-balancer ingress point:
2270// traffic intended for the service should be sent to an ingress point.
2271message LoadBalancerIngress {
2272 // IP is set for load-balancer ingress points that are IP based
2273 // (typically GCE or OpenStack load-balancers)
2274 // +optional
2275 optional string ip = 1;
2276
2277 // Hostname is set for load-balancer ingress points that are DNS based
2278 // (typically AWS load-balancers)
2279 // +optional
2280 optional string hostname = 2;
2281
2282 // IPMode specifies how the load-balancer IP behaves, and may only be specified when the ip field is specified.
2283 // Setting this to "VIP" indicates that traffic is delivered to the node with
2284 // the destination set to the load-balancer's IP and port.
2285 // Setting this to "Proxy" indicates that traffic is delivered to the node or pod with
2286 // the destination set to the node's IP and node port or the pod's IP and port.
2287 // Service implementations may use this information to adjust traffic routing.
2288 // +optional
2289 optional string ipMode = 3;
2290
2291 // Ports is a list of records of service ports
2292 // If used, every port defined in the service should have an entry in it
2293 // +listType=atomic
2294 // +optional
2295 repeated PortStatus ports = 4;
2296}
2297
2298// LoadBalancerStatus represents the status of a load-balancer.
2299message LoadBalancerStatus {
2300 // Ingress is a list containing ingress points for the load-balancer.
2301 // Traffic intended for the service should be sent to these ingress points.
2302 // +optional
2303 // +listType=atomic
2304 repeated LoadBalancerIngress ingress = 1;
2305}
2306
2307// LocalObjectReference contains enough information to let you locate the
2308// referenced object inside the same namespace.
2309// +structType=atomic
2310message LocalObjectReference {
2311 // Name of the referent.
2312 // This field is effectively required, but due to backwards compatibility is
2313 // allowed to be empty. Instances of this type with an empty value here are
2314 // almost certainly wrong.
2315 // TODO: Add other useful fields. apiVersion, kind, uid?
2316 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
2317 // +optional
2318 // +default=""
2319 // +kubebuilder:default=""
2320 // TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
2321 optional string name = 1;
2322}
2323
2324// Local represents directly-attached storage with node affinity (Beta feature)
2325message LocalVolumeSource {
2326 // path of the full path to the volume on the node.
2327 // It can be either a directory or block device (disk, partition, ...).
2328 optional string path = 1;
2329
2330 // fsType is the filesystem type to mount.
2331 // It applies only when the Path is a block device.
2332 // Must be a filesystem type supported by the host operating system.
2333 // Ex. "ext4", "xfs", "ntfs". The default value is to auto-select a filesystem if unspecified.
2334 // +optional
2335 optional string fsType = 2;
2336}
2337
2338// ModifyVolumeStatus represents the status object of ControllerModifyVolume operation
2339message ModifyVolumeStatus {
2340 // targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled
2341 optional string targetVolumeAttributesClassName = 1;
2342
2343 // status is the status of the ControllerModifyVolume operation. It can be in any of following states:
2344 // - Pending
2345 // Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as
2346 // the specified VolumeAttributesClass not existing.
2347 // - InProgress
2348 // InProgress indicates that the volume is being modified.
2349 // - Infeasible
2350 // Infeasible indicates that the request has been rejected as invalid by the CSI driver. To
2351 // resolve the error, a valid VolumeAttributesClass needs to be specified.
2352 // Note: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.
2353 optional string status = 2;
2354}
2355
2356// Represents an NFS mount that lasts the lifetime of a pod.
2357// NFS volumes do not support ownership management or SELinux relabeling.
2358message NFSVolumeSource {
2359 // server is the hostname or IP address of the NFS server.
2360 // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
2361 optional string server = 1;
2362
2363 // path that is exported by the NFS server.
2364 // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
2365 optional string path = 2;
2366
2367 // readOnly here will force the NFS export to be mounted with read-only permissions.
2368 // Defaults to false.
2369 // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
2370 // +optional
2371 optional bool readOnly = 3;
2372}
2373
2374// Namespace provides a scope for Names.
2375// Use of multiple namespaces is optional.
2376message Namespace {
2377 // Standard object's metadata.
2378 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
2379 // +optional
2380 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
2381
2382 // Spec defines the behavior of the Namespace.
2383 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
2384 // +optional
2385 optional NamespaceSpec spec = 2;
2386
2387 // Status describes the current status of a Namespace.
2388 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
2389 // +optional
2390 optional NamespaceStatus status = 3;
2391}
2392
2393// NamespaceCondition contains details about state of namespace.
2394message NamespaceCondition {
2395 // Type of namespace controller condition.
2396 optional string type = 1;
2397
2398 // Status of the condition, one of True, False, Unknown.
2399 optional string status = 2;
2400
2401 // +optional
2402 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 4;
2403
2404 // +optional
2405 optional string reason = 5;
2406
2407 // +optional
2408 optional string message = 6;
2409}
2410
2411// NamespaceList is a list of Namespaces.
2412message NamespaceList {
2413 // Standard list metadata.
2414 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2415 // +optional
2416 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
2417
2418 // Items is the list of Namespace objects in the list.
2419 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
2420 repeated Namespace items = 2;
2421}
2422
2423// NamespaceSpec describes the attributes on a Namespace.
2424message NamespaceSpec {
2425 // Finalizers is an opaque list of values that must be empty to permanently remove object from storage.
2426 // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/
2427 // +optional
2428 // +listType=atomic
2429 repeated string finalizers = 1;
2430}
2431
2432// NamespaceStatus is information about the current status of a Namespace.
2433message NamespaceStatus {
2434 // Phase is the current lifecycle phase of the namespace.
2435 // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/
2436 // +optional
2437 optional string phase = 1;
2438
2439 // Represents the latest available observations of a namespace's current state.
2440 // +optional
2441 // +patchMergeKey=type
2442 // +patchStrategy=merge
2443 // +listType=map
2444 // +listMapKey=type
2445 repeated NamespaceCondition conditions = 2;
2446}
2447
2448// Node is a worker node in Kubernetes.
2449// Each node will have a unique identifier in the cache (i.e. in etcd).
2450message Node {
2451 // Standard object's metadata.
2452 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
2453 // +optional
2454 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
2455
2456 // Spec defines the behavior of a node.
2457 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
2458 // +optional
2459 optional NodeSpec spec = 2;
2460
2461 // Most recently observed status of the node.
2462 // Populated by the system.
2463 // Read-only.
2464 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
2465 // +optional
2466 optional NodeStatus status = 3;
2467}
2468
2469// NodeAddress contains information for the node's address.
2470message NodeAddress {
2471 // Node address type, one of Hostname, ExternalIP or InternalIP.
2472 optional string type = 1;
2473
2474 // The node address.
2475 optional string address = 2;
2476}
2477
2478// Node affinity is a group of node affinity scheduling rules.
2479message NodeAffinity {
2480 // If the affinity requirements specified by this field are not met at
2481 // scheduling time, the pod will not be scheduled onto the node.
2482 // If the affinity requirements specified by this field cease to be met
2483 // at some point during pod execution (e.g. due to an update), the system
2484 // may or may not try to eventually evict the pod from its node.
2485 // +optional
2486 optional NodeSelector requiredDuringSchedulingIgnoredDuringExecution = 1;
2487
2488 // The scheduler will prefer to schedule pods to nodes that satisfy
2489 // the affinity expressions specified by this field, but it may choose
2490 // a node that violates one or more of the expressions. The node that is
2491 // most preferred is the one with the greatest sum of weights, i.e.
2492 // for each node that meets all of the scheduling requirements (resource
2493 // request, requiredDuringScheduling affinity expressions, etc.),
2494 // compute a sum by iterating through the elements of this field and adding
2495 // "weight" to the sum if the node matches the corresponding matchExpressions; the
2496 // node(s) with the highest sum are the most preferred.
2497 // +optional
2498 // +listType=atomic
2499 repeated PreferredSchedulingTerm preferredDuringSchedulingIgnoredDuringExecution = 2;
2500}
2501
2502// NodeCondition contains condition information for a node.
2503message NodeCondition {
2504 // Type of node condition.
2505 optional string type = 1;
2506
2507 // Status of the condition, one of True, False, Unknown.
2508 optional string status = 2;
2509
2510 // Last time we got an update on a given condition.
2511 // +optional
2512 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastHeartbeatTime = 3;
2513
2514 // Last time the condition transit from one status to another.
2515 // +optional
2516 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 4;
2517
2518 // (brief) reason for the condition's last transition.
2519 // +optional
2520 optional string reason = 5;
2521
2522 // Human readable message indicating details about last transition.
2523 // +optional
2524 optional string message = 6;
2525}
2526
2527// NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.
2528// This API is deprecated since 1.22
2529message NodeConfigSource {
2530 // ConfigMap is a reference to a Node's ConfigMap
2531 optional ConfigMapNodeConfigSource configMap = 2;
2532}
2533
2534// NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource.
2535message NodeConfigStatus {
2536 // Assigned reports the checkpointed config the node will try to use.
2537 // When Node.Spec.ConfigSource is updated, the node checkpoints the associated
2538 // config payload to local disk, along with a record indicating intended
2539 // config. The node refers to this record to choose its config checkpoint, and
2540 // reports this record in Assigned. Assigned only updates in the status after
2541 // the record has been checkpointed to disk. When the Kubelet is restarted,
2542 // it tries to make the Assigned config the Active config by loading and
2543 // validating the checkpointed payload identified by Assigned.
2544 // +optional
2545 optional NodeConfigSource assigned = 1;
2546
2547 // Active reports the checkpointed config the node is actively using.
2548 // Active will represent either the current version of the Assigned config,
2549 // or the current LastKnownGood config, depending on whether attempting to use the
2550 // Assigned config results in an error.
2551 // +optional
2552 optional NodeConfigSource active = 2;
2553
2554 // LastKnownGood reports the checkpointed config the node will fall back to
2555 // when it encounters an error attempting to use the Assigned config.
2556 // The Assigned config becomes the LastKnownGood config when the node determines
2557 // that the Assigned config is stable and correct.
2558 // This is currently implemented as a 10-minute soak period starting when the local
2559 // record of Assigned config is updated. If the Assigned config is Active at the end
2560 // of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is
2561 // reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil,
2562 // because the local default config is always assumed good.
2563 // You should not make assumptions about the node's method of determining config stability
2564 // and correctness, as this may change or become configurable in the future.
2565 // +optional
2566 optional NodeConfigSource lastKnownGood = 3;
2567
2568 // Error describes any problems reconciling the Spec.ConfigSource to the Active config.
2569 // Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned
2570 // record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting
2571 // to load or validate the Assigned config, etc.
2572 // Errors may occur at different points while syncing config. Earlier errors (e.g. download or
2573 // checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across
2574 // Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in
2575 // a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error
2576 // by fixing the config assigned in Spec.ConfigSource.
2577 // You can find additional information for debugging by searching the error message in the Kubelet log.
2578 // Error is a human-readable description of the error state; machines can check whether or not Error
2579 // is empty, but should not rely on the stability of the Error text across Kubelet versions.
2580 // +optional
2581 optional string error = 4;
2582}
2583
2584// NodeDaemonEndpoints lists ports opened by daemons running on the Node.
2585message NodeDaemonEndpoints {
2586 // Endpoint on which Kubelet is listening.
2587 // +optional
2588 optional DaemonEndpoint kubeletEndpoint = 1;
2589}
2590
2591// NodeList is the whole list of all Nodes which have been registered with master.
2592message NodeList {
2593 // Standard list metadata.
2594 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2595 // +optional
2596 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
2597
2598 // List of nodes
2599 repeated Node items = 2;
2600}
2601
2602// NodeProxyOptions is the query options to a Node's proxy call.
2603message NodeProxyOptions {
2604 // Path is the URL path to use for the current proxy request to node.
2605 // +optional
2606 optional string path = 1;
2607}
2608
2609// NodeRuntimeHandler is a set of runtime handler information.
2610message NodeRuntimeHandler {
2611 // Runtime handler name.
2612 // Empty for the default runtime handler.
2613 // +optional
2614 optional string name = 1;
2615
2616 // Supported features.
2617 // +optional
2618 optional NodeRuntimeHandlerFeatures features = 2;
2619}
2620
2621// NodeRuntimeHandlerFeatures is a set of runtime features.
2622message NodeRuntimeHandlerFeatures {
2623 // RecursiveReadOnlyMounts is set to true if the runtime handler supports RecursiveReadOnlyMounts.
2624 // +featureGate=RecursiveReadOnlyMounts
2625 // +optional
2626 optional bool recursiveReadOnlyMounts = 1;
2627}
2628
2629// A node selector represents the union of the results of one or more label queries
2630// over a set of nodes; that is, it represents the OR of the selectors represented
2631// by the node selector terms.
2632// +structType=atomic
2633message NodeSelector {
2634 // Required. A list of node selector terms. The terms are ORed.
2635 // +listType=atomic
2636 repeated NodeSelectorTerm nodeSelectorTerms = 1;
2637}
2638
2639// A node selector requirement is a selector that contains values, a key, and an operator
2640// that relates the key and values.
2641message NodeSelectorRequirement {
2642 // The label key that the selector applies to.
2643 optional string key = 1;
2644
2645 // Represents a key's relationship to a set of values.
2646 // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
2647 optional string operator = 2;
2648
2649 // An array of string values. If the operator is In or NotIn,
2650 // the values array must be non-empty. If the operator is Exists or DoesNotExist,
2651 // the values array must be empty. If the operator is Gt or Lt, the values
2652 // array must have a single element, which will be interpreted as an integer.
2653 // This array is replaced during a strategic merge patch.
2654 // +optional
2655 // +listType=atomic
2656 repeated string values = 3;
2657}
2658
2659// A null or empty node selector term matches no objects. The requirements of
2660// them are ANDed.
2661// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
2662// +structType=atomic
2663message NodeSelectorTerm {
2664 // A list of node selector requirements by node's labels.
2665 // +optional
2666 // +listType=atomic
2667 repeated NodeSelectorRequirement matchExpressions = 1;
2668
2669 // A list of node selector requirements by node's fields.
2670 // +optional
2671 // +listType=atomic
2672 repeated NodeSelectorRequirement matchFields = 2;
2673}
2674
2675// NodeSpec describes the attributes that a node is created with.
2676message NodeSpec {
2677 // PodCIDR represents the pod IP range assigned to the node.
2678 // +optional
2679 optional string podCIDR = 1;
2680
2681 // podCIDRs represents the IP ranges assigned to the node for usage by Pods on that node. If this
2682 // field is specified, the 0th entry must match the podCIDR field. It may contain at most 1 value for
2683 // each of IPv4 and IPv6.
2684 // +optional
2685 // +patchStrategy=merge
2686 // +listType=set
2687 repeated string podCIDRs = 7;
2688
2689 // ID of the node assigned by the cloud provider in the format: <ProviderName>://<ProviderSpecificNodeID>
2690 // +optional
2691 optional string providerID = 3;
2692
2693 // Unschedulable controls node schedulability of new pods. By default, node is schedulable.
2694 // More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration
2695 // +optional
2696 optional bool unschedulable = 4;
2697
2698 // If specified, the node's taints.
2699 // +optional
2700 // +listType=atomic
2701 repeated Taint taints = 5;
2702
2703 // Deprecated: Previously used to specify the source of the node's configuration for the DynamicKubeletConfig feature. This feature is removed.
2704 // +optional
2705 optional NodeConfigSource configSource = 6;
2706
2707 // Deprecated. Not all kubelets will set this field. Remove field after 1.13.
2708 // see: https://issues.k8s.io/61966
2709 // +optional
2710 optional string externalID = 2;
2711}
2712
2713// NodeStatus is information about the current status of a node.
2714message NodeStatus {
2715 // Capacity represents the total resources of a node.
2716 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity
2717 // +optional
2718 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> capacity = 1;
2719
2720 // Allocatable represents the resources of a node that are available for scheduling.
2721 // Defaults to Capacity.
2722 // +optional
2723 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> allocatable = 2;
2724
2725 // NodePhase is the recently observed lifecycle phase of the node.
2726 // More info: https://kubernetes.io/docs/concepts/nodes/node/#phase
2727 // The field is never populated, and now is deprecated.
2728 // +optional
2729 optional string phase = 3;
2730
2731 // Conditions is an array of current observed node conditions.
2732 // More info: https://kubernetes.io/docs/concepts/nodes/node/#condition
2733 // +optional
2734 // +patchMergeKey=type
2735 // +patchStrategy=merge
2736 // +listType=map
2737 // +listMapKey=type
2738 repeated NodeCondition conditions = 4;
2739
2740 // List of addresses reachable to the node.
2741 // Queried from cloud provider, if available.
2742 // More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses
2743 // Note: This field is declared as mergeable, but the merge key is not sufficiently
2744 // unique, which can cause data corruption when it is merged. Callers should instead
2745 // use a full-replacement patch. See https://pr.k8s.io/79391 for an example.
2746 // Consumers should assume that addresses can change during the
2747 // lifetime of a Node. However, there are some exceptions where this may not
2748 // be possible, such as Pods that inherit a Node's address in its own status or
2749 // consumers of the downward API (status.hostIP).
2750 // +optional
2751 // +patchMergeKey=type
2752 // +patchStrategy=merge
2753 // +listType=map
2754 // +listMapKey=type
2755 repeated NodeAddress addresses = 5;
2756
2757 // Endpoints of daemons running on the Node.
2758 // +optional
2759 optional NodeDaemonEndpoints daemonEndpoints = 6;
2760
2761 // Set of ids/uuids to uniquely identify the node.
2762 // More info: https://kubernetes.io/docs/concepts/nodes/node/#info
2763 // +optional
2764 optional NodeSystemInfo nodeInfo = 7;
2765
2766 // List of container images on this node
2767 // +optional
2768 // +listType=atomic
2769 repeated ContainerImage images = 8;
2770
2771 // List of attachable volumes in use (mounted) by the node.
2772 // +optional
2773 // +listType=atomic
2774 repeated string volumesInUse = 9;
2775
2776 // List of volumes that are attached to the node.
2777 // +optional
2778 // +listType=atomic
2779 repeated AttachedVolume volumesAttached = 10;
2780
2781 // Status of the config assigned to the node via the dynamic Kubelet config feature.
2782 // +optional
2783 optional NodeConfigStatus config = 11;
2784
2785 // The available runtime handlers.
2786 // +featureGate=RecursiveReadOnlyMounts
2787 // +optional
2788 // +listType=atomic
2789 repeated NodeRuntimeHandler runtimeHandlers = 12;
2790}
2791
2792// NodeSystemInfo is a set of ids/uuids to uniquely identify the node.
2793message NodeSystemInfo {
2794 // MachineID reported by the node. For unique machine identification
2795 // in the cluster this field is preferred. Learn more from man(5)
2796 // machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html
2797 optional string machineID = 1;
2798
2799 // SystemUUID reported by the node. For unique machine identification
2800 // MachineID is preferred. This field is specific to Red Hat hosts
2801 // https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid
2802 optional string systemUUID = 2;
2803
2804 // Boot ID reported by the node.
2805 optional string bootID = 3;
2806
2807 // Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64).
2808 optional string kernelVersion = 4;
2809
2810 // OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)).
2811 optional string osImage = 5;
2812
2813 // ContainerRuntime Version reported by the node through runtime remote API (e.g. containerd://1.4.2).
2814 optional string containerRuntimeVersion = 6;
2815
2816 // Kubelet Version reported by the node.
2817 optional string kubeletVersion = 7;
2818
2819 // KubeProxy Version reported by the node.
2820 optional string kubeProxyVersion = 8;
2821
2822 // The Operating System reported by the node
2823 optional string operatingSystem = 9;
2824
2825 // The Architecture reported by the node
2826 optional string architecture = 10;
2827}
2828
2829// ObjectFieldSelector selects an APIVersioned field of an object.
