1apiVersion: apiresource.kcp.dev/v1alpha1
2kind: APIResourceImport
3metadata:
4 annotations:
5 apiresource.kcp.dev/apiVersion: apps/v1
6 clusterName: admin
7 creationTimestamp: null
8 name: deployments.us-east1.v1.apps
9 ownerReferences:
10 - apiVersion: apiresource.kcp.dev/v1alpha1
11 controller: true
12 kind: Cluster
13 name: us-east1
14 uid: e49223ec-5618-43f5-ae03-ca07c82dd2f3
15spec:
16 groupVersion:
17 group: apps
18 version: v1
19 kind: Deployment
20 listKind: DeploymentList
21 location: us-east1
22 openAPIV3Schema:
23 description: Deployment enables declarative updates for Pods and ReplicaSets.
24 properties:
25 apiVersion:
26 description: 'APIVersion defines the versioned schema of this representation
27 of an object. Servers should convert recognized schemas to the latest internal
28 value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
29 type: string
30 kind:
31 description: 'Kind is a string value representing the REST resource this object
32 represents. Servers may infer this from the endpoint the client submits
33 requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
34 type: string
35 metadata:
36 type: object
37 spec:
38 description: Specification of the desired behavior of the Deployment.
39 properties:
40 minReadySeconds:
41 description: Minimum number of seconds for which a newly created pod should
42 be ready without any of its container crashing, for it to be considered
43 available. Defaults to 0 (pod will be considered available as soon as
44 it is ready)
45 format: int32
46 type: integer
47 paused:
48 description: Indicates that the deployment is paused.
49 type: boolean
50 progressDeadlineSeconds:
51 description: The maximum time in seconds for a deployment to make progress
52 before it is considered to be failed. The deployment controller will
53 continue to process failed deployments and a condition with a ProgressDeadlineExceeded
54 reason will be surfaced in the deployment status. Note that progress
55 will not be estimated during the time a deployment is paused. Defaults
56 to 600s.
57 format: int32
58 type: integer
59 replicas:
60 description: Number of desired pods. This is a pointer to distinguish
61 between explicit zero and not specified. Defaults to 1.
62 format: int32
63 type: integer
64 revisionHistoryLimit:
65 description: The number of old ReplicaSets to retain to allow rollback.
66 This is a pointer to distinguish between explicit zero and not specified.
67 Defaults to 10.
68 format: int32
69 type: integer
70 selector:
71 description: Label selector for pods. Existing ReplicaSets whose pods
72 are selected by this will be the ones affected by this deployment. It
73 must match the pod template's labels.
74 properties:
75 matchExpressions:
76 description: matchExpressions is a list of label selector requirements.
77 The requirements are ANDed.
78 items:
79 description: A label selector requirement is a selector that contains
80 values, a key, and an operator that relates the key and values.
81 properties:
82 key:
83 description: key is the label key that the selector applies
84 to.
85 type: string
86 operator:
87 description: operator represents a key's relationship to a set
88 of values. Valid operators are In, NotIn, Exists and DoesNotExist.
89 type: string
90 values:
91 description: values is an array of string values. If the operator
92 is In or NotIn, the values array must be non-empty. If the
93 operator is Exists or DoesNotExist, the values array must
94 be empty. This array is replaced during a strategic merge
95 patch.
96 items:
97 type: string
98 type: array
99 required:
100 - key
101 - operator
102 type: object
103 type: array
104 matchLabels:
105 additionalProperties:
106 type: string
107 description: matchLabels is a map of {key,value} pairs. A single {key,value}
108 in the matchLabels map is equivalent to an element of matchExpressions,
109 whose key field is "key", the operator is "In", and the values array
110 contains only "value". The requirements are ANDed.
111 type: object
112 type: object
113 strategy:
114 description: The deployment strategy to use to replace existing pods with
115 new ones.
116 properties:
117 rollingUpdate:
118 description: 'Rolling update config params. Present only if DeploymentStrategyType
119 = RollingUpdate. --- TODO: Update this to follow our convention
120 for oneOf, whatever we decide it to be.'
121 properties:
122 maxSurge:
123 anyOf:
124 - type: integer
125 - type: string
126 description: 'The maximum number of pods that can be scheduled
127 above the desired number of pods. Value can be an absolute number
128 (ex: 5) or a percentage of desired pods (ex: 10%). This can
129 not be 0 if MaxUnavailable is 0. Absolute number is calculated
130 from percentage by rounding up. Defaults to 25%. Example: when
131 this is set to 30%, the new ReplicaSet can be scaled up immediately
132 when the rolling update starts, such that the total number of
133 old and new pods do not exceed 130% of desired pods. Once old
134 pods have been killed, new ReplicaSet can be scaled up further,
135 ensuring that total number of pods running at any time during
136 the update is at most 130% of desired pods.'
137 x-kubernetes-int-or-string: true
138 maxUnavailable:
139 anyOf:
140 - type: integer
141 - type: string
142 description: 'The maximum number of pods that can be unavailable
143 during the update. Value can be an absolute number (ex: 5) or
144 a percentage of desired pods (ex: 10%). Absolute number is calculated
145 from percentage by rounding down. This can not be 0 if MaxSurge
146 is 0. Defaults to 25%. Example: when this is set to 30%, the
147 old ReplicaSet can be scaled down to 70% of desired pods immediately
148 when the rolling update starts. Once new pods are ready, old
149 ReplicaSet can be scaled down further, followed by scaling up
150 the new ReplicaSet, ensuring that the total number of pods available
151 at all times during the update is at least 70% of desired pods.'
152 x-kubernetes-int-or-string: true
153 type: object
154 type:
155 description: Type of deployment. Can be "Recreate" or "RollingUpdate".
156 Default is RollingUpdate.
157 type: string
158 type: object
159 template:
160 description: Template describes the pods that will be created.
161 properties:
162 metadata:
163 description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
164 type: object
165 spec:
166 description: 'Specification of the desired behavior of the pod. More
167 info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
168 properties:
169 activeDeadlineSeconds:
170 description: Optional duration in seconds the pod may be active
171 on the node relative to StartTime before the system will actively
172 try to mark it failed and kill associated containers. Value
173 must be a positive integer.
174 format: int64
175 type: integer
176 affinity:
177 description: If specified, the pod's scheduling constraints
178 properties:
179 nodeAffinity:
180 description: Describes node affinity scheduling rules for
181 the pod.
182 properties:
183 preferredDuringSchedulingIgnoredDuringExecution:
184 description: The scheduler will prefer to schedule pods
185 to nodes that satisfy the affinity expressions specified
186 by this field, but it may choose a node that violates
187 one or more of the expressions. The node that is most
188 preferred is the one with the greatest sum of weights,
189 i.e. for each node that meets all of the scheduling
190 requirements (resource request, requiredDuringScheduling
191 affinity expressions, etc.), compute a sum by iterating
192 through the elements of this field and adding "weight"
193 to the sum if the node matches the corresponding matchExpressions;
194 the node(s) with the highest sum are the most preferred.
195 items:
196 description: An empty preferred scheduling term matches
197 all objects with implicit weight 0 (i.e. it's a no-op).
198 A null preferred scheduling term matches no objects
199 (i.e. is also a no-op).
200 properties:
201 preference:
202 description: A node selector term, associated with
203 the corresponding weight.
204 properties:
205 matchExpressions:
206 description: A list of node selector requirements
207 by node's labels.
208 items:
209 description: A node selector requirement is
210 a selector that contains values, a key,
211 and an operator that relates the key and
212 values.
213 properties:
214 key:
215 description: The label key that the selector
216 applies to.
217 type: string
218 operator:
219 description: Represents a key's relationship
220 to a set of values. Valid operators
221 are In, NotIn, Exists, DoesNotExist.
222 Gt, and Lt.
223 type: string
224 values:
225 description: An array of string values.
226 If the operator is In or NotIn, the
227 values array must be non-empty. If the
228 operator is Exists or DoesNotExist,
229 the values array must be empty. If the
230 operator is Gt or Lt, the values array
231 must have a single element, which will
232 be interpreted as an integer. This array
233 is replaced during a strategic merge
234 patch.
235 items:
236 type: string
237 type: array
238 required:
239 - key
240 - operator
241 type: object
242 type: array
243 matchFields:
244 description: A list of node selector requirements
245 by node's fields.
246 items:
247 description: A node selector requirement is
248 a selector that contains values, a key,
249 and an operator that relates the key and
250 values.
251 properties:
252 key:
253 description: The label key that the selector
254 applies to.
255 type: string
256 operator:
257 description: Represents a key's relationship
258 to a set of values. Valid operators
259 are In, NotIn, Exists, DoesNotExist.
260 Gt, and Lt.
261 type: string
262 values:
263 description: An array of string values.
264 If the operator is In or NotIn, the
265 values array must be non-empty. If the
266 operator is Exists or DoesNotExist,
267 the values array must be empty. If the
268 operator is Gt or Lt, the values array
269 must have a single element, which will
270 be interpreted as an integer. This array
271 is replaced during a strategic merge
272 patch.
273 items:
274 type: string
275 type: array
276 required:
277 - key
278 - operator
279 type: object
280 type: array
281 type: object
282 weight:
283 description: Weight associated with matching the
284 corresponding nodeSelectorTerm, in the range 1-100.
285 format: int32
286 type: integer
287 required:
288 - preference
289 - weight
290 type: object
291 type: array
292 requiredDuringSchedulingIgnoredDuringExecution:
293 description: If the affinity requirements specified by
294 this field are not met at scheduling time, the pod will
295 not be scheduled onto the node. If the affinity requirements
296 specified by this field cease to be met at some point
297 during pod execution (e.g. due to an update), the system
298 may or may not try to eventually evict the pod from
299 its node.
300 properties:
301 nodeSelectorTerms:
302 description: Required. A list of node selector terms.
303 The terms are ORed.
304 items:
305 description: A null or empty node selector term
306 matches no objects. The requirements of them are
307 ANDed. The TopologySelectorTerm type implements
308 a subset of the NodeSelectorTerm.
309 properties:
310 matchExpressions:
311 description: A list of node selector requirements
312 by node's labels.
313 items:
314 description: A node selector requirement is
315 a selector that contains values, a key,
316 and an operator that relates the key and
317 values.
318 properties:
319 key:
320 description: The label key that the selector
321 applies to.
322 type: string
323 operator:
324 description: Represents a key's relationship
325 to a set of values. Valid operators
326 are In, NotIn, Exists, DoesNotExist.
327 Gt, and Lt.
328 type: string
329 values:
330 description: An array of string values.
331 If the operator is In or NotIn, the
332 values array must be non-empty. If the
333 operator is Exists or DoesNotExist,
334 the values array must be empty. If the
335 operator is Gt or Lt, the values array
336 must have a single element, which will
337 be interpreted as an integer. This array
338 is replaced during a strategic merge
339 patch.
340 items:
341 type: string
342 type: array
343 required:
344 - key
345 - operator
346 type: object
347 type: array
348 matchFields:
349 description: A list of node selector requirements
350 by node's fields.
351 items:
352 description: A node selector requirement is
353 a selector that contains values, a key,
354 and an operator that relates the key and
355 values.
356 properties:
357 key:
358 description: The label key that the selector
359 applies to.
360 type: string
361 operator:
362 description: Represents a key's relationship
363 to a set of values. Valid operators
364 are In, NotIn, Exists, DoesNotExist.
365 Gt, and Lt.
366 type: string
367 values:
368 description: An array of string values.
369 If the operator is In or NotIn, the
370 values array must be non-empty. If the
371 operator is Exists or DoesNotExist,
372 the values array must be empty. If the
373 operator is Gt or Lt, the values array
374 must have a single element, which will
375 be interpreted as an integer. This array
376 is replaced during a strategic merge
377 patch.
378 items:
379 type: string
380 type: array
381 required:
382 - key
383 - operator
384 type: object
385 type: array
386 type: object
387 type: array
388 required:
389 - nodeSelectorTerms
390 type: object
391 type: object
392 podAffinity:
393 description: Describes pod affinity scheduling rules (e.g.
394 co-locate this pod in the same node, zone, etc. as some
395 other pod(s)).
396 properties:
397 preferredDuringSchedulingIgnoredDuringExecution:
398 description: The scheduler will prefer to schedule pods
399 to nodes that satisfy the affinity expressions specified
400 by this field, but it may choose a node that violates
401 one or more of the expressions. The node that is most
402 preferred is the one with the greatest sum of weights,
403 i.e. for each node that meets all of the scheduling
404 requirements (resource request, requiredDuringScheduling
405 affinity expressions, etc.), compute a sum by iterating
406 through the elements of this field and adding "weight"
407 to the sum if the node has pods which matches the corresponding
408 podAffinityTerm; the node(s) with the highest sum are
409 the most preferred.
410 items:
411 description: The weights of all of the matched WeightedPodAffinityTerm
412 fields are added per-node to find the most preferred
413 node(s)
414 properties:
415 podAffinityTerm:
416 description: Required. A pod affinity term, associated
417 with the corresponding weight.
418 properties:
419 labelSelector:
420 description: A label query over a set of resources,
421 in this case pods.
422 properties:
423 matchExpressions:
424 description: matchExpressions is a list
425 of label selector requirements. The requirements
426 are ANDed.
427 items:
428 description: A label selector requirement
429 is a selector that contains values,
430 a key, and an operator that relates
431 the key and values.
432 properties:
433 key:
434 description: key is the label key
435 that the selector applies to.
436 type: string
437 operator:
438 description: operator represents a
439 key's relationship to a set of values.
440 Valid operators are In, NotIn, Exists
441 and DoesNotExist.
442 type: string
443 values:
444 description: values is an array of
445 string values. If the operator is
446 In or NotIn, the values array must
447 be non-empty. If the operator is
448 Exists or DoesNotExist, the values
449 array must be empty. This array
450 is replaced during a strategic merge
451 patch.
452 items:
453 type: string
454 type: array
455 required:
456 - key
457 - operator
458 type: object
459 type: array
460 matchLabels:
461 additionalProperties:
462 type: string
463 description: matchLabels is a map of {key,value}
464 pairs. A single {key,value} in the matchLabels
465 map is equivalent to an element of matchExpressions,
466 whose key field is "key", the operator
467 is "In", and the values array contains
468 only "value". The requirements are ANDed.
469 type: object
470 type: object
471 namespaces:
472 description: namespaces specifies which namespaces
473 the labelSelector applies to (matches against);
474 null or empty list means "this pod's namespace"
475 items:
476 type: string
477 type: array
478 topologyKey:
479 description: This pod should be co-located (affinity)
480 or not co-located (anti-affinity) with the
481 pods matching the labelSelector in the specified
482 namespaces, where co-located is defined as
483 running on a node whose value of the label
484 with key topologyKey matches that of any node
485 on which any of the selected pods is running.
486 Empty topologyKey is not allowed.
487 type: string
488 required:
489 - topologyKey
490 type: object
491 weight:
492 description: weight associated with matching the
493 corresponding podAffinityTerm, in the range 1-100.
494 format: int32
495 type: integer
496 required:
497 - podAffinityTerm
498 - weight
499 type: object
500 type: array
501 requiredDuringSchedulingIgnoredDuringExecution:
502 description: If the affinity requirements specified by
503 this field are not met at scheduling time, the pod will
504 not be scheduled onto the node. If the affinity requirements
505 specified by this field cease to be met at some point
506 during pod execution (e.g. due to a pod label update),
507 the system may or may not try to eventually evict the
508 pod from its node. When there are multiple elements,
509 the lists of nodes corresponding to each podAffinityTerm
510 are intersected, i.e. all terms must be satisfied.
511 items:
512 description: Defines a set of pods (namely those matching
513 the labelSelector relative to the given namespace(s))
514 that this pod should be co-located (affinity) or not
515 co-located (anti-affinity) with, where co-located
516 is defined as running on a node whose value of the
517 label with key <topologyKey> matches that of any node
518 on which a pod of the set of pods is running
519 properties:
520 labelSelector:
521 description: A label query over a set of resources,
522 in this case pods.
523 properties:
524 matchExpressions:
525 description: matchExpressions is a list of label
526 selector requirements. The requirements are
527 ANDed.
528 items:
529 description: A label selector requirement
530 is a selector that contains values, a key,
531 and an operator that relates the key and
532 values.
533 properties:
534 key:
535 description: key is the label key that
536 the selector applies to.
537 type: string
538 operator:
539 description: operator represents a key's
540 relationship to a set of values. Valid
541 operators are In, NotIn, Exists and
542 DoesNotExist.
543 type: string
544 values:
545 description: values is an array of string
546 values. If the operator is In or NotIn,
547 the values array must be non-empty.
548 If the operator is Exists or DoesNotExist,
549 the values array must be empty. This
550 array is replaced during a strategic
551 merge patch.
552 items:
553 type: string
554 type: array
555 required:
556 - key
557 - operator
558 type: object
559 type: array
560 matchLabels:
561 additionalProperties:
562 type: string
563 description: matchLabels is a map of {key,value}
564 pairs. A single {key,value} in the matchLabels
565 map is equivalent to an element of matchExpressions,
566 whose key field is "key", the operator is
567 "In", and the values array contains only "value".
568 The requirements are ANDed.
569 type: object
570 type: object
571 namespaces:
572 description: namespaces specifies which namespaces
573 the labelSelector applies to (matches against);
574 null or empty list means "this pod's namespace"
575 items:
576 type: string
577 type: array
578 topologyKey:
579 description: This pod should be co-located (affinity)
580 or not co-located (anti-affinity) with the pods
581 matching the labelSelector in the specified namespaces,
582 where co-located is defined as running on a node
583 whose value of the label with key topologyKey
584 matches that of any node on which any of the selected
585 pods is running. Empty topologyKey is not allowed.
586 type: string
587 required:
588 - topologyKey
589 type: object
590 type: array
591 type: object
592 podAntiAffinity:
593 description: Describes pod anti-affinity scheduling rules
594 (e.g. avoid putting this pod in the same node, zone, etc.
595 as some other pod(s)).
596 properties:
597 preferredDuringSchedulingIgnoredDuringExecution:
598 description: The scheduler will prefer to schedule pods
599 to nodes that satisfy the anti-affinity expressions
600 specified by this field, but it may choose a node that
601 violates one or more of the expressions. The node that
602 is most preferred is the one with the greatest sum of
603 weights, i.e. for each node that meets all of the scheduling
604 requirements (resource request, requiredDuringScheduling
605 anti-affinity expressions, etc.), compute a sum by iterating
606 through the elements of this field and adding "weight"
607 to the sum if the node has pods which matches the corresponding
608 podAffinityTerm; the node(s) with the highest sum are
609 the most preferred.
610 items:
611 description: The weights of all of the matched WeightedPodAffinityTerm
612 fields are added per-node to find the most preferred
613 node(s)
614 properties:
615 podAffinityTerm:
616 description: Required. A pod affinity term, associated
617 with the corresponding weight.
618 properties:
619 labelSelector:
620 description: A label query over a set of resources,
621 in this case pods.
622 properties:
623 matchExpressions:
624 description: matchExpressions is a list
625 of label selector requirements. The requirements
626 are ANDed.
627 items:
628 description: A label selector requirement
629 is a selector that contains values,
630 a key, and an operator that relates
631 the key and values.
632 properties:
633 key:
634 description: key is the label key
635 that the selector applies to.
636 type: string
637 operator:
638 description: operator represents a
639 key's relationship to a set of values.
640 Valid operators are In, NotIn, Exists
641 and DoesNotExist.
642 type: string
643 values:
644 description: values is an array of
645 string values. If the operator is
646 In or NotIn, the values array must
647 be non-empty. If the operator is
648 Exists or DoesNotExist, the values
649 array must be empty. This array
650 is replaced during a strategic merge
651 patch.
652 items:
653 type: string
654 type: array
655 required:
656 - key
657 - operator
658 type: object
659 type: array
660 matchLabels:
661 additionalProperties:
662 type: string
663 description: matchLabels is a map of {key,value}
664 pairs. A single {key,value} in the matchLabels
665 map is equivalent to an element of matchExpressions,
666 whose key field is "key", the operator
667 is "In", and the values array contains
668 only "value". The requirements are ANDed.
669 type: object
670 type: object
671 namespaces:
672 description: namespaces specifies which namespaces
673 the labelSelector applies to (matches against);
674 null or empty list means "this pod's namespace"
675 items:
676 type: string
677 type: array
678 topologyKey:
679 description: This pod should be co-located (affinity)
680 or not co-located (anti-affinity) with the
681 pods matching the labelSelector in the specified
682 namespaces, where co-located is defined as
683 running on a node whose value of the label
684 with key topologyKey matches that of any node
685 on which any of the selected pods is running.
686 Empty topologyKey is not allowed.
687 type: string
688 required:
689 - topologyKey
690 type: object
691 weight:
692 description: weight associated with matching the
693 corresponding podAffinityTerm, in the range 1-100.
694 format: int32
695 type: integer
696 required:
697 - podAffinityTerm
698 - weight
699 type: object
700 type: array
701 requiredDuringSchedulingIgnoredDuringExecution:
702 description: If the anti-affinity requirements specified
703 by this field are not met at scheduling time, the pod
704 will not be scheduled onto the node. If the anti-affinity
705 requirements specified by this field cease to be met
706 at some point during pod execution (e.g. due to a pod
707 label update), the system may or may not try to eventually
708 evict the pod from its node. When there are multiple
709 elements, the lists of nodes corresponding to each podAffinityTerm
710 are intersected, i.e. all terms must be satisfied.
711 items:
712 description: Defines a set of pods (namely those matching
713 the labelSelector relative to the given namespace(s))
714 that this pod should be co-located (affinity) or not
715 co-located (anti-affinity) with, where co-located
716 is defined as running on a node whose value of the
717 label with key <topologyKey> matches that of any node
718 on which a pod of the set of pods is running
719 properties:
720 labelSelector:
721 description: A label query over a set of resources,
722 in this case pods.
723 properties:
724 matchExpressions:
725 description: matchExpressions is a list of label
726 selector requirements. The requirements are
727 ANDed.
728 items:
729 description: A label selector requirement
730 is a selector that contains values, a key,
731 and an operator that relates the key and
732 values.
733 properties:
734 key:
735 description: key is the label key that
736 the selector applies to.
737 type: string
738 operator:
739 description: operator represents a key's
740 relationship to a set of values. Valid
741 operators are In, NotIn, Exists and
742 DoesNotExist.
743 type: string
744 values:
745 description: values is an array of string
746 values. If the operator is In or NotIn,
747 the values array must be non-empty.
748 If the operator is Exists or DoesNotExist,
749 the values array must be empty. This
750 array is replaced during a strategic
751 merge patch.
752 items:
753 type: string
754 type: array
755 required:
756 - key
757 - operator
758 type: object
759 type: array
760 matchLabels:
761 additionalProperties:
762 type: string
763 description: matchLabels is a map of {key,value}
764 pairs. A single {key,value} in the matchLabels
765 map is equivalent to an element of matchExpressions,
766 whose key field is "key", the operator is
767 "In", and the values array contains only "value".
768 The requirements are ANDed.
769 type: object
770 type: object
771 namespaces:
772 description: namespaces specifies which namespaces
773 the labelSelector applies to (matches against);
774 null or empty list means "this pod's namespace"
775 items:
776 type: string
777 type: array
778 topologyKey:
779 description: This pod should be co-located (affinity)
780 or not co-located (anti-affinity) with the pods
781 matching the labelSelector in the specified namespaces,
782 where co-located is defined as running on a node
783 whose value of the label with key topologyKey
784 matches that of any node on which any of the selected
785 pods is running. Empty topologyKey is not allowed.
