agones.dev/agones@v1.53.0/install/helm/agones/templates/crds/k8s/_io.k8s.api.core.v1.PodTemplateSpec.yaml (about) 1 --- 2 # Copyright 2024 Google LLC All Rights Reserved. 3 # 4 # Licensed under the Apache License, Version 2.0 (the "License"); 5 # you may not use this file except in compliance with the License. 6 # You may obtain a copy of the License at 7 # 8 # http://www.apache.org/licenses/LICENSE-2.0 9 # 10 # Unless required by applicable law or agreed to in writing, software 11 # distributed under the License is distributed on an "AS IS" BASIS, 12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 # See the License for the specific language governing permissions and 14 # limitations under the License. 15 16 # This code was autogenerated. Do not edit directly. 17 18 {{- define "io.k8s.api.core.v1.PodTemplateSpec" }} 19 description: PodTemplateSpec describes the data a pod should have when created from a template 20 properties: 21 metadata: 22 description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" 23 properties: 24 annotations: 25 additionalProperties: 26 type: string 27 description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations" 28 type: object 29 creationTimestamp: 30 description: |- 31 CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 32 33 Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 34 format: date-time 35 nullable: true 36 type: string 37 deletionGracePeriodSeconds: 38 description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. 39 format: int64 40 type: integer 41 deletionTimestamp: 42 description: |- 43 DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. 44 45 Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 46 format: date-time 47 type: string 48 finalizers: 49 description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. 50 items: 51 type: string 52 type: array 53 generateName: 54 description: |- 55 GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. 56 57 If this field is specified and the generated name exists, the server will return a 409. 58 59 Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency 60 type: string 61 generation: 62 description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. 63 format: int64 64 type: integer 65 labels: 66 additionalProperties: 67 type: string 68 description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels" 69 type: object 70 managedFields: 71 description: ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. 72 items: 73 properties: 74 apiVersion: 75 description: APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. 76 type: string 77 fieldsType: 78 description: "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"" 79 type: string 80 fieldsV1: 81 description: FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. 82 type: object 83 manager: 84 description: Manager is an identifier of the workflow managing these fields. 85 type: string 86 operation: 87 description: Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. 88 type: string 89 subresource: 90 description: Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource. 91 type: string 92 time: 93 description: Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over. 94 format: date-time 95 type: string 96 type: object 97 type: array 98 name: 99 description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 100 type: string 101 namespace: 102 description: |- 103 Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. 104 105 Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces 106 type: string 107 ownerReferences: 108 description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. 109 items: 110 properties: 111 apiVersion: 112 description: API version of the referent. 113 type: string 114 blockOwnerDeletion: 115 description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. 116 type: boolean 117 controller: 118 description: If true, this reference points to the managing controller. 119 type: boolean 120 kind: 121 description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" 122 type: string 123 name: 124 description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 125 type: string 126 uid: 127 description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids" 128 type: string 129 required: 130 - apiVersion 131 - kind 132 - name 133 - uid 134 type: object 135 x-kubernetes-map-type: atomic 136 type: array 137 resourceVersion: 138 description: |- 139 An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. 140 141 Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 142 type: string 143 selfLink: 144 description: "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system." 145 type: string 146 uid: 147 description: |- 148 UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. 149 150 Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids 151 type: string 152 type: object 153 spec: 154 description: "Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" 155 properties: 156 activeDeadlineSeconds: 157 description: Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer. 158 format: int64 159 type: integer 160 affinity: 161 description: If specified, the pod's scheduling constraints 162 properties: 163 nodeAffinity: 164 description: Describes node affinity scheduling rules for the pod. 165 properties: 166 preferredDuringSchedulingIgnoredDuringExecution: 167 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. 168 items: 169 properties: 170 preference: 171 description: A node selector term, associated with the corresponding weight. 172 properties: 173 matchExpressions: 174 description: A list of node selector requirements by node's labels. 175 items: 176 properties: 177 key: 178 description: The label key that the selector applies to. 179 type: string 180 operator: 181 description: |- 182 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 183 184 Possible enum values: 185 - `"DoesNotExist"` 186 - `"Exists"` 187 - `"Gt"` 188 - `"In"` 189 - `"Lt"` 190 - `"NotIn"` 191 enum: 192 - DoesNotExist 193 - Exists 194 - Gt 195 - In 196 - Lt 197 - NotIn 198 type: string 199 values: 200 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 201 items: 202 type: string 203 type: array 204 required: 205 - key 206 - operator 207 type: object 208 type: array 209 matchFields: 210 description: A list of node selector requirements by node's fields. 211 items: 212 properties: 213 key: 214 description: The label key that the selector applies to. 215 type: string 216 operator: 217 description: |- 218 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 219 220 Possible enum values: 221 - `"DoesNotExist"` 222 - `"Exists"` 223 - `"Gt"` 224 - `"In"` 225 - `"Lt"` 226 - `"NotIn"` 227 enum: 228 - DoesNotExist 229 - Exists 230 - Gt 231 - In 232 - Lt 233 - NotIn 234 type: string 235 values: 236 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 237 items: 238 type: string 239 type: array 240 required: 241 - key 242 - operator 243 type: object 244 type: array 245 type: object 246 x-kubernetes-map-type: atomic 247 weight: 248 description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. 249 format: int32 250 type: integer 251 required: 252 - weight 253 - preference 254 type: object 255 type: array 256 requiredDuringSchedulingIgnoredDuringExecution: 257 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. 258 properties: 259 nodeSelectorTerms: 260 description: Required. A list of node selector terms. The terms are ORed. 261 items: 262 properties: 263 matchExpressions: 264 description: A list of node selector requirements by node's labels. 265 items: 266 properties: 267 key: 268 description: The label key that the selector applies to. 269 type: string 270 operator: 271 description: |- 272 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 273 274 Possible enum values: 275 - `"DoesNotExist"` 276 - `"Exists"` 277 - `"Gt"` 278 - `"In"` 279 - `"Lt"` 280 - `"NotIn"` 281 enum: 282 - DoesNotExist 283 - Exists 284 - Gt 285 - In 286 - Lt 287 - NotIn 288 type: string 289 values: 290 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 291 items: 292 type: string 293 type: array 294 required: 295 - key 296 - operator 297 type: object 298 type: array 299 matchFields: 300 description: A list of node selector requirements by node's fields. 301 items: 302 properties: 303 key: 304 description: The label key that the selector applies to. 305 type: string 306 operator: 307 description: |- 308 Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. 309 310 Possible enum values: 311 - `"DoesNotExist"` 312 - `"Exists"` 313 - `"Gt"` 314 - `"In"` 315 - `"Lt"` 316 - `"NotIn"` 317 enum: 318 - DoesNotExist 319 - Exists 320 - Gt 321 - In 322 - Lt 323 - NotIn 324 type: string 325 values: 326 description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. 327 items: 328 type: string 329 type: array 330 required: 331 - key 332 - operator 333 type: object 334 type: array 335 type: object 336 x-kubernetes-map-type: atomic 337 type: array 338 required: 339 - nodeSelectorTerms 340 type: object 341 x-kubernetes-map-type: atomic 342 type: object 343 podAffinity: 344 description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). 345 properties: 346 preferredDuringSchedulingIgnoredDuringExecution: 347 description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. 348 items: 349 properties: 350 podAffinityTerm: 351 description: Required. A pod affinity term, associated with the corresponding weight. 352 properties: 353 labelSelector: 354 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 355 properties: 356 matchExpressions: 357 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 358 items: 359 properties: 360 key: 361 description: key is the label key that the selector applies to. 362 type: string 363 operator: 364 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 365 type: string 366 values: 367 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 368 items: 369 type: string 370 type: array 371 required: 372 - key 373 - operator 374 type: object 375 type: array 376 matchLabels: 377 additionalProperties: 378 type: string 379 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 380 type: object 381 type: object 382 x-kubernetes-map-type: atomic 383 matchLabelKeys: 384 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 385 items: 386 type: string 387 type: array 388 mismatchLabelKeys: 389 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 390 items: 391 type: string 392 type: array 393 namespaceSelector: 394 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 395 properties: 396 matchExpressions: 397 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 398 items: 399 properties: 400 key: 401 description: key is the label key that the selector applies to. 402 type: string 403 operator: 404 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 405 type: string 406 values: 407 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 408 items: 409 type: string 410 type: array 411 required: 412 - key 413 - operator 414 type: object 415 type: array 416 matchLabels: 417 additionalProperties: 418 type: string 419 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 420 type: object 421 type: object 422 x-kubernetes-map-type: atomic 423 namespaces: 424 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 425 items: 426 type: string 427 type: array 428 topologyKey: 429 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 430 type: string 431 required: 432 - topologyKey 433 type: object 434 weight: 435 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. 436 format: int32 437 type: integer 438 required: 439 - weight 440 - podAffinityTerm 441 type: object 442 type: array 443 requiredDuringSchedulingIgnoredDuringExecution: 444 description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. 