2830// +structType=atomic
2831message ObjectFieldSelector {
2832 // Version of the schema the FieldPath is written in terms of, defaults to "v1".
2833 // +optional
2834 optional string apiVersion = 1;
2835
2836 // Path of the field to select in the specified API version.
2837 optional string fieldPath = 2;
2838}
2839
2840// ObjectReference contains enough information to let you inspect or modify the referred object.
2841// ---
2842// New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs.
2843// 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage.
2844// 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular
2845// restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted".
2846// Those cannot be well described when embedded.
2847// 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen.
2848// 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity
2849// during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple
2850// and the version of the actual struct is irrelevant.
2851// 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type
2852// will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control.
2853//
2854// Instead of using this type, create a locally provided and used type that is well-focused on your reference.
2855// For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .
2856// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
2857// +structType=atomic
2858message ObjectReference {
2859 // Kind of the referent.
2860 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2861 // +optional
2862 optional string kind = 1;
2863
2864 // Namespace of the referent.
2865 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
2866 // +optional
2867 optional string namespace = 2;
2868
2869 // Name of the referent.
2870 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
2871 // +optional
2872 optional string name = 3;
2873
2874 // UID of the referent.
2875 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
2876 // +optional
2877 optional string uid = 4;
2878
2879 // API version of the referent.
2880 // +optional
2881 optional string apiVersion = 5;
2882
2883 // Specific resourceVersion to which this reference is made, if any.
2884 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
2885 // +optional
2886 optional string resourceVersion = 6;
2887
2888 // If referring to a piece of an object instead of an entire object, this string
2889 // should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
2890 // For example, if the object reference is to a container within a pod, this would take on a value like:
2891 // "spec.containers{name}" (where "name" refers to the name of the container that triggered
2892 // the event) or if no container name is specified "spec.containers[2]" (container with
2893 // index 2 in this pod). This syntax is chosen only to have some well-defined way of
2894 // referencing a part of an object.
2895 // TODO: this design is not final and this field is subject to change in the future.
2896 // +optional
2897 optional string fieldPath = 7;
2898}
2899
2900// PersistentVolume (PV) is a storage resource provisioned by an administrator.
2901// It is analogous to a node.
2902// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes
2903message PersistentVolume {
2904 // Standard object's metadata.
2905 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
2906 // +optional
2907 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
2908
2909 // spec defines a specification of a persistent volume owned by the cluster.
2910 // Provisioned by an administrator.
2911 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes
2912 // +optional
2913 optional PersistentVolumeSpec spec = 2;
2914
2915 // status represents the current information/status for the persistent volume.
2916 // Populated by the system.
2917 // Read-only.
2918 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes
2919 // +optional
2920 optional PersistentVolumeStatus status = 3;
2921}
2922
2923// PersistentVolumeClaim is a user's request for and claim to a persistent volume
2924message PersistentVolumeClaim {
2925 // Standard object's metadata.
2926 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
2927 // +optional
2928 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
2929
2930 // spec defines the desired characteristics of a volume requested by a pod author.
2931 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
2932 // +optional
2933 optional PersistentVolumeClaimSpec spec = 2;
2934
2935 // status represents the current information/status of a persistent volume claim.
2936 // Read-only.
2937 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
2938 // +optional
2939 optional PersistentVolumeClaimStatus status = 3;
2940}
2941
2942// PersistentVolumeClaimCondition contains details about state of pvc
2943message PersistentVolumeClaimCondition {
2944 optional string type = 1;
2945
2946 optional string status = 2;
2947
2948 // lastProbeTime is the time we probed the condition.
2949 // +optional
2950 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastProbeTime = 3;
2951
2952 // lastTransitionTime is the time the condition transitioned from one status to another.
2953 // +optional
2954 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 4;
2955
2956 // reason is a unique, this should be a short, machine understandable string that gives the reason
2957 // for condition's last transition. If it reports "Resizing" that means the underlying
2958 // persistent volume is being resized.
2959 // +optional
2960 optional string reason = 5;
2961
2962 // message is the human-readable message indicating details about last transition.
2963 // +optional
2964 optional string message = 6;
2965}
2966
2967// PersistentVolumeClaimList is a list of PersistentVolumeClaim items.
2968message PersistentVolumeClaimList {
2969 // Standard list metadata.
2970 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
2971 // +optional
2972 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
2973
2974 // items is a list of persistent volume claims.
2975 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
2976 repeated PersistentVolumeClaim items = 2;
2977}
2978
2979// PersistentVolumeClaimSpec describes the common attributes of storage devices
2980// and allows a Source for provider-specific attributes
2981message PersistentVolumeClaimSpec {
2982 // accessModes contains the desired access modes the volume should have.
2983 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
2984 // +optional
2985 // +listType=atomic
2986 repeated string accessModes = 1;
2987
2988 // selector is a label query over volumes to consider for binding.
2989 // +optional
2990 optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 4;
2991
2992 // resources represents the minimum resources the volume should have.
2993 // If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
2994 // that are lower than previous value but must still be higher than capacity recorded in the
2995 // status field of the claim.
2996 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
2997 // +optional
2998 optional VolumeResourceRequirements resources = 2;
2999
3000 // volumeName is the binding reference to the PersistentVolume backing this claim.
3001 // +optional
3002 optional string volumeName = 3;
3003
3004 // storageClassName is the name of the StorageClass required by the claim.
3005 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
3006 // +optional
3007 optional string storageClassName = 5;
3008
3009 // volumeMode defines what type of volume is required by the claim.
3010 // Value of Filesystem is implied when not included in claim spec.
3011 // +optional
3012 optional string volumeMode = 6;
3013
3014 // dataSource field can be used to specify either:
3015 // * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
3016 // * An existing PVC (PersistentVolumeClaim)
3017 // If the provisioner or an external controller can support the specified data source,
3018 // it will create a new volume based on the contents of the specified data source.
3019 // When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
3020 // and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
3021 // If the namespace is specified, then dataSourceRef will not be copied to dataSource.
3022 // +optional
3023 optional TypedLocalObjectReference dataSource = 7;
3024
3025 // dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
3026 // volume is desired. This may be any object from a non-empty API group (non
3027 // core object) or a PersistentVolumeClaim object.
3028 // When this field is specified, volume binding will only succeed if the type of
3029 // the specified object matches some installed volume populator or dynamic
3030 // provisioner.
3031 // This field will replace the functionality of the dataSource field and as such
3032 // if both fields are non-empty, they must have the same value. For backwards
3033 // compatibility, when namespace isn't specified in dataSourceRef,
3034 // both fields (dataSource and dataSourceRef) will be set to the same
3035 // value automatically if one of them is empty and the other is non-empty.
3036 // When namespace is specified in dataSourceRef,
3037 // dataSource isn't set to the same value and must be empty.
3038 // There are three important differences between dataSource and dataSourceRef:
3039 // * While dataSource only allows two specific types of objects, dataSourceRef
3040 // allows any non-core object, as well as PersistentVolumeClaim objects.
3041 // * While dataSource ignores disallowed values (dropping them), dataSourceRef
3042 // preserves all values, and generates an error if a disallowed value is
3043 // specified.
3044 // * While dataSource only allows local objects, dataSourceRef allows objects
3045 // in any namespaces.
3046 // (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
3047 // (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
3048 // +optional
3049 optional TypedObjectReference dataSourceRef = 8;
3050
3051 // volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
3052 // If specified, the CSI driver will create or update the volume with the attributes defined
3053 // in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
3054 // it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
3055 // will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
3056 // If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
3057 // will be set by the persistentvolume controller if it exists.
3058 // If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
3059 // set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
3060 // exists.
3061 // More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
3062 // (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
3063 // +featureGate=VolumeAttributesClass
3064 // +optional
3065 optional string volumeAttributesClassName = 9;
3066}
3067
3068// PersistentVolumeClaimStatus is the current status of a persistent volume claim.
3069message PersistentVolumeClaimStatus {
3070 // phase represents the current phase of PersistentVolumeClaim.
3071 // +optional
3072 optional string phase = 1;
3073
3074 // accessModes contains the actual access modes the volume backing the PVC has.
3075 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
3076 // +optional
3077 // +listType=atomic
3078 repeated string accessModes = 2;
3079
3080 // capacity represents the actual resources of the underlying volume.
3081 // +optional
3082 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> capacity = 3;
3083
3084 // conditions is the current Condition of persistent volume claim. If underlying persistent volume is being
3085 // resized then the Condition will be set to 'Resizing'.
3086 // +optional
3087 // +patchMergeKey=type
3088 // +patchStrategy=merge
3089 // +listType=map
3090 // +listMapKey=type
3091 repeated PersistentVolumeClaimCondition conditions = 4;
3092
3093 // allocatedResources tracks the resources allocated to a PVC including its capacity.
3094 // Key names follow standard Kubernetes label syntax. Valid values are either:
3095 // * Un-prefixed keys:
3096 // - storage - the capacity of the volume.
3097 // * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource"
3098 // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered
3099 // reserved and hence may not be used.
3100 //
3101 // Capacity reported here may be larger than the actual capacity when a volume expansion operation
3102 // is requested.
3103 // For storage quota, the larger value from allocatedResources and PVC.spec.resources is used.
3104 // If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.
3105 // If a volume expansion capacity request is lowered, allocatedResources is only
3106 // lowered if there are no expansion operations in progress and if the actual volume capacity
3107 // is equal or lower than the requested capacity.
3108 //
3109 // A controller that receives PVC update with previously unknown resourceName
3110 // should ignore the update for the purpose it was designed. For example - a controller that
3111 // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid
3112 // resources associated with PVC.
3113 //
3114 // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
3115 // +featureGate=RecoverVolumeExpansionFailure
3116 // +optional
3117 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> allocatedResources = 5;
3118
3119 // allocatedResourceStatuses stores status of resource being resized for the given PVC.
3120 // Key names follow standard Kubernetes label syntax. Valid values are either:
3121 // * Un-prefixed keys:
3122 // - storage - the capacity of the volume.
3123 // * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource"
3124 // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered
3125 // reserved and hence may not be used.
3126 //
3127 // ClaimResourceStatus can be in any of following states:
3128 // - ControllerResizeInProgress:
3129 // State set when resize controller starts resizing the volume in control-plane.
3130 // - ControllerResizeFailed:
3131 // State set when resize has failed in resize controller with a terminal error.
3132 // - NodeResizePending:
3133 // State set when resize controller has finished resizing the volume but further resizing of
3134 // volume is needed on the node.
3135 // - NodeResizeInProgress:
3136 // State set when kubelet starts resizing the volume.
3137 // - NodeResizeFailed:
3138 // State set when resizing has failed in kubelet with a terminal error. Transient errors don't set
3139 // NodeResizeFailed.
3140 // For example: if expanding a PVC for more capacity - this field can be one of the following states:
3141 // - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress"
3142 // - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed"
3143 // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending"
3144 // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress"
3145 // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed"
3146 // When this field is not set, it means that no resize operation is in progress for the given PVC.
3147 //
3148 // A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus
3149 // should ignore the update for the purpose it was designed. For example - a controller that
3150 // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid
3151 // resources associated with PVC.
3152 //
3153 // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
3154 // +featureGate=RecoverVolumeExpansionFailure
3155 // +mapType=granular
3156 // +optional
3157 map<string, string> allocatedResourceStatuses = 7;
3158
3159 // currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.
3160 // When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim
3161 // This is an alpha field and requires enabling VolumeAttributesClass feature.
3162 // +featureGate=VolumeAttributesClass
3163 // +optional
3164 optional string currentVolumeAttributesClassName = 8;
3165
3166 // ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.
3167 // When this is unset, there is no ModifyVolume operation being attempted.
3168 // This is an alpha field and requires enabling VolumeAttributesClass feature.
3169 // +featureGate=VolumeAttributesClass
3170 // +optional
3171 optional ModifyVolumeStatus modifyVolumeStatus = 9;
3172}
3173
3174// PersistentVolumeClaimTemplate is used to produce
3175// PersistentVolumeClaim objects as part of an EphemeralVolumeSource.
3176message PersistentVolumeClaimTemplate {
3177 // May contain labels and annotations that will be copied into the PVC
3178 // when creating it. No other fields are allowed and will be rejected during
3179 // validation.
3180 //
3181 // +optional
3182 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
3183
3184 // The specification for the PersistentVolumeClaim. The entire content is
3185 // copied unchanged into the PVC that gets created from this
3186 // template. The same fields as in a PersistentVolumeClaim
3187 // are also valid here.
3188 optional PersistentVolumeClaimSpec spec = 2;
3189}
3190
3191// PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace.
3192// This volume finds the bound PV and mounts that volume for the pod. A
3193// PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another
3194// type of volume that is owned by someone else (the system).
3195message PersistentVolumeClaimVolumeSource {
3196 // claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
3197 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
3198 optional string claimName = 1;
3199
3200 // readOnly Will force the ReadOnly setting in VolumeMounts.
3201 // Default false.
3202 // +optional
3203 optional bool readOnly = 2;
3204}
3205
3206// PersistentVolumeList is a list of PersistentVolume items.
3207message PersistentVolumeList {
3208 // Standard list metadata.
3209 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
3210 // +optional
3211 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
3212
3213 // items is a list of persistent volumes.
3214 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes
3215 repeated PersistentVolume items = 2;
3216}
3217
3218// PersistentVolumeSource is similar to VolumeSource but meant for the
3219// administrator who creates PVs. Exactly one of its members must be set.
3220message PersistentVolumeSource {
3221 // gcePersistentDisk represents a GCE Disk resource that is attached to a
3222 // kubelet's host machine and then exposed to the pod. Provisioned by an admin.
3223 // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
3224 // +optional
3225 optional GCEPersistentDiskVolumeSource gcePersistentDisk = 1;
3226
3227 // awsElasticBlockStore represents an AWS Disk resource that is attached to a
3228 // kubelet's host machine and then exposed to the pod.
3229 // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
3230 // +optional
3231 optional AWSElasticBlockStoreVolumeSource awsElasticBlockStore = 2;
3232
3233 // hostPath represents a directory on the host.
3234 // Provisioned by a developer or tester.
3235 // This is useful for single-node development and testing only!
3236 // On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster.
3237 // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
3238 // +optional
3239 optional HostPathVolumeSource hostPath = 3;
3240
3241 // glusterfs represents a Glusterfs volume that is attached to a host and
3242 // exposed to the pod. Provisioned by an admin.
3243 // More info: https://examples.k8s.io/volumes/glusterfs/README.md
3244 // +optional
3245 optional GlusterfsPersistentVolumeSource glusterfs = 4;
3246
3247 // nfs represents an NFS mount on the host. Provisioned by an admin.
3248 // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
3249 // +optional
3250 optional NFSVolumeSource nfs = 5;
3251
3252 // rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
3253 // More info: https://examples.k8s.io/volumes/rbd/README.md
3254 // +optional
3255 optional RBDPersistentVolumeSource rbd = 6;
3256
3257 // iscsi represents an ISCSI Disk resource that is attached to a
3258 // kubelet's host machine and then exposed to the pod. Provisioned by an admin.
3259 // +optional
3260 optional ISCSIPersistentVolumeSource iscsi = 7;
3261
3262 // cinder represents a cinder volume attached and mounted on kubelets host machine.
3263 // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
3264 // +optional
3265 optional CinderPersistentVolumeSource cinder = 8;
3266
3267 // cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
3268 // +optional
3269 optional CephFSPersistentVolumeSource cephfs = 9;
3270
3271 // fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
3272 // +optional
3273 optional FCVolumeSource fc = 10;
3274
3275 // flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running
3276 // +optional
3277 optional FlockerVolumeSource flocker = 11;
3278
3279 // flexVolume represents a generic volume resource that is
3280 // provisioned/attached using an exec based plugin.
3281 // +optional
3282 optional FlexPersistentVolumeSource flexVolume = 12;
3283
3284 // azureFile represents an Azure File Service mount on the host and bind mount to the pod.
3285 // +optional
3286 optional AzureFilePersistentVolumeSource azureFile = 13;
3287
3288 // vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
3289 // +optional
3290 optional VsphereVirtualDiskVolumeSource vsphereVolume = 14;
3291
3292 // quobyte represents a Quobyte mount on the host that shares a pod's lifetime
3293 // +optional
3294 optional QuobyteVolumeSource quobyte = 15;
3295
3296 // azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
3297 // +optional
3298 optional AzureDiskVolumeSource azureDisk = 16;
3299
3300 // photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
3301 optional PhotonPersistentDiskVolumeSource photonPersistentDisk = 17;
3302
3303 // portworxVolume represents a portworx volume attached and mounted on kubelets host machine
3304 // +optional
3305 optional PortworxVolumeSource portworxVolume = 18;
3306
3307 // scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
3308 // +optional
3309 optional ScaleIOPersistentVolumeSource scaleIO = 19;
3310
3311 // local represents directly-attached storage with node affinity
3312 // +optional
3313 optional LocalVolumeSource local = 20;
3314
3315 // storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod
3316 // More info: https://examples.k8s.io/volumes/storageos/README.md
3317 // +optional
3318 optional StorageOSPersistentVolumeSource storageos = 21;
3319
3320 // csi represents storage that is handled by an external CSI driver (Beta feature).
3321 // +optional
3322 optional CSIPersistentVolumeSource csi = 22;
3323}
3324
3325// PersistentVolumeSpec is the specification of a persistent volume.
3326message PersistentVolumeSpec {
3327 // capacity is the description of the persistent volume's resources and capacity.
3328 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity
3329 // +optional
3330 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> capacity = 1;
3331
3332 // persistentVolumeSource is the actual volume backing the persistent volume.
3333 optional PersistentVolumeSource persistentVolumeSource = 2;
3334
3335 // accessModes contains all ways the volume can be mounted.
3336 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes
3337 // +optional
3338 // +listType=atomic
3339 repeated string accessModes = 3;
3340
3341 // claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim.
3342 // Expected to be non-nil when bound.
3343 // claim.VolumeName is the authoritative bind between PV and PVC.
3344 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding
3345 // +optional
3346 // +structType=granular
3347 optional ObjectReference claimRef = 4;
3348
3349 // persistentVolumeReclaimPolicy defines what happens to a persistent volume when released from its claim.
3350 // Valid options are Retain (default for manually created PersistentVolumes), Delete (default
3351 // for dynamically provisioned PersistentVolumes), and Recycle (deprecated).
3352 // Recycle must be supported by the volume plugin underlying this PersistentVolume.
3353 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming
3354 // +optional
3355 optional string persistentVolumeReclaimPolicy = 5;
3356
3357 // storageClassName is the name of StorageClass to which this persistent volume belongs. Empty value
3358 // means that this volume does not belong to any StorageClass.
3359 // +optional
3360 optional string storageClassName = 6;
3361
3362 // mountOptions is the list of mount options, e.g. ["ro", "soft"]. Not validated - mount will
3363 // simply fail if one is invalid.
3364 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options
3365 // +optional
3366 // +listType=atomic
3367 repeated string mountOptions = 7;
3368
3369 // volumeMode defines if a volume is intended to be used with a formatted filesystem
3370 // or to remain in raw block state. Value of Filesystem is implied when not included in spec.
3371 // +optional
3372 optional string volumeMode = 8;
3373
3374 // nodeAffinity defines constraints that limit what nodes this volume can be accessed from.
3375 // This field influences the scheduling of pods that use this volume.
3376 // +optional
3377 optional VolumeNodeAffinity nodeAffinity = 9;
3378
3379 // Name of VolumeAttributesClass to which this persistent volume belongs. Empty value
3380 // is not allowed. When this field is not set, it indicates that this volume does not belong to any
3381 // VolumeAttributesClass. This field is mutable and can be changed by the CSI driver
3382 // after a volume has been updated successfully to a new class.
3383 // For an unbound PersistentVolume, the volumeAttributesClassName will be matched with unbound
3384 // PersistentVolumeClaims during the binding process.