786 type: string
787 required:
788 - topologyKey
789 type: object
790 type: array
791 type: object
792 type: object
793 automountServiceAccountToken:
794 description: AutomountServiceAccountToken indicates whether a
795 service account token should be automatically mounted.
796 type: boolean
797 containers:
798 description: List of containers belonging to the pod. Containers
799 cannot currently be added or removed. There must be at least
800 one container in a Pod. Cannot be updated.
801 items:
802 description: A single application container that you want to
803 run within a pod.
804 properties:
805 args:
806 description: 'Arguments to the entrypoint. The docker image''s
807 CMD is used if this is not provided. Variable references
808 $(VAR_NAME) are expanded using the container''s environment.
809 If a variable cannot be resolved, the reference in the
810 input string will be unchanged. The $(VAR_NAME) syntax
811 can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
812 references will never be expanded, regardless of whether
813 the variable exists or not. Cannot be updated. More info:
814 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
815 items:
816 type: string
817 type: array
818 command:
819 description: 'Entrypoint array. Not executed within a shell.
820 The docker image''s ENTRYPOINT is used if this is not
821 provided. Variable references $(VAR_NAME) are expanded
822 using the container''s environment. If a variable cannot
823 be resolved, the reference in the input string will be
824 unchanged. The $(VAR_NAME) syntax can be escaped with
825 a double $$, ie: $$(VAR_NAME). Escaped references will
826 never be expanded, regardless of whether the variable
827 exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
828 items:
829 type: string
830 type: array
831 env:
832 description: List of environment variables to set in the
833 container. Cannot be updated.
834 items:
835 description: EnvVar represents an environment variable
836 present in a Container.
837 properties:
838 name:
839 description: Name of the environment variable. Must
840 be a C_IDENTIFIER.
841 type: string
842 value:
843 description: 'Variable references $(VAR_NAME) are
844 expanded using the previous defined environment
845 variables in the container and any service environment
846 variables. If a variable cannot be resolved, the
847 reference in the input string will be unchanged.
848 The $(VAR_NAME) syntax can be escaped with a double
849 $$, ie: $$(VAR_NAME). Escaped references will never
850 be expanded, regardless of whether the variable
851 exists or not. Defaults to "".'
852 type: string
853 valueFrom:
854 description: Source for the environment variable's
855 value. Cannot be used if value is not empty.
856 properties:
857 configMapKeyRef:
858 description: Selects a key of a ConfigMap.
859 properties:
860 key:
861 description: The key to select.
862 type: string
863 name:
864 description: 'Name of the referent. More info:
865 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
866 TODO: Add other useful fields. apiVersion,
867 kind, uid?'
868 type: string
869 optional:
870 description: Specify whether the ConfigMap
871 or its key must be defined
872 type: boolean
873 required:
874 - key
875 - name
876 type: object
877 fieldRef:
878 description: 'Selects a field of the pod: supports
879 metadata.name, metadata.namespace, metadata.labels,
880 metadata.annotations, spec.nodeName, spec.serviceAccountName,
881 status.hostIP, status.podIP, status.podIPs.'
882 properties:
883 apiVersion:
884 description: Version of the schema the FieldPath
885 is written in terms of, defaults to "v1".
886 type: string
887 fieldPath:
888 description: Path of the field to select in
889 the specified API version.
890 type: string
891 required:
892 - fieldPath
893 type: object
894 resourceFieldRef:
895 description: 'Selects a resource of the container:
896 only resources limits and requests (limits.cpu,
897 limits.memory, limits.ephemeral-storage, requests.cpu,
898 requests.memory and requests.ephemeral-storage)
899 are currently supported.'
900 properties:
901 containerName:
902 description: 'Container name: required for
903 volumes, optional for env vars'
904 type: string
905 divisor:
906 anyOf:
907 - type: integer
908 - type: string
909 description: Specifies the output format of
910 the exposed resources, defaults to "1"
911 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
912 x-kubernetes-int-or-string: true
913 resource:
914 description: 'Required: resource to select'
915 type: string
916 required:
917 - resource
918 type: object
919 secretKeyRef:
920 description: Selects a key of a secret in the
921 pod's namespace
922 properties:
923 key:
924 description: The key of the secret to select
925 from. Must be a valid secret key.
926 type: string
927 name:
928 description: 'Name of the referent. More info:
929 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
930 TODO: Add other useful fields. apiVersion,
931 kind, uid?'
932 type: string
933 optional:
934 description: Specify whether the Secret or
935 its key must be defined
936 type: boolean
937 required:
938 - key
939 - name
940 type: object
941 type: object
942 required:
943 - name
944 type: object
945 type: array
946 x-kubernetes-list-map-keys:
947 - name
948 x-kubernetes-list-type: map
949 envFrom:
950 description: List of sources to populate environment variables
951 in the container. The keys defined within a source must
952 be a C_IDENTIFIER. All invalid keys will be reported as
953 an event when the container is starting. When a key exists
954 in multiple sources, the value associated with the last
955 source will take precedence. Values defined by an Env
956 with a duplicate key will take precedence. Cannot be updated.
957 items:
958 description: EnvFromSource represents the source of a
959 set of ConfigMaps
960 properties:
961 configMapRef:
962 description: The ConfigMap to select from
963 properties:
964 name:
965 description: 'Name of the referent. More info:
966 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
967 TODO: Add other useful fields. apiVersion, kind,
968 uid?'
969 type: string
970 optional:
971 description: Specify whether the ConfigMap must
972 be defined
973 type: boolean
974 required:
975 - name
976 type: object
977 prefix:
978 description: An optional identifier to prepend to
979 each key in the ConfigMap. Must be a C_IDENTIFIER.
980 type: string
981 secretRef:
982 description: The Secret to select from
983 properties:
984 name:
985 description: 'Name of the referent. More info:
986 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
987 TODO: Add other useful fields. apiVersion, kind,
988 uid?'
989 type: string
990 optional:
991 description: Specify whether the Secret must be
992 defined
993 type: boolean
994 required:
995 - name
996 type: object
997 type: object
998 type: array
999 image:
1000 description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
1001 This field is optional to allow higher level config management
1002 to default or override container images in workload controllers
1003 like Deployments and StatefulSets.'
1004 type: string
1005 imagePullPolicy:
1006 description: 'Image pull policy. One of Always, Never, IfNotPresent.
1007 Defaults to Always if :latest tag is specified, or IfNotPresent
1008 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
1009 type: string
1010 lifecycle:
1011 description: Actions that the management system should take
1012 in response to container lifecycle events. Cannot be updated.
1013 properties:
1014 postStart:
1015 description: 'PostStart is called immediately after
1016 a container is created. If the handler fails, the
1017 container is terminated and restarted according to
1018 its restart policy. Other management of the container
1019 blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
1020 properties:
1021 exec:
1022 description: One and only one of the following should
1023 be specified. Exec specifies the action to take.
1024 properties:
1025 command:
1026 description: Command is the command line to
1027 execute inside the container, the working
1028 directory for the command is root ('/') in
1029 the container's filesystem. The command is
1030 simply exec'd, it is not run inside a shell,
1031 so traditional shell instructions ('|', etc)
1032 won't work. To use a shell, you need to explicitly
1033 call out to that shell. Exit status of 0 is
1034 treated as live/healthy and non-zero is unhealthy.
1035 items:
1036 type: string
1037 type: array
1038 type: object
1039 httpGet:
1040 description: HTTPGet specifies the http request
1041 to perform.
1042 properties:
1043 host:
1044 description: Host name to connect to, defaults
1045 to the pod IP. You probably want to set "Host"
1046 in httpHeaders instead.
1047 type: string
1048 httpHeaders:
1049 description: Custom headers to set in the request.
1050 HTTP allows repeated headers.
1051 items:
1052 description: HTTPHeader describes a custom
1053 header to be used in HTTP probes
1054 properties:
1055 name:
1056 description: The header field name
1057 type: string
1058 value:
1059 description: The header field value
1060 type: string
1061 required:
1062 - name
1063 - value
1064 type: object
1065 type: array
1066 path:
1067 description: Path to access on the HTTP server.
1068 type: string
1069 port:
1070 anyOf:
1071 - type: integer
1072 - type: string
1073 description: Name or number of the port to access
1074 on the container. Number must be in the range
1075 1 to 65535. Name must be an IANA_SVC_NAME.
1076 x-kubernetes-int-or-string: true
1077 scheme:
1078 description: Scheme to use for connecting to
1079 the host. Defaults to HTTP.
1080 type: string
1081 required:
1082 - port
1083 type: object
1084 tcpSocket:
1085 description: 'TCPSocket specifies an action involving
1086 a TCP port. TCP hooks not yet supported TODO:
1087 implement a realistic TCP lifecycle hook'
1088 properties:
1089 host:
1090 description: 'Optional: Host name to connect
1091 to, defaults to the pod IP.'
1092 type: string
1093 port:
1094 anyOf:
1095 - type: integer
1096 - type: string
1097 description: Number or name of the port to access
1098 on the container. Number must be in the range
1099 1 to 65535. Name must be an IANA_SVC_NAME.
1100 x-kubernetes-int-or-string: true
1101 required:
1102 - port
1103 type: object
1104 type: object
1105 preStop:
1106 description: 'PreStop is called immediately before a
1107 container is terminated due to an API request or management
1108 event such as liveness/startup probe failure, preemption,
1109 resource contention, etc. The handler is not called
1110 if the container crashes or exits. The reason for
1111 termination is passed to the handler. The Pod''s termination
1112 grace period countdown begins before the PreStop hooked
1113 is executed. Regardless of the outcome of the handler,
1114 the container will eventually terminate within the
1115 Pod''s termination grace period. Other management
1116 of the container blocks until the hook completes or
1117 until the termination grace period is reached. More
1118 info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
1119 properties:
1120 exec:
1121 description: One and only one of the following should
1122 be specified. Exec specifies the action to take.
1123 properties:
1124 command:
1125 description: Command is the command line to
1126 execute inside the container, the working
1127 directory for the command is root ('/') in
1128 the container's filesystem. The command is
1129 simply exec'd, it is not run inside a shell,
1130 so traditional shell instructions ('|', etc)
1131 won't work. To use a shell, you need to explicitly
1132 call out to that shell. Exit status of 0 is
1133 treated as live/healthy and non-zero is unhealthy.
1134 items:
1135 type: string
1136 type: array
1137 type: object
1138 httpGet:
1139 description: HTTPGet specifies the http request
1140 to perform.
1141 properties:
1142 host:
1143 description: Host name to connect to, defaults
1144 to the pod IP. You probably want to set "Host"
1145 in httpHeaders instead.
1146 type: string
1147 httpHeaders:
1148 description: Custom headers to set in the request.
1149 HTTP allows repeated headers.
1150 items:
1151 description: HTTPHeader describes a custom
1152 header to be used in HTTP probes
1153 properties:
1154 name:
1155 description: The header field name
1156 type: string
1157 value:
1158 description: The header field value
1159 type: string
1160 required:
1161 - name
1162 - value
1163 type: object
1164 type: array
1165 path:
1166 description: Path to access on the HTTP server.
1167 type: string
1168 port:
1169 anyOf:
1170 - type: integer
1171 - type: string
1172 description: Name or number of the port to access
1173 on the container. Number must be in the range
1174 1 to 65535. Name must be an IANA_SVC_NAME.
1175 x-kubernetes-int-or-string: true
1176 scheme:
1177 description: Scheme to use for connecting to
1178 the host. Defaults to HTTP.
1179 type: string
1180 required:
1181 - port
1182 type: object
1183 tcpSocket:
1184 description: 'TCPSocket specifies an action involving
1185 a TCP port. TCP hooks not yet supported TODO:
1186 implement a realistic TCP lifecycle hook'
1187 properties:
1188 host:
1189 description: 'Optional: Host name to connect
1190 to, defaults to the pod IP.'
1191 type: string
1192 port:
1193 anyOf:
1194 - type: integer
1195 - type: string
1196 description: Number or name of the port to access
1197 on the container. Number must be in the range
1198 1 to 65535. Name must be an IANA_SVC_NAME.
1199 x-kubernetes-int-or-string: true
1200 required:
1201 - port
1202 type: object
1203 type: object
1204 type: object
1205 livenessProbe:
1206 description: 'Periodic probe of container liveness. Container
1207 will be restarted if the probe fails. Cannot be updated.
1208 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
1209 properties:
1210 exec:
1211 description: One and only one of the following should
1212 be specified. Exec specifies the action to take.
1213 properties:
1214 command:
1215 description: Command is the command line to execute
1216 inside the container, the working directory for
1217 the command is root ('/') in the container's
1218 filesystem. The command is simply exec'd, it is
1219 not run inside a shell, so traditional shell instructions
1220 ('|', etc) won't work. To use a shell, you need
1221 to explicitly call out to that shell. Exit status
1222 of 0 is treated as live/healthy and non-zero is
1223 unhealthy.
1224 items:
1225 type: string
1226 type: array
1227 type: object
1228 failureThreshold:
1229 description: Minimum consecutive failures for the probe
1230 to be considered failed after having succeeded. Defaults
1231 to 3. Minimum value is 1.
1232 format: int32
1233 type: integer
1234 httpGet:
1235 description: HTTPGet specifies the http request to perform.
1236 properties:
1237 host:
1238 description: Host name to connect to, defaults to
1239 the pod IP. You probably want to set "Host" in
1240 httpHeaders instead.
1241 type: string
1242 httpHeaders:
1243 description: Custom headers to set in the request.
1244 HTTP allows repeated headers.
1245 items:
1246 description: HTTPHeader describes a custom header
1247 to be used in HTTP probes
1248 properties:
1249 name:
1250 description: The header field name
1251 type: string
1252 value:
1253 description: The header field value
1254 type: string
1255 required:
1256 - name
1257 - value
1258 type: object
1259 type: array
1260 path:
1261 description: Path to access on the HTTP server.
1262 type: string
1263 port:
1264 anyOf:
1265 - type: integer
1266 - type: string
1267 description: Name or number of the port to access
1268 on the container. Number must be in the range
1269 1 to 65535. Name must be an IANA_SVC_NAME.
1270 x-kubernetes-int-or-string: true
1271 scheme:
1272 description: Scheme to use for connecting to the
1273 host. Defaults to HTTP.
1274 type: string
1275 required:
1276 - port
1277 type: object
1278 initialDelaySeconds:
1279 description: 'Number of seconds after the container
1280 has started before liveness probes are initiated.
1281 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
1282 format: int32
1283 type: integer
1284 periodSeconds:
1285 description: How often (in seconds) to perform the probe.
1286 Default to 10 seconds. Minimum value is 1.
1287 format: int32
1288 type: integer
1289 successThreshold:
1290 description: Minimum consecutive successes for the probe
1291 to be considered successful after having failed. Defaults
1292 to 1. Must be 1 for liveness and startup. Minimum
1293 value is 1.
1294 format: int32
1295 type: integer
1296 tcpSocket:
1297 description: 'TCPSocket specifies an action involving
1298 a TCP port. TCP hooks not yet supported TODO: implement
1299 a realistic TCP lifecycle hook'
1300 properties:
1301 host:
1302 description: 'Optional: Host name to connect to,
1303 defaults to the pod IP.'
1304 type: string
1305 port:
1306 anyOf:
1307 - type: integer
1308 - type: string
1309 description: Number or name of the port to access
1310 on the container. Number must be in the range
1311 1 to 65535. Name must be an IANA_SVC_NAME.
1312 x-kubernetes-int-or-string: true
1313 required:
1314 - port
1315 type: object
1316 timeoutSeconds:
1317 description: 'Number of seconds after which the probe
1318 times out. Defaults to 1 second. Minimum value is
1319 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
1320 format: int32
1321 type: integer
1322 type: object
1323 name:
1324 description: Name of the container specified as a DNS_LABEL.
1325 Each container in a pod must have a unique name (DNS_LABEL).
1326 Cannot be updated.
1327 type: string
1328 ports:
1329 description: List of ports to expose from the container.
1330 Exposing a port here gives the system additional information
1331 about the network connections a container uses, but is
1332 primarily informational. Not specifying a port here DOES
1333 NOT prevent that port from being exposed. Any port which
1334 is listening on the default "0.0.0.0" address inside a
1335 container will be accessible from the network. Cannot
1336 be updated.
1337 items:
1338 description: ContainerPort represents a network port in
1339 a single container.
1340 properties:
1341 containerPort:
1342 description: Number of port to expose on the pod's
1343 IP address. This must be a valid port number, 0
1344 < x < 65536.
1345 format: int32
1346 type: integer
1347 hostIP:
1348 description: What host IP to bind the external port
1349 to.
1350 type: string
1351 hostPort:
1352 description: Number of port to expose on the host.
1353 If specified, this must be a valid port number,
1354 0 < x < 65536. If HostNetwork is specified, this
1355 must match ContainerPort. Most containers do not
1356 need this.
1357 format: int32
1358 type: integer
1359 name:
1360 description: If specified, this must be an IANA_SVC_NAME
1361 and unique within the pod. Each named port in a
1362 pod must have a unique name. Name for the port that
1363 can be referred to by services.
1364 type: string
1365 protocol:
1366 default: TCP
1367 description: Protocol for port. Must be UDP, TCP,
1368 or SCTP. Defaults to "TCP".
1369 type: string
1370 required:
1371 - containerPort
1372 type: object
1373 type: array
1374 x-kubernetes-list-map-keys:
1375 - containerPort
1376 - protocol
1377 x-kubernetes-list-type: map
1378 readinessProbe:
1379 description: 'Periodic probe of container service readiness.
1380 Container will be removed from service endpoints if the
1381 probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
1382 properties:
1383 exec:
1384 description: One and only one of the following should
1385 be specified. Exec specifies the action to take.
1386 properties:
1387 command:
1388 description: Command is the command line to execute
1389 inside the container, the working directory for
1390 the command is root ('/') in the container's
1391 filesystem. The command is simply exec'd, it is
1392 not run inside a shell, so traditional shell instructions
1393 ('|', etc) won't work. To use a shell, you need
1394 to explicitly call out to that shell. Exit status
1395 of 0 is treated as live/healthy and non-zero is
1396 unhealthy.
1397 items:
1398 type: string
1399 type: array
1400 type: object
1401 failureThreshold:
1402 description: Minimum consecutive failures for the probe
1403 to be considered failed after having succeeded. Defaults
1404 to 3. Minimum value is 1.
1405 format: int32
1406 type: integer
1407 httpGet:
1408 description: HTTPGet specifies the http request to perform.
1409 properties:
1410 host:
1411 description: Host name to connect to, defaults to
1412 the pod IP. You probably want to set "Host" in
1413 httpHeaders instead.
1414 type: string
1415 httpHeaders:
1416 description: Custom headers to set in the request.
1417 HTTP allows repeated headers.
1418 items:
1419 description: HTTPHeader describes a custom header
1420 to be used in HTTP probes
1421 properties:
1422 name:
1423 description: The header field name
1424 type: string
1425 value:
1426 description: The header field value
1427 type: string
1428 required:
1429 - name
1430 - value
1431 type: object
1432 type: array
1433 path:
1434 description: Path to access on the HTTP server.
1435 type: string
1436 port:
1437 anyOf:
1438 - type: integer
1439 - type: string
1440 description: Name or number of the port to access
1441 on the container. Number must be in the range
1442 1 to 65535. Name must be an IANA_SVC_NAME.
1443 x-kubernetes-int-or-string: true
1444 scheme:
1445 description: Scheme to use for connecting to the
1446 host. Defaults to HTTP.
1447 type: string
1448 required:
1449 - port
1450 type: object
1451 initialDelaySeconds:
1452 description: 'Number of seconds after the container
1453 has started before liveness probes are initiated.
1454 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
1455 format: int32
1456 type: integer
1457 periodSeconds:
1458 description: How often (in seconds) to perform the probe.
1459 Default to 10 seconds. Minimum value is 1.
1460 format: int32
1461 type: integer
1462 successThreshold:
1463 description: Minimum consecutive successes for the probe
1464 to be considered successful after having failed. Defaults
1465 to 1. Must be 1 for liveness and startup. Minimum
1466 value is 1.
1467 format: int32
1468 type: integer
1469 tcpSocket:
1470 description: 'TCPSocket specifies an action involving
1471 a TCP port. TCP hooks not yet supported TODO: implement
1472 a realistic TCP lifecycle hook'
1473 properties:
1474 host:
1475 description: 'Optional: Host name to connect to,
1476 defaults to the pod IP.'
1477 type: string
1478 port:
1479 anyOf:
1480 - type: integer
1481 - type: string
1482 description: Number or name of the port to access
1483 on the container. Number must be in the range
1484 1 to 65535. Name must be an IANA_SVC_NAME.
1485 x-kubernetes-int-or-string: true
1486 required:
1487 - port
1488 type: object
1489 timeoutSeconds:
1490 description: 'Number of seconds after which the probe
1491 times out. Defaults to 1 second. Minimum value is
1492 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
1493 format: int32
1494 type: integer
1495 type: object
1496 resources:
1497 description: 'Compute Resources required by this container.
1498 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
1499 properties:
1500 limits:
1501 additionalProperties:
1502 anyOf:
1503 - type: integer
1504 - type: string
1505 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
1506 x-kubernetes-int-or-string: true
1507 description: 'Limits describes the maximum amount of
1508 compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
1509 type: object
1510 requests:
1511 additionalProperties:
1512 anyOf:
1513 - type: integer
1514 - type: string
1515 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
1516 x-kubernetes-int-or-string: true
1517 description: 'Requests describes the minimum amount
1518 of compute resources required. If Requests is omitted
1519 for a container, it defaults to Limits if that is
1520 explicitly specified, otherwise to an implementation-defined
1521 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
1522 type: object
1523 type: object
1524 securityContext:
1525 description: 'Security options the pod should run with.
1526 More info: https://kubernetes.io/docs/concepts/policy/security-context/
1527 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
1528 properties:
1529 allowPrivilegeEscalation:
1530 description: 'AllowPrivilegeEscalation controls whether
1531 a process can gain more privileges than its parent
1532 process. This bool directly controls if the no_new_privs
1533 flag will be set on the container process. AllowPrivilegeEscalation
1534 is true always when the container is: 1) run as Privileged
1535 2) has CAP_SYS_ADMIN'
1536 type: boolean
1537 capabilities:
1538 description: The capabilities to add/drop when running
1539 containers. Defaults to the default set of capabilities
1540 granted by the container runtime.
1541 properties:
1542 add:
1543 description: Added capabilities
1544 items:
1545 description: Capability represent POSIX capabilities
1546 type
1547 type: string
1548 type: array
1549 drop:
1550 description: Removed capabilities
1551 items:
1552 description: Capability represent POSIX capabilities
1553 type
1554 type: string
1555 type: array
1556 type: object
1557 privileged:
1558 description: Run container in privileged mode. Processes
1559 in privileged containers are essentially equivalent
1560 to root on the host. Defaults to false.
1561 type: boolean
1562 procMount:
1563 description: procMount denotes the type of proc mount
1564 to use for the containers. The default is DefaultProcMount
1565 which uses the container runtime defaults for readonly
1566 paths and masked paths. This requires the ProcMountType
1567 feature flag to be enabled.
1568 type: string
1569 readOnlyRootFilesystem:
1570 description: Whether this container has a read-only
1571 root filesystem. Default is false.
1572 type: boolean
1573 runAsGroup:
1574 description: The GID to run the entrypoint of the container
1575 process. Uses runtime default if unset. May also be
1576 set in PodSecurityContext. If set in both SecurityContext
1577 and PodSecurityContext, the value specified in SecurityContext
1578 takes precedence.