445 items: 446 properties: 447 labelSelector: 448 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 449 properties: 450 matchExpressions: 451 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 452 items: 453 properties: 454 key: 455 description: key is the label key that the selector applies to. 456 type: string 457 operator: 458 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 459 type: string 460 values: 461 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 462 items: 463 type: string 464 type: array 465 required: 466 - key 467 - operator 468 type: object 469 type: array 470 matchLabels: 471 additionalProperties: 472 type: string 473 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 474 type: object 475 type: object 476 x-kubernetes-map-type: atomic 477 matchLabelKeys: 478 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 479 items: 480 type: string 481 type: array 482 mismatchLabelKeys: 483 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 484 items: 485 type: string 486 type: array 487 namespaceSelector: 488 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 489 properties: 490 matchExpressions: 491 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 492 items: 493 properties: 494 key: 495 description: key is the label key that the selector applies to. 496 type: string 497 operator: 498 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 499 type: string 500 values: 501 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 502 items: 503 type: string 504 type: array 505 required: 506 - key 507 - operator 508 type: object 509 type: array 510 matchLabels: 511 additionalProperties: 512 type: string 513 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 514 type: object 515 type: object 516 x-kubernetes-map-type: atomic 517 namespaces: 518 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 519 items: 520 type: string 521 type: array 522 topologyKey: 523 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 524 type: string 525 required: 526 - topologyKey 527 type: object 528 type: array 529 type: object 530 podAntiAffinity: 531 description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). 532 properties: 533 preferredDuringSchedulingIgnoredDuringExecution: 534 description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. 535 items: 536 properties: 537 podAffinityTerm: 538 description: Required. A pod affinity term, associated with the corresponding weight. 539 properties: 540 labelSelector: 541 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 542 properties: 543 matchExpressions: 544 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 545 items: 546 properties: 547 key: 548 description: key is the label key that the selector applies to. 549 type: string 550 operator: 551 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 552 type: string 553 values: 554 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 555 items: 556 type: string 557 type: array 558 required: 559 - key 560 - operator 561 type: object 562 type: array 563 matchLabels: 564 additionalProperties: 565 type: string 566 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 567 type: object 568 type: object 569 x-kubernetes-map-type: atomic 570 matchLabelKeys: 571 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 572 items: 573 type: string 574 type: array 575 mismatchLabelKeys: 576 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 577 items: 578 type: string 579 type: array 580 namespaceSelector: 581 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 582 properties: 583 matchExpressions: 584 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 585 items: 586 properties: 587 key: 588 description: key is the label key that the selector applies to. 589 type: string 590 operator: 591 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 592 type: string 593 values: 594 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 595 items: 596 type: string 597 type: array 598 required: 599 - key 600 - operator 601 type: object 602 type: array 603 matchLabels: 604 additionalProperties: 605 type: string 606 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 607 type: object 608 type: object 609 x-kubernetes-map-type: atomic 610 namespaces: 611 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 612 items: 613 type: string 614 type: array 615 topologyKey: 616 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 617 type: string 618 required: 619 - topologyKey 620 type: object 621 weight: 622 description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. 623 format: int32 624 type: integer 625 required: 626 - weight 627 - podAffinityTerm 628 type: object 629 type: array 630 requiredDuringSchedulingIgnoredDuringExecution: 631 description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. 632 items: 633 properties: 634 labelSelector: 635 description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. 636 properties: 637 matchExpressions: 638 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 639 items: 640 properties: 641 key: 642 description: key is the label key that the selector applies to. 643 type: string 644 operator: 645 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 646 type: string 647 values: 648 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 649 items: 650 type: string 651 type: array 652 required: 653 - key 654 - operator 655 type: object 656 type: array 657 matchLabels: 658 additionalProperties: 659 type: string 660 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 661 type: object 662 type: object 663 x-kubernetes-map-type: atomic 664 matchLabelKeys: 665 description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 666 items: 667 type: string 668 type: array 669 mismatchLabelKeys: 670 description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). 671 items: 672 type: string 673 type: array 674 namespaceSelector: 675 description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. 676 properties: 677 matchExpressions: 678 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 679 items: 680 properties: 681 key: 682 description: key is the label key that the selector applies to. 683 type: string 684 operator: 685 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 686 type: string 687 values: 688 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 689 items: 690 type: string 691 type: array 692 required: 693 - key 694 - operator 695 type: object 696 type: array 697 matchLabels: 698 additionalProperties: 699 type: string 700 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 701 type: object 702 type: object 703 x-kubernetes-map-type: atomic 704 namespaces: 705 description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". 706 items: 707 type: string 708 type: array 709 topologyKey: 710 description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. 711 type: string 712 required: 713 - topologyKey 714 type: object 715 type: array 716 type: object 717 type: object 718 automountServiceAccountToken: 719 description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. 720 type: boolean 721 containers: 722 description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. 723 items: 724 properties: 725 args: 726 description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 727 items: 728 type: string 729 type: array 730 command: 731 description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 732 items: 733 type: string 734 type: array 735 env: 736 description: List of environment variables to set in the container. Cannot be updated. 737 items: 738 properties: 739 name: 740 description: Name of the environment variable. Must be a C_IDENTIFIER. 741 type: string 742 value: 743 description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." 744 type: string 745 valueFrom: 746 description: Source for the environment variable's value. Cannot be used if value is not empty. 747 properties: 748 configMapKeyRef: 749 description: Selects a key of a ConfigMap. 750 properties: 751 key: 752 description: The key to select. 753 type: string 754 name: 755 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 756 type: string 757 optional: 758 description: Specify whether the ConfigMap or its key must be defined 759 type: boolean 760 required: 761 - key 762 type: object 763 x-kubernetes-map-type: atomic 764 fieldRef: 765 description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." 766 properties: 767 apiVersion: 768 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 769 type: string 770 fieldPath: 771 description: Path of the field to select in the specified API version. 772 type: string 773 required: 774 - fieldPath 775 type: object 776 x-kubernetes-map-type: atomic 777 resourceFieldRef: 778 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." 779 properties: 780 containerName: 781 description: "Container name: required for volumes, optional for env vars" 782 type: string 783 divisor: 784 description: Specifies the output format of the exposed resources, defaults to "1" 785 type: string 786 resource: 787 description: "Required: resource to select" 788 type: string 789 required: 790 - resource 791 type: object 792 x-kubernetes-map-type: atomic 793 secretKeyRef: 794 description: Selects a key of a secret in the pod's namespace 795 properties: 796 key: 797 description: The key of the secret to select from. Must be a valid secret key. 798 type: string 799 name: 800 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 801 type: string 802 optional: 803 description: Specify whether the Secret or its key must be defined 804 type: boolean 805 required: 806 - key 807 type: object 808 x-kubernetes-map-type: atomic 809 type: object 810 required: 811 - name 812 type: object 813 type: array 814 envFrom: 815 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 816 items: 817 properties: 818 configMapRef: 819 description: The ConfigMap to select from 820 properties: 821 name: 822 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 823 type: string 824 optional: 825 description: Specify whether the ConfigMap must be defined 826 type: boolean 827 type: object 828 prefix: 829 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 830 type: string 831 secretRef: 832 description: The Secret to select from 833 properties: 834 name: 835 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 836 type: string 837 optional: 838 description: Specify whether the Secret must be defined 839 type: boolean 840 type: object 841 type: object 842 type: array 843 image: 844 description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." 845 type: string 846 imagePullPolicy: 847 description: |- 848 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 849 850 Possible enum values: 851 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 852 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 853 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 854 enum: 855 - Always 856 - IfNotPresent 857 - Never 858 type: string 859 lifecycle: 860 description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. 861 properties: 862 postStart: 863 description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 864 properties: 865 exec: 866 description: Exec specifies a command to execute in the container. 867 properties: 868 command: 869 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 870 items: 871 type: string 872 type: array 873 type: object 874 httpGet: 875 description: HTTPGet specifies an HTTP GET request to perform. 876 properties: 877 host: 878 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 879 type: string 880 httpHeaders: 881 description: Custom headers to set in the request. HTTP allows repeated headers. 882 items: 883 properties: 884 name: 885 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 886 type: string 887 value: 888 description: The header field value 889 type: string 890 required: 891 - name 892 - value 893 type: object 894 type: array 895 path: 896 description: Path to access on the HTTP server. 897 type: string 898 port: 899 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 900 format: int-or-string 901 x-kubernetes-int-or-string: true 902 scheme: 903 description: |- 904 Scheme to use for connecting to the host. Defaults to HTTP. 905 906 Possible enum values: 907 - `"HTTP"` means that the scheme used will be http:// 908 - `"HTTPS"` means that the scheme used will be https:// 909 enum: 910 - HTTP 911 - HTTPS 912 type: string 913 required: 914 - port 915 type: object 916 sleep: 917 description: Sleep represents a duration that the container should sleep. 918 properties: 919 seconds: 920 description: Seconds is the number of seconds to sleep. 921 format: int64 922 type: integer 923 required: 924 - seconds 925 type: object 926 tcpSocket: 927 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 928 properties: 929 host: 930 description: "Optional: Host name to connect to, defaults to the pod IP." 931 type: string 932 port: 933 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 934 format: int-or-string 935 x-kubernetes-int-or-string: true 936 required: 937 - port 938 type: object 939 type: object 940 preStop: 941 description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 942 properties: 943 exec: 944 description: Exec specifies a command to execute in the container. 945 properties: 946 command: 947 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 948 items: 949 type: string 950 type: array 951 type: object 952 httpGet: 953 description: HTTPGet specifies an HTTP GET request to perform. 