3385 // This is an alpha field and requires enabling VolumeAttributesClass feature.
3386 // +featureGate=VolumeAttributesClass
3387 // +optional
3388 optional string volumeAttributesClassName = 10;
3389}
3390
3391// PersistentVolumeStatus is the current status of a persistent volume.
3392message PersistentVolumeStatus {
3393 // phase indicates if a volume is available, bound to a claim, or released by a claim.
3394 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase
3395 // +optional
3396 optional string phase = 1;
3397
3398 // message is a human-readable message indicating details about why the volume is in this state.
3399 // +optional
3400 optional string message = 2;
3401
3402 // reason is a brief CamelCase string that describes any failure and is meant
3403 // for machine parsing and tidy display in the CLI.
3404 // +optional
3405 optional string reason = 3;
3406
3407 // lastPhaseTransitionTime is the time the phase transitioned from one to another
3408 // and automatically resets to current time everytime a volume phase transitions.
3409 // This is a beta field and requires the PersistentVolumeLastPhaseTransitionTime feature to be enabled (enabled by default).
3410 // +featureGate=PersistentVolumeLastPhaseTransitionTime
3411 // +optional
3412 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastPhaseTransitionTime = 4;
3413}
3414
3415// Represents a Photon Controller persistent disk resource.
3416message PhotonPersistentDiskVolumeSource {
3417 // pdID is the ID that identifies Photon Controller persistent disk
3418 optional string pdID = 1;
3419
3420 // fsType is the filesystem type to mount.
3421 // Must be a filesystem type supported by the host operating system.
3422 // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
3423 optional string fsType = 2;
3424}
3425
3426// Pod is a collection of containers that can run on a host. This resource is created
3427// by clients and scheduled onto hosts.
3428message Pod {
3429 // Standard object's metadata.
3430 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
3431 // +optional
3432 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
3433
3434 // Specification of the desired behavior of the pod.
3435 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
3436 // +optional
3437 optional PodSpec spec = 2;
3438
3439 // Most recently observed status of the pod.
3440 // This data may not be up to date.
3441 // Populated by the system.
3442 // Read-only.
3443 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
3444 // +optional
3445 optional PodStatus status = 3;
3446}
3447
3448// Pod affinity is a group of inter pod affinity scheduling rules.
3449message PodAffinity {
3450 // If the affinity requirements specified by this field are not met at
3451 // scheduling time, the pod will not be scheduled onto the node.
3452 // If the affinity requirements specified by this field cease to be met
3453 // at some point during pod execution (e.g. due to a pod label update), the
3454 // system may or may not try to eventually evict the pod from its node.
3455 // When there are multiple elements, the lists of nodes corresponding to each
3456 // podAffinityTerm are intersected, i.e. all terms must be satisfied.
3457 // +optional
3458 // +listType=atomic
3459 repeated PodAffinityTerm requiredDuringSchedulingIgnoredDuringExecution = 1;
3460
3461 // The scheduler will prefer to schedule pods to nodes that satisfy
3462 // the affinity expressions specified by this field, but it may choose
3463 // a node that violates one or more of the expressions. The node that is
3464 // most preferred is the one with the greatest sum of weights, i.e.
3465 // for each node that meets all of the scheduling requirements (resource
3466 // request, requiredDuringScheduling affinity expressions, etc.),
3467 // compute a sum by iterating through the elements of this field and adding
3468 // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
3469 // node(s) with the highest sum are the most preferred.
3470 // +optional
3471 // +listType=atomic
3472 repeated WeightedPodAffinityTerm preferredDuringSchedulingIgnoredDuringExecution = 2;
3473}
3474
3475// Defines a set of pods (namely those matching the labelSelector
3476// relative to the given namespace(s)) that this pod should be
3477// co-located (affinity) or not co-located (anti-affinity) with,
3478// where co-located is defined as running on a node whose value of
3479// the label with key <topologyKey> matches that of any node on which
3480// a pod of the set of pods is running
3481message PodAffinityTerm {
3482 // A label query over a set of resources, in this case pods.
3483 // If it's null, this PodAffinityTerm matches with no Pods.
3484 // +optional
3485 optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector labelSelector = 1;
3486
3487 // namespaces specifies a static list of namespace names that the term applies to.
3488 // The term is applied to the union of the namespaces listed in this field
3489 // and the ones selected by namespaceSelector.
3490 // null or empty namespaces list and null namespaceSelector means "this pod's namespace".
3491 // +optional
3492 // +listType=atomic
3493 repeated string namespaces = 2;
3494
3495 // This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
3496 // the labelSelector in the specified namespaces, where co-located is defined as running on a node
3497 // whose value of the label with key topologyKey matches that of any node on which any of the
3498 // selected pods is running.
3499 // Empty topologyKey is not allowed.
3500 optional string topologyKey = 3;
3501
3502 // A label query over the set of namespaces that the term applies to.
3503 // The term is applied to the union of the namespaces selected by this field
3504 // and the ones listed in the namespaces field.
3505 // null selector and null or empty namespaces list means "this pod's namespace".
3506 // An empty selector ({}) matches all namespaces.
3507 // +optional
3508 optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector namespaceSelector = 4;
3509
3510 // MatchLabelKeys is a set of pod label keys to select which pods will
3511 // be taken into consideration. The keys are used to lookup values from the
3512 // incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
3513 // to select the group of existing pods which pods will be taken into consideration
3514 // for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
3515 // pod labels will be ignored. The default value is empty.
3516 // The same key is forbidden to exist in both matchLabelKeys and labelSelector.
3517 // Also, matchLabelKeys cannot be set when labelSelector isn't set.
3518 // This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
3519 // +listType=atomic
3520 // +optional
3521 repeated string matchLabelKeys = 5;
3522
3523 // MismatchLabelKeys is a set of pod label keys to select which pods will
3524 // be taken into consideration. The keys are used to lookup values from the
3525 // incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
3526 // to select the group of existing pods which pods will be taken into consideration
3527 // for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
3528 // pod labels will be ignored. The default value is empty.
3529 // The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
3530 // Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
3531 // This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
3532 // +listType=atomic
3533 // +optional
3534 repeated string mismatchLabelKeys = 6;
3535}
3536
3537// Pod anti affinity is a group of inter pod anti affinity scheduling rules.
3538message PodAntiAffinity {
3539 // If the anti-affinity requirements specified by this field are not met at
3540 // scheduling time, the pod will not be scheduled onto the node.
3541 // If the anti-affinity requirements specified by this field cease to be met
3542 // at some point during pod execution (e.g. due to a pod label update), the
3543 // system may or may not try to eventually evict the pod from its node.
3544 // When there are multiple elements, the lists of nodes corresponding to each
3545 // podAffinityTerm are intersected, i.e. all terms must be satisfied.
3546 // +optional
3547 // +listType=atomic
3548 repeated PodAffinityTerm requiredDuringSchedulingIgnoredDuringExecution = 1;
3549
3550 // The scheduler will prefer to schedule pods to nodes that satisfy
3551 // the anti-affinity expressions specified by this field, but it may choose
3552 // a node that violates one or more of the expressions. The node that is
3553 // most preferred is the one with the greatest sum of weights, i.e.
3554 // for each node that meets all of the scheduling requirements (resource
3555 // request, requiredDuringScheduling anti-affinity expressions, etc.),
3556 // compute a sum by iterating through the elements of this field and adding
3557 // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
3558 // node(s) with the highest sum are the most preferred.
3559 // +optional
3560 // +listType=atomic
3561 repeated WeightedPodAffinityTerm preferredDuringSchedulingIgnoredDuringExecution = 2;
3562}
3563
3564// PodAttachOptions is the query options to a Pod's remote attach call.
3565// ---
3566// TODO: merge w/ PodExecOptions below for stdin, stdout, etc
3567// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY
3568message PodAttachOptions {
3569 // Stdin if true, redirects the standard input stream of the pod for this call.
3570 // Defaults to false.
3571 // +optional
3572 optional bool stdin = 1;
3573
3574 // Stdout if true indicates that stdout is to be redirected for the attach call.
3575 // Defaults to true.
3576 // +optional
3577 optional bool stdout = 2;
3578
3579 // Stderr if true indicates that stderr is to be redirected for the attach call.
3580 // Defaults to true.
3581 // +optional
3582 optional bool stderr = 3;
3583
3584 // TTY if true indicates that a tty will be allocated for the attach call.
3585 // This is passed through the container runtime so the tty
3586 // is allocated on the worker node by the container runtime.
3587 // Defaults to false.
3588 // +optional
3589 optional bool tty = 4;
3590
3591 // The container in which to execute the command.
3592 // Defaults to only container if there is only one container in the pod.
3593 // +optional
3594 optional string container = 5;
3595}
3596
3597// PodCondition contains details for the current condition of this pod.
3598message PodCondition {
3599 // Type is the type of the condition.
3600 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
3601 optional string type = 1;
3602
3603 // Status is the status of the condition.
3604 // Can be True, False, Unknown.
3605 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
3606 optional string status = 2;
3607
3608 // Last time we probed the condition.
3609 // +optional
3610 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastProbeTime = 3;
3611
3612 // Last time the condition transitioned from one status to another.
3613 // +optional
3614 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 4;
3615
3616 // Unique, one-word, CamelCase reason for the condition's last transition.
3617 // +optional
3618 optional string reason = 5;
3619
3620 // Human-readable message indicating details about last transition.
3621 // +optional
3622 optional string message = 6;
3623}
3624
3625// PodDNSConfig defines the DNS parameters of a pod in addition to
3626// those generated from DNSPolicy.
3627message PodDNSConfig {
3628 // A list of DNS name server IP addresses.
3629 // This will be appended to the base nameservers generated from DNSPolicy.
3630 // Duplicated nameservers will be removed.
3631 // +optional
3632 // +listType=atomic
3633 repeated string nameservers = 1;
3634
3635 // A list of DNS search domains for host-name lookup.
3636 // This will be appended to the base search paths generated from DNSPolicy.
3637 // Duplicated search paths will be removed.
3638 // +optional
3639 // +listType=atomic
3640 repeated string searches = 2;
3641
3642 // A list of DNS resolver options.
3643 // This will be merged with the base options generated from DNSPolicy.
3644 // Duplicated entries will be removed. Resolution options given in Options
3645 // will override those that appear in the base DNSPolicy.
3646 // +optional
3647 // +listType=atomic
3648 repeated PodDNSConfigOption options = 3;
3649}
3650
3651// PodDNSConfigOption defines DNS resolver options of a pod.
3652message PodDNSConfigOption {
3653 // Required.
3654 optional string name = 1;
3655
3656 // +optional
3657 optional string value = 2;
3658}
3659
3660// PodExecOptions is the query options to a Pod's remote exec call.
3661// ---
3662// TODO: This is largely identical to PodAttachOptions above, make sure they stay in sync and see about merging
3663// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY
3664message PodExecOptions {
3665 // Redirect the standard input stream of the pod for this call.
3666 // Defaults to false.
3667 // +optional
3668 optional bool stdin = 1;
3669
3670 // Redirect the standard output stream of the pod for this call.
3671 // +optional
3672 optional bool stdout = 2;
3673
3674 // Redirect the standard error stream of the pod for this call.
3675 // +optional
3676 optional bool stderr = 3;
3677
3678 // TTY if true indicates that a tty will be allocated for the exec call.
3679 // Defaults to false.
3680 // +optional
3681 optional bool tty = 4;
3682
3683 // Container in which to execute the command.
3684 // Defaults to only container if there is only one container in the pod.
3685 // +optional
3686 optional string container = 5;
3687
3688 // Command is the remote command to execute. argv array. Not executed within a shell.
3689 // +listType=atomic
3690 repeated string command = 6;
3691}
3692
3693// PodIP represents a single IP address allocated to the pod.
3694message PodIP {
3695 // IP is the IP address assigned to the pod
3696 optional string ip = 1;
3697}
3698
3699// PodList is a list of Pods.
3700message PodList {
3701 // Standard list metadata.
3702 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
3703 // +optional
3704 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
3705
3706 // List of pods.
3707 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
3708 repeated Pod items = 2;
3709}
3710
3711// PodLogOptions is the query options for a Pod's logs REST call.
3712message PodLogOptions {
3713 // The container for which to stream logs. Defaults to only container if there is one container in the pod.
3714 // +optional
3715 optional string container = 1;
3716
3717 // Follow the log stream of the pod. Defaults to false.
3718 // +optional
3719 optional bool follow = 2;
3720
3721 // Return previous terminated container logs. Defaults to false.
3722 // +optional
3723 optional bool previous = 3;
3724
3725 // A relative time in seconds before the current time from which to show logs. If this value
3726 // precedes the time a pod was started, only logs since the pod start will be returned.
3727 // If this value is in the future, no logs will be returned.
3728 // Only one of sinceSeconds or sinceTime may be specified.
3729 // +optional
3730 optional int64 sinceSeconds = 4;
3731
3732 // An RFC3339 timestamp from which to show logs. If this value
3733 // precedes the time a pod was started, only logs since the pod start will be returned.
3734 // If this value is in the future, no logs will be returned.
3735 // Only one of sinceSeconds or sinceTime may be specified.
3736 // +optional
3737 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time sinceTime = 5;
3738
3739 // If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line
3740 // of log output. Defaults to false.
3741 // +optional
3742 optional bool timestamps = 6;
3743
3744 // If set, the number of lines from the end of the logs to show. If not specified,
3745 // logs are shown from the creation of the container or sinceSeconds or sinceTime
3746 // +optional
3747 optional int64 tailLines = 7;
3748
3749 // If set, the number of bytes to read from the server before terminating the
3750 // log output. This may not display a complete final line of logging, and may return
3751 // slightly more or slightly less than the specified limit.
3752 // +optional
3753 optional int64 limitBytes = 8;
3754
3755 // insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the
3756 // serving certificate of the backend it is connecting to. This will make the HTTPS connection between the apiserver
3757 // and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real
3758 // kubelet. If the kubelet is configured to verify the apiserver's TLS credentials, it does not mean the
3759 // connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept
3760 // the actual log data coming from the real kubelet).
3761 // +optional
3762 optional bool insecureSkipTLSVerifyBackend = 9;
3763}
3764
3765// PodOS defines the OS parameters of a pod.
3766message PodOS {
3767 // Name is the name of the operating system. The currently supported values are linux and windows.
3768 // Additional value may be defined in future and can be one of:
3769 // https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
3770 // Clients should expect to handle additional values and treat unrecognized values in this field as os: null
3771 optional string name = 1;
3772}
3773
3774// PodPortForwardOptions is the query options to a Pod's port forward call
3775// when using WebSockets.
3776// The `port` query parameter must specify the port or
3777// ports (comma separated) to forward over.
3778// Port forwarding over SPDY does not use these options. It requires the port
3779// to be passed in the `port` header as part of request.
3780message PodPortForwardOptions {
3781 // List of ports to forward
3782 // Required when using WebSockets
3783 // +optional
3784 // +listType=atomic
3785 repeated int32 ports = 1;
3786}
3787
3788// PodProxyOptions is the query options to a Pod's proxy call.
3789message PodProxyOptions {
3790 // Path is the URL path to use for the current proxy request to pod.
3791 // +optional
3792 optional string path = 1;
3793}
3794
3795// PodReadinessGate contains the reference to a pod condition
3796message PodReadinessGate {
3797 // ConditionType refers to a condition in the pod's condition list with matching type.
3798 optional string conditionType = 1;
3799}
3800
3801// PodResourceClaim references exactly one ResourceClaim through a ClaimSource.
3802// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod.
3803// Containers that need access to the ResourceClaim reference it with this name.
3804message PodResourceClaim {
3805 // Name uniquely identifies this resource claim inside the pod.
3806 // This must be a DNS_LABEL.
3807 optional string name = 1;
3808
3809 // Source describes where to find the ResourceClaim.
3810 optional ClaimSource source = 2;
3811}
3812
3813// PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim
3814// which references a ResourceClaimTemplate. It stores the generated name for
3815// the corresponding ResourceClaim.
3816message PodResourceClaimStatus {
3817 // Name uniquely identifies this resource claim inside the pod.
3818 // This must match the name of an entry in pod.spec.resourceClaims,
3819 // which implies that the string must be a DNS_LABEL.
3820 optional string name = 1;
3821
3822 // ResourceClaimName is the name of the ResourceClaim that was
3823 // generated for the Pod in the namespace of the Pod. It this is
3824 // unset, then generating a ResourceClaim was not necessary. The
3825 // pod.spec.resourceClaims entry can be ignored in this case.
3826 //
3827 // +optional
3828 optional string resourceClaimName = 2;
3829}
3830
3831// PodSchedulingGate is associated to a Pod to guard its scheduling.
3832message PodSchedulingGate {
3833 // Name of the scheduling gate.
3834 // Each scheduling gate must have a unique name field.
3835 optional string name = 1;
3836}
3837
3838// PodSecurityContext holds pod-level security attributes and common container settings.
3839// Some fields are also present in container.securityContext. Field values of
3840// container.securityContext take precedence over field values of PodSecurityContext.
3841message PodSecurityContext {
3842 // The SELinux context to be applied to all containers.
3843 // If unspecified, the container runtime will allocate a random SELinux context for each
3844 // container. May also be set in SecurityContext. If set in
3845 // both SecurityContext and PodSecurityContext, the value specified in SecurityContext
3846 // takes precedence for that container.
3847 // Note that this field cannot be set when spec.os.name is windows.
3848 // +optional
3849 optional SELinuxOptions seLinuxOptions = 1;
3850
3851 // The Windows specific settings applied to all containers.
3852 // If unspecified, the options within a container's SecurityContext will be used.
3853 // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
3854 // Note that this field cannot be set when spec.os.name is linux.
3855 // +optional
3856 optional WindowsSecurityContextOptions windowsOptions = 8;
3857
3858 // The UID to run the entrypoint of the container process.
3859 // Defaults to user specified in image metadata if unspecified.
3860 // May also be set in SecurityContext. If set in both SecurityContext and
3861 // PodSecurityContext, the value specified in SecurityContext takes precedence
3862 // for that container.
3863 // Note that this field cannot be set when spec.os.name is windows.
3864 // +optional
3865 optional int64 runAsUser = 2;
3866
3867 // The GID to run the entrypoint of the container process.
3868 // Uses runtime default if unset.
3869 // May also be set in SecurityContext. If set in both SecurityContext and
3870 // PodSecurityContext, the value specified in SecurityContext takes precedence
3871 // for that container.
3872 // Note that this field cannot be set when spec.os.name is windows.
3873 // +optional
3874 optional int64 runAsGroup = 6;
3875
3876 // Indicates that the container must run as a non-root user.
3877 // If true, the Kubelet will validate the image at runtime to ensure that it
3878 // does not run as UID 0 (root) and fail to start the container if it does.
3879 // If unset or false, no such validation will be performed.
3880 // May also be set in SecurityContext. If set in both SecurityContext and
3881 // PodSecurityContext, the value specified in SecurityContext takes precedence.
3882 // +optional
3883 optional bool runAsNonRoot = 3;
3884
3885 // A list of groups applied to the first process run in each container, in addition
3886 // to the container's primary GID, the fsGroup (if specified), and group memberships
3887 // defined in the container image for the uid of the container process. If unspecified,
3888 // no additional groups are added to any container. Note that group memberships
3889 // defined in the container image for the uid of the container process are still effective,
3890 // even if they are not included in this list.
3891 // Note that this field cannot be set when spec.os.name is windows.
3892 // +optional
3893 // +listType=atomic
3894 repeated int64 supplementalGroups = 4;
3895
3896 // A special supplemental group that applies to all containers in a pod.
3897 // Some volume types allow the Kubelet to change the ownership of that volume
3898 // to be owned by the pod:
3899 //
3900 // 1. The owning GID will be the FSGroup
3901 // 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
3902 // 3. The permission bits are OR'd with rw-rw----
3903 //
3904 // If unset, the Kubelet will not modify the ownership and permissions of any volume.