1579 format: int64
1580 type: integer
1581 runAsNonRoot:
1582 description: Indicates that the container must run as
1583 a non-root user. If true, the Kubelet will validate
1584 the image at runtime to ensure that it does not run
1585 as UID 0 (root) and fail to start the container if
1586 it does. If unset or false, no such validation will
1587 be performed. May also be set in PodSecurityContext. If
1588 set in both SecurityContext and PodSecurityContext,
1589 the value specified in SecurityContext takes precedence.
1590 type: boolean
1591 runAsUser:
1592 description: The UID to run the entrypoint of the container
1593 process. Defaults to user specified in image metadata
1594 if unspecified. May also be set in PodSecurityContext. If
1595 set in both SecurityContext and PodSecurityContext,
1596 the value specified in SecurityContext takes precedence.
1597 format: int64
1598 type: integer
1599 seLinuxOptions:
1600 description: The SELinux context to be applied to the
1601 container. If unspecified, the container runtime will
1602 allocate a random SELinux context for each container. May
1603 also be set in PodSecurityContext. If set in both
1604 SecurityContext and PodSecurityContext, the value
1605 specified in SecurityContext takes precedence.
1606 properties:
1607 level:
1608 description: Level is SELinux level label that applies
1609 to the container.
1610 type: string
1611 role:
1612 description: Role is a SELinux role label that applies
1613 to the container.
1614 type: string
1615 type:
1616 description: Type is a SELinux type label that applies
1617 to the container.
1618 type: string
1619 user:
1620 description: User is a SELinux user label that applies
1621 to the container.
1622 type: string
1623 type: object
1624 windowsOptions:
1625 description: The Windows specific settings applied to
1626 all containers. If unspecified, the options from the
1627 PodSecurityContext will be used. If set in both SecurityContext
1628 and PodSecurityContext, the value specified in SecurityContext
1629 takes precedence.
1630 properties:
1631 gmsaCredentialSpec:
1632 description: GMSACredentialSpec is where the GMSA
1633 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
1634 inlines the contents of the GMSA credential spec
1635 named by the GMSACredentialSpecName field.
1636 type: string
1637 gmsaCredentialSpecName:
1638 description: GMSACredentialSpecName is the name
1639 of the GMSA credential spec to use.
1640 type: string
1641 runAsUserName:
1642 description: The UserName in Windows to run the
1643 entrypoint of the container process. Defaults
1644 to the user specified in image metadata if unspecified.
1645 May also be set in PodSecurityContext. If set
1646 in both SecurityContext and PodSecurityContext,
1647 the value specified in SecurityContext takes precedence.
1648 type: string
1649 type: object
1650 type: object
1651 startupProbe:
1652 description: 'StartupProbe indicates that the Pod has successfully
1653 initialized. If specified, no other probes are executed
1654 until this completes successfully. If this probe fails,
1655 the Pod will be restarted, just as if the livenessProbe
1656 failed. This can be used to provide different probe parameters
1657 at the beginning of a Pod''s lifecycle, when it might
1658 take a long time to load data or warm a cache, than during
1659 steady-state operation. This cannot be updated. This is
1660 a beta feature enabled by the StartupProbe feature flag.
1661 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
1662 properties:
1663 exec:
1664 description: One and only one of the following should
1665 be specified. Exec specifies the action to take.
1666 properties:
1667 command:
1668 description: Command is the command line to execute
1669 inside the container, the working directory for
1670 the command is root ('/') in the container's
1671 filesystem. The command is simply exec'd, it is
1672 not run inside a shell, so traditional shell instructions
1673 ('|', etc) won't work. To use a shell, you need
1674 to explicitly call out to that shell. Exit status
1675 of 0 is treated as live/healthy and non-zero is
1676 unhealthy.
1677 items:
1678 type: string
1679 type: array
1680 type: object
1681 failureThreshold:
1682 description: Minimum consecutive failures for the probe
1683 to be considered failed after having succeeded. Defaults
1684 to 3. Minimum value is 1.
1685 format: int32
1686 type: integer
1687 httpGet:
1688 description: HTTPGet specifies the http request to perform.
1689 properties:
1690 host:
1691 description: Host name to connect to, defaults to
1692 the pod IP. You probably want to set "Host" in
1693 httpHeaders instead.
1694 type: string
1695 httpHeaders:
1696 description: Custom headers to set in the request.
1697 HTTP allows repeated headers.
1698 items:
1699 description: HTTPHeader describes a custom header
1700 to be used in HTTP probes
1701 properties:
1702 name:
1703 description: The header field name
1704 type: string
1705 value:
1706 description: The header field value
1707 type: string
1708 required:
1709 - name
1710 - value
1711 type: object
1712 type: array
1713 path:
1714 description: Path to access on the HTTP server.
1715 type: string
1716 port:
1717 anyOf:
1718 - type: integer
1719 - type: string
1720 description: Name or number of the port to access
1721 on the container. Number must be in the range
1722 1 to 65535. Name must be an IANA_SVC_NAME.
1723 x-kubernetes-int-or-string: true
1724 scheme:
1725 description: Scheme to use for connecting to the
1726 host. Defaults to HTTP.
1727 type: string
1728 required:
1729 - port
1730 type: object
1731 initialDelaySeconds:
1732 description: 'Number of seconds after the container
1733 has started before liveness probes are initiated.
1734 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
1735 format: int32
1736 type: integer
1737 periodSeconds:
1738 description: How often (in seconds) to perform the probe.
1739 Default to 10 seconds. Minimum value is 1.
1740 format: int32
1741 type: integer
1742 successThreshold:
1743 description: Minimum consecutive successes for the probe
1744 to be considered successful after having failed. Defaults
1745 to 1. Must be 1 for liveness and startup. Minimum
1746 value is 1.
1747 format: int32
1748 type: integer
1749 tcpSocket:
1750 description: 'TCPSocket specifies an action involving
1751 a TCP port. TCP hooks not yet supported TODO: implement
1752 a realistic TCP lifecycle hook'
1753 properties:
1754 host:
1755 description: 'Optional: Host name to connect to,
1756 defaults to the pod IP.'
1757 type: string
1758 port:
1759 anyOf:
1760 - type: integer
1761 - type: string
1762 description: Number or name of the port to access
1763 on the container. Number must be in the range
1764 1 to 65535. Name must be an IANA_SVC_NAME.
1765 x-kubernetes-int-or-string: true
1766 required:
1767 - port
1768 type: object
1769 timeoutSeconds:
1770 description: 'Number of seconds after which the probe
1771 times out. Defaults to 1 second. Minimum value is
1772 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
1773 format: int32
1774 type: integer
1775 type: object
1776 stdin:
1777 description: Whether this container should allocate a buffer
1778 for stdin in the container runtime. If this is not set,
1779 reads from stdin in the container will always result in
1780 EOF. Default is false.
1781 type: boolean
1782 stdinOnce:
1783 description: Whether the container runtime should close
1784 the stdin channel after it has been opened by a single
1785 attach. When stdin is true the stdin stream will remain
1786 open across multiple attach sessions. If stdinOnce is
1787 set to true, stdin is opened on container start, is empty
1788 until the first client attaches to stdin, and then remains
1789 open and accepts data until the client disconnects, at
1790 which time stdin is closed and remains closed until the
1791 container is restarted. If this flag is false, a container
1792 processes that reads from stdin will never receive an
1793 EOF. Default is false
1794 type: boolean
1795 terminationMessagePath:
1796 description: 'Optional: Path at which the file to which
1797 the container''s termination message will be written is
1798 mounted into the container''s filesystem. Message written
1799 is intended to be brief final status, such as an assertion
1800 failure message. Will be truncated by the node if greater
1801 than 4096 bytes. The total message length across all containers
1802 will be limited to 12kb. Defaults to /dev/termination-log.
1803 Cannot be updated.'
1804 type: string
1805 terminationMessagePolicy:
1806 description: Indicate how the termination message should
1807 be populated. File will use the contents of terminationMessagePath
1808 to populate the container status message on both success
1809 and failure. FallbackToLogsOnError will use the last chunk
1810 of container log output if the termination message file
1811 is empty and the container exited with an error. The log
1812 output is limited to 2048 bytes or 80 lines, whichever
1813 is smaller. Defaults to File. Cannot be updated.
1814 type: string
1815 tty:
1816 description: Whether this container should allocate a TTY
1817 for itself, also requires 'stdin' to be true. Default
1818 is false.
1819 type: boolean
1820 volumeDevices:
1821 description: volumeDevices is the list of block devices
1822 to be used by the container.
1823 items:
1824 description: volumeDevice describes a mapping of a raw
1825 block device within a container.
1826 properties:
1827 devicePath:
1828 description: devicePath is the path inside of the
1829 container that the device will be mapped to.
1830 type: string
1831 name:
1832 description: name must match the name of a persistentVolumeClaim
1833 in the pod
1834 type: string
1835 required:
1836 - devicePath
1837 - name
1838 type: object
1839 type: array
1840 x-kubernetes-list-map-keys:
1841 - devicePath
1842 x-kubernetes-list-type: map
1843 volumeMounts:
1844 description: Pod volumes to mount into the container's filesystem.
1845 Cannot be updated.
1846 items:
1847 description: VolumeMount describes a mounting of a Volume
1848 within a container.
1849 properties:
1850 mountPath:
1851 description: Path within the container at which the
1852 volume should be mounted. Must not contain ':'.
1853 type: string
1854 mountPropagation:
1855 description: mountPropagation determines how mounts
1856 are propagated from the host to container and the
1857 other way around. When not set, MountPropagationNone
1858 is used. This field is beta in 1.10.
1859 type: string
1860 name:
1861 description: This must match the Name of a Volume.
1862 type: string
1863 readOnly:
1864 description: Mounted read-only if true, read-write
1865 otherwise (false or unspecified). Defaults to false.
1866 type: boolean
1867 subPath:
1868 description: Path within the volume from which the
1869 container's volume should be mounted. Defaults to
1870 "" (volume's root).
1871 type: string
1872 subPathExpr:
1873 description: Expanded path within the volume from
1874 which the container's volume should be mounted.
1875 Behaves similarly to SubPath but environment variable
1876 references $(VAR_NAME) are expanded using the container's
1877 environment. Defaults to "" (volume's root). SubPathExpr
1878 and SubPath are mutually exclusive.
1879 type: string
1880 required:
1881 - mountPath
1882 - name
1883 type: object
1884 type: array
1885 x-kubernetes-list-map-keys:
1886 - mountPath
1887 x-kubernetes-list-type: map
1888 workingDir:
1889 description: Container's working directory. If not specified,
1890 the container runtime's default will be used, which might
1891 be configured in the container image. Cannot be updated.
1892 type: string
1893 required:
1894 - name
1895 type: object
1896 type: array
1897 x-kubernetes-list-map-keys:
1898 - name
1899 x-kubernetes-list-type: map
1900 dnsConfig:
1901 description: Specifies the DNS parameters of a pod. Parameters
1902 specified here will be merged to the generated DNS configuration
1903 based on DNSPolicy.
1904 properties:
1905 nameservers:
1906 description: A list of DNS name server IP addresses. This
1907 will be appended to the base nameservers generated from
1908 DNSPolicy. Duplicated nameservers will be removed.
1909 items:
1910 type: string
1911 type: array
1912 options:
1913 description: A list of DNS resolver options. This will be
1914 merged with the base options generated from DNSPolicy. Duplicated
1915 entries will be removed. Resolution options given in Options
1916 will override those that appear in the base DNSPolicy.
1917 items:
1918 description: PodDNSConfigOption defines DNS resolver options
1919 of a pod.
1920 properties:
1921 name:
1922 description: Required.
1923 type: string
1924 value:
1925 type: string
1926 type: object
1927 type: array
1928 searches:
1929 description: A list of DNS search domains for host-name lookup.
1930 This will be appended to the base search paths generated
1931 from DNSPolicy. Duplicated search paths will be removed.
1932 items:
1933 type: string
1934 type: array
1935 type: object
1936 dnsPolicy:
1937 description: Set DNS policy for the pod. Defaults to "ClusterFirst".
1938 Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst',
1939 'Default' or 'None'. DNS parameters given in DNSConfig will
1940 be merged with the policy selected with DNSPolicy. To have DNS
1941 options set along with hostNetwork, you have to specify DNS
1942 policy explicitly to 'ClusterFirstWithHostNet'.
1943 type: string
1944 enableServiceLinks:
1945 description: 'EnableServiceLinks indicates whether information
1946 about services should be injected into pod''s environment variables,
1947 matching the syntax of Docker links. Optional: Defaults to true.'
1948 type: boolean
1949 ephemeralContainers:
1950 description: List of ephemeral containers run in this pod. Ephemeral
1951 containers may be run in an existing pod to perform user-initiated
1952 actions such as debugging. This list cannot be specified when
1953 creating a pod, and it cannot be modified by updating the pod
1954 spec. In order to add an ephemeral container to an existing
1955 pod, use the pod's ephemeralcontainers subresource. This field
1956 is alpha-level and is only honored by servers that enable the
1957 EphemeralContainers feature.
1958 items:
1959 description: An EphemeralContainer is a container that may be
1960 added temporarily to an existing pod for user-initiated activities
1961 such as debugging. Ephemeral containers have no resource or
1962 scheduling guarantees, and they will not be restarted when
1963 they exit or when a pod is removed or restarted. If an ephemeral
1964 container causes a pod to exceed its resource allocation,
1965 the pod may be evicted. Ephemeral containers may not be added
1966 by directly updating the pod spec. They must be added via
1967 the pod's ephemeralcontainers subresource, and they will appear
1968 in the pod spec once added. This is an alpha feature enabled
1969 by the EphemeralContainers feature flag.
1970 properties:
1971 args:
1972 description: 'Arguments to the entrypoint. The docker image''s
1973 CMD is used if this is not provided. Variable references
1974 $(VAR_NAME) are expanded using the container''s environment.
1975 If a variable cannot be resolved, the reference in the
1976 input string will be unchanged. The $(VAR_NAME) syntax
1977 can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
1978 references will never be expanded, regardless of whether
1979 the variable exists or not. Cannot be updated. More info:
1980 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
1981 items:
1982 type: string
1983 type: array
1984 command:
1985 description: 'Entrypoint array. Not executed within a shell.
1986 The docker image''s ENTRYPOINT is used if this is not
1987 provided. Variable references $(VAR_NAME) are expanded
1988 using the container''s environment. If a variable cannot
1989 be resolved, the reference in the input string will be
1990 unchanged. The $(VAR_NAME) syntax can be escaped with
1991 a double $$, ie: $$(VAR_NAME). Escaped references will
1992 never be expanded, regardless of whether the variable
1993 exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
1994 items:
1995 type: string
1996 type: array
1997 env:
1998 description: List of environment variables to set in the
1999 container. Cannot be updated.
2000 items:
2001 description: EnvVar represents an environment variable
2002 present in a Container.
2003 properties:
2004 name:
2005 description: Name of the environment variable. Must
2006 be a C_IDENTIFIER.
2007 type: string
2008 value:
2009 description: 'Variable references $(VAR_NAME) are
2010 expanded using the previous defined environment
2011 variables in the container and any service environment
2012 variables. If a variable cannot be resolved, the
2013 reference in the input string will be unchanged.
2014 The $(VAR_NAME) syntax can be escaped with a double
2015 $$, ie: $$(VAR_NAME). Escaped references will never
2016 be expanded, regardless of whether the variable
2017 exists or not. Defaults to "".'
2018 type: string
2019 valueFrom:
2020 description: Source for the environment variable's
2021 value. Cannot be used if value is not empty.
2022 properties:
2023 configMapKeyRef:
2024 description: Selects a key of a ConfigMap.
2025 properties:
2026 key:
2027 description: The key to select.
2028 type: string
2029 name:
2030 description: 'Name of the referent. More info:
2031 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
2032 TODO: Add other useful fields. apiVersion,
2033 kind, uid?'
2034 type: string
2035 optional:
2036 description: Specify whether the ConfigMap
2037 or its key must be defined
2038 type: boolean
2039 required:
2040 - key
2041 - name
2042 type: object
2043 fieldRef:
2044 description: 'Selects a field of the pod: supports
2045 metadata.name, metadata.namespace, metadata.labels,
2046 metadata.annotations, spec.nodeName, spec.serviceAccountName,
2047 status.hostIP, status.podIP, status.podIPs.'
2048 properties:
2049 apiVersion:
2050 description: Version of the schema the FieldPath
2051 is written in terms of, defaults to "v1".
2052 type: string
2053 fieldPath:
2054 description: Path of the field to select in
2055 the specified API version.
2056 type: string
2057 required:
2058 - fieldPath
2059 type: object
2060 resourceFieldRef:
2061 description: 'Selects a resource of the container:
2062 only resources limits and requests (limits.cpu,
2063 limits.memory, limits.ephemeral-storage, requests.cpu,
2064 requests.memory and requests.ephemeral-storage)
2065 are currently supported.'
2066 properties:
2067 containerName:
2068 description: 'Container name: required for
2069 volumes, optional for env vars'
2070 type: string
2071 divisor:
2072 anyOf:
2073 - type: integer
2074 - type: string
2075 description: Specifies the output format of
2076 the exposed resources, defaults to "1"
2077 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
2078 x-kubernetes-int-or-string: true
2079 resource:
2080 description: 'Required: resource to select'
2081 type: string
2082 required:
2083 - resource
2084 type: object
2085 secretKeyRef:
2086 description: Selects a key of a secret in the
2087 pod's namespace
2088 properties:
2089 key:
2090 description: The key of the secret to select
2091 from. Must be a valid secret key.
2092 type: string
2093 name:
2094 description: 'Name of the referent. More info:
2095 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
2096 TODO: Add other useful fields. apiVersion,
2097 kind, uid?'
2098 type: string
2099 optional:
2100 description: Specify whether the Secret or
2101 its key must be defined
2102 type: boolean
2103 required:
2104 - key
2105 - name
2106 type: object
2107 type: object
2108 required:
2109 - name
2110 type: object
2111 type: array
2112 x-kubernetes-list-map-keys:
2113 - name
2114 x-kubernetes-list-type: map
2115 envFrom:
2116 description: List of sources to populate environment variables
2117 in the container. The keys defined within a source must
2118 be a C_IDENTIFIER. All invalid keys will be reported as
2119 an event when the container is starting. When a key exists
2120 in multiple sources, the value associated with the last
2121 source will take precedence. Values defined by an Env
2122 with a duplicate key will take precedence. Cannot be updated.
2123 items:
2124 description: EnvFromSource represents the source of a
2125 set of ConfigMaps
2126 properties:
2127 configMapRef:
2128 description: The ConfigMap to select from
2129 properties:
2130 name:
2131 description: 'Name of the referent. More info:
2132 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
2133 TODO: Add other useful fields. apiVersion, kind,
2134 uid?'
2135 type: string
2136 optional:
2137 description: Specify whether the ConfigMap must
2138 be defined
2139 type: boolean
2140 required:
2141 - name
2142 type: object
2143 prefix:
2144 description: An optional identifier to prepend to
2145 each key in the ConfigMap. Must be a C_IDENTIFIER.
2146 type: string
2147 secretRef:
2148 description: The Secret to select from
2149 properties:
2150 name:
2151 description: 'Name of the referent. More info:
2152 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
2153 TODO: Add other useful fields. apiVersion, kind,
2154 uid?'
2155 type: string
2156 optional:
2157 description: Specify whether the Secret must be
2158 defined
2159 type: boolean
2160 required:
2161 - name
2162 type: object
2163 type: object
2164 type: array
2165 image:
2166 description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images'
2167 type: string
2168 imagePullPolicy:
2169 description: 'Image pull policy. One of Always, Never, IfNotPresent.
2170 Defaults to Always if :latest tag is specified, or IfNotPresent
2171 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
2172 type: string
2173 lifecycle:
2174 description: Lifecycle is not allowed for ephemeral containers.
2175 properties:
2176 postStart:
2177 description: 'PostStart is called immediately after
2178 a container is created. If the handler fails, the
2179 container is terminated and restarted according to
2180 its restart policy. Other management of the container
2181 blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
2182 properties:
2183 exec:
2184 description: One and only one of the following should
2185 be specified. Exec specifies the action to take.
2186 properties:
2187 command:
2188 description: Command is the command line to
2189 execute inside the container, the working
2190 directory for the command is root ('/') in
2191 the container's filesystem. The command is
2192 simply exec'd, it is not run inside a shell,
2193 so traditional shell instructions ('|', etc)
2194 won't work. To use a shell, you need to explicitly
2195 call out to that shell. Exit status of 0 is
2196 treated as live/healthy and non-zero is unhealthy.
2197 items:
2198 type: string
2199 type: array
2200 type: object
2201 httpGet:
2202 description: HTTPGet specifies the http request
2203 to perform.
2204 properties:
2205 host:
2206 description: Host name to connect to, defaults
2207 to the pod IP. You probably want to set "Host"
2208 in httpHeaders instead.
2209 type: string
2210 httpHeaders:
2211 description: Custom headers to set in the request.
2212 HTTP allows repeated headers.
2213 items:
2214 description: HTTPHeader describes a custom
2215 header to be used in HTTP probes
2216 properties:
2217 name:
2218 description: The header field name
2219 type: string
2220 value:
2221 description: The header field value
2222 type: string
2223 required:
2224 - name
2225 - value
2226 type: object
2227 type: array
2228 path:
2229 description: Path to access on the HTTP server.
2230 type: string
2231 port:
2232 anyOf:
2233 - type: integer
2234 - type: string
2235 description: Name or number of the port to access
2236 on the container. Number must be in the range
2237 1 to 65535. Name must be an IANA_SVC_NAME.
2238 x-kubernetes-int-or-string: true
2239 scheme:
2240 description: Scheme to use for connecting to
2241 the host. Defaults to HTTP.
2242 type: string
2243 required:
2244 - port
2245 type: object
2246 tcpSocket:
2247 description: 'TCPSocket specifies an action involving
2248 a TCP port. TCP hooks not yet supported TODO:
2249 implement a realistic TCP lifecycle hook'
2250 properties:
2251 host:
2252 description: 'Optional: Host name to connect
2253 to, defaults to the pod IP.'
2254 type: string
2255 port:
2256 anyOf:
2257 - type: integer
2258 - type: string
2259 description: Number or name of the port to access
2260 on the container. Number must be in the range
2261 1 to 65535. Name must be an IANA_SVC_NAME.
2262 x-kubernetes-int-or-string: true
2263 required:
2264 - port
2265 type: object
2266 type: object
2267 preStop:
2268 description: 'PreStop is called immediately before a
2269 container is terminated due to an API request or management
2270 event such as liveness/startup probe failure, preemption,
2271 resource contention, etc. The handler is not called
2272 if the container crashes or exits. The reason for
2273 termination is passed to the handler. The Pod''s termination
2274 grace period countdown begins before the PreStop hooked
2275 is executed. Regardless of the outcome of the handler,
2276 the container will eventually terminate within the
2277 Pod''s termination grace period. Other management
2278 of the container blocks until the hook completes or
2279 until the termination grace period is reached. More
2280 info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
2281 properties:
2282 exec:
2283 description: One and only one of the following should
2284 be specified. Exec specifies the action to take.