954 properties: 955 host: 956 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 957 type: string 958 httpHeaders: 959 description: Custom headers to set in the request. HTTP allows repeated headers. 960 items: 961 properties: 962 name: 963 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 964 type: string 965 value: 966 description: The header field value 967 type: string 968 required: 969 - name 970 - value 971 type: object 972 type: array 973 path: 974 description: Path to access on the HTTP server. 975 type: string 976 port: 977 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 978 format: int-or-string 979 x-kubernetes-int-or-string: true 980 scheme: 981 description: |- 982 Scheme to use for connecting to the host. Defaults to HTTP. 983 984 Possible enum values: 985 - `"HTTP"` means that the scheme used will be http:// 986 - `"HTTPS"` means that the scheme used will be https:// 987 enum: 988 - HTTP 989 - HTTPS 990 type: string 991 required: 992 - port 993 type: object 994 sleep: 995 description: Sleep represents a duration that the container should sleep. 996 properties: 997 seconds: 998 description: Seconds is the number of seconds to sleep. 999 format: int64 1000 type: integer 1001 required: 1002 - seconds 1003 type: object 1004 tcpSocket: 1005 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 1006 properties: 1007 host: 1008 description: "Optional: Host name to connect to, defaults to the pod IP." 1009 type: string 1010 port: 1011 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1012 format: int-or-string 1013 x-kubernetes-int-or-string: true 1014 required: 1015 - port 1016 type: object 1017 type: object 1018 type: object 1019 livenessProbe: 1020 description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1021 properties: 1022 exec: 1023 description: Exec specifies a command to execute in the container. 1024 properties: 1025 command: 1026 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1027 items: 1028 type: string 1029 type: array 1030 type: object 1031 failureThreshold: 1032 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 1033 format: int32 1034 type: integer 1035 grpc: 1036 description: GRPC specifies a GRPC HealthCheckRequest. 1037 properties: 1038 port: 1039 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 1040 format: int32 1041 type: integer 1042 service: 1043 description: |- 1044 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1045 1046 If this is not specified, the default behavior is defined by gRPC. 1047 type: string 1048 required: 1049 - port 1050 type: object 1051 httpGet: 1052 description: HTTPGet specifies an HTTP GET request to perform. 1053 properties: 1054 host: 1055 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1056 type: string 1057 httpHeaders: 1058 description: Custom headers to set in the request. HTTP allows repeated headers. 1059 items: 1060 properties: 1061 name: 1062 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 1063 type: string 1064 value: 1065 description: The header field value 1066 type: string 1067 required: 1068 - name 1069 - value 1070 type: object 1071 type: array 1072 path: 1073 description: Path to access on the HTTP server. 1074 type: string 1075 port: 1076 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1077 format: int-or-string 1078 x-kubernetes-int-or-string: true 1079 scheme: 1080 description: |- 1081 Scheme to use for connecting to the host. Defaults to HTTP. 1082 1083 Possible enum values: 1084 - `"HTTP"` means that the scheme used will be http:// 1085 - `"HTTPS"` means that the scheme used will be https:// 1086 enum: 1087 - HTTP 1088 - HTTPS 1089 type: string 1090 required: 1091 - port 1092 type: object 1093 initialDelaySeconds: 1094 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1095 format: int32 1096 type: integer 1097 periodSeconds: 1098 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 1099 format: int32 1100 type: integer 1101 successThreshold: 1102 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 1103 format: int32 1104 type: integer 1105 tcpSocket: 1106 description: TCPSocket specifies a connection to a TCP port. 1107 properties: 1108 host: 1109 description: "Optional: Host name to connect to, defaults to the pod IP." 1110 type: string 1111 port: 1112 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1113 format: int-or-string 1114 x-kubernetes-int-or-string: true 1115 required: 1116 - port 1117 type: object 1118 terminationGracePeriodSeconds: 1119 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 1120 format: int64 1121 type: integer 1122 timeoutSeconds: 1123 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1124 format: int32 1125 type: integer 1126 type: object 1127 name: 1128 description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. 1129 type: string 1130 ports: 1131 description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. 1132 items: 1133 properties: 1134 containerPort: 1135 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 1136 format: int32 1137 type: integer 1138 hostIP: 1139 description: What host IP to bind the external port to. 1140 type: string 1141 hostPort: 1142 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 1143 format: int32 1144 type: integer 1145 name: 1146 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 1147 type: string 1148 protocol: 1149 description: |- 1150 Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 1151 1152 Possible enum values: 1153 - `"SCTP"` is the SCTP protocol. 1154 - `"TCP"` is the TCP protocol. 1155 - `"UDP"` is the UDP protocol. 1156 enum: 1157 - SCTP 1158 - TCP 1159 - UDP 1160 type: string 1161 required: 1162 - containerPort 1163 type: object 1164 type: array 1165 readinessProbe: 1166 description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1167 properties: 1168 exec: 1169 description: Exec specifies a command to execute in the container. 1170 properties: 1171 command: 1172 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1173 items: 1174 type: string 1175 type: array 1176 type: object 1177 failureThreshold: 1178 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 1179 format: int32 1180 type: integer 1181 grpc: 1182 description: GRPC specifies a GRPC HealthCheckRequest. 1183 properties: 1184 port: 1185 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 1186 format: int32 1187 type: integer 1188 service: 1189 description: |- 1190 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1191 1192 If this is not specified, the default behavior is defined by gRPC. 1193 type: string 1194 required: 1195 - port 1196 type: object 1197 httpGet: 1198 description: HTTPGet specifies an HTTP GET request to perform. 1199 properties: 1200 host: 1201 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1202 type: string 1203 httpHeaders: 1204 description: Custom headers to set in the request. HTTP allows repeated headers. 1205 items: 1206 properties: 1207 name: 1208 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 1209 type: string 1210 value: 1211 description: The header field value 1212 type: string 1213 required: 1214 - name 1215 - value 1216 type: object 1217 type: array 1218 path: 1219 description: Path to access on the HTTP server. 1220 type: string 1221 port: 1222 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1223 format: int-or-string 1224 x-kubernetes-int-or-string: true 1225 scheme: 1226 description: |- 1227 Scheme to use for connecting to the host. Defaults to HTTP. 1228 1229 Possible enum values: 1230 - `"HTTP"` means that the scheme used will be http:// 1231 - `"HTTPS"` means that the scheme used will be https:// 1232 enum: 1233 - HTTP 1234 - HTTPS 1235 type: string 1236 required: 1237 - port 1238 type: object 1239 initialDelaySeconds: 1240 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1241 format: int32 1242 type: integer 1243 periodSeconds: 1244 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 1245 format: int32 1246 type: integer 1247 successThreshold: 1248 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 1249 format: int32 1250 type: integer 1251 tcpSocket: 1252 description: TCPSocket specifies a connection to a TCP port. 1253 properties: 1254 host: 1255 description: "Optional: Host name to connect to, defaults to the pod IP." 1256 type: string 1257 port: 1258 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1259 format: int-or-string 1260 x-kubernetes-int-or-string: true 1261 required: 1262 - port 1263 type: object 1264 terminationGracePeriodSeconds: 1265 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 1266 format: int64 1267 type: integer 1268 timeoutSeconds: 1269 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1270 format: int32 1271 type: integer 1272 type: object 1273 resizePolicy: 1274 description: Resources resize policy for the container. 1275 items: 1276 properties: 1277 resourceName: 1278 description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." 1279 type: string 1280 restartPolicy: 1281 description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. 1282 type: string 1283 required: 1284 - resourceName 1285 - restartPolicy 1286 type: object 1287 type: array 1288 resources: 1289 description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 1290 properties: 1291 claims: 1292 description: |- 1293 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 1294 1295 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 1296 1297 This field is immutable. It can only be set for containers. 1298 items: 1299 properties: 1300 name: 1301 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 1302 type: string 1303 request: 1304 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 1305 type: string 1306 required: 1307 - name 1308 type: object 1309 type: array 1310 limits: 1311 additionalProperties: 1312 type: string 1313 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 1314 type: object 1315 requests: 1316 additionalProperties: 1317 type: string 1318 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 1319 type: object 1320 type: object 1321 restartPolicy: 1322 description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed." 1323 type: string 1324 securityContext: 1325 description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" 1326 properties: 1327 allowPrivilegeEscalation: 1328 description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." 1329 type: boolean 1330 appArmorProfile: 1331 description: appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. 1332 properties: 1333 localhostProfile: 1334 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 1335 type: string 1336 type: 1337 description: |- 1338 type indicates which kind of AppArmor profile will be applied. Valid options are: 1339 Localhost - a profile pre-loaded on the node. 1340 RuntimeDefault - the container runtime's default profile. 1341 Unconfined - no AppArmor enforcement. 1342 1343 Possible enum values: 1344 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 1345 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 1346 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 1347 enum: 1348 - Localhost 1349 - RuntimeDefault 1350 - Unconfined 1351 type: string 1352 required: 1353 - type 1354 type: object 1355 capabilities: 1356 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. 1357 properties: 1358 add: 1359 description: Added capabilities 1360 items: 1361 type: string 1362 type: array 1363 drop: 1364 description: Removed capabilities 1365 items: 1366 type: string 1367 type: array 1368 type: object 1369 privileged: 1370 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. 1371 type: boolean 1372 procMount: 1373 description: |- 1374 procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. 1375 1376 Possible enum values: 1377 - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information. 1378 - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications. 1379 enum: 1380 - Default 1381 - Unmasked 1382 type: string 1383 readOnlyRootFilesystem: 1384 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. 1385 type: boolean 1386 runAsGroup: 1387 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 1388 format: int64 1389 type: integer 1390 runAsNonRoot: 1391 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 1392 type: boolean 1393 runAsUser: 1394 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 1395 format: int64 1396 type: integer 1397 seLinuxOptions: 1398 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 1399 properties: 1400 level: 1401 description: Level is SELinux level label that applies to the container. 1402 type: string 1403 role: 1404 description: Role is a SELinux role label that applies to the container. 1405 type: string 1406 type: 1407 description: Type is a SELinux type label that applies to the container. 