3905 // Note that this field cannot be set when spec.os.name is windows.
3906 // +optional
3907 optional int64 fsGroup = 5;
3908
3909 // Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
3910 // sysctls (by the container runtime) might fail to launch.
3911 // Note that this field cannot be set when spec.os.name is windows.
3912 // +optional
3913 // +listType=atomic
3914 repeated Sysctl sysctls = 7;
3915
3916 // fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
3917 // before being exposed inside Pod. This field will only apply to
3918 // volume types which support fsGroup based ownership(and permissions).
3919 // It will have no effect on ephemeral volume types such as: secret, configmaps
3920 // and emptydir.
3921 // Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
3922 // Note that this field cannot be set when spec.os.name is windows.
3923 // +optional
3924 optional string fsGroupChangePolicy = 9;
3925
3926 // The seccomp options to use by the containers in this pod.
3927 // Note that this field cannot be set when spec.os.name is windows.
3928 // +optional
3929 optional SeccompProfile seccompProfile = 10;
3930
3931 // appArmorProfile is the AppArmor options to use by the containers in this pod.
3932 // Note that this field cannot be set when spec.os.name is windows.
3933 // +optional
3934 optional AppArmorProfile appArmorProfile = 11;
3935}
3936
3937// Describes the class of pods that should avoid this node.
3938// Exactly one field should be set.
3939message PodSignature {
3940 // Reference to controller whose pods should avoid this node.
3941 // +optional
3942 optional k8s.io.apimachinery.pkg.apis.meta.v1.OwnerReference podController = 1;
3943}
3944
3945// PodSpec is a description of a pod.
3946message PodSpec {
3947 // List of volumes that can be mounted by containers belonging to the pod.
3948 // More info: https://kubernetes.io/docs/concepts/storage/volumes
3949 // +optional
3950 // +patchMergeKey=name
3951 // +patchStrategy=merge,retainKeys
3952 // +listType=map
3953 // +listMapKey=name
3954 repeated Volume volumes = 1;
3955
3956 // List of initialization containers belonging to the pod.
3957 // Init containers are executed in order prior to containers being started. If any
3958 // init container fails, the pod is considered to have failed and is handled according
3959 // to its restartPolicy. The name for an init container or normal container must be
3960 // unique among all containers.
3961 // Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
3962 // The resourceRequirements of an init container are taken into account during scheduling
3963 // by finding the highest request/limit for each resource type, and then using the max of
3964 // of that value or the sum of the normal containers. Limits are applied to init containers
3965 // in a similar fashion.
3966 // Init containers cannot currently be added or removed.
3967 // Cannot be updated.
3968 // More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
3969 // +patchMergeKey=name
3970 // +patchStrategy=merge
3971 // +listType=map
3972 // +listMapKey=name
3973 repeated Container initContainers = 20;
3974
3975 // List of containers belonging to the pod.
3976 // Containers cannot currently be added or removed.
3977 // There must be at least one container in a Pod.
3978 // Cannot be updated.
3979 // +patchMergeKey=name
3980 // +patchStrategy=merge
3981 // +listType=map
3982 // +listMapKey=name
3983 repeated Container containers = 2;
3984
3985 // List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing
3986 // pod to perform user-initiated actions such as debugging. This list cannot be specified when
3987 // creating a pod, and it cannot be modified by updating the pod spec. In order to add an
3988 // ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
3989 // +optional
3990 // +patchMergeKey=name
3991 // +patchStrategy=merge
3992 // +listType=map
3993 // +listMapKey=name
3994 repeated EphemeralContainer ephemeralContainers = 34;
3995
3996 // Restart policy for all containers within the pod.
3997 // One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.
3998 // Default to Always.
3999 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
4000 // +optional
4001 optional string restartPolicy = 3;
4002
4003 // Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.
4004 // Value must be non-negative integer. The value zero indicates stop immediately via
4005 // the kill signal (no opportunity to shut down).
4006 // If this value is nil, the default grace period will be used instead.
4007 // The grace period is the duration in seconds after the processes running in the pod are sent
4008 // a termination signal and the time when the processes are forcibly halted with a kill signal.
4009 // Set this value longer than the expected cleanup time for your process.
4010 // Defaults to 30 seconds.
4011 // +optional
4012 optional int64 terminationGracePeriodSeconds = 4;
4013
4014 // Optional duration in seconds the pod may be active on the node relative to
4015 // StartTime before the system will actively try to mark it failed and kill associated containers.
4016 // Value must be a positive integer.
4017 // +optional
4018 optional int64 activeDeadlineSeconds = 5;
4019
4020 // Set DNS policy for the pod.
4021 // Defaults to "ClusterFirst".
4022 // Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.
4023 // DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.
4024 // To have DNS options set along with hostNetwork, you have to specify DNS policy
4025 // explicitly to 'ClusterFirstWithHostNet'.
4026 // +optional
4027 optional string dnsPolicy = 6;
4028
4029 // NodeSelector is a selector which must be true for the pod to fit on a node.
4030 // Selector which must match a node's labels for the pod to be scheduled on that node.
4031 // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
4032 // +optional
4033 // +mapType=atomic
4034 map<string, string> nodeSelector = 7;
4035
4036 // ServiceAccountName is the name of the ServiceAccount to use to run this pod.
4037 // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
4038 // +optional
4039 optional string serviceAccountName = 8;
4040
4041 // DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.
4042 // Deprecated: Use serviceAccountName instead.
4043 // +k8s:conversion-gen=false
4044 // +optional
4045 optional string serviceAccount = 9;
4046
4047 // AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
4048 // +optional
4049 optional bool automountServiceAccountToken = 21;
4050
4051 // NodeName is a request to schedule this pod onto a specific node. If it is non-empty,
4052 // the scheduler simply schedules this pod onto that node, assuming that it fits resource
4053 // requirements.
4054 // +optional
4055 optional string nodeName = 10;
4056
4057 // Host networking requested for this pod. Use the host's network namespace.
4058 // If this option is set, the ports that will be used must be specified.
4059 // Default to false.
4060 // +k8s:conversion-gen=false
4061 // +optional
4062 optional bool hostNetwork = 11;
4063
4064 // Use the host's pid namespace.
4065 // Optional: Default to false.
4066 // +k8s:conversion-gen=false
4067 // +optional
4068 optional bool hostPID = 12;
4069
4070 // Use the host's ipc namespace.
4071 // Optional: Default to false.
4072 // +k8s:conversion-gen=false
4073 // +optional
4074 optional bool hostIPC = 13;
4075
4076 // Share a single process namespace between all of the containers in a pod.
4077 // When this is set containers will be able to view and signal processes from other containers
4078 // in the same pod, and the first process in each container will not be assigned PID 1.
4079 // HostPID and ShareProcessNamespace cannot both be set.
4080 // Optional: Default to false.
4081 // +k8s:conversion-gen=false
4082 // +optional
4083 optional bool shareProcessNamespace = 27;
4084
4085 // SecurityContext holds pod-level security attributes and common container settings.
4086 // Optional: Defaults to empty. See type description for default values of each field.
4087 // +optional
4088 optional PodSecurityContext securityContext = 14;
4089
4090 // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
4091 // If specified, these secrets will be passed to individual puller implementations for them to use.
4092 // More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
4093 // +optional
4094 // +patchMergeKey=name
4095 // +patchStrategy=merge
4096 // +listType=map
4097 // +listMapKey=name
4098 repeated LocalObjectReference imagePullSecrets = 15;
4099
4100 // Specifies the hostname of the Pod
4101 // If not specified, the pod's hostname will be set to a system-defined value.
4102 // +optional
4103 optional string hostname = 16;
4104
4105 // If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>".
4106 // If not specified, the pod will not have a domainname at all.
4107 // +optional
4108 optional string subdomain = 17;
4109
4110 // If specified, the pod's scheduling constraints
4111 // +optional
4112 optional Affinity affinity = 18;
4113
4114 // If specified, the pod will be dispatched by specified scheduler.
4115 // If not specified, the pod will be dispatched by default scheduler.
4116 // +optional
4117 optional string schedulerName = 19;
4118
4119 // If specified, the pod's tolerations.
4120 // +optional
4121 // +listType=atomic
4122 repeated Toleration tolerations = 22;
4123
4124 // HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
4125 // file if specified.
4126 // +optional
4127 // +patchMergeKey=ip
4128 // +patchStrategy=merge
4129 // +listType=map
4130 // +listMapKey=ip
4131 repeated HostAlias hostAliases = 23;
4132
4133 // If specified, indicates the pod's priority. "system-node-critical" and
4134 // "system-cluster-critical" are two special keywords which indicate the
4135 // highest priorities with the former being the highest priority. Any other
4136 // name must be defined by creating a PriorityClass object with that name.
4137 // If not specified, the pod priority will be default or zero if there is no
4138 // default.
4139 // +optional
4140 optional string priorityClassName = 24;
4141
4142 // The priority value. Various system components use this field to find the
4143 // priority of the pod. When Priority Admission Controller is enabled, it
4144 // prevents users from setting this field. The admission controller populates
4145 // this field from PriorityClassName.
4146 // The higher the value, the higher the priority.
4147 // +optional
4148 optional int32 priority = 25;
4149
4150 // Specifies the DNS parameters of a pod.
4151 // Parameters specified here will be merged to the generated DNS
4152 // configuration based on DNSPolicy.
4153 // +optional
4154 optional PodDNSConfig dnsConfig = 26;
4155
4156 // If specified, all readiness gates will be evaluated for pod readiness.
4157 // A pod is ready when all its containers are ready AND
4158 // all conditions specified in the readiness gates have status equal to "True"
4159 // More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
4160 // +optional
4161 // +listType=atomic
4162 repeated PodReadinessGate readinessGates = 28;
4163
4164 // RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
4165 // to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.
4166 // If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an
4167 // empty definition that uses the default runtime handler.
4168 // More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class
4169 // +optional
4170 optional string runtimeClassName = 29;
4171
4172 // EnableServiceLinks indicates whether information about services should be injected into pod's
4173 // environment variables, matching the syntax of Docker links.
4174 // Optional: Defaults to true.
4175 // +optional
4176 optional bool enableServiceLinks = 30;
4177
4178 // PreemptionPolicy is the Policy for preempting pods with lower priority.
4179 // One of Never, PreemptLowerPriority.
4180 // Defaults to PreemptLowerPriority if unset.
4181 // +optional
4182 optional string preemptionPolicy = 31;
4183
4184 // Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.
4185 // This field will be autopopulated at admission time by the RuntimeClass admission controller. If
4186 // the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.
4187 // The RuntimeClass admission controller will reject Pod create requests which have the overhead already
4188 // set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value
4189 // defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.
4190 // More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
4191 // +optional
4192 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> overhead = 32;
4193
4194 // TopologySpreadConstraints describes how a group of pods ought to spread across topology
4195 // domains. Scheduler will schedule pods in a way which abides by the constraints.
4196 // All topologySpreadConstraints are ANDed.
4197 // +optional
4198 // +patchMergeKey=topologyKey
4199 // +patchStrategy=merge
4200 // +listType=map
4201 // +listMapKey=topologyKey
4202 // +listMapKey=whenUnsatisfiable
4203 repeated TopologySpreadConstraint topologySpreadConstraints = 33;
4204
4205 // If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).
4206 // In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).
4207 // In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN.
4208 // If a pod does not have FQDN, this has no effect.
4209 // Default to false.
4210 // +optional
4211 optional bool setHostnameAsFQDN = 35;
4212
4213 // Specifies the OS of the containers in the pod.
4214 // Some pod and container fields are restricted if this is set.
4215 //
4216 // If the OS field is set to linux, the following fields must be unset:
4217 // -securityContext.windowsOptions
4218 //
4219 // If the OS field is set to windows, following fields must be unset:
4220 // - spec.hostPID
4221 // - spec.hostIPC
4222 // - spec.hostUsers
4223 // - spec.securityContext.appArmorProfile
4224 // - spec.securityContext.seLinuxOptions
4225 // - spec.securityContext.seccompProfile
4226 // - spec.securityContext.fsGroup
4227 // - spec.securityContext.fsGroupChangePolicy
4228 // - spec.securityContext.sysctls
4229 // - spec.shareProcessNamespace
4230 // - spec.securityContext.runAsUser
4231 // - spec.securityContext.runAsGroup
4232 // - spec.securityContext.supplementalGroups
4233 // - spec.containers[*].securityContext.appArmorProfile
4234 // - spec.containers[*].securityContext.seLinuxOptions
4235 // - spec.containers[*].securityContext.seccompProfile
4236 // - spec.containers[*].securityContext.capabilities
4237 // - spec.containers[*].securityContext.readOnlyRootFilesystem
4238 // - spec.containers[*].securityContext.privileged
4239 // - spec.containers[*].securityContext.allowPrivilegeEscalation
4240 // - spec.containers[*].securityContext.procMount
4241 // - spec.containers[*].securityContext.runAsUser
4242 // - spec.containers[*].securityContext.runAsGroup
4243 // +optional
4244 optional PodOS os = 36;
4245
4246 // Use the host's user namespace.
4247 // Optional: Default to true.
4248 // If set to true or not present, the pod will be run in the host user namespace, useful
4249 // for when the pod needs a feature only available to the host user namespace, such as
4250 // loading a kernel module with CAP_SYS_MODULE.
4251 // When set to false, a new userns is created for the pod. Setting false is useful for
4252 // mitigating container breakout vulnerabilities even allowing users to run their
4253 // containers as root without actually having root privileges on the host.
4254 // This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
4255 // +k8s:conversion-gen=false
4256 // +optional
4257 optional bool hostUsers = 37;
4258
4259 // SchedulingGates is an opaque list of values that if specified will block scheduling the pod.
4260 // If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the
4261 // scheduler will not attempt to schedule the pod.
4262 //
4263 // SchedulingGates can only be set at pod creation time, and be removed only afterwards.
4264 //
4265 // +patchMergeKey=name
4266 // +patchStrategy=merge
4267 // +listType=map
4268 // +listMapKey=name
4269 // +optional
4270 repeated PodSchedulingGate schedulingGates = 38;
4271
4272 // ResourceClaims defines which ResourceClaims must be allocated
4273 // and reserved before the Pod is allowed to start. The resources
4274 // will be made available to those containers which consume them
4275 // by name.
4276 //
4277 // This is an alpha field and requires enabling the
4278 // DynamicResourceAllocation feature gate.
4279 //
4280 // This field is immutable.
4281 //
4282 // +patchMergeKey=name
4283 // +patchStrategy=merge,retainKeys
4284 // +listType=map
4285 // +listMapKey=name
4286 // +featureGate=DynamicResourceAllocation
4287 // +optional
4288 repeated PodResourceClaim resourceClaims = 39;
4289}
4290
4291// PodStatus represents information about the status of a pod. Status may trail the actual
4292// state of a system, especially if the node that hosts the pod cannot contact the control
4293// plane.
4294message PodStatus {
4295 // The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle.
4296 // The conditions array, the reason and message fields, and the individual container status
4297 // arrays contain more detail about the pod's status.
4298 // There are five possible phase values:
4299 //
4300 // Pending: The pod has been accepted by the Kubernetes system, but one or more of the
4301 // container images has not been created. This includes time before being scheduled as
4302 // well as time spent downloading images over the network, which could take a while.
4303 // Running: The pod has been bound to a node, and all of the containers have been created.
4304 // At least one container is still running, or is in the process of starting or restarting.
4305 // Succeeded: All containers in the pod have terminated in success, and will not be restarted.
4306 // Failed: All containers in the pod have terminated, and at least one container has
4307 // terminated in failure. The container either exited with non-zero status or was terminated
4308 // by the system.
4309 // Unknown: For some reason the state of the pod could not be obtained, typically due to an
4310 // error in communicating with the host of the pod.
4311 //
4312 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase
4313 // +optional
4314 optional string phase = 1;
4315
4316 // Current service state of pod.
4317 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions
4318 // +optional
4319 // +patchMergeKey=type
4320 // +patchStrategy=merge
4321 // +listType=map
4322 // +listMapKey=type
4323 repeated PodCondition conditions = 2;
4324
4325 // A human readable message indicating details about why the pod is in this condition.
4326 // +optional
4327 optional string message = 3;
4328
4329 // A brief CamelCase message indicating details about why the pod is in this state.
4330 // e.g. 'Evicted'
4331 // +optional
4332 optional string reason = 4;
4333
4334 // nominatedNodeName is set only when this pod preempts other pods on the node, but it cannot be
4335 // scheduled right away as preemption victims receive their graceful termination periods.
4336 // This field does not guarantee that the pod will be scheduled on this node. Scheduler may decide
4337 // to place the pod elsewhere if other nodes become available sooner. Scheduler may also decide to
4338 // give the resources on this node to a higher priority pod that is created after preemption.
4339 // As a result, this field may be different than PodSpec.nodeName when the pod is
4340 // scheduled.
4341 // +optional
4342 optional string nominatedNodeName = 11;
4343
4344 // hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet.
4345 // A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will
4346 // not be updated even if there is a node is assigned to pod
4347 // +optional
4348 optional string hostIP = 5;
4349
4350 // hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must
4351 // match the hostIP field. This list is empty if the pod has not started yet.
4352 // A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will
4353 // not be updated even if there is a node is assigned to this pod.
4354 // +optional
4355 // +patchStrategy=merge
4356 // +patchMergeKey=ip
4357 // +listType=atomic
4358 repeated HostIP hostIPs = 16;
4359
4360 // podIP address allocated to the pod. Routable at least within the cluster.
4361 // Empty if not yet allocated.
4362 // +optional
4363 optional string podIP = 6;
4364
4365 // podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must
4366 // match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list
4367 // is empty if no IPs have been allocated yet.
4368 // +optional
4369 // +patchStrategy=merge
4370 // +patchMergeKey=ip
4371 // +listType=map
4372 // +listMapKey=ip
4373 repeated PodIP podIPs = 12;
4374
4375 // RFC 3339 date and time at which the object was acknowledged by the Kubelet.
4376 // This is before the Kubelet pulled the container image(s) for the pod.
4377 // +optional
4378 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time startTime = 7;
4379
4380 // The list has one entry per init container in the manifest. The most recent successful
4381 // init container will have ready = true, the most recently started container will have
4382 // startTime set.
4383 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status
4384 // +listType=atomic
4385 repeated ContainerStatus initContainerStatuses = 10;
4386
4387 // The list has one entry per container in the manifest.
4388 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status
4389 // +optional
4390 // +listType=atomic
4391 repeated ContainerStatus containerStatuses = 8;
4392
4393 // The Quality of Service (QOS) classification assigned to the pod based on resource requirements
4394 // See PodQOSClass type for available QOS classes
4395 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes
4396 // +optional
4397 optional string qosClass = 9;
4398
4399 // Status for any ephemeral containers that have run in this pod.
4400 // +optional
4401 // +listType=atomic
4402 repeated ContainerStatus ephemeralContainerStatuses = 13;
4403
4404 // Status of resources resize desired for pod's containers.
4405 // It is empty if no resources resize is pending.
4406 // Any changes to container resources will automatically set this to "Proposed"
4407 // +featureGate=InPlacePodVerticalScaling
4408 // +optional
4409 optional string resize = 14;
4410
4411 // Status of resource claims.
4412 // +patchMergeKey=name
4413 // +patchStrategy=merge,retainKeys
4414 // +listType=map
4415 // +listMapKey=name
4416 // +featureGate=DynamicResourceAllocation
4417 // +optional
4418 repeated PodResourceClaimStatus resourceClaimStatuses = 15;
4419}
4420
4421// PodStatusResult is a wrapper for PodStatus returned by kubelet that can be encode/decoded
4422message PodStatusResult {
4423 // Standard object's metadata.
4424 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
4425 // +optional
4426 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
4427
4428 // Most recently observed status of the pod.