2285 properties:
2286 command:
2287 description: Command is the command line to
2288 execute inside the container, the working
2289 directory for the command is root ('/') in
2290 the container's filesystem. The command is
2291 simply exec'd, it is not run inside a shell,
2292 so traditional shell instructions ('|', etc)
2293 won't work. To use a shell, you need to explicitly
2294 call out to that shell. Exit status of 0 is
2295 treated as live/healthy and non-zero is unhealthy.
2296 items:
2297 type: string
2298 type: array
2299 type: object
2300 httpGet:
2301 description: HTTPGet specifies the http request
2302 to perform.
2303 properties:
2304 host:
2305 description: Host name to connect to, defaults
2306 to the pod IP. You probably want to set "Host"
2307 in httpHeaders instead.
2308 type: string
2309 httpHeaders:
2310 description: Custom headers to set in the request.
2311 HTTP allows repeated headers.
2312 items:
2313 description: HTTPHeader describes a custom
2314 header to be used in HTTP probes
2315 properties:
2316 name:
2317 description: The header field name
2318 type: string
2319 value:
2320 description: The header field value
2321 type: string
2322 required:
2323 - name
2324 - value
2325 type: object
2326 type: array
2327 path:
2328 description: Path to access on the HTTP server.
2329 type: string
2330 port:
2331 anyOf:
2332 - type: integer
2333 - type: string
2334 description: Name or number of the port to access
2335 on the container. Number must be in the range
2336 1 to 65535. Name must be an IANA_SVC_NAME.
2337 x-kubernetes-int-or-string: true
2338 scheme:
2339 description: Scheme to use for connecting to
2340 the host. Defaults to HTTP.
2341 type: string
2342 required:
2343 - port
2344 type: object
2345 tcpSocket:
2346 description: 'TCPSocket specifies an action involving
2347 a TCP port. TCP hooks not yet supported TODO:
2348 implement a realistic TCP lifecycle hook'
2349 properties:
2350 host:
2351 description: 'Optional: Host name to connect
2352 to, defaults to the pod IP.'
2353 type: string
2354 port:
2355 anyOf:
2356 - type: integer
2357 - type: string
2358 description: Number or name of the port to access
2359 on the container. Number must be in the range
2360 1 to 65535. Name must be an IANA_SVC_NAME.
2361 x-kubernetes-int-or-string: true
2362 required:
2363 - port
2364 type: object
2365 type: object
2366 type: object
2367 livenessProbe:
2368 description: Probes are not allowed for ephemeral containers.
2369 properties:
2370 exec:
2371 description: One and only one of the following should
2372 be specified. Exec specifies the action to take.
2373 properties:
2374 command:
2375 description: Command is the command line to execute
2376 inside the container, the working directory for
2377 the command is root ('/') in the container's
2378 filesystem. The command is simply exec'd, it is
2379 not run inside a shell, so traditional shell instructions
2380 ('|', etc) won't work. To use a shell, you need
2381 to explicitly call out to that shell. Exit status
2382 of 0 is treated as live/healthy and non-zero is
2383 unhealthy.
2384 items:
2385 type: string
2386 type: array
2387 type: object
2388 failureThreshold:
2389 description: Minimum consecutive failures for the probe
2390 to be considered failed after having succeeded. Defaults
2391 to 3. Minimum value is 1.
2392 format: int32
2393 type: integer
2394 httpGet:
2395 description: HTTPGet specifies the http request to perform.
2396 properties:
2397 host:
2398 description: Host name to connect to, defaults to
2399 the pod IP. You probably want to set "Host" in
2400 httpHeaders instead.
2401 type: string
2402 httpHeaders:
2403 description: Custom headers to set in the request.
2404 HTTP allows repeated headers.
2405 items:
2406 description: HTTPHeader describes a custom header
2407 to be used in HTTP probes
2408 properties:
2409 name:
2410 description: The header field name
2411 type: string
2412 value:
2413 description: The header field value
2414 type: string
2415 required:
2416 - name
2417 - value
2418 type: object
2419 type: array
2420 path:
2421 description: Path to access on the HTTP server.
2422 type: string
2423 port:
2424 anyOf:
2425 - type: integer
2426 - type: string
2427 description: Name or number of the port to access
2428 on the container. Number must be in the range
2429 1 to 65535. Name must be an IANA_SVC_NAME.
2430 x-kubernetes-int-or-string: true
2431 scheme:
2432 description: Scheme to use for connecting to the
2433 host. Defaults to HTTP.
2434 type: string
2435 required:
2436 - port
2437 type: object
2438 initialDelaySeconds:
2439 description: 'Number of seconds after the container
2440 has started before liveness probes are initiated.
2441 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
2442 format: int32
2443 type: integer
2444 periodSeconds:
2445 description: How often (in seconds) to perform the probe.
2446 Default to 10 seconds. Minimum value is 1.
2447 format: int32
2448 type: integer
2449 successThreshold:
2450 description: Minimum consecutive successes for the probe
2451 to be considered successful after having failed. Defaults
2452 to 1. Must be 1 for liveness and startup. Minimum
2453 value is 1.
2454 format: int32
2455 type: integer
2456 tcpSocket:
2457 description: 'TCPSocket specifies an action involving
2458 a TCP port. TCP hooks not yet supported TODO: implement
2459 a realistic TCP lifecycle hook'
2460 properties:
2461 host:
2462 description: 'Optional: Host name to connect to,
2463 defaults to the pod IP.'
2464 type: string
2465 port:
2466 anyOf:
2467 - type: integer
2468 - type: string
2469 description: Number or name of the port to access
2470 on the container. Number must be in the range
2471 1 to 65535. Name must be an IANA_SVC_NAME.
2472 x-kubernetes-int-or-string: true
2473 required:
2474 - port
2475 type: object
2476 timeoutSeconds:
2477 description: 'Number of seconds after which the probe
2478 times out. Defaults to 1 second. Minimum value is
2479 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
2480 format: int32
2481 type: integer
2482 type: object
2483 name:
2484 description: Name of the ephemeral container specified as
2485 a DNS_LABEL. This name must be unique among all containers,
2486 init containers and ephemeral containers.
2487 type: string
2488 ports:
2489 description: Ports are not allowed for ephemeral containers.
2490 items:
2491 description: ContainerPort represents a network port in
2492 a single container.
2493 properties:
2494 containerPort:
2495 description: Number of port to expose on the pod's
2496 IP address. This must be a valid port number, 0
2497 < x < 65536.
2498 format: int32
2499 type: integer
2500 hostIP:
2501 description: What host IP to bind the external port
2502 to.
2503 type: string
2504 hostPort:
2505 description: Number of port to expose on the host.
2506 If specified, this must be a valid port number,
2507 0 < x < 65536. If HostNetwork is specified, this
2508 must match ContainerPort. Most containers do not
2509 need this.
2510 format: int32
2511 type: integer
2512 name:
2513 description: If specified, this must be an IANA_SVC_NAME
2514 and unique within the pod. Each named port in a
2515 pod must have a unique name. Name for the port that
2516 can be referred to by services.
2517 type: string
2518 protocol:
2519 default: TCP
2520 description: Protocol for port. Must be UDP, TCP,
2521 or SCTP. Defaults to "TCP".
2522 type: string
2523 required:
2524 - containerPort
2525 type: object
2526 type: array
2527 readinessProbe:
2528 description: Probes are not allowed for ephemeral containers.
2529 properties:
2530 exec:
2531 description: One and only one of the following should
2532 be specified. Exec specifies the action to take.
2533 properties:
2534 command:
2535 description: Command is the command line to execute
2536 inside the container, the working directory for
2537 the command is root ('/') in the container's
2538 filesystem. The command is simply exec'd, it is
2539 not run inside a shell, so traditional shell instructions
2540 ('|', etc) won't work. To use a shell, you need
2541 to explicitly call out to that shell. Exit status
2542 of 0 is treated as live/healthy and non-zero is
2543 unhealthy.
2544 items:
2545 type: string
2546 type: array
2547 type: object
2548 failureThreshold:
2549 description: Minimum consecutive failures for the probe
2550 to be considered failed after having succeeded. Defaults
2551 to 3. Minimum value is 1.
2552 format: int32
2553 type: integer
2554 httpGet:
2555 description: HTTPGet specifies the http request to perform.
2556 properties:
2557 host:
2558 description: Host name to connect to, defaults to
2559 the pod IP. You probably want to set "Host" in
2560 httpHeaders instead.
2561 type: string
2562 httpHeaders:
2563 description: Custom headers to set in the request.
2564 HTTP allows repeated headers.
2565 items:
2566 description: HTTPHeader describes a custom header
2567 to be used in HTTP probes
2568 properties:
2569 name:
2570 description: The header field name
2571 type: string
2572 value:
2573 description: The header field value
2574 type: string
2575 required:
2576 - name
2577 - value
2578 type: object
2579 type: array
2580 path:
2581 description: Path to access on the HTTP server.
2582 type: string
2583 port:
2584 anyOf:
2585 - type: integer
2586 - type: string
2587 description: Name or number of the port to access
2588 on the container. Number must be in the range
2589 1 to 65535. Name must be an IANA_SVC_NAME.
2590 x-kubernetes-int-or-string: true
2591 scheme:
2592 description: Scheme to use for connecting to the
2593 host. Defaults to HTTP.
2594 type: string
2595 required:
2596 - port
2597 type: object
2598 initialDelaySeconds:
2599 description: 'Number of seconds after the container
2600 has started before liveness probes are initiated.
2601 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
2602 format: int32
2603 type: integer
2604 periodSeconds:
2605 description: How often (in seconds) to perform the probe.
2606 Default to 10 seconds. Minimum value is 1.
2607 format: int32
2608 type: integer
2609 successThreshold:
2610 description: Minimum consecutive successes for the probe
2611 to be considered successful after having failed. Defaults
2612 to 1. Must be 1 for liveness and startup. Minimum
2613 value is 1.
2614 format: int32
2615 type: integer
2616 tcpSocket:
2617 description: 'TCPSocket specifies an action involving
2618 a TCP port. TCP hooks not yet supported TODO: implement
2619 a realistic TCP lifecycle hook'
2620 properties:
2621 host:
2622 description: 'Optional: Host name to connect to,
2623 defaults to the pod IP.'
2624 type: string
2625 port:
2626 anyOf:
2627 - type: integer
2628 - type: string
2629 description: Number or name of the port to access
2630 on the container. Number must be in the range
2631 1 to 65535. Name must be an IANA_SVC_NAME.
2632 x-kubernetes-int-or-string: true
2633 required:
2634 - port
2635 type: object
2636 timeoutSeconds:
2637 description: 'Number of seconds after which the probe
2638 times out. Defaults to 1 second. Minimum value is
2639 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
2640 format: int32
2641 type: integer
2642 type: object
2643 resources:
2644 description: Resources are not allowed for ephemeral containers.
2645 Ephemeral containers use spare resources already allocated
2646 to the pod.
2647 properties:
2648 limits:
2649 additionalProperties:
2650 anyOf:
2651 - type: integer
2652 - type: string
2653 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
2654 x-kubernetes-int-or-string: true
2655 description: 'Limits describes the maximum amount of
2656 compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
2657 type: object
2658 requests:
2659 additionalProperties:
2660 anyOf:
2661 - type: integer
2662 - type: string
2663 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
2664 x-kubernetes-int-or-string: true
2665 description: 'Requests describes the minimum amount
2666 of compute resources required. If Requests is omitted
2667 for a container, it defaults to Limits if that is
2668 explicitly specified, otherwise to an implementation-defined
2669 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
2670 type: object
2671 type: object
2672 securityContext:
2673 description: SecurityContext is not allowed for ephemeral
2674 containers.
2675 properties:
2676 allowPrivilegeEscalation:
2677 description: 'AllowPrivilegeEscalation controls whether
2678 a process can gain more privileges than its parent
2679 process. This bool directly controls if the no_new_privs
2680 flag will be set on the container process. AllowPrivilegeEscalation
2681 is true always when the container is: 1) run as Privileged
2682 2) has CAP_SYS_ADMIN'
2683 type: boolean
2684 capabilities:
2685 description: The capabilities to add/drop when running
2686 containers. Defaults to the default set of capabilities
2687 granted by the container runtime.
2688 properties:
2689 add:
2690 description: Added capabilities
2691 items:
2692 description: Capability represent POSIX capabilities
2693 type
2694 type: string
2695 type: array
2696 drop:
2697 description: Removed capabilities
2698 items:
2699 description: Capability represent POSIX capabilities
2700 type
2701 type: string
2702 type: array
2703 type: object
2704 privileged:
2705 description: Run container in privileged mode. Processes
2706 in privileged containers are essentially equivalent
2707 to root on the host. Defaults to false.
2708 type: boolean
2709 procMount:
2710 description: procMount denotes the type of proc mount
2711 to use for the containers. The default is DefaultProcMount
2712 which uses the container runtime defaults for readonly
2713 paths and masked paths. This requires the ProcMountType
2714 feature flag to be enabled.
2715 type: string
2716 readOnlyRootFilesystem:
2717 description: Whether this container has a read-only
2718 root filesystem. Default is false.
2719 type: boolean
2720 runAsGroup:
2721 description: The GID to run the entrypoint of the container
2722 process. Uses runtime default if unset. May also be
2723 set in PodSecurityContext. If set in both SecurityContext
2724 and PodSecurityContext, the value specified in SecurityContext
2725 takes precedence.
2726 format: int64
2727 type: integer
2728 runAsNonRoot:
2729 description: Indicates that the container must run as
2730 a non-root user. If true, the Kubelet will validate
2731 the image at runtime to ensure that it does not run
2732 as UID 0 (root) and fail to start the container if
2733 it does. If unset or false, no such validation will
2734 be performed. May also be set in PodSecurityContext. If
2735 set in both SecurityContext and PodSecurityContext,
2736 the value specified in SecurityContext takes precedence.
2737 type: boolean
2738 runAsUser:
2739 description: The UID to run the entrypoint of the container
2740 process. Defaults to user specified in image metadata
2741 if unspecified. May also be set in PodSecurityContext. If
2742 set in both SecurityContext and PodSecurityContext,
2743 the value specified in SecurityContext takes precedence.
2744 format: int64
2745 type: integer
2746 seLinuxOptions:
2747 description: The SELinux context to be applied to the
2748 container. If unspecified, the container runtime will
2749 allocate a random SELinux context for each container. May
2750 also be set in PodSecurityContext. If set in both
2751 SecurityContext and PodSecurityContext, the value
2752 specified in SecurityContext takes precedence.
2753 properties:
2754 level:
2755 description: Level is SELinux level label that applies
2756 to the container.
2757 type: string
2758 role:
2759 description: Role is a SELinux role label that applies
2760 to the container.
2761 type: string
2762 type:
2763 description: Type is a SELinux type label that applies
2764 to the container.
2765 type: string
2766 user:
2767 description: User is a SELinux user label that applies
2768 to the container.
2769 type: string
2770 type: object
2771 windowsOptions:
2772 description: The Windows specific settings applied to
2773 all containers. If unspecified, the options from the
2774 PodSecurityContext will be used. If set in both SecurityContext
2775 and PodSecurityContext, the value specified in SecurityContext
2776 takes precedence.
2777 properties:
2778 gmsaCredentialSpec:
2779 description: GMSACredentialSpec is where the GMSA
2780 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
2781 inlines the contents of the GMSA credential spec
2782 named by the GMSACredentialSpecName field.
2783 type: string
2784 gmsaCredentialSpecName:
2785 description: GMSACredentialSpecName is the name
2786 of the GMSA credential spec to use.
2787 type: string
2788 runAsUserName:
2789 description: The UserName in Windows to run the
2790 entrypoint of the container process. Defaults
2791 to the user specified in image metadata if unspecified.
2792 May also be set in PodSecurityContext. If set
2793 in both SecurityContext and PodSecurityContext,
2794 the value specified in SecurityContext takes precedence.
2795 type: string
2796 type: object
2797 type: object
2798 startupProbe:
2799 description: Probes are not allowed for ephemeral containers.
2800 properties:
2801 exec:
2802 description: One and only one of the following should
2803 be specified. Exec specifies the action to take.
2804 properties:
2805 command:
2806 description: Command is the command line to execute
2807 inside the container, the working directory for
2808 the command is root ('/') in the container's
2809 filesystem. The command is simply exec'd, it is
2810 not run inside a shell, so traditional shell instructions
2811 ('|', etc) won't work. To use a shell, you need
2812 to explicitly call out to that shell. Exit status
2813 of 0 is treated as live/healthy and non-zero is
2814 unhealthy.
2815 items:
2816 type: string
2817 type: array
2818 type: object
2819 failureThreshold:
2820 description: Minimum consecutive failures for the probe
2821 to be considered failed after having succeeded. Defaults
2822 to 3. Minimum value is 1.
2823 format: int32
2824 type: integer
2825 httpGet:
2826 description: HTTPGet specifies the http request to perform.
2827 properties:
2828 host:
2829 description: Host name to connect to, defaults to
2830 the pod IP. You probably want to set "Host" in
2831 httpHeaders instead.
2832 type: string
2833 httpHeaders:
2834 description: Custom headers to set in the request.
2835 HTTP allows repeated headers.
2836 items:
2837 description: HTTPHeader describes a custom header
2838 to be used in HTTP probes
2839 properties:
2840 name:
2841 description: The header field name
2842 type: string
2843 value:
2844 description: The header field value
2845 type: string
2846 required:
2847 - name
2848 - value
2849 type: object
2850 type: array
2851 path:
2852 description: Path to access on the HTTP server.
2853 type: string
2854 port:
2855 anyOf:
2856 - type: integer
2857 - type: string
2858 description: Name or number of the port to access
2859 on the container. Number must be in the range
2860 1 to 65535. Name must be an IANA_SVC_NAME.
2861 x-kubernetes-int-or-string: true
2862 scheme:
2863 description: Scheme to use for connecting to the
2864 host. Defaults to HTTP.
2865 type: string
2866 required:
2867 - port
2868 type: object
2869 initialDelaySeconds:
2870 description: 'Number of seconds after the container
2871 has started before liveness probes are initiated.
2872 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
2873 format: int32
2874 type: integer
2875 periodSeconds:
2876 description: How often (in seconds) to perform the probe.
2877 Default to 10 seconds. Minimum value is 1.
2878 format: int32
2879 type: integer
2880 successThreshold:
2881 description: Minimum consecutive successes for the probe
2882 to be considered successful after having failed. Defaults
2883 to 1. Must be 1 for liveness and startup. Minimum
2884 value is 1.
2885 format: int32
2886 type: integer
2887 tcpSocket:
2888 description: 'TCPSocket specifies an action involving
2889 a TCP port. TCP hooks not yet supported TODO: implement
2890 a realistic TCP lifecycle hook'
2891 properties:
2892 host:
2893 description: 'Optional: Host name to connect to,
2894 defaults to the pod IP.'
2895 type: string
2896 port:
2897 anyOf:
2898 - type: integer
2899 - type: string
2900 description: Number or name of the port to access
2901 on the container. Number must be in the range
2902 1 to 65535. Name must be an IANA_SVC_NAME.
2903 x-kubernetes-int-or-string: true
2904 required:
2905 - port
2906 type: object
2907 timeoutSeconds:
2908 description: 'Number of seconds after which the probe
2909 times out. Defaults to 1 second. Minimum value is
2910 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
2911 format: int32
2912 type: integer
2913 type: object
2914 stdin:
2915 description: Whether this container should allocate a buffer
2916 for stdin in the container runtime. If this is not set,
2917 reads from stdin in the container will always result in
2918 EOF. Default is false.
2919 type: boolean
2920 stdinOnce:
2921 description: Whether the container runtime should close
2922 the stdin channel after it has been opened by a single
2923 attach. When stdin is true the stdin stream will remain
2924 open across multiple attach sessions. If stdinOnce is
2925 set to true, stdin is opened on container start, is empty
2926 until the first client attaches to stdin, and then remains
2927 open and accepts data until the client disconnects, at
2928 which time stdin is closed and remains closed until the
2929 container is restarted. If this flag is false, a container
2930 processes that reads from stdin will never receive an
2931 EOF. Default is false
2932 type: boolean
2933 targetContainerName:
2934 description: If set, the name of the container from PodSpec
2935 that this ephemeral container targets. The ephemeral container
2936 will be run in the namespaces (IPC, PID, etc) of this
2937 container. If not set then the ephemeral container is
2938 run in whatever namespaces are shared for the pod. Note
2939 that the container runtime must support this feature.
2940 type: string
2941 terminationMessagePath:
2942 description: 'Optional: Path at which the file to which
2943 the container''s termination message will be written is
2944 mounted into the container''s filesystem. Message written
2945 is intended to be brief final status, such as an assertion
2946 failure message. Will be truncated by the node if greater
2947 than 4096 bytes. The total message length across all containers
2948 will be limited to 12kb. Defaults to /dev/termination-log.
2949 Cannot be updated.'
2950 type: string
2951 terminationMessagePolicy:
2952 description: Indicate how the termination message should
2953 be populated. File will use the contents of terminationMessagePath
2954 to populate the container status message on both success
2955 and failure. FallbackToLogsOnError will use the last chunk
2956 of container log output if the termination message file
2957 is empty and the container exited with an error. The log
2958 output is limited to 2048 bytes or 80 lines, whichever
2959 is smaller. Defaults to File. Cannot be updated.
2960 type: string
2961 tty:
2962 description: Whether this container should allocate a TTY
2963 for itself, also requires 'stdin' to be true. Default
2964 is false.
2965 type: boolean
2966 volumeDevices:
2967 description: volumeDevices is the list of block devices
2968 to be used by the container.
2969 items:
2970 description: volumeDevice describes a mapping of a raw
2971 block device within a container.
2972 properties:
2973 devicePath:
2974 description: devicePath is the path inside of the
2975 container that the device will be mapped to.
2976 type: string
2977 name:
2978 description: name must match the name of a persistentVolumeClaim
2979 in the pod
2980 type: string
2981 required:
2982 - devicePath
2983 - name
2984 type: object
2985 type: array
2986 x-kubernetes-list-map-keys:
2987 - devicePath
2988 x-kubernetes-list-type: map
2989 volumeMounts:
2990 description: Pod volumes to mount into the container's filesystem.
2991 Cannot be updated.
2992 items:
2993 description: VolumeMount describes a mounting of a Volume
2994 within a container.
2995 properties:
2996 mountPath:
2997 description: Path within the container at which the
2998 volume should be mounted. Must not contain ':'.
2999 type: string
3000 mountPropagation:
3001 description: mountPropagation determines how mounts
3002 are propagated from the host to container and the
3003 other way around. When not set, MountPropagationNone
3004 is used. This field is beta in 1.10.
3005 type: string
3006 name:
3007 description: This must match the Name of a Volume.
3008 type: string
3009 readOnly:
3010 description: Mounted read-only if true, read-write
3011 otherwise (false or unspecified). Defaults to false.
3012 type: boolean
3013 subPath:
3014 description: Path within the volume from which the
3015 container's volume should be mounted. Defaults to
3016 "" (volume's root).
3017 type: string
3018 subPathExpr:
3019 description: Expanded path within the volume from
3020 which the container's volume should be mounted.
3021 Behaves similarly to SubPath but environment variable
3022 references $(VAR_NAME) are expanded using the container's
3023 environment. Defaults to "" (volume's root). SubPathExpr
3024 and SubPath are mutually exclusive.
3025 type: string
3026 required:
3027 - mountPath
3028 - name
3029 type: object
3030 type: array
3031 x-kubernetes-list-map-keys:
3032 - mountPath
3033 x-kubernetes-list-type: map
3034 workingDir:
3035 description: Container's working directory. If not specified,
3036 the container runtime's default will be used, which might
3037 be configured in the container image. Cannot be updated.