1408 type: string 1409 user: 1410 description: User is a SELinux user label that applies to the container. 1411 type: string 1412 type: object 1413 seccompProfile: 1414 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. 1415 properties: 1416 localhostProfile: 1417 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 1418 type: string 1419 type: 1420 description: |- 1421 type indicates which kind of seccomp profile will be applied. Valid options are: 1422 1423 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 1424 1425 Possible enum values: 1426 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 1427 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 1428 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 1429 enum: 1430 - Localhost 1431 - RuntimeDefault 1432 - Unconfined 1433 type: string 1434 required: 1435 - type 1436 type: object 1437 windowsOptions: 1438 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 1439 properties: 1440 gmsaCredentialSpec: 1441 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 1442 type: string 1443 gmsaCredentialSpecName: 1444 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 1445 type: string 1446 hostProcess: 1447 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 1448 type: boolean 1449 runAsUserName: 1450 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 1451 type: string 1452 type: object 1453 type: object 1454 startupProbe: 1455 description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1456 properties: 1457 exec: 1458 description: Exec specifies a command to execute in the container. 1459 properties: 1460 command: 1461 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1462 items: 1463 type: string 1464 type: array 1465 type: object 1466 failureThreshold: 1467 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 1468 format: int32 1469 type: integer 1470 grpc: 1471 description: GRPC specifies a GRPC HealthCheckRequest. 1472 properties: 1473 port: 1474 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 1475 format: int32 1476 type: integer 1477 service: 1478 description: |- 1479 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 1480 1481 If this is not specified, the default behavior is defined by gRPC. 1482 type: string 1483 required: 1484 - port 1485 type: object 1486 httpGet: 1487 description: HTTPGet specifies an HTTP GET request to perform. 1488 properties: 1489 host: 1490 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1491 type: string 1492 httpHeaders: 1493 description: Custom headers to set in the request. HTTP allows repeated headers. 1494 items: 1495 properties: 1496 name: 1497 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 1498 type: string 1499 value: 1500 description: The header field value 1501 type: string 1502 required: 1503 - name 1504 - value 1505 type: object 1506 type: array 1507 path: 1508 description: Path to access on the HTTP server. 1509 type: string 1510 port: 1511 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1512 format: int-or-string 1513 x-kubernetes-int-or-string: true 1514 scheme: 1515 description: |- 1516 Scheme to use for connecting to the host. Defaults to HTTP. 1517 1518 Possible enum values: 1519 - `"HTTP"` means that the scheme used will be http:// 1520 - `"HTTPS"` means that the scheme used will be https:// 1521 enum: 1522 - HTTP 1523 - HTTPS 1524 type: string 1525 required: 1526 - port 1527 type: object 1528 initialDelaySeconds: 1529 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1530 format: int32 1531 type: integer 1532 periodSeconds: 1533 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 1534 format: int32 1535 type: integer 1536 successThreshold: 1537 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 1538 format: int32 1539 type: integer 1540 tcpSocket: 1541 description: TCPSocket specifies a connection to a TCP port. 1542 properties: 1543 host: 1544 description: "Optional: Host name to connect to, defaults to the pod IP." 1545 type: string 1546 port: 1547 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1548 format: int-or-string 1549 x-kubernetes-int-or-string: true 1550 required: 1551 - port 1552 type: object 1553 terminationGracePeriodSeconds: 1554 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 1555 format: int64 1556 type: integer 1557 timeoutSeconds: 1558 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 1559 format: int32 1560 type: integer 1561 type: object 1562 stdin: 1563 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 1564 type: boolean 1565 stdinOnce: 1566 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 1567 type: boolean 1568 terminationMessagePath: 1569 description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." 1570 type: string 1571 terminationMessagePolicy: 1572 description: |- 1573 Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 1574 1575 Possible enum values: 1576 - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents. 1577 - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits. 1578 enum: 1579 - FallbackToLogsOnError 1580 - File 1581 type: string 1582 tty: 1583 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 1584 type: boolean 1585 volumeDevices: 1586 description: volumeDevices is the list of block devices to be used by the container. 1587 items: 1588 properties: 1589 devicePath: 1590 description: devicePath is the path inside of the container that the device will be mapped to. 1591 type: string 1592 name: 1593 description: name must match the name of a persistentVolumeClaim in the pod 1594 type: string 1595 required: 1596 - name 1597 - devicePath 1598 type: object 1599 type: array 1600 volumeMounts: 1601 description: Pod volumes to mount into the container's filesystem. Cannot be updated. 1602 items: 1603 properties: 1604 mountPath: 1605 description: Path within the container at which the volume should be mounted. Must not contain ':'. 1606 type: string 1607 mountPropagation: 1608 description: |- 1609 mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). 1610 1611 Possible enum values: 1612 - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology). 1613 - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology). 1614 - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology. 1615 enum: 1616 - Bidirectional 1617 - HostToContainer 1618 - None 1619 type: string 1620 name: 1621 description: This must match the Name of a Volume. 1622 type: string 1623 readOnly: 1624 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 1625 type: boolean 1626 recursiveReadOnly: 1627 description: |- 1628 RecursiveReadOnly specifies whether read-only mounts should be handled recursively. 1629 1630 If ReadOnly is false, this field has no meaning and must be unspecified. 1631 1632 If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. 1633 1634 If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). 1635 1636 If this field is not specified, it is treated as an equivalent of Disabled. 1637 type: string 1638 subPath: 1639 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 1640 type: string 1641 subPathExpr: 1642 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 1643 type: string 1644 required: 1645 - name 1646 - mountPath 1647 type: object 1648 type: array 1649 workingDir: 1650 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 1651 type: string 1652 required: 1653 - name 1654 type: object 1655 type: array 1656 dnsConfig: 1657 description: Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. 1658 properties: 1659 nameservers: 1660 description: A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. 1661 items: 1662 type: string 1663 type: array 1664 options: 1665 description: A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. 1666 items: 1667 properties: 1668 name: 1669 description: Name is this DNS resolver option's name. Required. 1670 type: string 1671 value: 1672 description: Value is this DNS resolver option's value. 1673 type: string 1674 type: object 1675 type: array 1676 searches: 1677 description: A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. 1678 items: 1679 type: string 1680 type: array 1681 type: object 1682 dnsPolicy: 1683 description: |- 1684 Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. 1685 1686 Possible enum values: 1687 - `"ClusterFirst"` indicates that the pod should use cluster DNS first unless hostNetwork is true, if it is available, then fall back on the default (as determined by kubelet) DNS settings. 1688 - `"ClusterFirstWithHostNet"` indicates that the pod should use cluster DNS first, if it is available, then fall back on the default (as determined by kubelet) DNS settings. 1689 - `"Default"` indicates that the pod should use the default (as determined by kubelet) DNS settings. 1690 - `"None"` indicates that the pod should use empty DNS settings. DNS parameters such as nameservers and search paths should be defined via DNSConfig. 1691 enum: 1692 - ClusterFirst 1693 - ClusterFirstWithHostNet 1694 - Default 1695 - None 1696 type: string 1697 enableServiceLinks: 1698 description: "EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true." 1699 type: boolean 1700 ephemeralContainers: 1701 description: List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. 1702 items: 1703 properties: 1704 args: 1705 description: "Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 1706 items: 1707 type: string 1708 type: array 1709 command: 1710 description: "Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 1711 items: 1712 type: string 1713 type: array 1714 env: 1715 description: List of environment variables to set in the container. Cannot be updated. 1716 items: 1717 properties: 1718 name: 1719 description: Name of the environment variable. Must be a C_IDENTIFIER. 1720 type: string 1721 value: 1722 description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." 1723 type: string 1724 valueFrom: 1725 description: Source for the environment variable's value. Cannot be used if value is not empty. 1726 properties: 1727 configMapKeyRef: 1728 description: Selects a key of a ConfigMap. 1729 properties: 1730 key: 1731 description: The key to select. 1732 type: string 1733 name: 1734 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 1735 type: string 1736 optional: 1737 description: Specify whether the ConfigMap or its key must be defined 1738 type: boolean 1739 required: 1740 - key 1741 type: object 1742 x-kubernetes-map-type: atomic 1743 fieldRef: 1744 description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." 1745 properties: 1746 apiVersion: 1747 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 1748 type: string 1749 fieldPath: 1750 description: Path of the field to select in the specified API version. 1751 type: string 1752 required: 1753 - fieldPath 1754 type: object 1755 x-kubernetes-map-type: atomic 1756 resourceFieldRef: 1757 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." 1758 properties: 1759 containerName: 1760 description: "Container name: required for volumes, optional for env vars" 1761 type: string 1762 divisor: 1763 description: Specifies the output format of the exposed resources, defaults to "1" 1764 type: string 1765 resource: 1766 description: "Required: resource to select" 1767 type: string 1768 required: 1769 - resource 1770 type: object 1771 x-kubernetes-map-type: atomic 1772 secretKeyRef: 1773 description: Selects a key of a secret in the pod's namespace 1774 properties: 1775 key: 1776 description: The key of the secret to select from. Must be a valid secret key. 1777 type: string 1778 name: 1779 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 1780 type: string 1781 optional: 1782 description: Specify whether the Secret or its key must be defined 1783 type: boolean 1784 required: 1785 - key 1786 type: object 1787 x-kubernetes-map-type: atomic 1788 type: object 1789 required: 1790 - name 1791 type: object 1792 type: array 1793 envFrom: 1794 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 1795 items: 1796 properties: 1797 configMapRef: 1798 description: The ConfigMap to select from 1799 properties: 1800 name: 1801 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 1802 type: string 1803 optional: 1804 description: Specify whether the ConfigMap must be defined 1805 type: boolean 1806 type: object 1807 prefix: 1808 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 1809 type: string 1810 secretRef: 1811 description: The Secret to select from 1812 properties: 1813 name: 1814 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 1815 type: string 1816 optional: 1817 description: Specify whether the Secret must be defined 1818 type: boolean 1819 type: object 1820 type: object 1821 type: array 1822 image: 1823 description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images" 1824 type: string 1825 imagePullPolicy: 1826 description: |- 1827 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 1828 1829 Possible enum values: 1830 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 1831 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 1832 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 1833 enum: 1834 - Always 1835 - IfNotPresent 1836 - Never 1837 type: string 1838 lifecycle: 1839 description: Lifecycle is not allowed for ephemeral containers. 