4429 // This data may not be up to date.
4430 // Populated by the system.
4431 // Read-only.
4432 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
4433 // +optional
4434 optional PodStatus status = 2;
4435}
4436
4437// PodTemplate describes a template for creating copies of a predefined pod.
4438message PodTemplate {
4439 // Standard object's metadata.
4440 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
4441 // +optional
4442 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
4443
4444 // Template defines the pods that will be created from this pod template.
4445 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
4446 // +optional
4447 optional PodTemplateSpec template = 2;
4448}
4449
4450// PodTemplateList is a list of PodTemplates.
4451message PodTemplateList {
4452 // Standard list metadata.
4453 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
4454 // +optional
4455 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
4456
4457 // List of pod templates
4458 repeated PodTemplate items = 2;
4459}
4460
4461// PodTemplateSpec describes the data a pod should have when created from a template
4462message PodTemplateSpec {
4463 // Standard object's metadata.
4464 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
4465 // +optional
4466 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
4467
4468 // Specification of the desired behavior of the pod.
4469 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
4470 // +optional
4471 optional PodSpec spec = 2;
4472}
4473
4474message PortStatus {
4475 // Port is the port number of the service port of which status is recorded here
4476 optional int32 port = 1;
4477
4478 // Protocol is the protocol of the service port of which status is recorded here
4479 // The supported values are: "TCP", "UDP", "SCTP"
4480 optional string protocol = 2;
4481
4482 // Error is to record the problem with the service port
4483 // The format of the error shall comply with the following rules:
4484 // - built-in error values shall be specified in this file and those shall use
4485 // CamelCase names
4486 // - cloud provider specific error values must have names that comply with the
4487 // format foo.example.com/CamelCase.
4488 // ---
4489 // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
4490 // +optional
4491 // +kubebuilder:validation:Required
4492 // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$`
4493 // +kubebuilder:validation:MaxLength=316
4494 optional string error = 3;
4495}
4496
4497// PortworxVolumeSource represents a Portworx volume resource.
4498message PortworxVolumeSource {
4499 // volumeID uniquely identifies a Portworx volume
4500 optional string volumeID = 1;
4501
4502 // fSType represents the filesystem type to mount
4503 // Must be a filesystem type supported by the host operating system.
4504 // Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
4505 optional string fsType = 2;
4506
4507 // readOnly defaults to false (read/write). ReadOnly here will force
4508 // the ReadOnly setting in VolumeMounts.
4509 // +optional
4510 optional bool readOnly = 3;
4511}
4512
4513// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out.
4514// +k8s:openapi-gen=false
4515message Preconditions {
4516 // Specifies the target UID.
4517 // +optional
4518 optional string uid = 1;
4519}
4520
4521// Describes a class of pods that should avoid this node.
4522message PreferAvoidPodsEntry {
4523 // The class of pods.
4524 optional PodSignature podSignature = 1;
4525
4526 // Time at which this entry was added to the list.
4527 // +optional
4528 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time evictionTime = 2;
4529
4530 // (brief) reason why this entry was added to the list.
4531 // +optional
4532 optional string reason = 3;
4533
4534 // Human readable message indicating why this entry was added to the list.
4535 // +optional
4536 optional string message = 4;
4537}
4538
4539// An empty preferred scheduling term matches all objects with implicit weight 0
4540// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
4541message PreferredSchedulingTerm {
4542 // Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
4543 optional int32 weight = 1;
4544
4545 // A node selector term, associated with the corresponding weight.
4546 optional NodeSelectorTerm preference = 2;
4547}
4548
4549// Probe describes a health check to be performed against a container to determine whether it is
4550// alive or ready to receive traffic.
4551message Probe {
4552 // The action taken to determine the health of a container
4553 optional ProbeHandler handler = 1;
4554
4555 // Number of seconds after the container has started before liveness probes are initiated.
4556 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
4557 // +optional
4558 optional int32 initialDelaySeconds = 2;
4559
4560 // Number of seconds after which the probe times out.
4561 // Defaults to 1 second. Minimum value is 1.
4562 // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
4563 // +optional
4564 optional int32 timeoutSeconds = 3;
4565
4566 // How often (in seconds) to perform the probe.
4567 // Default to 10 seconds. Minimum value is 1.
4568 // +optional
4569 optional int32 periodSeconds = 4;
4570
4571 // Minimum consecutive successes for the probe to be considered successful after having failed.
4572 // Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
4573 // +optional
4574 optional int32 successThreshold = 5;
4575
4576 // Minimum consecutive failures for the probe to be considered failed after having succeeded.
4577 // Defaults to 3. Minimum value is 1.
4578 // +optional
4579 optional int32 failureThreshold = 6;
4580
4581 // Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
4582 // The grace period is the duration in seconds after the processes running in the pod are sent
4583 // a termination signal and the time when the processes are forcibly halted with a kill signal.
4584 // Set this value longer than the expected cleanup time for your process.
4585 // If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
4586 // value overrides the value provided by the pod spec.
4587 // Value must be non-negative integer. The value zero indicates stop immediately via
4588 // the kill signal (no opportunity to shut down).
4589 // This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
4590 // Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
4591 // +optional
4592 optional int64 terminationGracePeriodSeconds = 7;
4593}
4594
4595// ProbeHandler defines a specific action that should be taken in a probe.
4596// One and only one of the fields must be specified.
4597message ProbeHandler {
4598 // Exec specifies the action to take.
4599 // +optional
4600 optional ExecAction exec = 1;
4601
4602 // HTTPGet specifies the http request to perform.
4603 // +optional
4604 optional HTTPGetAction httpGet = 2;
4605
4606 // TCPSocket specifies an action involving a TCP port.
4607 // +optional
4608 optional TCPSocketAction tcpSocket = 3;
4609
4610 // GRPC specifies an action involving a GRPC port.
4611 // +optional
4612 optional GRPCAction grpc = 4;
4613}
4614
4615// Represents a projected volume source
4616message ProjectedVolumeSource {
4617 // sources is the list of volume projections
4618 // +optional
4619 // +listType=atomic
4620 repeated VolumeProjection sources = 1;
4621
4622 // defaultMode are the mode bits used to set permissions on created files by default.
4623 // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
4624 // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
4625 // Directories within the path are not affected by this setting.
4626 // This might be in conflict with other options that affect the file
4627 // mode, like fsGroup, and the result can be other mode bits set.
4628 // +optional
4629 optional int32 defaultMode = 2;
4630}
4631
4632// Represents a Quobyte mount that lasts the lifetime of a pod.
4633// Quobyte volumes do not support ownership management or SELinux relabeling.
4634message QuobyteVolumeSource {
4635 // registry represents a single or multiple Quobyte Registry services
4636 // specified as a string as host:port pair (multiple entries are separated with commas)
4637 // which acts as the central registry for volumes
4638 optional string registry = 1;
4639
4640 // volume is a string that references an already created Quobyte volume by name.
4641 optional string volume = 2;
4642
4643 // readOnly here will force the Quobyte volume to be mounted with read-only permissions.
4644 // Defaults to false.
4645 // +optional
4646 optional bool readOnly = 3;
4647
4648 // user to map volume access to
4649 // Defaults to serivceaccount user
4650 // +optional
4651 optional string user = 4;
4652
4653 // group to map volume access to
4654 // Default is no group
4655 // +optional
4656 optional string group = 5;
4657
4658 // tenant owning the given Quobyte volume in the Backend
4659 // Used with dynamically provisioned Quobyte volumes, value is set by the plugin
4660 // +optional
4661 optional string tenant = 6;
4662}
4663
4664// Represents a Rados Block Device mount that lasts the lifetime of a pod.
4665// RBD volumes support ownership management and SELinux relabeling.
4666message RBDPersistentVolumeSource {
4667 // monitors is a collection of Ceph monitors.
4668 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
4669 // +listType=atomic
4670 repeated string monitors = 1;
4671
4672 // image is the rados image name.
4673 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
4674 optional string image = 2;
4675
4676 // fsType is the filesystem type of the volume that you want to mount.
4677 // Tip: Ensure that the filesystem type is supported by the host operating system.
4678 // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
4679 // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
4680 // TODO: how do we prevent errors in the filesystem from compromising the machine
4681 // +optional
4682 optional string fsType = 3;
4683
4684 // pool is the rados pool name.
4685 // Default is rbd.
4686 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
4687 // +optional
4688 optional string pool = 4;
4689
4690 // user is the rados user name.
4691 // Default is admin.
4692 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
4693 // +optional
4694 optional string user = 5;
4695
4696 // keyring is the path to key ring for RBDUser.
4697 // Default is /etc/ceph/keyring.
4698 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
4699 // +optional
4700 optional string keyring = 6;
4701
4702 // secretRef is name of the authentication secret for RBDUser. If provided
4703 // overrides keyring.
4704 // Default is nil.
4705 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
4706 // +optional
4707 optional SecretReference secretRef = 7;
4708
4709 // readOnly here will force the ReadOnly setting in VolumeMounts.
4710 // Defaults to false.
4711 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
4712 // +optional
4713 optional bool readOnly = 8;
4714}
4715
4716// Represents a Rados Block Device mount that lasts the lifetime of a pod.
4717// RBD volumes support ownership management and SELinux relabeling.
4718message RBDVolumeSource {
4719 // monitors is a collection of Ceph monitors.
4720 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
4721 // +listType=atomic
4722 repeated string monitors = 1;
4723
4724 // image is the rados image name.
4725 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
4726 optional string image = 2;
4727
4728 // fsType is the filesystem type of the volume that you want to mount.
4729 // Tip: Ensure that the filesystem type is supported by the host operating system.
4730 // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
4731 // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
4732 // TODO: how do we prevent errors in the filesystem from compromising the machine
4733 // +optional
4734 optional string fsType = 3;
4735
4736 // pool is the rados pool name.
4737 // Default is rbd.
4738 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
4739 // +optional
4740 optional string pool = 4;
4741
4742 // user is the rados user name.
4743 // Default is admin.
4744 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
4745 // +optional
4746 optional string user = 5;
4747
4748 // keyring is the path to key ring for RBDUser.
4749 // Default is /etc/ceph/keyring.
4750 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
4751 // +optional
4752 optional string keyring = 6;
4753
4754 // secretRef is name of the authentication secret for RBDUser. If provided
4755 // overrides keyring.
4756 // Default is nil.
4757 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
4758 // +optional
4759 optional LocalObjectReference secretRef = 7;
4760
4761 // readOnly here will force the ReadOnly setting in VolumeMounts.
4762 // Defaults to false.
4763 // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
4764 // +optional
4765 optional bool readOnly = 8;
4766}
4767
4768// RangeAllocation is not a public type.
4769message RangeAllocation {
4770 // Standard object's metadata.
4771 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
4772 // +optional
4773 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
4774
4775 // Range is string that identifies the range represented by 'data'.
4776 optional string range = 2;
4777
4778 // Data is a bit array containing all allocated addresses in the previous segment.
4779 optional bytes data = 3;
4780}
4781
4782// ReplicationController represents the configuration of a replication controller.
4783message ReplicationController {
4784 // If the Labels of a ReplicationController are empty, they are defaulted to
4785 // be the same as the Pod(s) that the replication controller manages.
4786 // Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
4787 // +optional
4788 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
4789
4790 // Spec defines the specification of the desired behavior of the replication controller.
4791 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
4792 // +optional
4793 optional ReplicationControllerSpec spec = 2;
4794
4795 // Status is the most recently observed status of the replication controller.
4796 // This data may be out of date by some window of time.
4797 // Populated by the system.
4798 // Read-only.
4799 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
4800 // +optional
4801 optional ReplicationControllerStatus status = 3;
4802}
4803
4804// ReplicationControllerCondition describes the state of a replication controller at a certain point.
4805message ReplicationControllerCondition {
4806 // Type of replication controller condition.
4807 optional string type = 1;
4808
4809 // Status of the condition, one of True, False, Unknown.
4810 optional string status = 2;
4811
4812 // The last time the condition transitioned from one status to another.
4813 // +optional
4814 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3;
4815
4816 // The reason for the condition's last transition.
4817 // +optional
4818 optional string reason = 4;
4819
4820 // A human readable message indicating details about the transition.
4821 // +optional
4822 optional string message = 5;
4823}
4824
4825// ReplicationControllerList is a collection of replication controllers.
4826message ReplicationControllerList {
4827 // Standard list metadata.
4828 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
4829 // +optional
4830 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
4831
4832 // List of replication controllers.
4833 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller
4834 repeated ReplicationController items = 2;
4835}
4836
4837// ReplicationControllerSpec is the specification of a replication controller.
4838message ReplicationControllerSpec {
4839 // Replicas is the number of desired replicas.
4840 // This is a pointer to distinguish between explicit zero and unspecified.
4841 // Defaults to 1.
4842 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller
4843 // +optional
4844 optional int32 replicas = 1;
4845
4846 // Minimum number of seconds for which a newly created pod should be ready
4847 // without any of its container crashing, for it to be considered available.
4848 // Defaults to 0 (pod will be considered available as soon as it is ready)
4849 // +optional
4850 optional int32 minReadySeconds = 4;
4851
4852 // Selector is a label query over pods that should match the Replicas count.
4853 // If Selector is empty, it is defaulted to the labels present on the Pod template.
4854 // Label keys and values that must match in order to be controlled by this replication
4855 // controller, if empty defaulted to labels on Pod template.
4856 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
4857 // +optional
4858 // +mapType=atomic
4859 map<string, string> selector = 2;
4860
4861 // Template is the object that describes the pod that will be created if
4862 // insufficient replicas are detected. This takes precedence over a TemplateRef.
4863 // The only allowed template.spec.restartPolicy value is "Always".
4864 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
4865 // +optional
4866 optional PodTemplateSpec template = 3;
4867}
4868
4869// ReplicationControllerStatus represents the current status of a replication
4870// controller.
4871message ReplicationControllerStatus {
4872 // Replicas is the most recently observed number of replicas.
4873 // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller
4874 optional int32 replicas = 1;
4875
4876 // The number of pods that have labels matching the labels of the pod template of the replication controller.
4877 // +optional
4878 optional int32 fullyLabeledReplicas = 2;
4879
4880 // The number of ready replicas for this replication controller.
4881 // +optional
4882 optional int32 readyReplicas = 4;
4883
4884 // The number of available replicas (ready for at least minReadySeconds) for this replication controller.
4885 // +optional
4886 optional int32 availableReplicas = 5;
4887
4888 // ObservedGeneration reflects the generation of the most recently observed replication controller.
4889 // +optional
4890 optional int64 observedGeneration = 3;
4891
4892 // Represents the latest available observations of a replication controller's current state.
4893 // +optional
4894 // +patchMergeKey=type
4895 // +patchStrategy=merge
4896 // +listType=map
4897 // +listMapKey=type
4898 repeated ReplicationControllerCondition conditions = 6;
4899}
4900
4901// ResourceClaim references one entry in PodSpec.ResourceClaims.
4902message ResourceClaim {
4903 // Name must match the name of one entry in pod.spec.resourceClaims of
4904 // the Pod where this field is used. It makes that resource available
4905 // inside a container.
4906 optional string name = 1;
4907}
4908
4909// ResourceFieldSelector represents container resources (cpu, memory) and their output format
4910// +structType=atomic
4911message ResourceFieldSelector {
4912 // Container name: required for volumes, optional for env vars
4913 // +optional
4914 optional string containerName = 1;
4915
4916 // Required: resource to select
4917 optional string resource = 2;
4918
4919 // Specifies the output format of the exposed resources, defaults to "1"
4920 // +optional
4921 optional k8s.io.apimachinery.pkg.api.resource.Quantity divisor = 3;
4922}
4923
4924// ResourceQuota sets aggregate quota restrictions enforced per namespace
4925message ResourceQuota {
4926 // Standard object's metadata.
4927 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
4928 // +optional
4929 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
4930
4931 // Spec defines the desired quota.
4932 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
4933 // +optional
4934 optional ResourceQuotaSpec spec = 2;
4935
4936 // Status defines the actual enforced quota and its current usage.
4937 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
4938 // +optional
4939 optional ResourceQuotaStatus status = 3;
4940}
4941
4942// ResourceQuotaList is a list of ResourceQuota items.
4943message ResourceQuotaList {
4944 // Standard list metadata.
4945 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
4946 // +optional
4947 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
4948
4949 // Items is a list of ResourceQuota objects.
4950 // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
4951 repeated ResourceQuota items = 2;
4952}
4953
4954// ResourceQuotaSpec defines the desired hard limits to enforce for Quota.
4955message ResourceQuotaSpec {
4956 // hard is the set of desired hard limits for each named resource.
4957 // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
4958 // +optional
4959 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> hard = 1;
4960
4961 // A collection of filters that must match each object tracked by a quota.
4962 // If not specified, the quota matches all objects.
4963 // +optional
4964 // +listType=atomic
4965 repeated string scopes = 2;
4966
4967 // scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota
4968 // but expressed using ScopeSelectorOperator in combination with possible values.
4969 // For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.
4970 // +optional
4971 optional ScopeSelector scopeSelector = 3;
4972}
4973
4974// ResourceQuotaStatus defines the enforced hard limits and observed use.
4975message ResourceQuotaStatus {
4976 // Hard is the set of enforced hard limits for each named resource.
4977 // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
4978 // +optional
4979 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> hard = 1;
4980
4981 // Used is the current observed total usage of the resource in the namespace.
4982 // +optional
4983 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> used = 2;
4984}
4985
4986// ResourceRequirements describes the compute resource requirements.
4987message ResourceRequirements {
4988 // Limits describes the maximum amount of compute resources allowed.
4989 // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
4990 // +optional
4991 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> limits = 1;
4992
4993 // Requests describes the minimum amount of compute resources required.
4994 // If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
4995 // otherwise to an implementation-defined value. Requests cannot exceed Limits.
4996 // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
4997 // +optional
4998 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> requests = 2;
4999
5000 // Claims lists the names of resources, defined in spec.resourceClaims,
5001 // that are used by this container.
5002 //
5003 // This is an alpha field and requires enabling the
5004 // DynamicResourceAllocation feature gate.
5005 //
5006 // This field is immutable. It can only be set for containers.
5007 //
5008 // +listType=map
5009 // +listMapKey=name
5010 // +featureGate=DynamicResourceAllocation
5011 // +optional
5012 repeated ResourceClaim claims = 3;
5013}
5014
5015// SELinuxOptions are the labels to be applied to the container
5016message SELinuxOptions {
5017 // User is a SELinux user label that applies to the container.
5018 // +optional
5019 optional string user = 1;
5020
5021 // Role is a SELinux role label that applies to the container.
5022 // +optional
5023 optional string role = 2;
5024
5025 // Type is a SELinux type label that applies to the container.
5026 // +optional
5027 optional string type = 3;
5028
5029 // Level is SELinux level label that applies to the container.
5030 // +optional
5031 optional string level = 4;
5032}
5033
5034// ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume
5035message ScaleIOPersistentVolumeSource {
5036 // gateway is the host address of the ScaleIO API Gateway.
5037 optional string gateway = 1;
5038
5039 // system is the name of the storage system as configured in ScaleIO.
5040 optional string system = 2;
5041
5042 // secretRef references to the secret for ScaleIO user and other
5043 // sensitive information. If this is not provided, Login operation will fail.
5044 optional SecretReference secretRef = 3;
5045
5046 // sslEnabled is the flag to enable/disable SSL communication with Gateway, default false
5047 // +optional
5048 optional bool sslEnabled = 4;
5049
5050 // protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
5051 // +optional
5052 optional string protectionDomain = 5;
5053
5054 // storagePool is the ScaleIO Storage Pool associated with the protection domain.
5055 // +optional
5056 optional string storagePool = 6;
5057
5058 // storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
5059 // Default is ThinProvisioned.
5060 // +optional
5061 optional string storageMode = 7;
5062
5063 // volumeName is the name of a volume already created in the ScaleIO system
5064 // that is associated with this volume source.