3038 type: string
3039 required:
3040 - name
3041 type: object
3042 type: array
3043 x-kubernetes-list-map-keys:
3044 - name
3045 x-kubernetes-list-type: map
3046 hostAliases:
3047 description: HostAliases is an optional list of hosts and IPs
3048 that will be injected into the pod's hosts file if specified.
3049 This is only valid for non-hostNetwork pods.
3050 items:
3051 description: HostAlias holds the mapping between IP and hostnames
3052 that will be injected as an entry in the pod's hosts file.
3053 properties:
3054 hostnames:
3055 description: Hostnames for the above IP address.
3056 items:
3057 type: string
3058 type: array
3059 ip:
3060 description: IP address of the host file entry.
3061 type: string
3062 required:
3063 - ip
3064 type: object
3065 type: array
3066 x-kubernetes-list-map-keys:
3067 - ip
3068 x-kubernetes-list-type: map
3069 hostIPC:
3070 description: 'Use the host''s ipc namespace. Optional: Default
3071 to false.'
3072 type: boolean
3073 hostNetwork:
3074 description: Host networking requested for this pod. Use the host's
3075 network namespace. If this option is set, the ports that will
3076 be used must be specified. Default to false.
3077 type: boolean
3078 hostPID:
3079 description: 'Use the host''s pid namespace. Optional: Default
3080 to false.'
3081 type: boolean
3082 hostname:
3083 description: Specifies the hostname of the Pod If not specified,
3084 the pod's hostname will be set to a system-defined value.
3085 type: string
3086 imagePullSecrets:
3087 description: 'ImagePullSecrets is an optional list of references
3088 to secrets in the same namespace to use for pulling any of the
3089 images used by this PodSpec. If specified, these secrets will
3090 be passed to individual puller implementations for them to use.
3091 For example, in the case of docker, only DockerConfig type secrets
3092 are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
3093 items:
3094 description: LocalObjectReference contains enough information
3095 to let you locate the referenced object inside the same namespace.
3096 properties:
3097 name:
3098 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
3099 TODO: Add other useful fields. apiVersion, kind, uid?'
3100 type: string
3101 required:
3102 - name
3103 type: object
3104 type: array
3105 x-kubernetes-list-map-keys:
3106 - name
3107 x-kubernetes-list-type: map
3108 initContainers:
3109 description: 'List of initialization containers belonging to the
3110 pod. Init containers are executed in order prior to containers
3111 being started. If any init container fails, the pod is considered
3112 to have failed and is handled according to its restartPolicy.
3113 The name for an init container or normal container must be unique
3114 among all containers. Init containers may not have Lifecycle
3115 actions, Readiness probes, Liveness probes, or Startup probes.
3116 The resourceRequirements of an init container are taken into
3117 account during scheduling by finding the highest request/limit
3118 for each resource type, and then using the max of of that value
3119 or the sum of the normal containers. Limits are applied to init
3120 containers in a similar fashion. Init containers cannot currently
3121 be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
3122 items:
3123 description: A single application container that you want to
3124 run within a pod.
3125 properties:
3126 args:
3127 description: 'Arguments to the entrypoint. The docker image''s
3128 CMD is used if this is not provided. Variable references
3129 $(VAR_NAME) are expanded using the container''s environment.
3130 If a variable cannot be resolved, the reference in the
3131 input string will be unchanged. The $(VAR_NAME) syntax
3132 can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
3133 references will never be expanded, regardless of whether
3134 the variable exists or not. Cannot be updated. More info:
3135 https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
3136 items:
3137 type: string
3138 type: array
3139 command:
3140 description: 'Entrypoint array. Not executed within a shell.
3141 The docker image''s ENTRYPOINT is used if this is not
3142 provided. Variable references $(VAR_NAME) are expanded
3143 using the container''s environment. If a variable cannot
3144 be resolved, the reference in the input string will be
3145 unchanged. The $(VAR_NAME) syntax can be escaped with
3146 a double $$, ie: $$(VAR_NAME). Escaped references will
3147 never be expanded, regardless of whether the variable
3148 exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
3149 items:
3150 type: string
3151 type: array
3152 env:
3153 description: List of environment variables to set in the
3154 container. Cannot be updated.
3155 items:
3156 description: EnvVar represents an environment variable
3157 present in a Container.
3158 properties:
3159 name:
3160 description: Name of the environment variable. Must
3161 be a C_IDENTIFIER.
3162 type: string
3163 value:
3164 description: 'Variable references $(VAR_NAME) are
3165 expanded using the previous defined environment
3166 variables in the container and any service environment
3167 variables. If a variable cannot be resolved, the
3168 reference in the input string will be unchanged.
3169 The $(VAR_NAME) syntax can be escaped with a double
3170 $$, ie: $$(VAR_NAME). Escaped references will never
3171 be expanded, regardless of whether the variable
3172 exists or not. Defaults to "".'
3173 type: string
3174 valueFrom:
3175 description: Source for the environment variable's
3176 value. Cannot be used if value is not empty.
3177 properties:
3178 configMapKeyRef:
3179 description: Selects a key of a ConfigMap.
3180 properties:
3181 key:
3182 description: The key to select.
3183 type: string
3184 name:
3185 description: 'Name of the referent. More info:
3186 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
3187 TODO: Add other useful fields. apiVersion,
3188 kind, uid?'
3189 type: string
3190 optional:
3191 description: Specify whether the ConfigMap
3192 or its key must be defined
3193 type: boolean
3194 required:
3195 - key
3196 - name
3197 type: object
3198 fieldRef:
3199 description: 'Selects a field of the pod: supports
3200 metadata.name, metadata.namespace, metadata.labels,
3201 metadata.annotations, spec.nodeName, spec.serviceAccountName,
3202 status.hostIP, status.podIP, status.podIPs.'
3203 properties:
3204 apiVersion:
3205 description: Version of the schema the FieldPath
3206 is written in terms of, defaults to "v1".
3207 type: string
3208 fieldPath:
3209 description: Path of the field to select in
3210 the specified API version.
3211 type: string
3212 required:
3213 - fieldPath
3214 type: object
3215 resourceFieldRef:
3216 description: 'Selects a resource of the container:
3217 only resources limits and requests (limits.cpu,
3218 limits.memory, limits.ephemeral-storage, requests.cpu,
3219 requests.memory and requests.ephemeral-storage)
3220 are currently supported.'
3221 properties:
3222 containerName:
3223 description: 'Container name: required for
3224 volumes, optional for env vars'
3225 type: string
3226 divisor:
3227 anyOf:
3228 - type: integer
3229 - type: string
3230 description: Specifies the output format of
3231 the exposed resources, defaults to "1"
3232 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
3233 x-kubernetes-int-or-string: true
3234 resource:
3235 description: 'Required: resource to select'
3236 type: string
3237 required:
3238 - resource
3239 type: object
3240 secretKeyRef:
3241 description: Selects a key of a secret in the
3242 pod's namespace
3243 properties:
3244 key:
3245 description: The key of the secret to select
3246 from. Must be a valid secret key.
3247 type: string
3248 name:
3249 description: 'Name of the referent. More info:
3250 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
3251 TODO: Add other useful fields. apiVersion,
3252 kind, uid?'
3253 type: string
3254 optional:
3255 description: Specify whether the Secret or
3256 its key must be defined
3257 type: boolean
3258 required:
3259 - key
3260 - name
3261 type: object
3262 type: object
3263 required:
3264 - name
3265 type: object
3266 type: array
3267 x-kubernetes-list-map-keys:
3268 - name
3269 x-kubernetes-list-type: map
3270 envFrom:
3271 description: List of sources to populate environment variables
3272 in the container. The keys defined within a source must
3273 be a C_IDENTIFIER. All invalid keys will be reported as
3274 an event when the container is starting. When a key exists
3275 in multiple sources, the value associated with the last
3276 source will take precedence. Values defined by an Env
3277 with a duplicate key will take precedence. Cannot be updated.
3278 items:
3279 description: EnvFromSource represents the source of a
3280 set of ConfigMaps
3281 properties:
3282 configMapRef:
3283 description: The ConfigMap to select from
3284 properties:
3285 name:
3286 description: 'Name of the referent. More info:
3287 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
3288 TODO: Add other useful fields. apiVersion, kind,
3289 uid?'
3290 type: string
3291 optional:
3292 description: Specify whether the ConfigMap must
3293 be defined
3294 type: boolean
3295 required:
3296 - name
3297 type: object
3298 prefix:
3299 description: An optional identifier to prepend to
3300 each key in the ConfigMap. Must be a C_IDENTIFIER.
3301 type: string
3302 secretRef:
3303 description: The Secret to select from
3304 properties:
3305 name:
3306 description: 'Name of the referent. More info:
3307 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
3308 TODO: Add other useful fields. apiVersion, kind,
3309 uid?'
3310 type: string
3311 optional:
3312 description: Specify whether the Secret must be
3313 defined
3314 type: boolean
3315 required:
3316 - name
3317 type: object
3318 type: object
3319 type: array
3320 image:
3321 description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
3322 This field is optional to allow higher level config management
3323 to default or override container images in workload controllers
3324 like Deployments and StatefulSets.'
3325 type: string
3326 imagePullPolicy:
3327 description: 'Image pull policy. One of Always, Never, IfNotPresent.
3328 Defaults to Always if :latest tag is specified, or IfNotPresent
3329 otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
3330 type: string
3331 lifecycle:
3332 description: Actions that the management system should take
3333 in response to container lifecycle events. Cannot be updated.
3334 properties:
3335 postStart:
3336 description: 'PostStart is called immediately after
3337 a container is created. If the handler fails, the
3338 container is terminated and restarted according to
3339 its restart policy. Other management of the container
3340 blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
3341 properties:
3342 exec:
3343 description: One and only one of the following should
3344 be specified. Exec specifies the action to take.
3345 properties:
3346 command:
3347 description: Command is the command line to
3348 execute inside the container, the working
3349 directory for the command is root ('/') in
3350 the container's filesystem. The command is
3351 simply exec'd, it is not run inside a shell,
3352 so traditional shell instructions ('|', etc)
3353 won't work. To use a shell, you need to explicitly
3354 call out to that shell. Exit status of 0 is
3355 treated as live/healthy and non-zero is unhealthy.
3356 items:
3357 type: string
3358 type: array
3359 type: object
3360 httpGet:
3361 description: HTTPGet specifies the http request
3362 to perform.
3363 properties:
3364 host:
3365 description: Host name to connect to, defaults
3366 to the pod IP. You probably want to set "Host"
3367 in httpHeaders instead.
3368 type: string
3369 httpHeaders:
3370 description: Custom headers to set in the request.
3371 HTTP allows repeated headers.
3372 items:
3373 description: HTTPHeader describes a custom
3374 header to be used in HTTP probes
3375 properties:
3376 name:
3377 description: The header field name
3378 type: string
3379 value:
3380 description: The header field value
3381 type: string
3382 required:
3383 - name
3384 - value
3385 type: object
3386 type: array
3387 path:
3388 description: Path to access on the HTTP server.
3389 type: string
3390 port:
3391 anyOf:
3392 - type: integer
3393 - type: string
3394 description: Name or number of the port to access
3395 on the container. Number must be in the range
3396 1 to 65535. Name must be an IANA_SVC_NAME.
3397 x-kubernetes-int-or-string: true
3398 scheme:
3399 description: Scheme to use for connecting to
3400 the host. Defaults to HTTP.
3401 type: string
3402 required:
3403 - port
3404 type: object
3405 tcpSocket:
3406 description: 'TCPSocket specifies an action involving
3407 a TCP port. TCP hooks not yet supported TODO:
3408 implement a realistic TCP lifecycle hook'
3409 properties:
3410 host:
3411 description: 'Optional: Host name to connect
3412 to, defaults to the pod IP.'
3413 type: string
3414 port:
3415 anyOf:
3416 - type: integer
3417 - type: string
3418 description: Number or name of the port to access
3419 on the container. Number must be in the range
3420 1 to 65535. Name must be an IANA_SVC_NAME.
3421 x-kubernetes-int-or-string: true
3422 required:
3423 - port
3424 type: object
3425 type: object
3426 preStop:
3427 description: 'PreStop is called immediately before a
3428 container is terminated due to an API request or management
3429 event such as liveness/startup probe failure, preemption,
3430 resource contention, etc. The handler is not called
3431 if the container crashes or exits. The reason for
3432 termination is passed to the handler. The Pod''s termination
3433 grace period countdown begins before the PreStop hooked
3434 is executed. Regardless of the outcome of the handler,
3435 the container will eventually terminate within the
3436 Pod''s termination grace period. Other management
3437 of the container blocks until the hook completes or
3438 until the termination grace period is reached. More
3439 info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
3440 properties:
3441 exec:
3442 description: One and only one of the following should
3443 be specified. Exec specifies the action to take.
3444 properties:
3445 command:
3446 description: Command is the command line to
3447 execute inside the container, the working
3448 directory for the command is root ('/') in
3449 the container's filesystem. The command is
3450 simply exec'd, it is not run inside a shell,
3451 so traditional shell instructions ('|', etc)
3452 won't work. To use a shell, you need to explicitly
3453 call out to that shell. Exit status of 0 is
3454 treated as live/healthy and non-zero is unhealthy.
3455 items:
3456 type: string
3457 type: array
3458 type: object
3459 httpGet:
3460 description: HTTPGet specifies the http request
3461 to perform.
3462 properties:
3463 host:
3464 description: Host name to connect to, defaults
3465 to the pod IP. You probably want to set "Host"
3466 in httpHeaders instead.
3467 type: string
3468 httpHeaders:
3469 description: Custom headers to set in the request.
3470 HTTP allows repeated headers.
3471 items:
3472 description: HTTPHeader describes a custom
3473 header to be used in HTTP probes
3474 properties:
3475 name:
3476 description: The header field name
3477 type: string
3478 value:
3479 description: The header field value
3480 type: string
3481 required:
3482 - name
3483 - value
3484 type: object
3485 type: array
3486 path:
3487 description: Path to access on the HTTP server.
3488 type: string
3489 port:
3490 anyOf:
3491 - type: integer
3492 - type: string
3493 description: Name or number of the port to access
3494 on the container. Number must be in the range
3495 1 to 65535. Name must be an IANA_SVC_NAME.
3496 x-kubernetes-int-or-string: true
3497 scheme:
3498 description: Scheme to use for connecting to
3499 the host. Defaults to HTTP.
3500 type: string
3501 required:
3502 - port
3503 type: object
3504 tcpSocket:
3505 description: 'TCPSocket specifies an action involving
3506 a TCP port. TCP hooks not yet supported TODO:
3507 implement a realistic TCP lifecycle hook'
3508 properties:
3509 host:
3510 description: 'Optional: Host name to connect
3511 to, defaults to the pod IP.'
3512 type: string
3513 port:
3514 anyOf:
3515 - type: integer
3516 - type: string
3517 description: Number or name of the port to access
3518 on the container. Number must be in the range
3519 1 to 65535. Name must be an IANA_SVC_NAME.
3520 x-kubernetes-int-or-string: true
3521 required:
3522 - port
3523 type: object
3524 type: object
3525 type: object
3526 livenessProbe:
3527 description: 'Periodic probe of container liveness. Container
3528 will be restarted if the probe fails. Cannot be updated.
3529 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
3530 properties:
3531 exec:
3532 description: One and only one of the following should
3533 be specified. Exec specifies the action to take.
3534 properties:
3535 command:
3536 description: Command is the command line to execute
3537 inside the container, the working directory for
3538 the command is root ('/') in the container's
3539 filesystem. The command is simply exec'd, it is
3540 not run inside a shell, so traditional shell instructions
3541 ('|', etc) won't work. To use a shell, you need
3542 to explicitly call out to that shell. Exit status
3543 of 0 is treated as live/healthy and non-zero is
3544 unhealthy.
3545 items:
3546 type: string
3547 type: array
3548 type: object
3549 failureThreshold:
3550 description: Minimum consecutive failures for the probe
3551 to be considered failed after having succeeded. Defaults
3552 to 3. Minimum value is 1.
3553 format: int32
3554 type: integer
3555 httpGet:
3556 description: HTTPGet specifies the http request to perform.
3557 properties:
3558 host:
3559 description: Host name to connect to, defaults to
3560 the pod IP. You probably want to set "Host" in
3561 httpHeaders instead.
3562 type: string
3563 httpHeaders:
3564 description: Custom headers to set in the request.
3565 HTTP allows repeated headers.
3566 items:
3567 description: HTTPHeader describes a custom header
3568 to be used in HTTP probes
3569 properties:
3570 name:
3571 description: The header field name
3572 type: string
3573 value:
3574 description: The header field value
3575 type: string
3576 required:
3577 - name
3578 - value
3579 type: object
3580 type: array
3581 path:
3582 description: Path to access on the HTTP server.
3583 type: string
3584 port:
3585 anyOf:
3586 - type: integer
3587 - type: string
3588 description: Name or number of the port to access
3589 on the container. Number must be in the range
3590 1 to 65535. Name must be an IANA_SVC_NAME.
3591 x-kubernetes-int-or-string: true
3592 scheme:
3593 description: Scheme to use for connecting to the
3594 host. Defaults to HTTP.
3595 type: string
3596 required:
3597 - port
3598 type: object
3599 initialDelaySeconds:
3600 description: 'Number of seconds after the container
3601 has started before liveness probes are initiated.
3602 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
3603 format: int32
3604 type: integer
3605 periodSeconds:
3606 description: How often (in seconds) to perform the probe.
3607 Default to 10 seconds. Minimum value is 1.
3608 format: int32
3609 type: integer
3610 successThreshold:
3611 description: Minimum consecutive successes for the probe
3612 to be considered successful after having failed. Defaults
3613 to 1. Must be 1 for liveness and startup. Minimum
3614 value is 1.
3615 format: int32
3616 type: integer
3617 tcpSocket:
3618 description: 'TCPSocket specifies an action involving
3619 a TCP port. TCP hooks not yet supported TODO: implement
3620 a realistic TCP lifecycle hook'
3621 properties:
3622 host:
3623 description: 'Optional: Host name to connect to,
3624 defaults to the pod IP.'
3625 type: string
3626 port:
3627 anyOf:
3628 - type: integer
3629 - type: string
3630 description: Number or name of the port to access
3631 on the container. Number must be in the range
3632 1 to 65535. Name must be an IANA_SVC_NAME.
3633 x-kubernetes-int-or-string: true
3634 required:
3635 - port
3636 type: object
3637 timeoutSeconds:
3638 description: 'Number of seconds after which the probe
3639 times out. Defaults to 1 second. Minimum value is
3640 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
3641 format: int32
3642 type: integer
3643 type: object
3644 name:
3645 description: Name of the container specified as a DNS_LABEL.
3646 Each container in a pod must have a unique name (DNS_LABEL).
3647 Cannot be updated.
3648 type: string
3649 ports:
3650 description: List of ports to expose from the container.
3651 Exposing a port here gives the system additional information
3652 about the network connections a container uses, but is
3653 primarily informational. Not specifying a port here DOES
3654 NOT prevent that port from being exposed. Any port which
3655 is listening on the default "0.0.0.0" address inside a
3656 container will be accessible from the network. Cannot
3657 be updated.
3658 items:
3659 description: ContainerPort represents a network port in
3660 a single container.
3661 properties:
3662 containerPort:
3663 description: Number of port to expose on the pod's
3664 IP address. This must be a valid port number, 0
3665 < x < 65536.
3666 format: int32
3667 type: integer
3668 hostIP:
3669 description: What host IP to bind the external port
3670 to.
3671 type: string
3672 hostPort:
3673 description: Number of port to expose on the host.
3674 If specified, this must be a valid port number,
3675 0 < x < 65536. If HostNetwork is specified, this
3676 must match ContainerPort. Most containers do not
3677 need this.
3678 format: int32
3679 type: integer
3680 name:
3681 description: If specified, this must be an IANA_SVC_NAME
3682 and unique within the pod. Each named port in a
3683 pod must have a unique name. Name for the port that
3684 can be referred to by services.
3685 type: string
3686 protocol:
3687 default: TCP
3688 description: Protocol for port. Must be UDP, TCP,
3689 or SCTP. Defaults to "TCP".
3690 type: string
3691 required:
3692 - containerPort
3693 type: object
3694 type: array
3695 x-kubernetes-list-map-keys:
3696 - containerPort
3697 - protocol
3698 x-kubernetes-list-type: map
3699 readinessProbe:
3700 description: 'Periodic probe of container service readiness.
3701 Container will be removed from service endpoints if the
3702 probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
3703 properties:
3704 exec:
3705 description: One and only one of the following should
3706 be specified. Exec specifies the action to take.
3707 properties:
3708 command:
3709 description: Command is the command line to execute
3710 inside the container, the working directory for
3711 the command is root ('/') in the container's
3712 filesystem. The command is simply exec'd, it is
3713 not run inside a shell, so traditional shell instructions
3714 ('|', etc) won't work. To use a shell, you need
3715 to explicitly call out to that shell. Exit status
3716 of 0 is treated as live/healthy and non-zero is
3717 unhealthy.
3718 items:
3719 type: string
3720 type: array
3721 type: object
3722 failureThreshold:
3723 description: Minimum consecutive failures for the probe
3724 to be considered failed after having succeeded. Defaults
3725 to 3. Minimum value is 1.
3726 format: int32
3727 type: integer
3728 httpGet:
3729 description: HTTPGet specifies the http request to perform.
3730 properties:
3731 host:
3732 description: Host name to connect to, defaults to
3733 the pod IP. You probably want to set "Host" in
3734 httpHeaders instead.
3735 type: string
3736 httpHeaders:
3737 description: Custom headers to set in the request.
3738 HTTP allows repeated headers.
3739 items:
3740 description: HTTPHeader describes a custom header
3741 to be used in HTTP probes
3742 properties:
3743 name:
3744 description: The header field name
3745 type: string
3746 value:
3747 description: The header field value
3748 type: string
3749 required:
3750 - name
3751 - value
3752 type: object
3753 type: array
3754 path:
3755 description: Path to access on the HTTP server.
3756 type: string
3757 port:
3758 anyOf:
3759 - type: integer
3760 - type: string
3761 description: Name or number of the port to access
3762 on the container. Number must be in the range
3763 1 to 65535. Name must be an IANA_SVC_NAME.
3764 x-kubernetes-int-or-string: true
3765 scheme:
3766 description: Scheme to use for connecting to the
3767 host. Defaults to HTTP.
3768 type: string
3769 required:
3770 - port
3771 type: object
3772 initialDelaySeconds:
3773 description: 'Number of seconds after the container
3774 has started before liveness probes are initiated.
3775 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
3776 format: int32
3777 type: integer
3778 periodSeconds:
3779 description: How often (in seconds) to perform the probe.
3780 Default to 10 seconds. Minimum value is 1.
3781 format: int32
3782 type: integer
3783 successThreshold:
3784 description: Minimum consecutive successes for the probe
3785 to be considered successful after having failed. Defaults
3786 to 1. Must be 1 for liveness and startup. Minimum
3787 value is 1.
3788 format: int32
3789 type: integer
3790 tcpSocket:
3791 description: 'TCPSocket specifies an action involving
3792 a TCP port. TCP hooks not yet supported TODO: implement
3793 a realistic TCP lifecycle hook'
3794 properties:
3795 host:
3796 description: 'Optional: Host name to connect to,
3797 defaults to the pod IP.'