1840 properties: 1841 postStart: 1842 description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 1843 properties: 1844 exec: 1845 description: Exec specifies a command to execute in the container. 1846 properties: 1847 command: 1848 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1849 items: 1850 type: string 1851 type: array 1852 type: object 1853 httpGet: 1854 description: HTTPGet specifies an HTTP GET request to perform. 1855 properties: 1856 host: 1857 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1858 type: string 1859 httpHeaders: 1860 description: Custom headers to set in the request. HTTP allows repeated headers. 1861 items: 1862 properties: 1863 name: 1864 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 1865 type: string 1866 value: 1867 description: The header field value 1868 type: string 1869 required: 1870 - name 1871 - value 1872 type: object 1873 type: array 1874 path: 1875 description: Path to access on the HTTP server. 1876 type: string 1877 port: 1878 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1879 format: int-or-string 1880 x-kubernetes-int-or-string: true 1881 scheme: 1882 description: |- 1883 Scheme to use for connecting to the host. Defaults to HTTP. 1884 1885 Possible enum values: 1886 - `"HTTP"` means that the scheme used will be http:// 1887 - `"HTTPS"` means that the scheme used will be https:// 1888 enum: 1889 - HTTP 1890 - HTTPS 1891 type: string 1892 required: 1893 - port 1894 type: object 1895 sleep: 1896 description: Sleep represents a duration that the container should sleep. 1897 properties: 1898 seconds: 1899 description: Seconds is the number of seconds to sleep. 1900 format: int64 1901 type: integer 1902 required: 1903 - seconds 1904 type: object 1905 tcpSocket: 1906 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 1907 properties: 1908 host: 1909 description: "Optional: Host name to connect to, defaults to the pod IP." 1910 type: string 1911 port: 1912 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1913 format: int-or-string 1914 x-kubernetes-int-or-string: true 1915 required: 1916 - port 1917 type: object 1918 type: object 1919 preStop: 1920 description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 1921 properties: 1922 exec: 1923 description: Exec specifies a command to execute in the container. 1924 properties: 1925 command: 1926 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 1927 items: 1928 type: string 1929 type: array 1930 type: object 1931 httpGet: 1932 description: HTTPGet specifies an HTTP GET request to perform. 1933 properties: 1934 host: 1935 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 1936 type: string 1937 httpHeaders: 1938 description: Custom headers to set in the request. HTTP allows repeated headers. 1939 items: 1940 properties: 1941 name: 1942 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 1943 type: string 1944 value: 1945 description: The header field value 1946 type: string 1947 required: 1948 - name 1949 - value 1950 type: object 1951 type: array 1952 path: 1953 description: Path to access on the HTTP server. 1954 type: string 1955 port: 1956 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1957 format: int-or-string 1958 x-kubernetes-int-or-string: true 1959 scheme: 1960 description: |- 1961 Scheme to use for connecting to the host. Defaults to HTTP. 1962 1963 Possible enum values: 1964 - `"HTTP"` means that the scheme used will be http:// 1965 - `"HTTPS"` means that the scheme used will be https:// 1966 enum: 1967 - HTTP 1968 - HTTPS 1969 type: string 1970 required: 1971 - port 1972 type: object 1973 sleep: 1974 description: Sleep represents a duration that the container should sleep. 1975 properties: 1976 seconds: 1977 description: Seconds is the number of seconds to sleep. 1978 format: int64 1979 type: integer 1980 required: 1981 - seconds 1982 type: object 1983 tcpSocket: 1984 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 1985 properties: 1986 host: 1987 description: "Optional: Host name to connect to, defaults to the pod IP." 1988 type: string 1989 port: 1990 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 1991 format: int-or-string 1992 x-kubernetes-int-or-string: true 1993 required: 1994 - port 1995 type: object 1996 type: object 1997 type: object 1998 livenessProbe: 1999 description: Probes are not allowed for ephemeral containers. 2000 properties: 2001 exec: 2002 description: Exec specifies a command to execute in the container. 2003 properties: 2004 command: 2005 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2006 items: 2007 type: string 2008 type: array 2009 type: object 2010 failureThreshold: 2011 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 2012 format: int32 2013 type: integer 2014 grpc: 2015 description: GRPC specifies a GRPC HealthCheckRequest. 2016 properties: 2017 port: 2018 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 2019 format: int32 2020 type: integer 2021 service: 2022 description: |- 2023 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2024 2025 If this is not specified, the default behavior is defined by gRPC. 2026 type: string 2027 required: 2028 - port 2029 type: object 2030 httpGet: 2031 description: HTTPGet specifies an HTTP GET request to perform. 2032 properties: 2033 host: 2034 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2035 type: string 2036 httpHeaders: 2037 description: Custom headers to set in the request. HTTP allows repeated headers. 2038 items: 2039 properties: 2040 name: 2041 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 2042 type: string 2043 value: 2044 description: The header field value 2045 type: string 2046 required: 2047 - name 2048 - value 2049 type: object 2050 type: array 2051 path: 2052 description: Path to access on the HTTP server. 2053 type: string 2054 port: 2055 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2056 format: int-or-string 2057 x-kubernetes-int-or-string: true 2058 scheme: 2059 description: |- 2060 Scheme to use for connecting to the host. Defaults to HTTP. 2061 2062 Possible enum values: 2063 - `"HTTP"` means that the scheme used will be http:// 2064 - `"HTTPS"` means that the scheme used will be https:// 2065 enum: 2066 - HTTP 2067 - HTTPS 2068 type: string 2069 required: 2070 - port 2071 type: object 2072 initialDelaySeconds: 2073 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2074 format: int32 2075 type: integer 2076 periodSeconds: 2077 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 2078 format: int32 2079 type: integer 2080 successThreshold: 2081 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 2082 format: int32 2083 type: integer 2084 tcpSocket: 2085 description: TCPSocket specifies a connection to a TCP port. 2086 properties: 2087 host: 2088 description: "Optional: Host name to connect to, defaults to the pod IP." 2089 type: string 2090 port: 2091 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2092 format: int-or-string 2093 x-kubernetes-int-or-string: true 2094 required: 2095 - port 2096 type: object 2097 terminationGracePeriodSeconds: 2098 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 2099 format: int64 2100 type: integer 2101 timeoutSeconds: 2102 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2103 format: int32 2104 type: integer 2105 type: object 2106 name: 2107 description: Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers. 2108 type: string 2109 ports: 2110 description: Ports are not allowed for ephemeral containers. 2111 items: 2112 properties: 2113 containerPort: 2114 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 2115 format: int32 2116 type: integer 2117 hostIP: 2118 description: What host IP to bind the external port to. 2119 type: string 2120 hostPort: 2121 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 2122 format: int32 2123 type: integer 2124 name: 2125 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 2126 type: string 2127 protocol: 2128 description: |- 2129 Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 2130 2131 Possible enum values: 2132 - `"SCTP"` is the SCTP protocol. 2133 - `"TCP"` is the TCP protocol. 2134 - `"UDP"` is the UDP protocol. 2135 enum: 2136 - SCTP 2137 - TCP 2138 - UDP 2139 type: string 2140 required: 2141 - containerPort 2142 type: object 2143 type: array 2144 readinessProbe: 2145 description: Probes are not allowed for ephemeral containers. 2146 properties: 2147 exec: 2148 description: Exec specifies a command to execute in the container. 2149 properties: 2150 command: 2151 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2152 items: 2153 type: string 2154 type: array 2155 type: object 2156 failureThreshold: 2157 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 2158 format: int32 2159 type: integer 2160 grpc: 2161 description: GRPC specifies a GRPC HealthCheckRequest. 2162 properties: 2163 port: 2164 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 2165 format: int32 2166 type: integer 2167 service: 2168 description: |- 2169 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2170 2171 If this is not specified, the default behavior is defined by gRPC. 2172 type: string 2173 required: 2174 - port 2175 type: object 2176 httpGet: 2177 description: HTTPGet specifies an HTTP GET request to perform. 2178 properties: 2179 host: 2180 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2181 type: string 2182 httpHeaders: 2183 description: Custom headers to set in the request. HTTP allows repeated headers. 2184 items: 2185 properties: 2186 name: 2187 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 2188 type: string 2189 value: 2190 description: The header field value 2191 type: string 2192 required: 2193 - name 2194 - value 2195 type: object 2196 type: array 2197 path: 2198 description: Path to access on the HTTP server. 2199 type: string 2200 port: 2201 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2202 format: int-or-string 2203 x-kubernetes-int-or-string: true 2204 scheme: 2205 description: |- 2206 Scheme to use for connecting to the host. Defaults to HTTP. 2207 2208 Possible enum values: 2209 - `"HTTP"` means that the scheme used will be http:// 2210 - `"HTTPS"` means that the scheme used will be https:// 2211 enum: 2212 - HTTP 2213 - HTTPS 2214 type: string 2215 required: 2216 - port 2217 type: object 2218 initialDelaySeconds: 2219 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2220 format: int32 2221 type: integer 2222 periodSeconds: 2223 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 2224 format: int32 2225 type: integer 2226 successThreshold: 2227 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 2228 format: int32 2229 type: integer 2230 tcpSocket: 2231 description: TCPSocket specifies a connection to a TCP port. 2232 properties: 2233 host: 2234 description: "Optional: Host name to connect to, defaults to the pod IP." 2235 type: string 2236 port: 2237 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2238 format: int-or-string 2239 x-kubernetes-int-or-string: true 2240 required: 2241 - port 2242 type: object 2243 terminationGracePeriodSeconds: 2244 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 2245 format: int64 2246 type: integer 2247 timeoutSeconds: 2248 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2249 format: int32 2250 type: integer 2251 type: object 2252 resizePolicy: 2253 description: Resources resize policy for the container. 2254 items: 2255 properties: 2256 resourceName: 2257 description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." 2258 type: string 2259 restartPolicy: 2260 description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. 2261 type: string 2262 required: 2263 - resourceName 2264 - restartPolicy 2265 type: object 2266 type: array 2267 resources: 2268 description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod. 2269 properties: 2270 claims: 2271 description: |- 2272 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 2273 2274 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 2275 2276 This field is immutable. It can only be set for containers. 