5065 optional string volumeName = 8;
5066
5067 // fsType is the filesystem type to mount.
5068 // Must be a filesystem type supported by the host operating system.
5069 // Ex. "ext4", "xfs", "ntfs".
5070 // Default is "xfs"
5071 // +optional
5072 optional string fsType = 9;
5073
5074 // readOnly defaults to false (read/write). ReadOnly here will force
5075 // the ReadOnly setting in VolumeMounts.
5076 // +optional
5077 optional bool readOnly = 10;
5078}
5079
5080// ScaleIOVolumeSource represents a persistent ScaleIO volume
5081message ScaleIOVolumeSource {
5082 // gateway is the host address of the ScaleIO API Gateway.
5083 optional string gateway = 1;
5084
5085 // system is the name of the storage system as configured in ScaleIO.
5086 optional string system = 2;
5087
5088 // secretRef references to the secret for ScaleIO user and other
5089 // sensitive information. If this is not provided, Login operation will fail.
5090 optional LocalObjectReference secretRef = 3;
5091
5092 // sslEnabled Flag enable/disable SSL communication with Gateway, default false
5093 // +optional
5094 optional bool sslEnabled = 4;
5095
5096 // protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
5097 // +optional
5098 optional string protectionDomain = 5;
5099
5100 // storagePool is the ScaleIO Storage Pool associated with the protection domain.
5101 // +optional
5102 optional string storagePool = 6;
5103
5104 // storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
5105 // Default is ThinProvisioned.
5106 // +optional
5107 optional string storageMode = 7;
5108
5109 // volumeName is the name of a volume already created in the ScaleIO system
5110 // that is associated with this volume source.
5111 optional string volumeName = 8;
5112
5113 // fsType is the filesystem type to mount.
5114 // Must be a filesystem type supported by the host operating system.
5115 // Ex. "ext4", "xfs", "ntfs".
5116 // Default is "xfs".
5117 // +optional
5118 optional string fsType = 9;
5119
5120 // readOnly Defaults to false (read/write). ReadOnly here will force
5121 // the ReadOnly setting in VolumeMounts.
5122 // +optional
5123 optional bool readOnly = 10;
5124}
5125
5126// A scope selector represents the AND of the selectors represented
5127// by the scoped-resource selector requirements.
5128// +structType=atomic
5129message ScopeSelector {
5130 // A list of scope selector requirements by scope of the resources.
5131 // +optional
5132 // +listType=atomic
5133 repeated ScopedResourceSelectorRequirement matchExpressions = 1;
5134}
5135
5136// A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator
5137// that relates the scope name and values.
5138message ScopedResourceSelectorRequirement {
5139 // The name of the scope that the selector applies to.
5140 optional string scopeName = 1;
5141
5142 // Represents a scope's relationship to a set of values.
5143 // Valid operators are In, NotIn, Exists, DoesNotExist.
5144 optional string operator = 2;
5145
5146 // An array of string values. If the operator is In or NotIn,
5147 // the values array must be non-empty. If the operator is Exists or DoesNotExist,
5148 // the values array must be empty.
5149 // This array is replaced during a strategic merge patch.
5150 // +optional
5151 // +listType=atomic
5152 repeated string values = 3;
5153}
5154
5155// SeccompProfile defines a pod/container's seccomp profile settings.
5156// Only one profile source may be set.
5157// +union
5158message SeccompProfile {
5159 // type indicates which kind of seccomp profile will be applied.
5160 // Valid options are:
5161 //
5162 // Localhost - a profile defined in a file on the node should be used.
5163 // RuntimeDefault - the container runtime default profile should be used.
5164 // Unconfined - no profile should be applied.
5165 // +unionDiscriminator
5166 optional string type = 1;
5167
5168 // localhostProfile indicates a profile defined in a file on the node should be used.
5169 // The profile must be preconfigured on the node to work.
5170 // Must be a descending path, relative to the kubelet's configured seccomp profile location.
5171 // Must be set if type is "Localhost". Must NOT be set for any other type.
5172 // +optional
5173 optional string localhostProfile = 2;
5174}
5175
5176// Secret holds secret data of a certain type. The total bytes of the values in
5177// the Data field must be less than MaxSecretSize bytes.
5178message Secret {
5179 // Standard object's metadata.
5180 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
5181 // +optional
5182 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
5183
5184 // Immutable, if set to true, ensures that data stored in the Secret cannot
5185 // be updated (only object metadata can be modified).
5186 // If not set to true, the field can be modified at any time.
5187 // Defaulted to nil.
5188 // +optional
5189 optional bool immutable = 5;
5190
5191 // Data contains the secret data. Each key must consist of alphanumeric
5192 // characters, '-', '_' or '.'. The serialized form of the secret data is a
5193 // base64 encoded string, representing the arbitrary (possibly non-string)
5194 // data value here. Described in https://tools.ietf.org/html/rfc4648#section-4
5195 // +optional
5196 map<string, bytes> data = 2;
5197
5198 // stringData allows specifying non-binary secret data in string form.
5199 // It is provided as a write-only input field for convenience.
5200 // All keys and values are merged into the data field on write, overwriting any existing values.
5201 // The stringData field is never output when reading from the API.
5202 // +k8s:conversion-gen=false
5203 // +optional
5204 map<string, string> stringData = 4;
5205
5206 // Used to facilitate programmatic handling of secret data.
5207 // More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types
5208 // +optional
5209 optional string type = 3;
5210}
5211
5212// SecretEnvSource selects a Secret to populate the environment
5213// variables with.
5214//
5215// The contents of the target Secret's Data field will represent the
5216// key-value pairs as environment variables.
5217message SecretEnvSource {
5218 // The Secret to select from.
5219 optional LocalObjectReference localObjectReference = 1;
5220
5221 // Specify whether the Secret must be defined
5222 // +optional
5223 optional bool optional = 2;
5224}
5225
5226// SecretKeySelector selects a key of a Secret.
5227// +structType=atomic
5228message SecretKeySelector {
5229 // The name of the secret in the pod's namespace to select from.
5230 optional LocalObjectReference localObjectReference = 1;
5231
5232 // The key of the secret to select from. Must be a valid secret key.
5233 optional string key = 2;
5234
5235 // Specify whether the Secret or its key must be defined
5236 // +optional
5237 optional bool optional = 3;
5238}
5239
5240// SecretList is a list of Secret.
5241message SecretList {
5242 // Standard list metadata.
5243 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
5244 // +optional
5245 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
5246
5247 // Items is a list of secret objects.
5248 // More info: https://kubernetes.io/docs/concepts/configuration/secret
5249 repeated Secret items = 2;
5250}
5251
5252// Adapts a secret into a projected volume.
5253//
5254// The contents of the target Secret's Data field will be presented in a
5255// projected volume as files using the keys in the Data field as the file names.
5256// Note that this is identical to a secret volume source without the default
5257// mode.
5258message SecretProjection {
5259 optional LocalObjectReference localObjectReference = 1;
5260
5261 // items if unspecified, each key-value pair in the Data field of the referenced
5262 // Secret will be projected into the volume as a file whose name is the
5263 // key and content is the value. If specified, the listed keys will be
5264 // projected into the specified paths, and unlisted keys will not be
5265 // present. If a key is specified which is not present in the Secret,
5266 // the volume setup will error unless it is marked optional. Paths must be
5267 // relative and may not contain the '..' path or start with '..'.
5268 // +optional
5269 // +listType=atomic
5270 repeated KeyToPath items = 2;
5271
5272 // optional field specify whether the Secret or its key must be defined
5273 // +optional
5274 optional bool optional = 4;
5275}
5276
5277// SecretReference represents a Secret Reference. It has enough information to retrieve secret
5278// in any namespace
5279// +structType=atomic
5280message SecretReference {
5281 // name is unique within a namespace to reference a secret resource.
5282 // +optional
5283 optional string name = 1;
5284
5285 // namespace defines the space within which the secret name must be unique.
5286 // +optional
5287 optional string namespace = 2;
5288}
5289
5290// Adapts a Secret into a volume.
5291//
5292// The contents of the target Secret's Data field will be presented in a volume
5293// as files using the keys in the Data field as the file names.
5294// Secret volumes support ownership management and SELinux relabeling.
5295message SecretVolumeSource {
5296 // secretName is the name of the secret in the pod's namespace to use.
5297 // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
5298 // +optional
5299 optional string secretName = 1;
5300
5301 // items If unspecified, each key-value pair in the Data field of the referenced
5302 // Secret will be projected into the volume as a file whose name is the
5303 // key and content is the value. If specified, the listed keys will be
5304 // projected into the specified paths, and unlisted keys will not be
5305 // present. If a key is specified which is not present in the Secret,
5306 // the volume setup will error unless it is marked optional. Paths must be
5307 // relative and may not contain the '..' path or start with '..'.
5308 // +optional
5309 // +listType=atomic
5310 repeated KeyToPath items = 2;
5311
5312 // defaultMode is Optional: mode bits used to set permissions on created files by default.
5313 // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
5314 // YAML accepts both octal and decimal values, JSON requires decimal values
5315 // for mode bits. Defaults to 0644.
5316 // Directories within the path are not affected by this setting.
5317 // This might be in conflict with other options that affect the file
5318 // mode, like fsGroup, and the result can be other mode bits set.
5319 // +optional
5320 optional int32 defaultMode = 3;
5321
5322 // optional field specify whether the Secret or its keys must be defined
5323 // +optional
5324 optional bool optional = 4;
5325}
5326
5327// SecurityContext holds security configuration that will be applied to a container.
5328// Some fields are present in both SecurityContext and PodSecurityContext. When both
5329// are set, the values in SecurityContext take precedence.
5330message SecurityContext {
5331 // The capabilities to add/drop when running containers.
5332 // Defaults to the default set of capabilities granted by the container runtime.
5333 // Note that this field cannot be set when spec.os.name is windows.
5334 // +optional
5335 optional Capabilities capabilities = 1;
5336
5337 // Run container in privileged mode.
5338 // Processes in privileged containers are essentially equivalent to root on the host.
5339 // Defaults to false.
5340 // Note that this field cannot be set when spec.os.name is windows.
5341 // +optional
5342 optional bool privileged = 2;
5343
5344 // The SELinux context to be applied to the container.
5345 // If unspecified, the container runtime will allocate a random SELinux context for each
5346 // container. May also be set in PodSecurityContext. If set in both SecurityContext and
5347 // PodSecurityContext, the value specified in SecurityContext takes precedence.
5348 // Note that this field cannot be set when spec.os.name is windows.
5349 // +optional
5350 optional SELinuxOptions seLinuxOptions = 3;
5351
5352 // The Windows specific settings applied to all containers.
5353 // If unspecified, the options from the PodSecurityContext will be used.
5354 // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
5355 // Note that this field cannot be set when spec.os.name is linux.
5356 // +optional
5357 optional WindowsSecurityContextOptions windowsOptions = 10;
5358
5359 // The UID to run the entrypoint of the container process.
5360 // Defaults to user specified in image metadata if unspecified.
5361 // May also be set in PodSecurityContext. If set in both SecurityContext and
5362 // PodSecurityContext, the value specified in SecurityContext takes precedence.
5363 // Note that this field cannot be set when spec.os.name is windows.
5364 // +optional
5365 optional int64 runAsUser = 4;
5366
5367 // The GID to run the entrypoint of the container process.
5368 // Uses runtime default if unset.
5369 // May also be set in PodSecurityContext. If set in both SecurityContext and
5370 // PodSecurityContext, the value specified in SecurityContext takes precedence.
5371 // Note that this field cannot be set when spec.os.name is windows.
5372 // +optional
5373 optional int64 runAsGroup = 8;
5374
5375 // Indicates that the container must run as a non-root user.
5376 // If true, the Kubelet will validate the image at runtime to ensure that it
5377 // does not run as UID 0 (root) and fail to start the container if it does.
5378 // If unset or false, no such validation will be performed.
5379 // May also be set in PodSecurityContext. If set in both SecurityContext and
5380 // PodSecurityContext, the value specified in SecurityContext takes precedence.
5381 // +optional
5382 optional bool runAsNonRoot = 5;
5383
5384 // Whether this container has a read-only root filesystem.
5385 // Default is false.
5386 // Note that this field cannot be set when spec.os.name is windows.
5387 // +optional
5388 optional bool readOnlyRootFilesystem = 6;
5389
5390 // AllowPrivilegeEscalation controls whether a process can gain more
5391 // privileges than its parent process. This bool directly controls if
5392 // the no_new_privs flag will be set on the container process.
5393 // AllowPrivilegeEscalation is true always when the container is:
5394 // 1) run as Privileged
5395 // 2) has CAP_SYS_ADMIN
5396 // Note that this field cannot be set when spec.os.name is windows.
5397 // +optional
5398 optional bool allowPrivilegeEscalation = 7;
5399
5400 // procMount denotes the type of proc mount to use for the containers.
5401 // The default is DefaultProcMount which uses the container runtime defaults for
5402 // readonly paths and masked paths.
5403 // This requires the ProcMountType feature flag to be enabled.
5404 // Note that this field cannot be set when spec.os.name is windows.
5405 // +optional
5406 optional string procMount = 9;
5407
5408 // The seccomp options to use by this container. If seccomp options are
5409 // provided at both the pod & container level, the container options
5410 // override the pod options.
5411 // Note that this field cannot be set when spec.os.name is windows.
5412 // +optional
5413 optional SeccompProfile seccompProfile = 11;
5414
5415 // appArmorProfile is the AppArmor options to use by this container. If set, this profile
5416 // overrides the pod's appArmorProfile.
5417 // Note that this field cannot be set when spec.os.name is windows.
5418 // +optional
5419 optional AppArmorProfile appArmorProfile = 12;
5420}
5421
5422// SerializedReference is a reference to serialized object.
5423message SerializedReference {
5424 // The reference to an object in the system.
5425 // +optional
5426 optional ObjectReference reference = 1;
5427}
5428
5429// Service is a named abstraction of software service (for example, mysql) consisting of local port
5430// (for example 3306) that the proxy listens on, and the selector that determines which pods
5431// will answer requests sent through the proxy.
5432message Service {
5433 // Standard object's metadata.
5434 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
5435 // +optional
5436 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
5437
5438 // Spec defines the behavior of a service.
5439 // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
5440 // +optional
5441 optional ServiceSpec spec = 2;
5442
5443 // Most recently observed status of the service.
5444 // Populated by the system.
5445 // Read-only.
5446 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
5447 // +optional
5448 optional ServiceStatus status = 3;
5449}
5450
5451// ServiceAccount binds together:
5452// * a name, understood by users, and perhaps by peripheral systems, for an identity
5453// * a principal that can be authenticated and authorized
5454// * a set of secrets
5455message ServiceAccount {
5456 // Standard object's metadata.
5457 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
5458 // +optional
5459 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
5460
5461 // Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use.
5462 // Pods are only limited to this list if this service account has a "kubernetes.io/enforce-mountable-secrets" annotation set to "true".
5463 // This field should not be used to find auto-generated service account token secrets for use outside of pods.
5464 // Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created.
5465 // More info: https://kubernetes.io/docs/concepts/configuration/secret
5466 // +optional
5467 // +patchMergeKey=name
5468 // +patchStrategy=merge
5469 // +listType=map
5470 // +listMapKey=name
5471 repeated ObjectReference secrets = 2;
5472
5473 // ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images
5474 // in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets
5475 // can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet.
5476 // More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
5477 // +optional
5478 // +listType=atomic
5479 repeated LocalObjectReference imagePullSecrets = 3;
5480
5481 // AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted.
5482 // Can be overridden at the pod level.
5483 // +optional
5484 optional bool automountServiceAccountToken = 4;
5485}
5486
5487// ServiceAccountList is a list of ServiceAccount objects
5488message ServiceAccountList {
5489 // Standard list metadata.
5490 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
5491 // +optional
5492 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
5493
5494 // List of ServiceAccounts.
5495 // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
5496 repeated ServiceAccount items = 2;
5497}
5498
5499// ServiceAccountTokenProjection represents a projected service account token
5500// volume. This projection can be used to insert a service account token into
5501// the pods runtime filesystem for use against APIs (Kubernetes API Server or
5502// otherwise).
5503message ServiceAccountTokenProjection {
5504 // audience is the intended audience of the token. A recipient of a token
5505 // must identify itself with an identifier specified in the audience of the
5506 // token, and otherwise should reject the token. The audience defaults to the
5507 // identifier of the apiserver.
5508 // +optional
5509 optional string audience = 1;
5510
5511 // expirationSeconds is the requested duration of validity of the service
5512 // account token. As the token approaches expiration, the kubelet volume
5513 // plugin will proactively rotate the service account token. The kubelet will
5514 // start trying to rotate the token if the token is older than 80 percent of
5515 // its time to live or if the token is older than 24 hours.Defaults to 1 hour
5516 // and must be at least 10 minutes.
5517 // +optional
5518 optional int64 expirationSeconds = 2;
5519
5520 // path is the path relative to the mount point of the file to project the
5521 // token into.
5522 optional string path = 3;
5523}
5524
5525// ServiceList holds a list of services.
5526message ServiceList {
5527 // Standard list metadata.
5528 // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
5529 // +optional
5530 optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
5531
5532 // List of services
5533 repeated Service items = 2;
5534}
5535
5536// ServicePort contains information on service's port.
5537message ServicePort {
5538 // The name of this port within the service. This must be a DNS_LABEL.
5539 // All ports within a ServiceSpec must have unique names. When considering
5540 // the endpoints for a Service, this must match the 'name' field in the
5541 // EndpointPort.
5542 // Optional if only one ServicePort is defined on this service.
5543 // +optional
5544 optional string name = 1;
5545
5546 // The IP protocol for this port. Supports "TCP", "UDP", and "SCTP".
5547 // Default is TCP.
5548 // +default="TCP"
5549 // +optional
5550 optional string protocol = 2;
5551
5552 // The application protocol for this port.
5553 // This is used as a hint for implementations to offer richer behavior for protocols that they understand.
5554 // This field follows standard Kubernetes label syntax.
5555 // Valid values are either:
5556 //
5557 // * Un-prefixed protocol names - reserved for IANA standard service names (as per
5558 // RFC-6335 and https://www.iana.org/assignments/service-names).
5559 //
5560 // * Kubernetes-defined prefixed names:
5561 // * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
5562 // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
5563 // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
5564 //
5565 // * Other protocols should use implementation-defined prefixed names such as
5566 // mycompany.com/my-custom-protocol.
5567 // +optional
5568 optional string appProtocol = 6;
5569
5570 // The port that will be exposed by this service.
5571 optional int32 port = 3;
5572
5573 // Number or name of the port to access on the pods targeted by the service.
5574 // Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
5575 // If this is a string, it will be looked up as a named port in the
5576 // target Pod's container ports. If this is not specified, the value
5577 // of the 'port' field is used (an identity map).
5578 // This field is ignored for services with clusterIP=None, and should be
5579 // omitted or set equal to the 'port' field.
5580 // More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
5581 // +optional
5582 optional k8s.io.apimachinery.pkg.util.intstr.IntOrString targetPort = 4;
5583
5584 // The port on each node on which this service is exposed when type is
5585 // NodePort or LoadBalancer. Usually assigned by the system. If a value is
5586 // specified, in-range, and not in use it will be used, otherwise the
5587 // operation will fail. If not specified, a port will be allocated if this
5588 // Service requires one. If this field is specified when creating a
5589 // Service which does not need it, creation will fail. This field will be
5590 // wiped when updating a Service to no longer need it (e.g. changing type
5591 // from NodePort to ClusterIP).
5592 // More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
5593 // +optional
5594 optional int32 nodePort = 5;
5595}
5596
5597// ServiceProxyOptions is the query options to a Service's proxy call.
5598message ServiceProxyOptions {
5599 // Path is the part of URLs that include service endpoints, suffixes,
5600 // and parameters to use for the current proxy request to service.