3798 type: string
3799 port:
3800 anyOf:
3801 - type: integer
3802 - type: string
3803 description: Number or name of the port to access
3804 on the container. Number must be in the range
3805 1 to 65535. Name must be an IANA_SVC_NAME.
3806 x-kubernetes-int-or-string: true
3807 required:
3808 - port
3809 type: object
3810 timeoutSeconds:
3811 description: 'Number of seconds after which the probe
3812 times out. Defaults to 1 second. Minimum value is
3813 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
3814 format: int32
3815 type: integer
3816 type: object
3817 resources:
3818 description: 'Compute Resources required by this container.
3819 Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
3820 properties:
3821 limits:
3822 additionalProperties:
3823 anyOf:
3824 - type: integer
3825 - type: string
3826 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
3827 x-kubernetes-int-or-string: true
3828 description: 'Limits describes the maximum amount of
3829 compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
3830 type: object
3831 requests:
3832 additionalProperties:
3833 anyOf:
3834 - type: integer
3835 - type: string
3836 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
3837 x-kubernetes-int-or-string: true
3838 description: 'Requests describes the minimum amount
3839 of compute resources required. If Requests is omitted
3840 for a container, it defaults to Limits if that is
3841 explicitly specified, otherwise to an implementation-defined
3842 value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
3843 type: object
3844 type: object
3845 securityContext:
3846 description: 'Security options the pod should run with.
3847 More info: https://kubernetes.io/docs/concepts/policy/security-context/
3848 More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
3849 properties:
3850 allowPrivilegeEscalation:
3851 description: 'AllowPrivilegeEscalation controls whether
3852 a process can gain more privileges than its parent
3853 process. This bool directly controls if the no_new_privs
3854 flag will be set on the container process. AllowPrivilegeEscalation
3855 is true always when the container is: 1) run as Privileged
3856 2) has CAP_SYS_ADMIN'
3857 type: boolean
3858 capabilities:
3859 description: The capabilities to add/drop when running
3860 containers. Defaults to the default set of capabilities
3861 granted by the container runtime.
3862 properties:
3863 add:
3864 description: Added capabilities
3865 items:
3866 description: Capability represent POSIX capabilities
3867 type
3868 type: string
3869 type: array
3870 drop:
3871 description: Removed capabilities
3872 items:
3873 description: Capability represent POSIX capabilities
3874 type
3875 type: string
3876 type: array
3877 type: object
3878 privileged:
3879 description: Run container in privileged mode. Processes
3880 in privileged containers are essentially equivalent
3881 to root on the host. Defaults to false.
3882 type: boolean
3883 procMount:
3884 description: procMount denotes the type of proc mount
3885 to use for the containers. The default is DefaultProcMount
3886 which uses the container runtime defaults for readonly
3887 paths and masked paths. This requires the ProcMountType
3888 feature flag to be enabled.
3889 type: string
3890 readOnlyRootFilesystem:
3891 description: Whether this container has a read-only
3892 root filesystem. Default is false.
3893 type: boolean
3894 runAsGroup:
3895 description: The GID to run the entrypoint of the container
3896 process. Uses runtime default if unset. May also be
3897 set in PodSecurityContext. If set in both SecurityContext
3898 and PodSecurityContext, the value specified in SecurityContext
3899 takes precedence.
3900 format: int64
3901 type: integer
3902 runAsNonRoot:
3903 description: Indicates that the container must run as
3904 a non-root user. If true, the Kubelet will validate
3905 the image at runtime to ensure that it does not run
3906 as UID 0 (root) and fail to start the container if
3907 it does. If unset or false, no such validation will
3908 be performed. May also be set in PodSecurityContext. If
3909 set in both SecurityContext and PodSecurityContext,
3910 the value specified in SecurityContext takes precedence.
3911 type: boolean
3912 runAsUser:
3913 description: The UID to run the entrypoint of the container
3914 process. Defaults to user specified in image metadata
3915 if unspecified. May also be set in PodSecurityContext. If
3916 set in both SecurityContext and PodSecurityContext,
3917 the value specified in SecurityContext takes precedence.
3918 format: int64
3919 type: integer
3920 seLinuxOptions:
3921 description: The SELinux context to be applied to the
3922 container. If unspecified, the container runtime will
3923 allocate a random SELinux context for each container. May
3924 also be set in PodSecurityContext. If set in both
3925 SecurityContext and PodSecurityContext, the value
3926 specified in SecurityContext takes precedence.
3927 properties:
3928 level:
3929 description: Level is SELinux level label that applies
3930 to the container.
3931 type: string
3932 role:
3933 description: Role is a SELinux role label that applies
3934 to the container.
3935 type: string
3936 type:
3937 description: Type is a SELinux type label that applies
3938 to the container.
3939 type: string
3940 user:
3941 description: User is a SELinux user label that applies
3942 to the container.
3943 type: string
3944 type: object
3945 windowsOptions:
3946 description: The Windows specific settings applied to
3947 all containers. If unspecified, the options from the
3948 PodSecurityContext will be used. If set in both SecurityContext
3949 and PodSecurityContext, the value specified in SecurityContext
3950 takes precedence.
3951 properties:
3952 gmsaCredentialSpec:
3953 description: GMSACredentialSpec is where the GMSA
3954 admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
3955 inlines the contents of the GMSA credential spec
3956 named by the GMSACredentialSpecName field.
3957 type: string
3958 gmsaCredentialSpecName:
3959 description: GMSACredentialSpecName is the name
3960 of the GMSA credential spec to use.
3961 type: string
3962 runAsUserName:
3963 description: The UserName in Windows to run the
3964 entrypoint of the container process. Defaults
3965 to the user specified in image metadata if unspecified.
3966 May also be set in PodSecurityContext. If set
3967 in both SecurityContext and PodSecurityContext,
3968 the value specified in SecurityContext takes precedence.
3969 type: string
3970 type: object
3971 type: object
3972 startupProbe:
3973 description: 'StartupProbe indicates that the Pod has successfully
3974 initialized. If specified, no other probes are executed
3975 until this completes successfully. If this probe fails,
3976 the Pod will be restarted, just as if the livenessProbe
3977 failed. This can be used to provide different probe parameters
3978 at the beginning of a Pod''s lifecycle, when it might
3979 take a long time to load data or warm a cache, than during
3980 steady-state operation. This cannot be updated. This is
3981 a beta feature enabled by the StartupProbe feature flag.
3982 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
3983 properties:
3984 exec:
3985 description: One and only one of the following should
3986 be specified. Exec specifies the action to take.
3987 properties:
3988 command:
3989 description: Command is the command line to execute
3990 inside the container, the working directory for
3991 the command is root ('/') in the container's
3992 filesystem. The command is simply exec'd, it is
3993 not run inside a shell, so traditional shell instructions
3994 ('|', etc) won't work. To use a shell, you need
3995 to explicitly call out to that shell. Exit status
3996 of 0 is treated as live/healthy and non-zero is
3997 unhealthy.
3998 items:
3999 type: string
4000 type: array
4001 type: object
4002 failureThreshold:
4003 description: Minimum consecutive failures for the probe
4004 to be considered failed after having succeeded. Defaults
4005 to 3. Minimum value is 1.
4006 format: int32
4007 type: integer
4008 httpGet:
4009 description: HTTPGet specifies the http request to perform.
4010 properties:
4011 host:
4012 description: Host name to connect to, defaults to
4013 the pod IP. You probably want to set "Host" in
4014 httpHeaders instead.
4015 type: string
4016 httpHeaders:
4017 description: Custom headers to set in the request.
4018 HTTP allows repeated headers.
4019 items:
4020 description: HTTPHeader describes a custom header
4021 to be used in HTTP probes
4022 properties:
4023 name:
4024 description: The header field name
4025 type: string
4026 value:
4027 description: The header field value
4028 type: string
4029 required:
4030 - name
4031 - value
4032 type: object
4033 type: array
4034 path:
4035 description: Path to access on the HTTP server.
4036 type: string
4037 port:
4038 anyOf:
4039 - type: integer
4040 - type: string
4041 description: Name or number of the port to access
4042 on the container. Number must be in the range
4043 1 to 65535. Name must be an IANA_SVC_NAME.
4044 x-kubernetes-int-or-string: true
4045 scheme:
4046 description: Scheme to use for connecting to the
4047 host. Defaults to HTTP.
4048 type: string
4049 required:
4050 - port
4051 type: object
4052 initialDelaySeconds:
4053 description: 'Number of seconds after the container
4054 has started before liveness probes are initiated.
4055 More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
4056 format: int32
4057 type: integer
4058 periodSeconds:
4059 description: How often (in seconds) to perform the probe.
4060 Default to 10 seconds. Minimum value is 1.
4061 format: int32
4062 type: integer
4063 successThreshold:
4064 description: Minimum consecutive successes for the probe
4065 to be considered successful after having failed. Defaults
4066 to 1. Must be 1 for liveness and startup. Minimum
4067 value is 1.
4068 format: int32
4069 type: integer
4070 tcpSocket:
4071 description: 'TCPSocket specifies an action involving
4072 a TCP port. TCP hooks not yet supported TODO: implement
4073 a realistic TCP lifecycle hook'
4074 properties:
4075 host:
4076 description: 'Optional: Host name to connect to,
4077 defaults to the pod IP.'
4078 type: string
4079 port:
4080 anyOf:
4081 - type: integer
4082 - type: string
4083 description: Number or name of the port to access
4084 on the container. Number must be in the range
4085 1 to 65535. Name must be an IANA_SVC_NAME.
4086 x-kubernetes-int-or-string: true
4087 required:
4088 - port
4089 type: object
4090 timeoutSeconds:
4091 description: 'Number of seconds after which the probe
4092 times out. Defaults to 1 second. Minimum value is
4093 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
4094 format: int32
4095 type: integer
4096 type: object
4097 stdin:
4098 description: Whether this container should allocate a buffer
4099 for stdin in the container runtime. If this is not set,
4100 reads from stdin in the container will always result in
4101 EOF. Default is false.
4102 type: boolean
4103 stdinOnce:
4104 description: Whether the container runtime should close
4105 the stdin channel after it has been opened by a single
4106 attach. When stdin is true the stdin stream will remain
4107 open across multiple attach sessions. If stdinOnce is
4108 set to true, stdin is opened on container start, is empty
4109 until the first client attaches to stdin, and then remains
4110 open and accepts data until the client disconnects, at
4111 which time stdin is closed and remains closed until the
4112 container is restarted. If this flag is false, a container
4113 processes that reads from stdin will never receive an
4114 EOF. Default is false
4115 type: boolean
4116 terminationMessagePath:
4117 description: 'Optional: Path at which the file to which
4118 the container''s termination message will be written is
4119 mounted into the container''s filesystem. Message written
4120 is intended to be brief final status, such as an assertion
4121 failure message. Will be truncated by the node if greater
4122 than 4096 bytes. The total message length across all containers
4123 will be limited to 12kb. Defaults to /dev/termination-log.
4124 Cannot be updated.'
4125 type: string
4126 terminationMessagePolicy:
4127 description: Indicate how the termination message should
4128 be populated. File will use the contents of terminationMessagePath
4129 to populate the container status message on both success
4130 and failure. FallbackToLogsOnError will use the last chunk
4131 of container log output if the termination message file
4132 is empty and the container exited with an error. The log
4133 output is limited to 2048 bytes or 80 lines, whichever
4134 is smaller. Defaults to File. Cannot be updated.
4135 type: string
4136 tty:
4137 description: Whether this container should allocate a TTY
4138 for itself, also requires 'stdin' to be true. Default
4139 is false.
4140 type: boolean
4141 volumeDevices:
4142 description: volumeDevices is the list of block devices
4143 to be used by the container.
4144 items:
4145 description: volumeDevice describes a mapping of a raw
4146 block device within a container.
4147 properties:
4148 devicePath:
4149 description: devicePath is the path inside of the
4150 container that the device will be mapped to.
4151 type: string
4152 name:
4153 description: name must match the name of a persistentVolumeClaim
4154 in the pod
4155 type: string
4156 required:
4157 - devicePath
4158 - name
4159 type: object
4160 type: array
4161 x-kubernetes-list-map-keys:
4162 - devicePath
4163 x-kubernetes-list-type: map
4164 volumeMounts:
4165 description: Pod volumes to mount into the container's filesystem.
4166 Cannot be updated.
4167 items:
4168 description: VolumeMount describes a mounting of a Volume
4169 within a container.
4170 properties:
4171 mountPath:
4172 description: Path within the container at which the
4173 volume should be mounted. Must not contain ':'.
4174 type: string
4175 mountPropagation:
4176 description: mountPropagation determines how mounts
4177 are propagated from the host to container and the
4178 other way around. When not set, MountPropagationNone
4179 is used. This field is beta in 1.10.
4180 type: string
4181 name:
4182 description: This must match the Name of a Volume.
4183 type: string
4184 readOnly:
4185 description: Mounted read-only if true, read-write
4186 otherwise (false or unspecified). Defaults to false.
4187 type: boolean
4188 subPath:
4189 description: Path within the volume from which the
4190 container's volume should be mounted. Defaults to
4191 "" (volume's root).
4192 type: string
4193 subPathExpr:
4194 description: Expanded path within the volume from
4195 which the container's volume should be mounted.
4196 Behaves similarly to SubPath but environment variable
4197 references $(VAR_NAME) are expanded using the container's
4198 environment. Defaults to "" (volume's root). SubPathExpr
4199 and SubPath are mutually exclusive.
4200 type: string
4201 required:
4202 - mountPath
4203 - name
4204 type: object
4205 type: array
4206 x-kubernetes-list-map-keys:
4207 - mountPath
4208 x-kubernetes-list-type: map
4209 workingDir:
4210 description: Container's working directory. If not specified,
4211 the container runtime's default will be used, which might
4212 be configured in the container image. Cannot be updated.
4213 type: string
4214 required:
4215 - name
4216 type: object
4217 type: array
4218 x-kubernetes-list-map-keys:
4219 - name
4220 x-kubernetes-list-type: map
4221 nodeName:
4222 description: NodeName is a request to schedule this pod onto a
4223 specific node. If it is non-empty, the scheduler simply schedules
4224 this pod onto that node, assuming that it fits resource requirements.
4225 type: string
4226 nodeSelector:
4227 additionalProperties:
4228 type: string
4229 description: 'NodeSelector is a selector which must be true for
4230 the pod to fit on a node. Selector which must match a node''s
4231 labels for the pod to be scheduled on that node. More info:
4232 https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
4233 type: object
4234 overhead:
4235 additionalProperties:
4236 anyOf:
4237 - type: integer
4238 - type: string
4239 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
4240 x-kubernetes-int-or-string: true
4241 description: 'Overhead represents the resource overhead associated
4242 with running a pod for a given RuntimeClass. This field will
4243 be autopopulated at admission time by the RuntimeClass admission
4244 controller. If the RuntimeClass admission controller is enabled,
4245 overhead must not be set in Pod create requests. The RuntimeClass
4246 admission controller will reject Pod create requests which have
4247 the overhead already set. If RuntimeClass is configured and
4248 selected in the PodSpec, Overhead will be set to the value defined
4249 in the corresponding RuntimeClass, otherwise it will remain
4250 unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md
4251 This field is alpha-level as of Kubernetes v1.16, and is only
4252 honored by servers that enable the PodOverhead feature.'
4253 type: object
4254 preemptionPolicy:
4255 description: PreemptionPolicy is the Policy for preempting pods
4256 with lower priority. One of Never, PreemptLowerPriority. Defaults
4257 to PreemptLowerPriority if unset. This field is alpha-level
4258 and is only honored by servers that enable the NonPreemptingPriority
4259 feature.
4260 type: string
4261 priority:
4262 description: The priority value. Various system components use
4263 this field to find the priority of the pod. When Priority Admission
4264 Controller is enabled, it prevents users from setting this field.
4265 The admission controller populates this field from PriorityClassName.
4266 The higher the value, the higher the priority.
4267 format: int32
4268 type: integer
4269 priorityClassName:
4270 description: If specified, indicates the pod's priority. "system-node-critical"
4271 and "system-cluster-critical" are two special keywords which
4272 indicate the highest priorities with the former being the highest
4273 priority. Any other name must be defined by creating a PriorityClass
4274 object with that name. If not specified, the pod priority will
4275 be default or zero if there is no default.
4276 type: string
4277 readinessGates:
4278 description: 'If specified, all readiness gates will be evaluated
4279 for pod readiness. A pod is ready when all its containers are
4280 ready AND all conditions specified in the readiness gates have
4281 status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md'
4282 items:
4283 description: PodReadinessGate contains the reference to a pod
4284 condition
4285 properties:
4286 conditionType:
4287 description: ConditionType refers to a condition in the
4288 pod's condition list with matching type.
4289 type: string
4290 required:
4291 - conditionType
4292 type: object
4293 type: array
4294 restartPolicy:
4295 description: 'Restart policy for all containers within the pod.
4296 One of Always, OnFailure, Never. Default to Always. More info:
4297 https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
4298 type: string
4299 runtimeClassName:
4300 description: 'RuntimeClassName refers to a RuntimeClass object
4301 in the node.k8s.io group, which should be used to run this pod. If
4302 no RuntimeClass resource matches the named class, the pod will
4303 not be run. If unset or empty, the "legacy" RuntimeClass will
4304 be used, which is an implicit class with an empty definition
4305 that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md
4306 This is a beta feature as of Kubernetes v1.14.'
4307 type: string
4308 schedulerName:
4309 description: If specified, the pod will be dispatched by specified
4310 scheduler. If not specified, the pod will be dispatched by default
4311 scheduler.
4312 type: string
4313 securityContext:
4314 description: 'SecurityContext holds pod-level security attributes
4315 and common container settings. Optional: Defaults to empty. See
4316 type description for default values of each field.'
4317 properties:
4318 fsGroup:
4319 description: "A special supplemental group that applies to
4320 all containers in a pod. Some volume types allow the Kubelet
4321 to change the ownership of that volume to be owned by the
4322 pod: \n 1. The owning GID will be the FSGroup 2. The setgid
4323 bit is set (new files created in the volume will be owned
4324 by FSGroup) 3. The permission bits are OR'd with rw-rw----
4325 \n If unset, the Kubelet will not modify the ownership and
4326 permissions of any volume."
4327 format: int64
4328 type: integer
4329 fsGroupChangePolicy:
4330 description: 'fsGroupChangePolicy defines behavior of changing
4331 ownership and permission of the volume before being exposed
4332 inside Pod. This field will only apply to volume types which
4333 support fsGroup based ownership(and permissions). It will
4334 have no effect on ephemeral volume types such as: secret,
4335 configmaps and emptydir. Valid values are "OnRootMismatch"
4336 and "Always". If not specified defaults to "Always".'
4337 type: string
4338 runAsGroup:
4339 description: The GID to run the entrypoint of the container
4340 process. Uses runtime default if unset. May also be set
4341 in SecurityContext. If set in both SecurityContext and
4342 PodSecurityContext, the value specified in SecurityContext
4343 takes precedence for that container.
4344 format: int64
4345 type: integer
4346 runAsNonRoot:
4347 description: Indicates that the container must run as a non-root
4348 user. If true, the Kubelet will validate the image at runtime
4349 to ensure that it does not run as UID 0 (root) and fail
4350 to start the container if it does. If unset or false, no
4351 such validation will be performed. May also be set in SecurityContext. If
4352 set in both SecurityContext and PodSecurityContext, the
4353 value specified in SecurityContext takes precedence.
4354 type: boolean
4355 runAsUser:
4356 description: The UID to run the entrypoint of the container
4357 process. Defaults to user specified in image metadata if
4358 unspecified. May also be set in SecurityContext. If set
4359 in both SecurityContext and PodSecurityContext, the value
4360 specified in SecurityContext takes precedence for that container.
4361 format: int64
4362 type: integer
4363 seLinuxOptions:
4364 description: The SELinux context to be applied to all containers.
4365 If unspecified, the container runtime will allocate a random
4366 SELinux context for each container. May also be set in
4367 SecurityContext. If set in both SecurityContext and PodSecurityContext,
4368 the value specified in SecurityContext takes precedence
4369 for that container.
4370 properties:
4371 level:
4372 description: Level is SELinux level label that applies
4373 to the container.
4374 type: string
4375 role:
4376 description: Role is a SELinux role label that applies
4377 to the container.
4378 type: string
4379 type:
4380 description: Type is a SELinux type label that applies
4381 to the container.
4382 type: string
4383 user:
4384 description: User is a SELinux user label that applies
4385 to the container.
4386 type: string
4387 type: object
4388 supplementalGroups:
4389 description: A list of groups applied to the first process
4390 run in each container, in addition to the container's primary
4391 GID. If unspecified, no groups will be added to any container.
4392 items:
4393 format: int64
4394 type: integer
4395 type: array
4396 sysctls:
4397 description: Sysctls hold a list of namespaced sysctls used
4398 for the pod. Pods with unsupported sysctls (by the container
4399 runtime) might fail to launch.
4400 items:
4401 description: Sysctl defines a kernel parameter to be set
4402 properties:
4403 name:
4404 description: Name of a property to set
4405 type: string
4406 value:
4407 description: Value of a property to set
4408 type: string
4409 required:
4410 - name
4411 - value
4412 type: object
4413 type: array
4414 windowsOptions:
4415 description: The Windows specific settings applied to all
4416 containers. If unspecified, the options within a container's
4417 SecurityContext will be used. If set in both SecurityContext
4418 and PodSecurityContext, the value specified in SecurityContext
4419 takes precedence.
4420 properties:
4421 gmsaCredentialSpec:
4422 description: GMSACredentialSpec is where the GMSA admission
4423 webhook (https://github.com/kubernetes-sigs/windows-gmsa)
4424 inlines the contents of the GMSA credential spec named
4425 by the GMSACredentialSpecName field.
4426 type: string
4427 gmsaCredentialSpecName:
4428 description: GMSACredentialSpecName is the name of the
4429 GMSA credential spec to use.
4430 type: string
4431 runAsUserName:
4432 description: The UserName in Windows to run the entrypoint
4433 of the container process. Defaults to the user specified
4434 in image metadata if unspecified. May also be set in
4435 PodSecurityContext. If set in both SecurityContext and
4436 PodSecurityContext, the value specified in SecurityContext
4437 takes precedence.
4438 type: string
4439 type: object
4440 type: object
4441 serviceAccount:
4442 description: 'DeprecatedServiceAccount is a depreciated alias
4443 for ServiceAccountName. Deprecated: Use serviceAccountName instead.'
4444 type: string
4445 serviceAccountName:
4446 description: 'ServiceAccountName is the name of the ServiceAccount
4447 to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/'
4448 type: string
4449 shareProcessNamespace:
4450 description: 'Share a single process namespace between all of
4451 the containers in a pod. When this is set containers will be
4452 able to view and signal processes from other containers in the
4453 same pod, and the first process in each container will not be
4454 assigned PID 1. HostPID and ShareProcessNamespace cannot both
4455 be set. Optional: Default to false.'
4456 type: boolean
4457 subdomain:
4458 description: If specified, the fully qualified Pod hostname will
4459 be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>".
4460 If not specified, the pod will not have a domainname at all.
4461 type: string
4462 terminationGracePeriodSeconds:
4463 description: Optional duration in seconds the pod needs to terminate
4464 gracefully. May be decreased in delete request. Value must be
4465 non-negative integer. The value zero indicates delete immediately.
4466 If this value is nil, the default grace period will be used
4467 instead. The grace period is the duration in seconds after the
4468 processes running in the pod are sent a termination signal and
4469 the time when the processes are forcibly halted with a kill
4470 signal. Set this value longer than the expected cleanup time
4471 for your process. Defaults to 30 seconds.