2277 items: 2278 properties: 2279 name: 2280 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 2281 type: string 2282 request: 2283 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 2284 type: string 2285 required: 2286 - name 2287 type: object 2288 type: array 2289 limits: 2290 additionalProperties: 2291 type: string 2292 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 2293 type: object 2294 requests: 2295 additionalProperties: 2296 type: string 2297 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 2298 type: object 2299 type: object 2300 restartPolicy: 2301 description: Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers. 2302 type: string 2303 securityContext: 2304 description: "Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext." 2305 properties: 2306 allowPrivilegeEscalation: 2307 description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." 2308 type: boolean 2309 appArmorProfile: 2310 description: appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. 2311 properties: 2312 localhostProfile: 2313 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 2314 type: string 2315 type: 2316 description: |- 2317 type indicates which kind of AppArmor profile will be applied. Valid options are: 2318 Localhost - a profile pre-loaded on the node. 2319 RuntimeDefault - the container runtime's default profile. 2320 Unconfined - no AppArmor enforcement. 2321 2322 Possible enum values: 2323 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 2324 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 2325 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 2326 enum: 2327 - Localhost 2328 - RuntimeDefault 2329 - Unconfined 2330 type: string 2331 required: 2332 - type 2333 type: object 2334 capabilities: 2335 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. 2336 properties: 2337 add: 2338 description: Added capabilities 2339 items: 2340 type: string 2341 type: array 2342 drop: 2343 description: Removed capabilities 2344 items: 2345 type: string 2346 type: array 2347 type: object 2348 privileged: 2349 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. 2350 type: boolean 2351 procMount: 2352 description: |- 2353 procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. 2354 2355 Possible enum values: 2356 - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information. 2357 - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications. 2358 enum: 2359 - Default 2360 - Unmasked 2361 type: string 2362 readOnlyRootFilesystem: 2363 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. 2364 type: boolean 2365 runAsGroup: 2366 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 2367 format: int64 2368 type: integer 2369 runAsNonRoot: 2370 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 2371 type: boolean 2372 runAsUser: 2373 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 2374 format: int64 2375 type: integer 2376 seLinuxOptions: 2377 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 2378 properties: 2379 level: 2380 description: Level is SELinux level label that applies to the container. 2381 type: string 2382 role: 2383 description: Role is a SELinux role label that applies to the container. 2384 type: string 2385 type: 2386 description: Type is a SELinux type label that applies to the container. 2387 type: string 2388 user: 2389 description: User is a SELinux user label that applies to the container. 2390 type: string 2391 type: object 2392 seccompProfile: 2393 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. 2394 properties: 2395 localhostProfile: 2396 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 2397 type: string 2398 type: 2399 description: |- 2400 type indicates which kind of seccomp profile will be applied. Valid options are: 2401 2402 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 2403 2404 Possible enum values: 2405 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 2406 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 2407 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 2408 enum: 2409 - Localhost 2410 - RuntimeDefault 2411 - Unconfined 2412 type: string 2413 required: 2414 - type 2415 type: object 2416 windowsOptions: 2417 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 2418 properties: 2419 gmsaCredentialSpec: 2420 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 2421 type: string 2422 gmsaCredentialSpecName: 2423 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 2424 type: string 2425 hostProcess: 2426 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 2427 type: boolean 2428 runAsUserName: 2429 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 2430 type: string 2431 type: object 2432 type: object 2433 startupProbe: 2434 description: Probes are not allowed for ephemeral containers. 2435 properties: 2436 exec: 2437 description: Exec specifies a command to execute in the container. 2438 properties: 2439 command: 2440 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2441 items: 2442 type: string 2443 type: array 2444 type: object 2445 failureThreshold: 2446 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 2447 format: int32 2448 type: integer 2449 grpc: 2450 description: GRPC specifies a GRPC HealthCheckRequest. 2451 properties: 2452 port: 2453 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 2454 format: int32 2455 type: integer 2456 service: 2457 description: |- 2458 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 2459 2460 If this is not specified, the default behavior is defined by gRPC. 2461 type: string 2462 required: 2463 - port 2464 type: object 2465 httpGet: 2466 description: HTTPGet specifies an HTTP GET request to perform. 2467 properties: 2468 host: 2469 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2470 type: string 2471 httpHeaders: 2472 description: Custom headers to set in the request. HTTP allows repeated headers. 2473 items: 2474 properties: 2475 name: 2476 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 2477 type: string 2478 value: 2479 description: The header field value 2480 type: string 2481 required: 2482 - name 2483 - value 2484 type: object 2485 type: array 2486 path: 2487 description: Path to access on the HTTP server. 2488 type: string 2489 port: 2490 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2491 format: int-or-string 2492 x-kubernetes-int-or-string: true 2493 scheme: 2494 description: |- 2495 Scheme to use for connecting to the host. Defaults to HTTP. 2496 2497 Possible enum values: 2498 - `"HTTP"` means that the scheme used will be http:// 2499 - `"HTTPS"` means that the scheme used will be https:// 2500 enum: 2501 - HTTP 2502 - HTTPS 2503 type: string 2504 required: 2505 - port 2506 type: object 2507 initialDelaySeconds: 2508 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2509 format: int32 2510 type: integer 2511 periodSeconds: 2512 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 2513 format: int32 2514 type: integer 2515 successThreshold: 2516 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 2517 format: int32 2518 type: integer 2519 tcpSocket: 2520 description: TCPSocket specifies a connection to a TCP port. 2521 properties: 2522 host: 2523 description: "Optional: Host name to connect to, defaults to the pod IP." 2524 type: string 2525 port: 2526 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2527 format: int-or-string 2528 x-kubernetes-int-or-string: true 2529 required: 2530 - port 2531 type: object 2532 terminationGracePeriodSeconds: 2533 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 2534 format: int64 2535 type: integer 2536 timeoutSeconds: 2537 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2538 format: int32 2539 type: integer 2540 type: object 2541 stdin: 2542 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 2543 type: boolean 2544 stdinOnce: 2545 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 2546 type: boolean 2547 targetContainerName: 2548 description: |- 2549 If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container uses the namespaces configured in the Pod spec. 2550 2551 The container runtime must implement support for this feature. If the runtime does not support namespace targeting then the result of setting this field is undefined. 2552 type: string 2553 terminationMessagePath: 2554 description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." 2555 type: string 2556 terminationMessagePolicy: 2557 description: |- 2558 Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 2559 2560 Possible enum values: 2561 - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents. 2562 - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits. 2563 enum: 2564 - FallbackToLogsOnError 2565 - File 2566 type: string 2567 tty: 2568 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 2569 type: boolean 2570 volumeDevices: 2571 description: volumeDevices is the list of block devices to be used by the container. 2572 items: 2573 properties: 2574 devicePath: 2575 description: devicePath is the path inside of the container that the device will be mapped to. 2576 type: string 2577 name: 2578 description: name must match the name of a persistentVolumeClaim in the pod 2579 type: string 2580 required: 2581 - name 2582 - devicePath 2583 type: object 2584 type: array 2585 volumeMounts: 2586 description: Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated. 2587 items: 2588 properties: 2589 mountPath: 2590 description: Path within the container at which the volume should be mounted. Must not contain ':'. 2591 type: string 2592 mountPropagation: 2593 description: |- 2594 mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). 2595 2596 Possible enum values: 2597 - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology). 2598 - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology). 2599 - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology. 2600 enum: 2601 - Bidirectional 2602 - HostToContainer 2603 - None 2604 type: string 2605 name: 2606 description: This must match the Name of a Volume. 2607 type: string 2608 readOnly: 2609 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 2610 type: boolean 2611 recursiveReadOnly: 2612 description: |- 2613 RecursiveReadOnly specifies whether read-only mounts should be handled recursively. 2614 2615 If ReadOnly is false, this field has no meaning and must be unspecified. 2616 2617 If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. 2618 2619 If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). 2620 2621 If this field is not specified, it is treated as an equivalent of Disabled. 2622 type: string 2623 subPath: 2624 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 2625 type: string 2626 subPathExpr: 2627 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 2628 type: string 2629 required: 2630 - name 2631 - mountPath 2632 type: object 2633 type: array 2634 workingDir: 2635 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 2636 type: string 2637 required: 2638 - name 2639 type: object 2640 type: array 2641 hostAliases: 2642 description: HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. 2643 items: 2644 properties: 2645 hostnames: 2646 description: Hostnames for the above IP address. 2647 items: 2648 type: string 2649 type: array 2650 ip: 2651 description: IP address of the host file entry. 2652 type: string 2653 required: 2654 - ip 2655 type: object 2656 type: array 2657 hostIPC: 2658 description: "Use the host's ipc namespace. Optional: Default to false." 2659 type: boolean 2660 hostNetwork: 2661 description: Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. 2662 type: boolean 2663 hostPID: 2664 description: "Use the host's pid namespace. Optional: Default to false." 2665 type: boolean 2666 hostUsers: 2667 description: "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature." 2668 type: boolean 2669 hostname: 2670 description: Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value. 2671 type: string 2672 imagePullSecrets: 2673 description: "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod" 2674 items: 2675 properties: 2676 name: 2677 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 2678 type: string 2679 type: object 2680 x-kubernetes-map-type: atomic 2681 type: array 2682 initContainers: 2683 description: "List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/" 2684 items: 2685 properties: 2686 args: 2687 description: "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 2688 items: 2689 type: string 2690 type: array 2691 command: 2692 description: "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" 2693 items: 2694 type: string 2695 type: array 2696 env: 2697 description: List of environment variables to set in the container. Cannot be updated. 2698 items: 2699 properties: 2700 name: 2701 description: Name of the environment variable. Must be a C_IDENTIFIER. 