5601 // For example, the whole request URL is
5602 // http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy.
5603 // Path is _search?q=user:kimchy.
5604 // +optional
5605 optional string path = 1;
5606}
5607
5608// ServiceSpec describes the attributes that a user creates on a service.
5609message ServiceSpec {
5610 // The list of ports that are exposed by this service.
5611 // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
5612 // +patchMergeKey=port
5613 // +patchStrategy=merge
5614 // +listType=map
5615 // +listMapKey=port
5616 // +listMapKey=protocol
5617 repeated ServicePort ports = 1;
5618
5619 // Route service traffic to pods with label keys and values matching this
5620 // selector. If empty or not present, the service is assumed to have an
5621 // external process managing its endpoints, which Kubernetes will not
5622 // modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
5623 // Ignored if type is ExternalName.
5624 // More info: https://kubernetes.io/docs/concepts/services-networking/service/
5625 // +optional
5626 // +mapType=atomic
5627 map<string, string> selector = 2;
5628
5629 // clusterIP is the IP address of the service and is usually assigned
5630 // randomly. If an address is specified manually, is in-range (as per
5631 // system configuration), and is not in use, it will be allocated to the
5632 // service; otherwise creation of the service will fail. This field may not
5633 // be changed through updates unless the type field is also being changed
5634 // to ExternalName (which requires this field to be blank) or the type
5635 // field is being changed from ExternalName (in which case this field may
5636 // optionally be specified, as describe above). Valid values are "None",
5637 // empty string (""), or a valid IP address. Setting this to "None" makes a
5638 // "headless service" (no virtual IP), which is useful when direct endpoint
5639 // connections are preferred and proxying is not required. Only applies to
5640 // types ClusterIP, NodePort, and LoadBalancer. If this field is specified
5641 // when creating a Service of type ExternalName, creation will fail. This
5642 // field will be wiped when updating a Service to type ExternalName.
5643 // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
5644 // +optional
5645 optional string clusterIP = 3;
5646
5647 // ClusterIPs is a list of IP addresses assigned to this service, and are
5648 // usually assigned randomly. If an address is specified manually, is
5649 // in-range (as per system configuration), and is not in use, it will be
5650 // allocated to the service; otherwise creation of the service will fail.
5651 // This field may not be changed through updates unless the type field is
5652 // also being changed to ExternalName (which requires this field to be
5653 // empty) or the type field is being changed from ExternalName (in which
5654 // case this field may optionally be specified, as describe above). Valid
5655 // values are "None", empty string (""), or a valid IP address. Setting
5656 // this to "None" makes a "headless service" (no virtual IP), which is
5657 // useful when direct endpoint connections are preferred and proxying is
5658 // not required. Only applies to types ClusterIP, NodePort, and
5659 // LoadBalancer. If this field is specified when creating a Service of type
5660 // ExternalName, creation will fail. This field will be wiped when updating
5661 // a Service to type ExternalName. If this field is not specified, it will
5662 // be initialized from the clusterIP field. If this field is specified,
5663 // clients must ensure that clusterIPs[0] and clusterIP have the same
5664 // value.
5665 //
5666 // This field may hold a maximum of two entries (dual-stack IPs, in either order).
5667 // These IPs must correspond to the values of the ipFamilies field. Both
5668 // clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.
5669 // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
5670 // +listType=atomic
5671 // +optional
5672 repeated string clusterIPs = 18;
5673
5674 // type determines how the Service is exposed. Defaults to ClusterIP. Valid
5675 // options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
5676 // "ClusterIP" allocates a cluster-internal IP address for load-balancing
5677 // to endpoints. Endpoints are determined by the selector or if that is not
5678 // specified, by manual construction of an Endpoints object or
5679 // EndpointSlice objects. If clusterIP is "None", no virtual IP is
5680 // allocated and the endpoints are published as a set of endpoints rather
5681 // than a virtual IP.
5682 // "NodePort" builds on ClusterIP and allocates a port on every node which
5683 // routes to the same endpoints as the clusterIP.
5684 // "LoadBalancer" builds on NodePort and creates an external load-balancer
5685 // (if supported in the current cloud) which routes to the same endpoints
5686 // as the clusterIP.
5687 // "ExternalName" aliases this service to the specified externalName.
5688 // Several other fields do not apply to ExternalName services.
5689 // More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
5690 // +optional
5691 optional string type = 4;
5692
5693 // externalIPs is a list of IP addresses for which nodes in the cluster
5694 // will also accept traffic for this service. These IPs are not managed by
5695 // Kubernetes. The user is responsible for ensuring that traffic arrives
5696 // at a node with this IP. A common example is external load-balancers
5697 // that are not part of the Kubernetes system.
5698 // +optional
5699 // +listType=atomic
5700 repeated string externalIPs = 5;
5701
5702 // Supports "ClientIP" and "None". Used to maintain session affinity.
5703 // Enable client IP based session affinity.
5704 // Must be ClientIP or None.
5705 // Defaults to None.
5706 // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
5707 // +optional
5708 optional string sessionAffinity = 7;
5709
5710 // Only applies to Service Type: LoadBalancer.
5711 // This feature depends on whether the underlying cloud-provider supports specifying
5712 // the loadBalancerIP when a load balancer is created.
5713 // This field will be ignored if the cloud-provider does not support the feature.
5714 // Deprecated: This field was under-specified and its meaning varies across implementations.
5715 // Using it is non-portable and it may not support dual-stack.
5716 // Users are encouraged to use implementation-specific annotations when available.
5717 // +optional
5718 optional string loadBalancerIP = 8;
5719
5720 // If specified and supported by the platform, this will restrict traffic through the cloud-provider
5721 // load-balancer will be restricted to the specified client IPs. This field will be ignored if the
5722 // cloud-provider does not support the feature."
5723 // More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
5724 // +optional
5725 // +listType=atomic
5726 repeated string loadBalancerSourceRanges = 9;
5727
5728 // externalName is the external reference that discovery mechanisms will
5729 // return as an alias for this service (e.g. a DNS CNAME record). No
5730 // proxying will be involved. Must be a lowercase RFC-1123 hostname
5731 // (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
5732 // +optional
5733 optional string externalName = 10;
5734
5735 // externalTrafficPolicy describes how nodes distribute service traffic they
5736 // receive on one of the Service's "externally-facing" addresses (NodePorts,
5737 // ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
5738 // the service in a way that assumes that external load balancers will take care
5739 // of balancing the service traffic between nodes, and so each node will deliver
5740 // traffic only to the node-local endpoints of the service, without masquerading
5741 // the client source IP. (Traffic mistakenly sent to a node with no endpoints will
5742 // be dropped.) The default value, "Cluster", uses the standard behavior of
5743 // routing to all endpoints evenly (possibly modified by topology and other
5744 // features). Note that traffic sent to an External IP or LoadBalancer IP from
5745 // within the cluster will always get "Cluster" semantics, but clients sending to
5746 // a NodePort from within the cluster may need to take traffic policy into account
5747 // when picking a node.
5748 // +optional
5749 optional string externalTrafficPolicy = 11;
5750
5751 // healthCheckNodePort specifies the healthcheck nodePort for the service.
5752 // This only applies when type is set to LoadBalancer and
5753 // externalTrafficPolicy is set to Local. If a value is specified, is
5754 // in-range, and is not in use, it will be used. If not specified, a value
5755 // will be automatically allocated. External systems (e.g. load-balancers)
5756 // can use this port to determine if a given node holds endpoints for this
5757 // service or not. If this field is specified when creating a Service
5758 // which does not need it, creation will fail. This field will be wiped
5759 // when updating a Service to no longer need it (e.g. changing type).
5760 // This field cannot be updated once set.
5761 // +optional
5762 optional int32 healthCheckNodePort = 12;
5763
5764 // publishNotReadyAddresses indicates that any agent which deals with endpoints for this
5765 // Service should disregard any indications of ready/not-ready.
5766 // The primary use case for setting this field is for a StatefulSet's Headless Service to
5767 // propagate SRV DNS records for its Pods for the purpose of peer discovery.
5768 // The Kubernetes controllers that generate Endpoints and EndpointSlice resources for
5769 // Services interpret this to mean that all endpoints are considered "ready" even if the
5770 // Pods themselves are not. Agents which consume only Kubernetes generated endpoints
5771 // through the Endpoints or EndpointSlice resources can safely assume this behavior.
5772 // +optional
5773 optional bool publishNotReadyAddresses = 13;
5774
5775 // sessionAffinityConfig contains the configurations of session affinity.
5776 // +optional
5777 optional SessionAffinityConfig sessionAffinityConfig = 14;
5778
5779 // IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this
5780 // service. This field is usually assigned automatically based on cluster
5781 // configuration and the ipFamilyPolicy field. If this field is specified
5782 // manually, the requested family is available in the cluster,
5783 // and ipFamilyPolicy allows it, it will be used; otherwise creation of
5784 // the service will fail. This field is conditionally mutable: it allows
5785 // for adding or removing a secondary IP family, but it does not allow
5786 // changing the primary IP family of the Service. Valid values are "IPv4"
5787 // and "IPv6". This field only applies to Services of types ClusterIP,
5788 // NodePort, and LoadBalancer, and does apply to "headless" services.
5789 // This field will be wiped when updating a Service to type ExternalName.
5790 //
5791 // This field may hold a maximum of two entries (dual-stack families, in
5792 // either order). These families must correspond to the values of the
5793 // clusterIPs field, if specified. Both clusterIPs and ipFamilies are
5794 // governed by the ipFamilyPolicy field.
5795 // +listType=atomic
5796 // +optional
5797 repeated string ipFamilies = 19;
5798
5799 // IPFamilyPolicy represents the dual-stack-ness requested or required by
5800 // this Service. If there is no value provided, then this field will be set
5801 // to SingleStack. Services can be "SingleStack" (a single IP family),
5802 // "PreferDualStack" (two IP families on dual-stack configured clusters or
5803 // a single IP family on single-stack clusters), or "RequireDualStack"
5804 // (two IP families on dual-stack configured clusters, otherwise fail). The
5805 // ipFamilies and clusterIPs fields depend on the value of this field. This
5806 // field will be wiped when updating a service to type ExternalName.
5807 // +optional
5808 optional string ipFamilyPolicy = 17;
5809
5810 // allocateLoadBalancerNodePorts defines if NodePorts will be automatically
5811 // allocated for services with type LoadBalancer. Default is "true". It
5812 // may be set to "false" if the cluster load-balancer does not rely on
5813 // NodePorts. If the caller requests specific NodePorts (by specifying a
5814 // value), those requests will be respected, regardless of this field.
5815 // This field may only be set for services with type LoadBalancer and will
5816 // be cleared if the type is changed to any other type.
5817 // +optional
5818 optional bool allocateLoadBalancerNodePorts = 20;
5819
5820 // loadBalancerClass is the class of the load balancer implementation this Service belongs to.
5821 // If specified, the value of this field must be a label-style identifier, with an optional prefix,
5822 // e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users.
5823 // This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load
5824 // balancer implementation is used, today this is typically done through the cloud provider integration,
5825 // but should apply for any default implementation. If set, it is assumed that a load balancer
5826 // implementation is watching for Services with a matching class. Any default load balancer
5827 // implementation (e.g. cloud providers) should ignore Services that set this field.
5828 // This field can only be set when creating or updating a Service to type 'LoadBalancer'.
5829 // Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
5830 // +optional
5831 optional string loadBalancerClass = 21;
5832
5833 // InternalTrafficPolicy describes how nodes distribute service traffic they
5834 // receive on the ClusterIP. If set to "Local", the proxy will assume that pods
5835 // only want to talk to endpoints of the service on the same node as the pod,
5836 // dropping the traffic if there are no local endpoints. The default value,
5837 // "Cluster", uses the standard behavior of routing to all endpoints evenly
5838 // (possibly modified by topology and other features).
5839 // +optional
5840 optional string internalTrafficPolicy = 22;
5841
5842 // TrafficDistribution offers a way to express preferences for how traffic is
5843 // distributed to Service endpoints. Implementations can use this field as a
5844 // hint, but are not required to guarantee strict adherence. If the field is
5845 // not set, the implementation will apply its default routing strategy. If set
5846 // to "PreferClose", implementations should prioritize endpoints that are
5847 // topologically close (e.g., same zone).
5848 // This is an alpha field and requires enabling ServiceTrafficDistribution feature.
5849 // +featureGate=ServiceTrafficDistribution
5850 // +optional
5851 optional string trafficDistribution = 23;
5852}
5853
5854// ServiceStatus represents the current status of a service.
5855message ServiceStatus {
5856 // LoadBalancer contains the current status of the load-balancer,
5857 // if one is present.
5858 // +optional
5859 optional LoadBalancerStatus loadBalancer = 1;
5860
5861 // Current service state
5862 // +optional
5863 // +patchMergeKey=type
5864 // +patchStrategy=merge
5865 // +listType=map
5866 // +listMapKey=type
5867 repeated k8s.io.apimachinery.pkg.apis.meta.v1.Condition conditions = 2;
5868}
5869
5870// SessionAffinityConfig represents the configurations of session affinity.
5871message SessionAffinityConfig {
5872 // clientIP contains the configurations of Client IP based session affinity.
5873 // +optional
5874 optional ClientIPConfig clientIP = 1;
5875}
5876
5877// SleepAction describes a "sleep" action.
5878message SleepAction {
5879 // Seconds is the number of seconds to sleep.
5880 optional int64 seconds = 1;
5881}
5882
5883// Represents a StorageOS persistent volume resource.
5884message StorageOSPersistentVolumeSource {
5885 // volumeName is the human-readable name of the StorageOS volume. Volume
5886 // names are only unique within a namespace.
5887 optional string volumeName = 1;
5888
5889 // volumeNamespace specifies the scope of the volume within StorageOS. If no
5890 // namespace is specified then the Pod's namespace will be used. This allows the
5891 // Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
5892 // Set VolumeName to any name to override the default behaviour.
5893 // Set to "default" if you are not using namespaces within StorageOS.
5894 // Namespaces that do not pre-exist within StorageOS will be created.
5895 // +optional
5896 optional string volumeNamespace = 2;
5897
5898 // fsType is the filesystem type to mount.
5899 // Must be a filesystem type supported by the host operating system.
5900 // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
5901 // +optional
5902 optional string fsType = 3;
5903
5904 // readOnly defaults to false (read/write). ReadOnly here will force
5905 // the ReadOnly setting in VolumeMounts.
5906 // +optional
5907 optional bool readOnly = 4;
5908
5909 // secretRef specifies the secret to use for obtaining the StorageOS API
5910 // credentials. If not specified, default values will be attempted.
5911 // +optional
5912 optional ObjectReference secretRef = 5;
5913}
5914
5915// Represents a StorageOS persistent volume resource.
5916message StorageOSVolumeSource {
5917 // volumeName is the human-readable name of the StorageOS volume. Volume
5918 // names are only unique within a namespace.
5919 optional string volumeName = 1;
5920
5921 // volumeNamespace specifies the scope of the volume within StorageOS. If no
5922 // namespace is specified then the Pod's namespace will be used. This allows the
5923 // Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
5924 // Set VolumeName to any name to override the default behaviour.
5925 // Set to "default" if you are not using namespaces within StorageOS.
5926 // Namespaces that do not pre-exist within StorageOS will be created.
5927 // +optional
5928 optional string volumeNamespace = 2;
5929
5930 // fsType is the filesystem type to mount.
5931 // Must be a filesystem type supported by the host operating system.
5932 // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
5933 // +optional
5934 optional string fsType = 3;
5935
5936 // readOnly defaults to false (read/write). ReadOnly here will force
5937 // the ReadOnly setting in VolumeMounts.
5938 // +optional
5939 optional bool readOnly = 4;
5940
5941 // secretRef specifies the secret to use for obtaining the StorageOS API
5942 // credentials. If not specified, default values will be attempted.
5943 // +optional
5944 optional LocalObjectReference secretRef = 5;
5945}
5946
5947// Sysctl defines a kernel parameter to be set
5948message Sysctl {
5949 // Name of a property to set
5950 optional string name = 1;
5951
5952 // Value of a property to set
5953 optional string value = 2;
5954}
5955
5956// TCPSocketAction describes an action based on opening a socket
5957message TCPSocketAction {
5958 // Number or name of the port to access on the container.
5959 // Number must be in the range 1 to 65535.
5960 // Name must be an IANA_SVC_NAME.
5961 optional k8s.io.apimachinery.pkg.util.intstr.IntOrString port = 1;
5962
5963 // Optional: Host name to connect to, defaults to the pod IP.
5964 // +optional
5965 optional string host = 2;
5966}
5967
5968// The node this Taint is attached to has the "effect" on
5969// any pod that does not tolerate the Taint.
5970message Taint {
5971 // Required. The taint key to be applied to a node.
5972 optional string key = 1;
5973
5974 // The taint value corresponding to the taint key.
5975 // +optional
5976 optional string value = 2;
5977
5978 // Required. The effect of the taint on pods
5979 // that do not tolerate the taint.
5980 // Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
5981 optional string effect = 3;
5982
5983 // TimeAdded represents the time at which the taint was added.
5984 // It is only written for NoExecute taints.
5985 // +optional
5986 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time timeAdded = 4;
5987}
5988
5989// The pod this Toleration is attached to tolerates any taint that matches
5990// the triple <key,value,effect> using the matching operator <operator>.
5991message Toleration {
5992 // Key is the taint key that the toleration applies to. Empty means match all taint keys.
5993 // If the key is empty, operator must be Exists; this combination means to match all values and all keys.
5994 // +optional
5995 optional string key = 1;
5996
5997 // Operator represents a key's relationship to the value.
5998 // Valid operators are Exists and Equal. Defaults to Equal.
5999 // Exists is equivalent to wildcard for value, so that a pod can
6000 // tolerate all taints of a particular category.
6001 // +optional
6002 optional string operator = 2;
6003
6004 // Value is the taint value the toleration matches to.
6005 // If the operator is Exists, the value should be empty, otherwise just a regular string.
6006 // +optional
6007 optional string value = 3;
6008
6009 // Effect indicates the taint effect to match. Empty means match all taint effects.
6010 // When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
6011 // +optional
6012 optional string effect = 4;
6013
6014 // TolerationSeconds represents the period of time the toleration (which must be
6015 // of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
6016 // it is not set, which means tolerate the taint forever (do not evict). Zero and
6017 // negative values will be treated as 0 (evict immediately) by the system.
6018 // +optional
6019 optional int64 tolerationSeconds = 5;
6020}
6021
6022// A topology selector requirement is a selector that matches given label.
6023// This is an alpha feature and may change in the future.
6024message TopologySelectorLabelRequirement {
6025 // The label key that the selector applies to.
6026 optional string key = 1;
6027
6028 // An array of string values. One value must match the label to be selected.
6029 // Each entry in Values is ORed.
6030 // +listType=atomic
6031 repeated string values = 2;
6032}
6033
6034// A topology selector term represents the result of label queries.
6035// A null or empty topology selector term matches no objects.
6036// The requirements of them are ANDed.
6037// It provides a subset of functionality as NodeSelectorTerm.
6038// This is an alpha feature and may change in the future.
6039// +structType=atomic
6040message TopologySelectorTerm {
6041 // A list of topology selector requirements by labels.
6042 // +optional
6043 // +listType=atomic
6044 repeated TopologySelectorLabelRequirement matchLabelExpressions = 1;
6045}
6046
6047// TopologySpreadConstraint specifies how to spread matching pods among the given topology.
6048message TopologySpreadConstraint {
6049 // MaxSkew describes the degree to which pods may be unevenly distributed.
6050 // When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
6051 // between the number of matching pods in the target topology and the global minimum.
6052 // The global minimum is the minimum number of matching pods in an eligible domain
6053 // or zero if the number of eligible domains is less than MinDomains.
6054 // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
6055 // labelSelector spread as 2/2/1:
6056 // In this case, the global minimum is 1.