4472 format: int64
4473 type: integer
4474 tolerations:
4475 description: If specified, the pod's tolerations.
4476 items:
4477 description: The pod this Toleration is attached to tolerates
4478 any taint that matches the triple <key,value,effect> using
4479 the matching operator <operator>.
4480 properties:
4481 effect:
4482 description: Effect indicates the taint effect to match.
4483 Empty means match all taint effects. When specified, allowed
4484 values are NoSchedule, PreferNoSchedule and NoExecute.
4485 type: string
4486 key:
4487 description: Key is the taint key that the toleration applies
4488 to. Empty means match all taint keys. If the key is empty,
4489 operator must be Exists; this combination means to match
4490 all values and all keys.
4491 type: string
4492 operator:
4493 description: Operator represents a key's relationship to
4494 the value. Valid operators are Exists and Equal. Defaults
4495 to Equal. Exists is equivalent to wildcard for value,
4496 so that a pod can tolerate all taints of a particular
4497 category.
4498 type: string
4499 tolerationSeconds:
4500 description: TolerationSeconds represents the period of
4501 time the toleration (which must be of effect NoExecute,
4502 otherwise this field is ignored) tolerates the taint.
4503 By default, it is not set, which means tolerate the taint
4504 forever (do not evict). Zero and negative values will
4505 be treated as 0 (evict immediately) by the system.
4506 format: int64
4507 type: integer
4508 value:
4509 description: Value is the taint value the toleration matches
4510 to. If the operator is Exists, the value should be empty,
4511 otherwise just a regular string.
4512 type: string
4513 type: object
4514 type: array
4515 topologySpreadConstraints:
4516 description: TopologySpreadConstraints describes how a group of
4517 pods ought to spread across topology domains. Scheduler will
4518 schedule pods in a way which abides by the constraints. This
4519 field is only honored by clusters that enable the EvenPodsSpread
4520 feature. All topologySpreadConstraints are ANDed.
4521 items:
4522 description: TopologySpreadConstraint specifies how to spread
4523 matching pods among the given topology.
4524 properties:
4525 labelSelector:
4526 description: LabelSelector is used to find matching pods.
4527 Pods that match this label selector are counted to determine
4528 the number of pods in their corresponding topology domain.
4529 properties:
4530 matchExpressions:
4531 description: matchExpressions is a list of label selector
4532 requirements. The requirements are ANDed.
4533 items:
4534 description: A label selector requirement is a selector
4535 that contains values, a key, and an operator that
4536 relates the key and values.
4537 properties:
4538 key:
4539 description: key is the label key that the selector
4540 applies to.
4541 type: string
4542 operator:
4543 description: operator represents a key's relationship
4544 to a set of values. Valid operators are In,
4545 NotIn, Exists and DoesNotExist.
4546 type: string
4547 values:
4548 description: values is an array of string values.
4549 If the operator is In or NotIn, the values array
4550 must be non-empty. If the operator is Exists
4551 or DoesNotExist, the values array must be empty.
4552 This array is replaced during a strategic merge
4553 patch.
4554 items:
4555 type: string
4556 type: array
4557 required:
4558 - key
4559 - operator
4560 type: object
4561 type: array
4562 matchLabels:
4563 additionalProperties:
4564 type: string
4565 description: matchLabels is a map of {key,value} pairs.
4566 A single {key,value} in the matchLabels map is equivalent
4567 to an element of matchExpressions, whose key field
4568 is "key", the operator is "In", and the values array
4569 contains only "value". The requirements are ANDed.
4570 type: object
4571 type: object
4572 maxSkew:
4573 description: 'MaxSkew describes the degree to which pods
4574 may be unevenly distributed. It''s the maximum permitted
4575 difference between the number of matching pods in any
4576 two topology domains of a given topology type. For example,
4577 in a 3-zone cluster, MaxSkew is set to 1, and pods with
4578 the same labelSelector spread as 1/1/0: | zone1 | zone2
4579 | zone3 | | P | P | | - if MaxSkew is 1,
4580 incoming pod can only be scheduled to zone3 to become
4581 1/1/1; scheduling it onto zone1(zone2) would make the
4582 ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). -
4583 if MaxSkew is 2, incoming pod can be scheduled onto any
4584 zone. It''s a required field. Default value is 1 and 0
4585 is not allowed.'
4586 format: int32
4587 type: integer
4588 topologyKey:
4589 description: TopologyKey is the key of node labels. Nodes
4590 that have a label with this key and identical values are
4591 considered to be in the same topology. We consider each
4592 <key, value> as a "bucket", and try to put balanced number
4593 of pods into each bucket. It's a required field.
4594 type: string
4595 whenUnsatisfiable:
4596 description: 'WhenUnsatisfiable indicates how to deal with
4597 a pod if it doesn''t satisfy the spread constraint. -
4598 DoNotSchedule (default) tells the scheduler not to schedule
4599 it - ScheduleAnyway tells the scheduler to still schedule
4600 it It''s considered as "Unsatisfiable" if and only if
4601 placing incoming pod on any topology violates "MaxSkew".
4602 For example, in a 3-zone cluster, MaxSkew is set to 1,
4603 and pods with the same labelSelector spread as 3/1/1:
4604 | zone1 | zone2 | zone3 | | P P P | P | P | If
4605 WhenUnsatisfiable is set to DoNotSchedule, incoming pod
4606 can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2)
4607 as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1).
4608 In other words, the cluster can still be imbalanced, but
4609 scheduler won''t make it *more* imbalanced. It''s a required
4610 field.'
4611 type: string
4612 required:
4613 - maxSkew
4614 - topologyKey
4615 - whenUnsatisfiable
4616 type: object
4617 type: array
4618 x-kubernetes-list-map-keys:
4619 - topologyKey
4620 - whenUnsatisfiable
4621 x-kubernetes-list-type: map
4622 volumes:
4623 description: 'List of volumes that can be mounted by containers
4624 belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
4625 items:
4626 description: Volume represents a named volume in a pod that
4627 may be accessed by any container in the pod.
4628 properties:
4629 awsElasticBlockStore:
4630 description: 'AWSElasticBlockStore represents an AWS Disk
4631 resource that is attached to a kubelet''s host machine
4632 and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
4633 properties:
4634 fsType:
4635 description: 'Filesystem type of the volume that you
4636 want to mount. Tip: Ensure that the filesystem type
4637 is supported by the host operating system. Examples:
4638 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
4639 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
4640 TODO: how do we prevent errors in the filesystem from
4641 compromising the machine'
4642 type: string
4643 partition:
4644 description: 'The partition in the volume that you want
4645 to mount. If omitted, the default is to mount by volume
4646 name. Examples: For volume /dev/sda1, you specify
4647 the partition as "1". Similarly, the volume partition
4648 for /dev/sda is "0" (or you can leave the property
4649 empty).'
4650 format: int32
4651 type: integer
4652 readOnly:
4653 description: 'Specify "true" to force and set the ReadOnly
4654 property in VolumeMounts to "true". If omitted, the
4655 default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
4656 type: boolean
4657 volumeID:
4658 description: 'Unique ID of the persistent disk resource
4659 in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
4660 type: string
4661 required:
4662 - volumeID
4663 type: object
4664 azureDisk:
4665 description: AzureDisk represents an Azure Data Disk mount
4666 on the host and bind mount to the pod.
4667 properties:
4668 cachingMode:
4669 description: 'Host Caching mode: None, Read Only, Read
4670 Write.'
4671 type: string
4672 diskName:
4673 description: The Name of the data disk in the blob storage
4674 type: string
4675 diskURI:
4676 description: The URI the data disk in the blob storage
4677 type: string
4678 fsType:
4679 description: Filesystem type to mount. Must be a filesystem
4680 type supported by the host operating system. Ex. "ext4",
4681 "xfs", "ntfs". Implicitly inferred to be "ext4" if
4682 unspecified.
4683 type: string
4684 kind:
4685 description: 'Expected values Shared: multiple blob
4686 disks per storage account Dedicated: single blob
4687 disk per storage account Managed: azure managed data
4688 disk (only in managed availability set). defaults
4689 to shared'
4690 type: string
4691 readOnly:
4692 description: Defaults to false (read/write). ReadOnly
4693 here will force the ReadOnly setting in VolumeMounts.
4694 type: boolean
4695 required:
4696 - diskName
4697 - diskURI
4698 type: object
4699 azureFile:
4700 description: AzureFile represents an Azure File Service
4701 mount on the host and bind mount to the pod.
4702 properties:
4703 readOnly:
4704 description: Defaults to false (read/write). ReadOnly
4705 here will force the ReadOnly setting in VolumeMounts.
4706 type: boolean
4707 secretName:
4708 description: the name of secret that contains Azure
4709 Storage Account Name and Key
4710 type: string
4711 shareName:
4712 description: Share Name
4713 type: string
4714 required:
4715 - secretName
4716 - shareName
4717 type: object
4718 cephfs:
4719 description: CephFS represents a Ceph FS mount on the host
4720 that shares a pod's lifetime
4721 properties:
4722 monitors:
4723 description: 'Required: Monitors is a collection of
4724 Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
4725 items:
4726 type: string
4727 type: array
4728 path:
4729 description: 'Optional: Used as the mounted root, rather
4730 than the full Ceph tree, default is /'
4731 type: string
4732 readOnly:
4733 description: 'Optional: Defaults to false (read/write).
4734 ReadOnly here will force the ReadOnly setting in VolumeMounts.
4735 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
4736 type: boolean
4737 secretFile:
4738 description: 'Optional: SecretFile is the path to key
4739 ring for User, default is /etc/ceph/user.secret More
4740 info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
4741 type: string
4742 secretRef:
4743 description: 'Optional: SecretRef is reference to the
4744 authentication secret for User, default is empty.
4745 More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
4746 properties:
4747 name:
4748 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
4749 TODO: Add other useful fields. apiVersion, kind,
4750 uid?'
4751 type: string
4752 required:
4753 - name
4754 type: object
4755 user:
4756 description: 'Optional: User is the rados user name,
4757 default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
4758 type: string
4759 required:
4760 - monitors
4761 type: object
4762 cinder:
4763 description: 'Cinder represents a cinder volume attached
4764 and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
4765 properties:
4766 fsType:
4767 description: 'Filesystem type to mount. Must be a filesystem
4768 type supported by the host operating system. Examples:
4769 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
4770 if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
4771 type: string
4772 readOnly:
4773 description: 'Optional: Defaults to false (read/write).
4774 ReadOnly here will force the ReadOnly setting in VolumeMounts.
4775 More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
4776 type: boolean
4777 secretRef:
4778 description: 'Optional: points to a secret object containing
4779 parameters used to connect to OpenStack.'
4780 properties:
4781 name:
4782 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
4783 TODO: Add other useful fields. apiVersion, kind,
4784 uid?'
4785 type: string
4786 required:
4787 - name
4788 type: object
4789 volumeID:
4790 description: 'volume id used to identify the volume
4791 in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
4792 type: string
4793 required:
4794 - volumeID
4795 type: object
4796 configMap:
4797 description: ConfigMap represents a configMap that should
4798 populate this volume
4799 properties:
4800 defaultMode:
4801 description: 'Optional: mode bits to use on created
4802 files by default. Must be a value between 0 and 0777.
4803 Defaults to 0644. Directories within the path are
4804 not affected by this setting. This might be in conflict
4805 with other options that affect the file mode, like
4806 fsGroup, and the result can be other mode bits set.'
4807 format: int32
4808 type: integer
4809 items:
4810 description: If unspecified, each key-value pair in
4811 the Data field of the referenced ConfigMap will be
4812 projected into the volume as a file whose name is
4813 the key and content is the value. If specified, the
4814 listed keys will be projected into the specified paths,
4815 and unlisted keys will not be present. If a key is
4816 specified which is not present in the ConfigMap, the
4817 volume setup will error unless it is marked optional.
4818 Paths must be relative and may not contain the '..'
4819 path or start with '..'.
4820 items:
4821 description: Maps a string key to a path within a
4822 volume.
4823 properties:
4824 key:
4825 description: The key to project.
4826 type: string
4827 mode:
4828 description: 'Optional: mode bits to use on this
4829 file, must be a value between 0 and 0777. If
4830 not specified, the volume defaultMode will be
4831 used. This might be in conflict with other options
4832 that affect the file mode, like fsGroup, and
4833 the result can be other mode bits set.'
4834 format: int32
4835 type: integer
4836 path:
4837 description: The relative path of the file to
4838 map the key to. May not be an absolute path.
4839 May not contain the path element '..'. May not
4840 start with the string '..'.
4841 type: string
4842 required:
4843 - key
4844 - path
4845 type: object
4846 type: array
4847 name:
4848 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
4849 TODO: Add other useful fields. apiVersion, kind, uid?'
4850 type: string
4851 optional:
4852 description: Specify whether the ConfigMap or its keys
4853 must be defined
4854 type: boolean
4855 required:
4856 - name
4857 type: object
4858 csi:
4859 description: CSI (Container Storage Interface) represents
4860 storage that is handled by an external CSI driver (Alpha
4861 feature).
4862 properties:
4863 driver:
4864 description: Driver is the name of the CSI driver that
4865 handles this volume. Consult with your admin for the
4866 correct name as registered in the cluster.
4867 type: string
4868 fsType:
4869 description: Filesystem type to mount. Ex. "ext4", "xfs",
4870 "ntfs". If not provided, the empty value is passed
4871 to the associated CSI driver which will determine
4872 the default filesystem to apply.
4873 type: string
4874 nodePublishSecretRef:
4875 description: NodePublishSecretRef is a reference to
4876 the secret object containing sensitive information
4877 to pass to the CSI driver to complete the CSI NodePublishVolume
4878 and NodeUnpublishVolume calls. This field is optional,
4879 and may be empty if no secret is required. If the
4880 secret object contains more than one secret, all secret
4881 references are passed.
4882 properties:
4883 name:
4884 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
4885 TODO: Add other useful fields. apiVersion, kind,
4886 uid?'
4887 type: string
4888 required:
4889 - name
4890 type: object
4891 readOnly:
4892 description: Specifies a read-only configuration for
4893 the volume. Defaults to false (read/write).
4894 type: boolean
4895 volumeAttributes:
4896 additionalProperties:
4897 type: string
4898 description: VolumeAttributes stores driver-specific
4899 properties that are passed to the CSI driver. Consult
4900 your driver's documentation for supported values.
4901 type: object
4902 required:
4903 - driver
4904 type: object
4905 downwardAPI:
4906 description: DownwardAPI represents downward API about the
4907 pod that should populate this volume
4908 properties:
4909 defaultMode:
4910 description: 'Optional: mode bits to use on created
4911 files by default. Must be a value between 0 and 0777.
4912 Defaults to 0644. Directories within the path are
4913 not affected by this setting. This might be in conflict
4914 with other options that affect the file mode, like
4915 fsGroup, and the result can be other mode bits set.'
4916 format: int32
4917 type: integer
4918 items:
4919 description: Items is a list of downward API volume
4920 file
4921 items:
4922 description: DownwardAPIVolumeFile represents information
4923 to create the file containing the pod field
4924 properties:
4925 fieldRef:
4926 description: 'Required: Selects a field of the
4927 pod: only annotations, labels, name and namespace
4928 are supported.'
4929 properties:
4930 apiVersion:
4931 description: Version of the schema the FieldPath
4932 is written in terms of, defaults to "v1".
4933 type: string
4934 fieldPath:
4935 description: Path of the field to select in
4936 the specified API version.
4937 type: string
4938 required:
4939 - fieldPath
4940 type: object
4941 mode:
4942 description: 'Optional: mode bits to use on this
4943 file, must be a value between 0 and 0777. If
4944 not specified, the volume defaultMode will be
4945 used. This might be in conflict with other options
4946 that affect the file mode, like fsGroup, and
4947 the result can be other mode bits set.'
4948 format: int32
4949 type: integer
4950 path:
4951 description: 'Required: Path is the relative
4952 path name of the file to be created. Must not
4953 be absolute or contain the ''..'' path. Must
4954 be utf-8 encoded. The first item of the relative
4955 path must not start with ''..'''
4956 type: string
4957 resourceFieldRef:
4958 description: 'Selects a resource of the container:
4959 only resources limits and requests (limits.cpu,
4960 limits.memory, requests.cpu and requests.memory)
4961 are currently supported.'
4962 properties:
4963 containerName:
4964 description: 'Container name: required for
4965 volumes, optional for env vars'
4966 type: string
4967 divisor:
4968 anyOf:
4969 - type: integer
4970 - type: string
4971 description: Specifies the output format of
4972 the exposed resources, defaults to "1"
4973 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
4974 x-kubernetes-int-or-string: true
4975 resource:
4976 description: 'Required: resource to select'
4977 type: string
4978 required:
4979 - resource
4980 type: object
4981 required:
4982 - path
4983 type: object
4984 type: array
4985 type: object
4986 emptyDir:
4987 description: 'EmptyDir represents a temporary directory
4988 that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
4989 properties:
4990 medium:
4991 description: 'What type of storage medium should back
4992 this directory. The default is "" which means to use
4993 the node''s default medium. Must be an empty string
4994 (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
4995 type: string
4996 sizeLimit:
4997 anyOf:
4998 - type: integer
4999 - type: string
5000 description: 'Total amount of local storage required
5001 for this EmptyDir volume. The size limit is also applicable
5002 for memory medium. The maximum usage on memory medium
5003 EmptyDir would be the minimum value between the SizeLimit
5004 specified here and the sum of memory limits of all
5005 containers in a pod. The default is nil which means
5006 that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
5007 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
5008 x-kubernetes-int-or-string: true
5009 type: object
5010 fc:
5011 description: FC represents a Fibre Channel resource that
5012 is attached to a kubelet's host machine and then exposed
5013 to the pod.
5014 properties:
5015 fsType:
5016 description: 'Filesystem type to mount. Must be a filesystem
5017 type supported by the host operating system. Ex. "ext4",
5018 "xfs", "ntfs". Implicitly inferred to be "ext4" if
5019 unspecified. TODO: how do we prevent errors in the
5020 filesystem from compromising the machine'
5021 type: string
5022 lun:
5023 description: 'Optional: FC target lun number'
5024 format: int32
5025 type: integer
5026 readOnly:
5027 description: 'Optional: Defaults to false (read/write).
5028 ReadOnly here will force the ReadOnly setting in VolumeMounts.'
5029 type: boolean
5030 targetWWNs:
5031 description: 'Optional: FC target worldwide names (WWNs)'
5032 items:
5033 type: string
5034 type: array
5035 wwids:
5036 description: 'Optional: FC volume world wide identifiers
5037 (wwids) Either wwids or combination of targetWWNs
5038 and lun must be set, but not both simultaneously.'
5039 items:
5040 type: string
5041 type: array
5042 type: object
5043 flexVolume:
5044 description: FlexVolume represents a generic volume resource
5045 that is provisioned/attached using an exec based plugin.
5046 properties:
5047 driver:
5048 description: Driver is the name of the driver to use
5049 for this volume.
5050 type: string
5051 fsType:
5052 description: Filesystem type to mount. Must be a filesystem
5053 type supported by the host operating system. Ex. "ext4",
5054 "xfs", "ntfs". The default filesystem depends on FlexVolume
5055 script.
5056 type: string
5057 options:
5058 additionalProperties:
5059 type: string
5060 description: 'Optional: Extra command options if any.'
5061 type: object
5062 readOnly:
5063 description: 'Optional: Defaults to false (read/write).
5064 ReadOnly here will force the ReadOnly setting in VolumeMounts.'
5065 type: boolean
5066 secretRef:
5067 description: 'Optional: SecretRef is reference to the
5068 secret object containing sensitive information to
5069 pass to the plugin scripts. This may be empty if no
5070 secret object is specified. If the secret object contains
5071 more than one secret, all secrets are passed to the
5072 plugin scripts.'
5073 properties:
5074 name:
5075 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
5076 TODO: Add other useful fields. apiVersion, kind,
5077 uid?'
5078 type: string
5079 required:
5080 - name
5081 type: object
5082 required:
5083 - driver
5084 type: object
5085 flocker:
5086 description: Flocker represents a Flocker volume attached
5087 to a kubelet's host machine. This depends on the Flocker
5088 control service being running
5089 properties:
5090 datasetName:
5091 description: Name of the dataset stored as metadata
5092 -> name on the dataset for Flocker should be considered
5093 as deprecated
5094 type: string
5095 datasetUUID:
5096 description: UUID of the dataset. This is unique identifier
5097 of a Flocker dataset
5098 type: string
5099 type: object
5100 gcePersistentDisk:
5101 description: 'GCEPersistentDisk represents a GCE Disk resource
5102 that is attached to a kubelet''s host machine and then
5103 exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
5104 properties:
5105 fsType:
5106 description: 'Filesystem type of the volume that you
5107 want to mount. Tip: Ensure that the filesystem type
5108 is supported by the host operating system. Examples:
5109 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
5110 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
5111 TODO: how do we prevent errors in the filesystem from
5112 compromising the machine'
5113 type: string
5114 partition:
5115 description: 'The partition in the volume that you want
5116 to mount. If omitted, the default is to mount by volume
5117 name. Examples: For volume /dev/sda1, you specify
5118 the partition as "1". Similarly, the volume partition
5119 for /dev/sda is "0" (or you can leave the property
5120 empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
5121 format: int32
5122 type: integer
5123 pdName:
5124 description: 'Unique name of the PD resource in GCE.
5125 Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
5126 type: string
5127 readOnly:
5128 description: 'ReadOnly here will force the ReadOnly
5129 setting in VolumeMounts. Defaults to false. More info:
5130 https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
5131 type: boolean
5132 required:
5133 - pdName
5134 type: object
5135 gitRepo:
5136 description: 'GitRepo represents a git repository at a particular
5137 revision. DEPRECATED: GitRepo is deprecated. To provision
5138 a container with a git repo, mount an EmptyDir into an
5139 InitContainer that clones the repo using git, then mount
5140 the EmptyDir into the Pod''s container.'
5141 properties:
5142 directory:
5143 description: Target directory name. Must not contain
5144 or start with '..'. If '.' is supplied, the volume
5145 directory will be the git repository. Otherwise,
5146 if specified, the volume will contain the git repository
5147 in the subdirectory with the given name.
5148 type: string
5149 repository:
5150 description: Repository URL
5151 type: string
5152 revision:
5153 description: Commit hash for the specified revision.
5154 type: string
5155 required:
5156 - repository
5157 type: object
5158 glusterfs:
5159 description: 'Glusterfs represents a Glusterfs mount on
5160 the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
5161 properties:
5162 endpoints:
5163 description: 'EndpointsName is the endpoint name that
5164 details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
5165 type: string
5166 path:
5167 description: 'Path is the Glusterfs volume path. More
5168 info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
5169 type: string
5170 readOnly:
5171 description: 'ReadOnly here will force the Glusterfs
5172 volume to be mounted with read-only permissions. Defaults
5173 to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
5174 type: boolean
5175 required:
5176 - endpoints
5177 - path
5178 type: object
5179 hostPath:
5180 description: 'HostPath represents a pre-existing file or
5181 directory on the host machine that is directly exposed
5182 to the container. This is generally used for system agents
5183 or other privileged things that are allowed to see the
5184 host machine. Most containers will NOT need this. More
5185 info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
5186 --- TODO(jonesdl) We need to restrict who can use host
5187 directory mounts and who can/can not mount host directories
5188 as read/write.'