2702 type: string 2703 value: 2704 description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." 2705 type: string 2706 valueFrom: 2707 description: Source for the environment variable's value. Cannot be used if value is not empty. 2708 properties: 2709 configMapKeyRef: 2710 description: Selects a key of a ConfigMap. 2711 properties: 2712 key: 2713 description: The key to select. 2714 type: string 2715 name: 2716 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 2717 type: string 2718 optional: 2719 description: Specify whether the ConfigMap or its key must be defined 2720 type: boolean 2721 required: 2722 - key 2723 type: object 2724 x-kubernetes-map-type: atomic 2725 fieldRef: 2726 description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." 2727 properties: 2728 apiVersion: 2729 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 2730 type: string 2731 fieldPath: 2732 description: Path of the field to select in the specified API version. 2733 type: string 2734 required: 2735 - fieldPath 2736 type: object 2737 x-kubernetes-map-type: atomic 2738 resourceFieldRef: 2739 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." 2740 properties: 2741 containerName: 2742 description: "Container name: required for volumes, optional for env vars" 2743 type: string 2744 divisor: 2745 description: Specifies the output format of the exposed resources, defaults to "1" 2746 type: string 2747 resource: 2748 description: "Required: resource to select" 2749 type: string 2750 required: 2751 - resource 2752 type: object 2753 x-kubernetes-map-type: atomic 2754 secretKeyRef: 2755 description: Selects a key of a secret in the pod's namespace 2756 properties: 2757 key: 2758 description: The key of the secret to select from. Must be a valid secret key. 2759 type: string 2760 name: 2761 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 2762 type: string 2763 optional: 2764 description: Specify whether the Secret or its key must be defined 2765 type: boolean 2766 required: 2767 - key 2768 type: object 2769 x-kubernetes-map-type: atomic 2770 type: object 2771 required: 2772 - name 2773 type: object 2774 type: array 2775 envFrom: 2776 description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. 2777 items: 2778 properties: 2779 configMapRef: 2780 description: The ConfigMap to select from 2781 properties: 2782 name: 2783 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 2784 type: string 2785 optional: 2786 description: Specify whether the ConfigMap must be defined 2787 type: boolean 2788 type: object 2789 prefix: 2790 description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. 2791 type: string 2792 secretRef: 2793 description: The Secret to select from 2794 properties: 2795 name: 2796 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 2797 type: string 2798 optional: 2799 description: Specify whether the Secret must be defined 2800 type: boolean 2801 type: object 2802 type: object 2803 type: array 2804 image: 2805 description: "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." 2806 type: string 2807 imagePullPolicy: 2808 description: |- 2809 Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images 2810 2811 Possible enum values: 2812 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 2813 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 2814 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 2815 enum: 2816 - Always 2817 - IfNotPresent 2818 - Never 2819 type: string 2820 lifecycle: 2821 description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. 2822 properties: 2823 postStart: 2824 description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 2825 properties: 2826 exec: 2827 description: Exec specifies a command to execute in the container. 2828 properties: 2829 command: 2830 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2831 items: 2832 type: string 2833 type: array 2834 type: object 2835 httpGet: 2836 description: HTTPGet specifies an HTTP GET request to perform. 2837 properties: 2838 host: 2839 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2840 type: string 2841 httpHeaders: 2842 description: Custom headers to set in the request. HTTP allows repeated headers. 2843 items: 2844 properties: 2845 name: 2846 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 2847 type: string 2848 value: 2849 description: The header field value 2850 type: string 2851 required: 2852 - name 2853 - value 2854 type: object 2855 type: array 2856 path: 2857 description: Path to access on the HTTP server. 2858 type: string 2859 port: 2860 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2861 format: int-or-string 2862 x-kubernetes-int-or-string: true 2863 scheme: 2864 description: |- 2865 Scheme to use for connecting to the host. Defaults to HTTP. 2866 2867 Possible enum values: 2868 - `"HTTP"` means that the scheme used will be http:// 2869 - `"HTTPS"` means that the scheme used will be https:// 2870 enum: 2871 - HTTP 2872 - HTTPS 2873 type: string 2874 required: 2875 - port 2876 type: object 2877 sleep: 2878 description: Sleep represents a duration that the container should sleep. 2879 properties: 2880 seconds: 2881 description: Seconds is the number of seconds to sleep. 2882 format: int64 2883 type: integer 2884 required: 2885 - seconds 2886 type: object 2887 tcpSocket: 2888 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 2889 properties: 2890 host: 2891 description: "Optional: Host name to connect to, defaults to the pod IP." 2892 type: string 2893 port: 2894 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2895 format: int-or-string 2896 x-kubernetes-int-or-string: true 2897 required: 2898 - port 2899 type: object 2900 type: object 2901 preStop: 2902 description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" 2903 properties: 2904 exec: 2905 description: Exec specifies a command to execute in the container. 2906 properties: 2907 command: 2908 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2909 items: 2910 type: string 2911 type: array 2912 type: object 2913 httpGet: 2914 description: HTTPGet specifies an HTTP GET request to perform. 2915 properties: 2916 host: 2917 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 2918 type: string 2919 httpHeaders: 2920 description: Custom headers to set in the request. HTTP allows repeated headers. 2921 items: 2922 properties: 2923 name: 2924 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 2925 type: string 2926 value: 2927 description: The header field value 2928 type: string 2929 required: 2930 - name 2931 - value 2932 type: object 2933 type: array 2934 path: 2935 description: Path to access on the HTTP server. 2936 type: string 2937 port: 2938 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2939 format: int-or-string 2940 x-kubernetes-int-or-string: true 2941 scheme: 2942 description: |- 2943 Scheme to use for connecting to the host. Defaults to HTTP. 2944 2945 Possible enum values: 2946 - `"HTTP"` means that the scheme used will be http:// 2947 - `"HTTPS"` means that the scheme used will be https:// 2948 enum: 2949 - HTTP 2950 - HTTPS 2951 type: string 2952 required: 2953 - port 2954 type: object 2955 sleep: 2956 description: Sleep represents a duration that the container should sleep. 2957 properties: 2958 seconds: 2959 description: Seconds is the number of seconds to sleep. 2960 format: int64 2961 type: integer 2962 required: 2963 - seconds 2964 type: object 2965 tcpSocket: 2966 description: Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified. 2967 properties: 2968 host: 2969 description: "Optional: Host name to connect to, defaults to the pod IP." 2970 type: string 2971 port: 2972 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 2973 format: int-or-string 2974 x-kubernetes-int-or-string: true 2975 required: 2976 - port 2977 type: object 2978 type: object 2979 type: object 2980 livenessProbe: 2981 description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 2982 properties: 2983 exec: 2984 description: Exec specifies a command to execute in the container. 2985 properties: 2986 command: 2987 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 2988 items: 2989 type: string 2990 type: array 2991 type: object 2992 failureThreshold: 2993 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 2994 format: int32 2995 type: integer 2996 grpc: 2997 description: GRPC specifies a GRPC HealthCheckRequest. 2998 properties: 2999 port: 3000 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 3001 format: int32 3002 type: integer 3003 service: 3004 description: |- 3005 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3006 3007 If this is not specified, the default behavior is defined by gRPC. 3008 type: string 3009 required: 3010 - port 3011 type: object 3012 httpGet: 3013 description: HTTPGet specifies an HTTP GET request to perform. 3014 properties: 3015 host: 3016 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 3017 type: string 3018 httpHeaders: 3019 description: Custom headers to set in the request. HTTP allows repeated headers. 3020 items: 3021 properties: 3022 name: 3023 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 3024 type: string 3025 value: 3026 description: The header field value 3027 type: string 3028 required: 3029 - name 3030 - value 3031 type: object 3032 type: array 3033 path: 3034 description: Path to access on the HTTP server. 3035 type: string 3036 port: 3037 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3038 format: int-or-string 3039 x-kubernetes-int-or-string: true 3040 scheme: 3041 description: |- 3042 Scheme to use for connecting to the host. Defaults to HTTP. 3043 3044 Possible enum values: 3045 - `"HTTP"` means that the scheme used will be http:// 3046 - `"HTTPS"` means that the scheme used will be https:// 3047 enum: 3048 - HTTP 3049 - HTTPS 3050 type: string 3051 required: 3052 - port 3053 type: object 3054 initialDelaySeconds: 3055 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3056 format: int32 3057 type: integer 3058 periodSeconds: 3059 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 3060 format: int32 3061 type: integer 3062 successThreshold: 3063 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 3064 format: int32 3065 type: integer 3066 tcpSocket: 3067 description: TCPSocket specifies a connection to a TCP port. 3068 properties: 3069 host: 3070 description: "Optional: Host name to connect to, defaults to the pod IP." 3071 type: string 3072 port: 3073 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3074 format: int-or-string 3075 x-kubernetes-int-or-string: true 3076 required: 3077 - port 3078 type: object 3079 terminationGracePeriodSeconds: 3080 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 3081 format: int64 3082 type: integer 3083 timeoutSeconds: 3084 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3085 format: int32 3086 type: integer 3087 type: object 3088 name: 3089 description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. 3090 type: string 3091 ports: 3092 description: List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. 3093 items: 3094 properties: 3095 containerPort: 3096 description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. 3097 format: int32 3098 type: integer 3099 hostIP: 3100 description: What host IP to bind the external port to. 3101 type: string 3102 hostPort: 3103 description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. 3104 format: int32 3105 type: integer 3106 name: 3107 description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. 3108 type: string 3109 protocol: 3110 description: |- 3111 Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". 3112 3113 Possible enum values: 3114 - `"SCTP"` is the SCTP protocol. 3115 - `"TCP"` is the TCP protocol. 3116 - `"UDP"` is the UDP protocol. 3117 enum: 3118 - SCTP 3119 - TCP 3120 - UDP 3121 type: string 3122 required: 3123 - containerPort 3124 type: object 3125 type: array 3126 readinessProbe: 3127 description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3128 properties: 3129 exec: 3130 description: Exec specifies a command to execute in the container. 3131 properties: 3132 command: 3133 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3134 items: 3135 type: string 3136 type: array 3137 type: object 3138 failureThreshold: 3139 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 3140 format: int32 3141 type: integer 3142 grpc: 3143 description: GRPC specifies a GRPC HealthCheckRequest. 3144 properties: 3145 port: 3146 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 3147 format: int32 3148 type: integer 3149 service: 3150 description: |- 3151 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3152 3153 If this is not specified, the default behavior is defined by gRPC. 3154 type: string 3155 required: 3156 - port 3157 type: object 3158 httpGet: 3159 description: HTTPGet specifies an HTTP GET request to perform. 