6057 // +-------+-------+-------+
6058 // | zone1 | zone2 | zone3 |
6059 // +-------+-------+-------+
6060 // | P P | P P | P |
6061 // +-------+-------+-------+
6062 // - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;
6063 // scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)
6064 // violate MaxSkew(1).
6065 // - if MaxSkew is 2, incoming pod can be scheduled onto any zone.
6066 // When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence
6067 // to topologies that satisfy it.
6068 // It's a required field. Default value is 1 and 0 is not allowed.
6069 optional int32 maxSkew = 1;
6070
6071 // TopologyKey is the key of node labels. Nodes that have a label with this key
6072 // and identical values are considered to be in the same topology.
6073 // We consider each <key, value> as a "bucket", and try to put balanced number
6074 // of pods into each bucket.
6075 // We define a domain as a particular instance of a topology.
6076 // Also, we define an eligible domain as a domain whose nodes meet the requirements of
6077 // nodeAffinityPolicy and nodeTaintsPolicy.
6078 // e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology.
6079 // And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology.
6080 // It's a required field.
6081 optional string topologyKey = 2;
6082
6083 // WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
6084 // the spread constraint.
6085 // - DoNotSchedule (default) tells the scheduler not to schedule it.
6086 // - ScheduleAnyway tells the scheduler to schedule the pod in any location,
6087 // but giving higher precedence to topologies that would help reduce the
6088 // skew.
6089 // A constraint is considered "Unsatisfiable" for an incoming pod
6090 // if and only if every possible node assignment for that pod would violate
6091 // "MaxSkew" on some topology.
6092 // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
6093 // labelSelector spread as 3/1/1:
6094 // +-------+-------+-------+
6095 // | zone1 | zone2 | zone3 |
6096 // +-------+-------+-------+
6097 // | P P P | P | P |
6098 // +-------+-------+-------+
6099 // If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled
6100 // to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies
6101 // MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler
6102 // won't make it *more* imbalanced.
6103 // It's a required field.
6104 optional string whenUnsatisfiable = 3;
6105
6106 // LabelSelector is used to find matching pods.
6107 // Pods that match this label selector are counted to determine the number of pods
6108 // in their corresponding topology domain.
6109 // +optional
6110 optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector labelSelector = 4;
6111
6112 // MinDomains indicates a minimum number of eligible domains.
6113 // When the number of eligible domains with matching topology keys is less than minDomains,
6114 // Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
6115 // And when the number of eligible domains with matching topology keys equals or greater than minDomains,
6116 // this value has no effect on scheduling.
6117 // As a result, when the number of eligible domains is less than minDomains,
6118 // scheduler won't schedule more than maxSkew Pods to those domains.
6119 // If value is nil, the constraint behaves as if MinDomains is equal to 1.
6120 // Valid values are integers greater than 0.
6121 // When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
6122 //
6123 // For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
6124 // labelSelector spread as 2/2/2:
6125 // +-------+-------+-------+
6126 // | zone1 | zone2 | zone3 |
6127 // +-------+-------+-------+
6128 // | P P | P P | P P |
6129 // +-------+-------+-------+
6130 // The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0.
6131 // In this situation, new pod with the same labelSelector cannot be scheduled,
6132 // because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,
6133 // it will violate MaxSkew.
6134 // +optional
6135 optional int32 minDomains = 5;
6136
6137 // NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
6138 // when calculating pod topology spread skew. Options are:
6139 // - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
6140 // - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
6141 //
6142 // If this value is nil, the behavior is equivalent to the Honor policy.
6143 // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
6144 // +optional
6145 optional string nodeAffinityPolicy = 6;
6146
6147 // NodeTaintsPolicy indicates how we will treat node taints when calculating
6148 // pod topology spread skew. Options are:
6149 // - Honor: nodes without taints, along with tainted nodes for which the incoming pod
6150 // has a toleration, are included.
6151 // - Ignore: node taints are ignored. All nodes are included.
6152 //
6153 // If this value is nil, the behavior is equivalent to the Ignore policy.
6154 // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
6155 // +optional
6156 optional string nodeTaintsPolicy = 7;
6157
6158 // MatchLabelKeys is a set of pod label keys to select the pods over which
6159 // spreading will be calculated. The keys are used to lookup values from the
6160 // incoming pod labels, those key-value labels are ANDed with labelSelector
6161 // to select the group of existing pods over which spreading will be calculated
6162 // for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
6163 // MatchLabelKeys cannot be set when LabelSelector isn't set.
6164 // Keys that don't exist in the incoming pod labels will
6165 // be ignored. A null or empty list means only match against labelSelector.
6166 //
6167 // This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
6168 // +listType=atomic
6169 // +optional
6170 repeated string matchLabelKeys = 8;
6171}
6172
6173// TypedLocalObjectReference contains enough information to let you locate the
6174// typed referenced object inside the same namespace.
6175// +structType=atomic
6176message TypedLocalObjectReference {
6177 // APIGroup is the group for the resource being referenced.
6178 // If APIGroup is not specified, the specified Kind must be in the core API group.
6179 // For any other third-party types, APIGroup is required.
6180 // +optional
6181 optional string apiGroup = 1;
6182
6183 // Kind is the type of resource being referenced
6184 optional string kind = 2;
6185
6186 // Name is the name of resource being referenced
6187 optional string name = 3;
6188}
6189
6190message TypedObjectReference {
6191 // APIGroup is the group for the resource being referenced.
6192 // If APIGroup is not specified, the specified Kind must be in the core API group.
6193 // For any other third-party types, APIGroup is required.
6194 // +optional
6195 optional string apiGroup = 1;
6196
6197 // Kind is the type of resource being referenced
6198 optional string kind = 2;
6199
6200 // Name is the name of resource being referenced
6201 optional string name = 3;
6202
6203 // Namespace is the namespace of resource being referenced
6204 // Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
6205 // (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
6206 // +featureGate=CrossNamespaceVolumeDataSource
6207 // +optional
6208 optional string namespace = 4;
6209}
6210
6211// Volume represents a named volume in a pod that may be accessed by any container in the pod.
6212message Volume {
6213 // name of the volume.
6214 // Must be a DNS_LABEL and unique within the pod.
6215 // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
6216 optional string name = 1;
6217
6218 // volumeSource represents the location and type of the mounted volume.
6219 // If not specified, the Volume is implied to be an EmptyDir.
6220 // This implied behavior is deprecated and will be removed in a future version.
6221 optional VolumeSource volumeSource = 2;
6222}
6223
6224// volumeDevice describes a mapping of a raw block device within a container.
6225message VolumeDevice {
6226 // name must match the name of a persistentVolumeClaim in the pod
6227 optional string name = 1;
6228
6229 // devicePath is the path inside of the container that the device will be mapped to.
6230 optional string devicePath = 2;
6231}
6232
6233// VolumeMount describes a mounting of a Volume within a container.
6234message VolumeMount {
6235 // This must match the Name of a Volume.
6236 optional string name = 1;
6237
6238 // Mounted read-only if true, read-write otherwise (false or unspecified).
6239 // Defaults to false.
6240 // +optional
6241 optional bool readOnly = 2;
6242
6243 // RecursiveReadOnly specifies whether read-only mounts should be handled
6244 // recursively.
6245 //
6246 // If ReadOnly is false, this field has no meaning and must be unspecified.
6247 //
6248 // If ReadOnly is true, and this field is set to Disabled, the mount is not made
6249 // recursively read-only. If this field is set to IfPossible, the mount is made
6250 // recursively read-only, if it is supported by the container runtime. If this
6251 // field is set to Enabled, the mount is made recursively read-only if it is
6252 // supported by the container runtime, otherwise the pod will not be started and
6253 // an error will be generated to indicate the reason.
6254 //
6255 // If this field is set to IfPossible or Enabled, MountPropagation must be set to
6256 // None (or be unspecified, which defaults to None).
6257 //
6258 // If this field is not specified, it is treated as an equivalent of Disabled.
6259 //
6260 // +featureGate=RecursiveReadOnlyMounts
6261 // +optional
6262 optional string recursiveReadOnly = 7;
6263
6264 // Path within the container at which the volume should be mounted. Must
6265 // not contain ':'.
6266 optional string mountPath = 3;
6267
6268 // Path within the volume from which the container's volume should be mounted.
6269 // Defaults to "" (volume's root).
6270 // +optional
6271 optional string subPath = 4;
6272
6273 // mountPropagation determines how mounts are propagated from the host
6274 // to container and the other way around.
6275 // When not set, MountPropagationNone is used.
6276 // This field is beta in 1.10.
6277 // When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
6278 // (which defaults to None).
6279 // +optional
6280 optional string mountPropagation = 5;
6281
6282 // Expanded path within the volume from which the container's volume should be mounted.
6283 // Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
6284 // Defaults to "" (volume's root).
6285 // SubPathExpr and SubPath are mutually exclusive.
6286 // +optional
6287 optional string subPathExpr = 6;
6288}
6289
6290// VolumeMountStatus shows status of volume mounts.
6291message VolumeMountStatus {
6292 // Name corresponds to the name of the original VolumeMount.
6293 optional string name = 1;
6294
6295 // MountPath corresponds to the original VolumeMount.
6296 optional string mountPath = 2;
6297
6298 // ReadOnly corresponds to the original VolumeMount.
6299 // +optional
6300 optional bool readOnly = 3;
6301
6302 // RecursiveReadOnly must be set to Disabled, Enabled, or unspecified (for non-readonly mounts).
6303 // An IfPossible value in the original VolumeMount must be translated to Disabled or Enabled,
6304 // depending on the mount result.
6305 // +featureGate=RecursiveReadOnlyMounts
6306 // +optional
6307 optional string recursiveReadOnly = 4;
6308}
6309
6310// VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from.
6311message VolumeNodeAffinity {
6312 // required specifies hard node constraints that must be met.
6313 optional NodeSelector required = 1;
6314}
6315
6316// Projection that may be projected along with other supported volume types
6317message VolumeProjection {
6318 // secret information about the secret data to project
6319 // +optional
6320 optional SecretProjection secret = 1;
6321
6322 // downwardAPI information about the downwardAPI data to project
6323 // +optional
6324 optional DownwardAPIProjection downwardAPI = 2;
6325
6326 // configMap information about the configMap data to project
6327 // +optional
6328 optional ConfigMapProjection configMap = 3;
6329
6330 // serviceAccountToken is information about the serviceAccountToken data to project
6331 // +optional
6332 optional ServiceAccountTokenProjection serviceAccountToken = 4;
6333
6334 // ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
6335 // of ClusterTrustBundle objects in an auto-updating file.
6336 //
6337 // Alpha, gated by the ClusterTrustBundleProjection feature gate.
6338 //
6339 // ClusterTrustBundle objects can either be selected by name, or by the
6340 // combination of signer name and a label selector.
6341 //
6342 // Kubelet performs aggressive normalization of the PEM contents written
6343 // into the pod filesystem. Esoteric PEM features such as inter-block
6344 // comments and block headers are stripped. Certificates are deduplicated.
6345 // The ordering of certificates within the file is arbitrary, and Kubelet
6346 // may change the order over time.
6347 //
6348 // +featureGate=ClusterTrustBundleProjection
6349 // +optional
6350 optional ClusterTrustBundleProjection clusterTrustBundle = 5;
6351}
6352
6353// VolumeResourceRequirements describes the storage resource requirements for a volume.
6354message VolumeResourceRequirements {
6355 // Limits describes the maximum amount of compute resources allowed.
6356 // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
6357 // +optional
6358 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> limits = 1;
6359
6360 // Requests describes the minimum amount of compute resources required.
6361 // If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
6362 // otherwise to an implementation-defined value. Requests cannot exceed Limits.
6363 // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
6364 // +optional
6365 map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> requests = 2;
6366}
6367
6368// Represents the source of a volume to mount.
6369// Only one of its members may be specified.
6370message VolumeSource {
6371 // hostPath represents a pre-existing file or directory on the host
6372 // machine that is directly exposed to the container. This is generally
6373 // used for system agents or other privileged things that are allowed
6374 // to see the host machine. Most containers will NOT need this.
6375 // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
6376 // ---
6377 // TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
6378 // mount host directories as read/write.
6379 // +optional
6380 optional HostPathVolumeSource hostPath = 1;
6381
6382 // emptyDir represents a temporary directory that shares a pod's lifetime.
6383 // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
6384 // +optional
6385 optional EmptyDirVolumeSource emptyDir = 2;
6386
6387 // gcePersistentDisk represents a GCE Disk resource that is attached to a
6388 // kubelet's host machine and then exposed to the pod.
6389 // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
6390 // +optional
6391 optional GCEPersistentDiskVolumeSource gcePersistentDisk = 3;
6392
6393 // awsElasticBlockStore represents an AWS Disk resource that is attached to a
6394 // kubelet's host machine and then exposed to the pod.
6395 // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
6396 // +optional
6397 optional AWSElasticBlockStoreVolumeSource awsElasticBlockStore = 4;
6398
6399 // gitRepo represents a git repository at a particular revision.
6400 // DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
6401 // EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
6402 // into the Pod's container.
6403 // +optional
6404 optional GitRepoVolumeSource gitRepo = 5;
6405
6406 // secret represents a secret that should populate this volume.
6407 // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
6408 // +optional
6409 optional SecretVolumeSource secret = 6;
6410
6411 // nfs represents an NFS mount on the host that shares a pod's lifetime
6412 // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
6413 // +optional
6414 optional NFSVolumeSource nfs = 7;
6415
6416 // iscsi represents an ISCSI Disk resource that is attached to a
6417 // kubelet's host machine and then exposed to the pod.
6418 // More info: https://examples.k8s.io/volumes/iscsi/README.md
6419 // +optional
6420 optional ISCSIVolumeSource iscsi = 8;
6421
6422 // glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
6423 // More info: https://examples.k8s.io/volumes/glusterfs/README.md
6424 // +optional
6425 optional GlusterfsVolumeSource glusterfs = 9;
6426
6427 // persistentVolumeClaimVolumeSource represents a reference to a
6428 // PersistentVolumeClaim in the same namespace.
6429 // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
6430 // +optional
6431 optional PersistentVolumeClaimVolumeSource persistentVolumeClaim = 10;
6432
6433 // rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
6434 // More info: https://examples.k8s.io/volumes/rbd/README.md
6435 // +optional
6436 optional RBDVolumeSource rbd = 11;
6437
6438 // flexVolume represents a generic volume resource that is
6439 // provisioned/attached using an exec based plugin.
6440 // +optional
6441 optional FlexVolumeSource flexVolume = 12;
6442
6443 // cinder represents a cinder volume attached and mounted on kubelets host machine.
6444 // More info: https://examples.k8s.io/mysql-cinder-pd/README.md
6445 // +optional
6446 optional CinderVolumeSource cinder = 13;
6447
6448 // cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
6449 // +optional
6450 optional CephFSVolumeSource cephfs = 14;
6451
6452 // flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running
6453 // +optional
6454 optional FlockerVolumeSource flocker = 15;
6455
6456 // downwardAPI represents downward API about the pod that should populate this volume
6457 // +optional
6458 optional DownwardAPIVolumeSource downwardAPI = 16;
6459
6460 // fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
6461 // +optional
6462 optional FCVolumeSource fc = 17;
6463
6464 // azureFile represents an Azure File Service mount on the host and bind mount to the pod.
6465 // +optional
6466 optional AzureFileVolumeSource azureFile = 18;
6467
6468 // configMap represents a configMap that should populate this volume
6469 // +optional
6470 optional ConfigMapVolumeSource configMap = 19;
6471
6472 // vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
6473 // +optional
6474 optional VsphereVirtualDiskVolumeSource vsphereVolume = 20;
6475
6476 // quobyte represents a Quobyte mount on the host that shares a pod's lifetime
6477 // +optional
6478 optional QuobyteVolumeSource quobyte = 21;
6479
6480 // azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
6481 // +optional
6482 optional AzureDiskVolumeSource azureDisk = 22;
6483
6484 // photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
6485 optional PhotonPersistentDiskVolumeSource photonPersistentDisk = 23;
6486
6487 // projected items for all in one resources secrets, configmaps, and downward API
6488 optional ProjectedVolumeSource projected = 26;
6489
6490 // portworxVolume represents a portworx volume attached and mounted on kubelets host machine
6491 // +optional
6492 optional PortworxVolumeSource portworxVolume = 24;
6493
6494 // scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
6495 // +optional
6496 optional ScaleIOVolumeSource scaleIO = 25;
6497
6498 // storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
6499 // +optional
6500 optional StorageOSVolumeSource storageos = 27;
6501
6502 // csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
6503 // +optional
6504 optional CSIVolumeSource csi = 28;
6505
6506 // ephemeral represents a volume that is handled by a cluster storage driver.
6507 // The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
6508 // and deleted when the pod is removed.
6509 //
6510 // Use this if:
6511 // a) the volume is only needed while the pod runs,
6512 // b) features of normal volumes like restoring from snapshot or capacity
6513 // tracking are needed,
6514 // c) the storage driver is specified through a storage class, and
6515 // d) the storage driver supports dynamic volume provisioning through
6516 // a PersistentVolumeClaim (see EphemeralVolumeSource for more
6517 // information on the connection between this volume type
6518 // and PersistentVolumeClaim).
6519 //
6520 // Use PersistentVolumeClaim or one of the vendor-specific
6521 // APIs for volumes that persist for longer than the lifecycle
6522 // of an individual pod.
6523 //
6524 // Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
6525 // be used that way - see the documentation of the driver for
6526 // more information.
6527 //
6528 // A pod can use both types of ephemeral volumes and
6529 // persistent volumes at the same time.
6530 //
6531 // +optional
6532 optional EphemeralVolumeSource ephemeral = 29;
6533}
6534
6535// Represents a vSphere volume resource.
6536message VsphereVirtualDiskVolumeSource {
6537 // volumePath is the path that identifies vSphere volume vmdk
6538 optional string volumePath = 1;
6539
6540 // fsType is filesystem type to mount.
6541 // Must be a filesystem type supported by the host operating system.
6542 // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
6543 // +optional
6544 optional string fsType = 2;
6545
6546 // storagePolicyName is the storage Policy Based Management (SPBM) profile name.
6547 // +optional
6548 optional string storagePolicyName = 3;
6549
6550 // storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
6551 // +optional
6552 optional string storagePolicyID = 4;
6553}
6554
6555// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
6556message WeightedPodAffinityTerm {
6557 // weight associated with matching the corresponding podAffinityTerm,
6558 // in the range 1-100.
6559 optional int32 weight = 1;
6560
6561 // Required. A pod affinity term, associated with the corresponding weight.
6562 optional PodAffinityTerm podAffinityTerm = 2;
6563}
6564
6565// WindowsSecurityContextOptions contain Windows-specific options and credentials.
6566message WindowsSecurityContextOptions {
6567 // GMSACredentialSpecName is the name of the GMSA credential spec to use.
6568 // +optional
6569 optional string gmsaCredentialSpecName = 1;
6570
6571 // GMSACredentialSpec is where the GMSA admission webhook
6572 // (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
6573 // GMSA credential spec named by the GMSACredentialSpecName field.
6574 // +optional
6575 optional string gmsaCredentialSpec = 2;
6576
6577 // The UserName in Windows to run the entrypoint of the container process.
6578 // Defaults to the user specified in image metadata if unspecified.
6579 // May also be set in PodSecurityContext. If set in both SecurityContext and
6580 // PodSecurityContext, the value specified in SecurityContext takes precedence.
6581 // +optional
6582 optional string runAsUserName = 3;
6583
6584 // HostProcess determines if a container should be run as a 'Host Process' container.
6585 // All of a Pod's containers must have the same effective HostProcess value
6586 // (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
6587 // In addition, if HostProcess is true then HostNetwork must also be set to true.
6588 // +optional
6589 optional bool hostProcess = 4;
6590}
6591
View as plain text