5189 properties:
5190 path:
5191 description: 'Path of the directory on the host. If
5192 the path is a symlink, it will follow the link to
5193 the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
5194 type: string
5195 type:
5196 description: 'Type for HostPath Volume Defaults to ""
5197 More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
5198 type: string
5199 required:
5200 - path
5201 type: object
5202 iscsi:
5203 description: 'ISCSI represents an ISCSI Disk resource that
5204 is attached to a kubelet''s host machine and then exposed
5205 to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
5206 properties:
5207 chapAuthDiscovery:
5208 description: whether support iSCSI Discovery CHAP authentication
5209 type: boolean
5210 chapAuthSession:
5211 description: whether support iSCSI Session CHAP authentication
5212 type: boolean
5213 fsType:
5214 description: 'Filesystem type of the volume that you
5215 want to mount. Tip: Ensure that the filesystem type
5216 is supported by the host operating system. Examples:
5217 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
5218 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
5219 TODO: how do we prevent errors in the filesystem from
5220 compromising the machine'
5221 type: string
5222 initiatorName:
5223 description: Custom iSCSI Initiator Name. If initiatorName
5224 is specified with iscsiInterface simultaneously, new
5225 iSCSI interface <target portal>:<volume name> will
5226 be created for the connection.
5227 type: string
5228 iqn:
5229 description: Target iSCSI Qualified Name.
5230 type: string
5231 iscsiInterface:
5232 description: iSCSI Interface Name that uses an iSCSI
5233 transport. Defaults to 'default' (tcp).
5234 type: string
5235 lun:
5236 description: iSCSI Target Lun number.
5237 format: int32
5238 type: integer
5239 portals:
5240 description: iSCSI Target Portal List. The portal is
5241 either an IP or ip_addr:port if the port is other
5242 than default (typically TCP ports 860 and 3260).
5243 items:
5244 type: string
5245 type: array
5246 readOnly:
5247 description: ReadOnly here will force the ReadOnly setting
5248 in VolumeMounts. Defaults to false.
5249 type: boolean
5250 secretRef:
5251 description: CHAP Secret for iSCSI target and initiator
5252 authentication
5253 properties:
5254 name:
5255 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
5256 TODO: Add other useful fields. apiVersion, kind,
5257 uid?'
5258 type: string
5259 required:
5260 - name
5261 type: object
5262 targetPortal:
5263 description: iSCSI Target Portal. The Portal is either
5264 an IP or ip_addr:port if the port is other than default
5265 (typically TCP ports 860 and 3260).
5266 type: string
5267 required:
5268 - iqn
5269 - lun
5270 - targetPortal
5271 type: object
5272 name:
5273 description: 'Volume''s name. Must be a DNS_LABEL and unique
5274 within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
5275 type: string
5276 nfs:
5277 description: 'NFS represents an NFS mount on the host that
5278 shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
5279 properties:
5280 path:
5281 description: 'Path that is exported by the NFS server.
5282 More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
5283 type: string
5284 readOnly:
5285 description: 'ReadOnly here will force the NFS export
5286 to be mounted with read-only permissions. Defaults
5287 to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
5288 type: boolean
5289 server:
5290 description: 'Server is the hostname or IP address of
5291 the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
5292 type: string
5293 required:
5294 - path
5295 - server
5296 type: object
5297 persistentVolumeClaim:
5298 description: 'PersistentVolumeClaimVolumeSource represents
5299 a reference to a PersistentVolumeClaim in the same namespace.
5300 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
5301 properties:
5302 claimName:
5303 description: 'ClaimName is the name of a PersistentVolumeClaim
5304 in the same namespace as the pod using this volume.
5305 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
5306 type: string
5307 readOnly:
5308 description: Will force the ReadOnly setting in VolumeMounts.
5309 Default false.
5310 type: boolean
5311 required:
5312 - claimName
5313 type: object
5314 photonPersistentDisk:
5315 description: PhotonPersistentDisk represents a PhotonController
5316 persistent disk attached and mounted on kubelets host
5317 machine
5318 properties:
5319 fsType:
5320 description: Filesystem type to mount. Must be a filesystem
5321 type supported by the host operating system. Ex. "ext4",
5322 "xfs", "ntfs". Implicitly inferred to be "ext4" if
5323 unspecified.
5324 type: string
5325 pdID:
5326 description: ID that identifies Photon Controller persistent
5327 disk
5328 type: string
5329 required:
5330 - pdID
5331 type: object
5332 portworxVolume:
5333 description: PortworxVolume represents a portworx volume
5334 attached and mounted on kubelets host machine
5335 properties:
5336 fsType:
5337 description: FSType represents the filesystem type to
5338 mount Must be a filesystem type supported by the host
5339 operating system. Ex. "ext4", "xfs". Implicitly inferred
5340 to be "ext4" if unspecified.
5341 type: string
5342 readOnly:
5343 description: Defaults to false (read/write). ReadOnly
5344 here will force the ReadOnly setting in VolumeMounts.
5345 type: boolean
5346 volumeID:
5347 description: VolumeID uniquely identifies a Portworx
5348 volume
5349 type: string
5350 required:
5351 - volumeID
5352 type: object
5353 projected:
5354 description: Items for all in one resources secrets, configmaps,
5355 and downward API
5356 properties:
5357 defaultMode:
5358 description: Mode bits to use on created files by default.
5359 Must be a value between 0 and 0777. Directories within
5360 the path are not affected by this setting. This might
5361 be in conflict with other options that affect the
5362 file mode, like fsGroup, and the result can be other
5363 mode bits set.
5364 format: int32
5365 type: integer
5366 sources:
5367 description: list of volume projections
5368 items:
5369 description: Projection that may be projected along
5370 with other supported volume types
5371 properties:
5372 configMap:
5373 description: information about the configMap data
5374 to project
5375 properties:
5376 items:
5377 description: If unspecified, each key-value
5378 pair in the Data field of the referenced
5379 ConfigMap will be projected into the volume
5380 as a file whose name is the key and content
5381 is the value. If specified, the listed keys
5382 will be projected into the specified paths,
5383 and unlisted keys will not be present. If
5384 a key is specified which is not present
5385 in the ConfigMap, the volume setup will
5386 error unless it is marked optional. Paths
5387 must be relative and may not contain the
5388 '..' path or start with '..'.
5389 items:
5390 description: Maps a string key to a path
5391 within a volume.
5392 properties:
5393 key:
5394 description: The key to project.
5395 type: string
5396 mode:
5397 description: 'Optional: mode bits to
5398 use on this file, must be a value
5399 between 0 and 0777. If not specified,
5400 the volume defaultMode will be used.
5401 This might be in conflict with other
5402 options that affect the file mode,
5403 like fsGroup, and the result can be
5404 other mode bits set.'
5405 format: int32
5406 type: integer
5407 path:
5408 description: The relative path of the
5409 file to map the key to. May not be
5410 an absolute path. May not contain
5411 the path element '..'. May not start
5412 with the string '..'.
5413 type: string
5414 required:
5415 - key
5416 - path
5417 type: object
5418 type: array
5419 name:
5420 description: 'Name of the referent. More info:
5421 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
5422 TODO: Add other useful fields. apiVersion,
5423 kind, uid?'
5424 type: string
5425 optional:
5426 description: Specify whether the ConfigMap
5427 or its keys must be defined
5428 type: boolean
5429 required:
5430 - name
5431 type: object
5432 downwardAPI:
5433 description: information about the downwardAPI
5434 data to project
5435 properties:
5436 items:
5437 description: Items is a list of DownwardAPIVolume
5438 file
5439 items:
5440 description: DownwardAPIVolumeFile represents
5441 information to create the file containing
5442 the pod field
5443 properties:
5444 fieldRef:
5445 description: 'Required: Selects a field
5446 of the pod: only annotations, labels,
5447 name and namespace are supported.'
5448 properties:
5449 apiVersion:
5450 description: Version of the schema
5451 the FieldPath is written in terms
5452 of, defaults to "v1".
5453 type: string
5454 fieldPath:
5455 description: Path of the field to
5456 select in the specified API version.
5457 type: string
5458 required:
5459 - fieldPath
5460 type: object
5461 mode:
5462 description: 'Optional: mode bits to
5463 use on this file, must be a value
5464 between 0 and 0777. If not specified,
5465 the volume defaultMode will be used.
5466 This might be in conflict with other
5467 options that affect the file mode,
5468 like fsGroup, and the result can be
5469 other mode bits set.'
5470 format: int32
5471 type: integer
5472 path:
5473 description: 'Required: Path is the
5474 relative path name of the file to
5475 be created. Must not be absolute or
5476 contain the ''..'' path. Must be utf-8
5477 encoded. The first item of the relative
5478 path must not start with ''..'''
5479 type: string
5480 resourceFieldRef:
5481 description: 'Selects a resource of
5482 the container: only resources limits
5483 and requests (limits.cpu, limits.memory,
5484 requests.cpu and requests.memory)
5485 are currently supported.'
5486 properties:
5487 containerName:
5488 description: 'Container name: required
5489 for volumes, optional for env
5490 vars'
5491 type: string
5492 divisor:
5493 anyOf:
5494 - type: integer
5495 - type: string
5496 description: Specifies the output
5497 format of the exposed resources,
5498 defaults to "1"
5499 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
5500 x-kubernetes-int-or-string: true
5501 resource:
5502 description: 'Required: resource
5503 to select'
5504 type: string
5505 required:
5506 - resource
5507 type: object
5508 required:
5509 - path
5510 type: object
5511 type: array
5512 type: object
5513 secret:
5514 description: information about the secret data
5515 to project
5516 properties:
5517 items:
5518 description: If unspecified, each key-value
5519 pair in the Data field of the referenced
5520 Secret will be projected into the volume
5521 as a file whose name is the key and content
5522 is the value. If specified, the listed keys
5523 will be projected into the specified paths,
5524 and unlisted keys will not be present. If
5525 a key is specified which is not present
5526 in the Secret, the volume setup will error
5527 unless it is marked optional. Paths must
5528 be relative and may not contain the '..'
5529 path or start with '..'.
5530 items:
5531 description: Maps a string key to a path
5532 within a volume.
5533 properties:
5534 key:
5535 description: The key to project.
5536 type: string
5537 mode:
5538 description: 'Optional: mode bits to
5539 use on this file, must be a value
5540 between 0 and 0777. If not specified,
5541 the volume defaultMode will be used.
5542 This might be in conflict with other
5543 options that affect the file mode,
5544 like fsGroup, and the result can be
5545 other mode bits set.'
5546 format: int32
5547 type: integer
5548 path:
5549 description: The relative path of the
5550 file to map the key to. May not be
5551 an absolute path. May not contain
5552 the path element '..'. May not start
5553 with the string '..'.
5554 type: string
5555 required:
5556 - key
5557 - path
5558 type: object
5559 type: array
5560 name:
5561 description: 'Name of the referent. More info:
5562 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
5563 TODO: Add other useful fields. apiVersion,
5564 kind, uid?'
5565 type: string
5566 optional:
5567 description: Specify whether the Secret or
5568 its key must be defined
5569 type: boolean
5570 required:
5571 - name
5572 type: object
5573 serviceAccountToken:
5574 description: information about the serviceAccountToken
5575 data to project
5576 properties:
5577 audience:
5578 description: Audience is the intended audience
5579 of the token. A recipient of a token must
5580 identify itself with an identifier specified
5581 in the audience of the token, and otherwise
5582 should reject the token. The audience defaults
5583 to the identifier of the apiserver.
5584 type: string
5585 expirationSeconds:
5586 description: ExpirationSeconds is the requested
5587 duration of validity of the service account
5588 token. As the token approaches expiration,
5589 the kubelet volume plugin will proactively
5590 rotate the service account token. The kubelet
5591 will start trying to rotate the token if
5592 the token is older than 80 percent of its
5593 time to live or if the token is older than
5594 24 hours.Defaults to 1 hour and must be
5595 at least 10 minutes.
5596 format: int64
5597 type: integer
5598 path:
5599 description: Path is the path relative to
5600 the mount point of the file to project the
5601 token into.
5602 type: string
5603 required:
5604 - path
5605 type: object
5606 type: object
5607 type: array
5608 required:
5609 - sources
5610 type: object
5611 quobyte:
5612 description: Quobyte represents a Quobyte mount on the host
5613 that shares a pod's lifetime
5614 properties:
5615 group:
5616 description: Group to map volume access to Default is
5617 no group
5618 type: string
5619 readOnly:
5620 description: ReadOnly here will force the Quobyte volume
5621 to be mounted with read-only permissions. Defaults
5622 to false.
5623 type: boolean
5624 registry:
5625 description: Registry represents a single or multiple
5626 Quobyte Registry services specified as a string as
5627 host:port pair (multiple entries are separated with
5628 commas) which acts as the central registry for volumes
5629 type: string
5630 tenant:
5631 description: Tenant owning the given Quobyte volume
5632 in the Backend Used with dynamically provisioned Quobyte
5633 volumes, value is set by the plugin
5634 type: string
5635 user:
5636 description: User to map volume access to Defaults to
5637 serivceaccount user
5638 type: string
5639 volume:
5640 description: Volume is a string that references an already
5641 created Quobyte volume by name.
5642 type: string
5643 required:
5644 - registry
5645 - volume
5646 type: object
5647 rbd:
5648 description: 'RBD represents a Rados Block Device mount
5649 on the host that shares a pod''s lifetime. More info:
5650 https://examples.k8s.io/volumes/rbd/README.md'
5651 properties:
5652 fsType:
5653 description: 'Filesystem type of the volume that you
5654 want to mount. Tip: Ensure that the filesystem type
5655 is supported by the host operating system. Examples:
5656 "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
5657 if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
5658 TODO: how do we prevent errors in the filesystem from
5659 compromising the machine'
5660 type: string
5661 image:
5662 description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
5663 type: string
5664 keyring:
5665 description: 'Keyring is the path to key ring for RBDUser.
5666 Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
5667 type: string
5668 monitors:
5669 description: 'A collection of Ceph monitors. More info:
5670 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
5671 items:
5672 type: string
5673 type: array
5674 pool:
5675 description: 'The rados pool name. Default is rbd. More
5676 info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
5677 type: string
5678 readOnly:
5679 description: 'ReadOnly here will force the ReadOnly
5680 setting in VolumeMounts. Defaults to false. More info:
5681 https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
5682 type: boolean
5683 secretRef:
5684 description: 'SecretRef is name of the authentication
5685 secret for RBDUser. If provided overrides keyring.
5686 Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
5687 properties:
5688 name:
5689 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
5690 TODO: Add other useful fields. apiVersion, kind,
5691 uid?'
5692 type: string
5693 required:
5694 - name
5695 type: object
5696 user:
5697 description: 'The rados user name. Default is admin.
5698 More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
5699 type: string
5700 required:
5701 - image
5702 - monitors
5703 type: object
5704 scaleIO:
5705 description: ScaleIO represents a ScaleIO persistent volume
5706 attached and mounted on Kubernetes nodes.
5707 properties:
5708 fsType:
5709 description: Filesystem type to mount. Must be a filesystem
5710 type supported by the host operating system. Ex. "ext4",
5711 "xfs", "ntfs". Default is "xfs".
5712 type: string
5713 gateway:
5714 description: The host address of the ScaleIO API Gateway.
5715 type: string
5716 protectionDomain:
5717 description: The name of the ScaleIO Protection Domain
5718 for the configured storage.
5719 type: string
5720 readOnly:
5721 description: Defaults to false (read/write). ReadOnly
5722 here will force the ReadOnly setting in VolumeMounts.
5723 type: boolean
5724 secretRef:
5725 description: SecretRef references to the secret for
5726 ScaleIO user and other sensitive information. If this
5727 is not provided, Login operation will fail.
5728 properties:
5729 name:
5730 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
5731 TODO: Add other useful fields. apiVersion, kind,
5732 uid?'
5733 type: string
5734 required:
5735 - name
5736 type: object
5737 sslEnabled:
5738 description: Flag to enable/disable SSL communication
5739 with Gateway, default false
5740 type: boolean
5741 storageMode:
5742 description: Indicates whether the storage for a volume
5743 should be ThickProvisioned or ThinProvisioned. Default
5744 is ThinProvisioned.
5745 type: string
5746 storagePool:
5747 description: The ScaleIO Storage Pool associated with
5748 the protection domain.
5749 type: string
5750 system:
5751 description: The name of the storage system as configured
5752 in ScaleIO.
5753 type: string
5754 volumeName:
5755 description: The name of a volume already created in
5756 the ScaleIO system that is associated with this volume
5757 source.
5758 type: string
5759 required:
5760 - gateway
5761 - secretRef
5762 - system
5763 type: object
5764 secret:
5765 description: 'Secret represents a secret that should populate
5766 this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
5767 properties:
5768 defaultMode:
5769 description: 'Optional: mode bits to use on created
5770 files by default. Must be a value between 0 and 0777.
5771 Defaults to 0644. Directories within the path are
5772 not affected by this setting. This might be in conflict
5773 with other options that affect the file mode, like
5774 fsGroup, and the result can be other mode bits set.'
5775 format: int32
5776 type: integer
5777 items:
5778 description: If unspecified, each key-value pair in
5779 the Data field of the referenced Secret will be projected
5780 into the volume as a file whose name is the key and
5781 content is the value. If specified, the listed keys
5782 will be projected into the specified paths, and unlisted
5783 keys will not be present. If a key is specified which
5784 is not present in the Secret, the volume setup will
5785 error unless it is marked optional. Paths must be
5786 relative and may not contain the '..' path or start
5787 with '..'.
5788 items:
5789 description: Maps a string key to a path within a
5790 volume.
5791 properties:
5792 key:
5793 description: The key to project.
5794 type: string
5795 mode:
5796 description: 'Optional: mode bits to use on this
5797 file, must be a value between 0 and 0777. If
5798 not specified, the volume defaultMode will be
5799 used. This might be in conflict with other options
5800 that affect the file mode, like fsGroup, and
5801 the result can be other mode bits set.'
5802 format: int32
5803 type: integer
5804 path:
5805 description: The relative path of the file to
5806 map the key to. May not be an absolute path.
5807 May not contain the path element '..'. May not
5808 start with the string '..'.
5809 type: string
5810 required:
5811 - key
5812 - path
5813 type: object
5814 type: array
5815 optional:
5816 description: Specify whether the Secret or its keys
5817 must be defined
5818 type: boolean
5819 secretName:
5820 description: 'Name of the secret in the pod''s namespace
5821 to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
5822 type: string
5823 type: object
5824 storageos:
5825 description: StorageOS represents a StorageOS volume attached
5826 and mounted on Kubernetes nodes.
5827 properties:
5828 fsType:
5829 description: Filesystem type to mount. Must be a filesystem
5830 type supported by the host operating system. Ex. "ext4",
5831 "xfs", "ntfs". Implicitly inferred to be "ext4" if
5832 unspecified.
5833 type: string
5834 readOnly:
5835 description: Defaults to false (read/write). ReadOnly
5836 here will force the ReadOnly setting in VolumeMounts.
5837 type: boolean
5838 secretRef:
5839 description: SecretRef specifies the secret to use for
5840 obtaining the StorageOS API credentials. If not specified,
5841 default values will be attempted.
5842 properties:
5843 name:
5844 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
5845 TODO: Add other useful fields. apiVersion, kind,
5846 uid?'
5847 type: string
5848 required:
5849 - name
5850 type: object
5851 volumeName:
5852 description: VolumeName is the human-readable name of
5853 the StorageOS volume. Volume names are only unique
5854 within a namespace.
5855 type: string
5856 volumeNamespace:
5857 description: VolumeNamespace specifies the scope of
5858 the volume within StorageOS. If no namespace is specified
5859 then the Pod's namespace will be used. This allows
5860 the Kubernetes name scoping to be mirrored within
5861 StorageOS for tighter integration. Set VolumeName
5862 to any name to override the default behaviour. Set
5863 to "default" if you are not using namespaces within
5864 StorageOS. Namespaces that do not pre-exist within
5865 StorageOS will be created.
5866 type: string
5867 type: object
5868 vsphereVolume:
5869 description: VsphereVolume represents a vSphere volume attached
5870 and mounted on kubelets host machine
5871 properties:
5872 fsType:
5873 description: Filesystem type to mount. Must be a filesystem
5874 type supported by the host operating system. Ex. "ext4",
5875 "xfs", "ntfs". Implicitly inferred to be "ext4" if
5876 unspecified.
5877 type: string
5878 storagePolicyID:
5879 description: Storage Policy Based Management (SPBM)
5880 profile ID associated with the StoragePolicyName.
5881 type: string
5882 storagePolicyName:
5883 description: Storage Policy Based Management (SPBM)
5884 profile name.
5885 type: string
5886 volumePath:
5887 description: Path that identifies vSphere volume vmdk
5888 type: string
5889 required:
5890 - volumePath
5891 type: object
5892 required:
5893 - name
5894 type: object
5895 type: array
5896 x-kubernetes-list-map-keys:
5897 - name
5898 x-kubernetes-list-type: map
5899 required:
5900 - containers
5901 type: object
5902 type: object
5903 required:
5904 - selector
5905 - template
5906 type: object
5907 status:
5908 description: Most recently observed status of the Deployment.
5909 properties:
5910 availableReplicas:
5911 description: Total number of available pods (ready for at least minReadySeconds)
5912 targeted by this deployment.
5913 format: int32
5914 type: integer
5915 collisionCount:
5916 description: Count of hash collisions for the Deployment. The Deployment
5917 controller uses this field as a collision avoidance mechanism when it
5918 needs to create the name for the newest ReplicaSet.
5919 format: int32
5920 type: integer
5921 conditions:
5922 description: Represents the latest available observations of a deployment's
5923 current state.
5924 items:
5925 description: DeploymentCondition describes the state of a deployment
5926 at a certain point.
5927 properties:
5928 lastTransitionTime:
5929 description: Last time the condition transitioned from one status
5930 to another.
5931 format: date-time
5932 type: string
5933 lastUpdateTime:
5934 description: The last time this condition was updated.
5935 format: date-time
5936 type: string
5937 message:
5938 description: A human readable message indicating details about the
5939 transition.
5940 type: string
5941 reason:
5942 description: The reason for the condition's last transition.
5943 type: string
5944 status:
5945 description: Status of the condition, one of True, False, Unknown.
5946 type: string
5947 type:
5948 description: Type of deployment condition.
5949 type: string
5950 required:
5951 - status
5952 - type
5953 type: object
5954 type: array
5955 x-kubernetes-list-map-keys:
5956 - type
5957 x-kubernetes-list-type: map
5958 observedGeneration:
5959 description: The generation observed by the deployment controller.
5960 format: int64
5961 type: integer
5962 readyReplicas:
5963 description: Total number of ready pods targeted by this deployment.
5964 format: int32
5965 type: integer
5966 replicas:
5967 description: Total number of non-terminated pods targeted by this deployment
5968 (their labels match the selector).
5969 format: int32
5970 type: integer
5971 unavailableReplicas:
5972 description: Total number of unavailable pods targeted by this deployment.
5973 This is the total number of pods that are still required for the deployment
5974 to have 100% available capacity. They may either be pods that are running
5975 but not yet available or pods that still have not been created.
5976 format: int32
5977 type: integer
5978 updatedReplicas:
5979 description: Total number of non-terminated pods targeted by this deployment
5980 that have the desired template spec.
5981 format: int32
5982 type: integer
5983 type: object
5984 type: object
5985 plural: deployments
5986 schemaUpdateStrategy: UpdateUnpublished
5987 scope: Namespaced
5988 singular: deployment
5989 subResources:
5990 - name: scale
5991 - name: status
5992status: {}View as plain text