3160 properties: 3161 host: 3162 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 3163 type: string 3164 httpHeaders: 3165 description: Custom headers to set in the request. HTTP allows repeated headers. 3166 items: 3167 properties: 3168 name: 3169 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 3170 type: string 3171 value: 3172 description: The header field value 3173 type: string 3174 required: 3175 - name 3176 - value 3177 type: object 3178 type: array 3179 path: 3180 description: Path to access on the HTTP server. 3181 type: string 3182 port: 3183 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3184 format: int-or-string 3185 x-kubernetes-int-or-string: true 3186 scheme: 3187 description: |- 3188 Scheme to use for connecting to the host. Defaults to HTTP. 3189 3190 Possible enum values: 3191 - `"HTTP"` means that the scheme used will be http:// 3192 - `"HTTPS"` means that the scheme used will be https:// 3193 enum: 3194 - HTTP 3195 - HTTPS 3196 type: string 3197 required: 3198 - port 3199 type: object 3200 initialDelaySeconds: 3201 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3202 format: int32 3203 type: integer 3204 periodSeconds: 3205 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 3206 format: int32 3207 type: integer 3208 successThreshold: 3209 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 3210 format: int32 3211 type: integer 3212 tcpSocket: 3213 description: TCPSocket specifies a connection to a TCP port. 3214 properties: 3215 host: 3216 description: "Optional: Host name to connect to, defaults to the pod IP." 3217 type: string 3218 port: 3219 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3220 format: int-or-string 3221 x-kubernetes-int-or-string: true 3222 required: 3223 - port 3224 type: object 3225 terminationGracePeriodSeconds: 3226 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 3227 format: int64 3228 type: integer 3229 timeoutSeconds: 3230 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3231 format: int32 3232 type: integer 3233 type: object 3234 resizePolicy: 3235 description: Resources resize policy for the container. 3236 items: 3237 properties: 3238 resourceName: 3239 description: "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory." 3240 type: string 3241 restartPolicy: 3242 description: Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. 3243 type: string 3244 required: 3245 - resourceName 3246 - restartPolicy 3247 type: object 3248 type: array 3249 resources: 3250 description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 3251 properties: 3252 claims: 3253 description: |- 3254 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 3255 3256 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 3257 3258 This field is immutable. It can only be set for containers. 3259 items: 3260 properties: 3261 name: 3262 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 3263 type: string 3264 request: 3265 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 3266 type: string 3267 required: 3268 - name 3269 type: object 3270 type: array 3271 limits: 3272 additionalProperties: 3273 type: string 3274 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 3275 type: object 3276 requests: 3277 additionalProperties: 3278 type: string 3279 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 3280 type: object 3281 type: object 3282 restartPolicy: 3283 description: "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed." 3284 type: string 3285 securityContext: 3286 description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" 3287 properties: 3288 allowPrivilegeEscalation: 3289 description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows." 3290 type: boolean 3291 appArmorProfile: 3292 description: appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows. 3293 properties: 3294 localhostProfile: 3295 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 3296 type: string 3297 type: 3298 description: |- 3299 type indicates which kind of AppArmor profile will be applied. Valid options are: 3300 Localhost - a profile pre-loaded on the node. 3301 RuntimeDefault - the container runtime's default profile. 3302 Unconfined - no AppArmor enforcement. 3303 3304 Possible enum values: 3305 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 3306 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 3307 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 3308 enum: 3309 - Localhost 3310 - RuntimeDefault 3311 - Unconfined 3312 type: string 3313 required: 3314 - type 3315 type: object 3316 capabilities: 3317 description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. 3318 properties: 3319 add: 3320 description: Added capabilities 3321 items: 3322 type: string 3323 type: array 3324 drop: 3325 description: Removed capabilities 3326 items: 3327 type: string 3328 type: array 3329 type: object 3330 privileged: 3331 description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. 3332 type: boolean 3333 procMount: 3334 description: |- 3335 procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. 3336 3337 Possible enum values: 3338 - `"Default"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information. 3339 - `"Unmasked"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications. 3340 enum: 3341 - Default 3342 - Unmasked 3343 type: string 3344 readOnlyRootFilesystem: 3345 description: Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. 3346 type: boolean 3347 runAsGroup: 3348 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 3349 format: int64 3350 type: integer 3351 runAsNonRoot: 3352 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3353 type: boolean 3354 runAsUser: 3355 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 3356 format: int64 3357 type: integer 3358 seLinuxOptions: 3359 description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. 3360 properties: 3361 level: 3362 description: Level is SELinux level label that applies to the container. 3363 type: string 3364 role: 3365 description: Role is a SELinux role label that applies to the container. 3366 type: string 3367 type: 3368 description: Type is a SELinux type label that applies to the container. 3369 type: string 3370 user: 3371 description: User is a SELinux user label that applies to the container. 3372 type: string 3373 type: object 3374 seccompProfile: 3375 description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. 3376 properties: 3377 localhostProfile: 3378 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 3379 type: string 3380 type: 3381 description: |- 3382 type indicates which kind of seccomp profile will be applied. Valid options are: 3383 3384 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 3385 3386 Possible enum values: 3387 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 3388 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 3389 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 3390 enum: 3391 - Localhost 3392 - RuntimeDefault 3393 - Unconfined 3394 type: string 3395 required: 3396 - type 3397 type: object 3398 windowsOptions: 3399 description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 3400 properties: 3401 gmsaCredentialSpec: 3402 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 3403 type: string 3404 gmsaCredentialSpecName: 3405 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 3406 type: string 3407 hostProcess: 3408 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 3409 type: boolean 3410 runAsUserName: 3411 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3412 type: string 3413 type: object 3414 type: object 3415 startupProbe: 3416 description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3417 properties: 3418 exec: 3419 description: Exec specifies a command to execute in the container. 3420 properties: 3421 command: 3422 description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. 3423 items: 3424 type: string 3425 type: array 3426 type: object 3427 failureThreshold: 3428 description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. 3429 format: int32 3430 type: integer 3431 grpc: 3432 description: GRPC specifies a GRPC HealthCheckRequest. 3433 properties: 3434 port: 3435 description: Port number of the gRPC service. Number must be in the range 1 to 65535. 3436 format: int32 3437 type: integer 3438 service: 3439 description: |- 3440 Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). 3441 3442 If this is not specified, the default behavior is defined by gRPC. 3443 type: string 3444 required: 3445 - port 3446 type: object 3447 httpGet: 3448 description: HTTPGet specifies an HTTP GET request to perform. 3449 properties: 3450 host: 3451 description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. 3452 type: string 3453 httpHeaders: 3454 description: Custom headers to set in the request. HTTP allows repeated headers. 3455 items: 3456 properties: 3457 name: 3458 description: The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header. 3459 type: string 3460 value: 3461 description: The header field value 3462 type: string 3463 required: 3464 - name 3465 - value 3466 type: object 3467 type: array 3468 path: 3469 description: Path to access on the HTTP server. 3470 type: string 3471 port: 3472 description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3473 format: int-or-string 3474 x-kubernetes-int-or-string: true 3475 scheme: 3476 description: |- 3477 Scheme to use for connecting to the host. Defaults to HTTP. 3478 3479 Possible enum values: 3480 - `"HTTP"` means that the scheme used will be http:// 3481 - `"HTTPS"` means that the scheme used will be https:// 3482 enum: 3483 - HTTP 3484 - HTTPS 3485 type: string 3486 required: 3487 - port 3488 type: object 3489 initialDelaySeconds: 3490 description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3491 format: int32 3492 type: integer 3493 periodSeconds: 3494 description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. 3495 format: int32 3496 type: integer 3497 successThreshold: 3498 description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. 3499 format: int32 3500 type: integer 3501 tcpSocket: 3502 description: TCPSocket specifies a connection to a TCP port. 3503 properties: 3504 host: 3505 description: "Optional: Host name to connect to, defaults to the pod IP." 3506 type: string 3507 port: 3508 description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. 3509 format: int-or-string 3510 x-kubernetes-int-or-string: true 3511 required: 3512 - port 3513 type: object 3514 terminationGracePeriodSeconds: 3515 description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. 3516 format: int64 3517 type: integer 3518 timeoutSeconds: 3519 description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" 3520 format: int32 3521 type: integer 3522 type: object 3523 stdin: 3524 description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. 3525 type: boolean 3526 stdinOnce: 3527 description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false 3528 type: boolean 3529 terminationMessagePath: 3530 description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." 3531 type: string 3532 terminationMessagePolicy: 3533 description: |- 3534 Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. 3535 3536 Possible enum values: 3537 - `"FallbackToLogsOnError"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents. 3538 - `"File"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits. 3539 enum: 3540 - FallbackToLogsOnError 3541 - File 3542 type: string 3543 tty: 3544 description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. 3545 type: boolean 3546 volumeDevices: 3547 description: volumeDevices is the list of block devices to be used by the container. 3548 items: 3549 properties: 3550 devicePath: 3551 description: devicePath is the path inside of the container that the device will be mapped to. 3552 type: string 3553 name: 3554 description: name must match the name of a persistentVolumeClaim in the pod 3555 type: string 3556 required: 3557 - name 3558 - devicePath 3559 type: object 3560 type: array 3561 volumeMounts: 3562 description: Pod volumes to mount into the container's filesystem. Cannot be updated. 3563 items: 3564 properties: 3565 mountPath: 3566 description: Path within the container at which the volume should be mounted. Must not contain ':'. 3567 type: string 3568 mountPropagation: 3569 description: |- 3570 mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None). 3571 3572 Possible enum values: 3573 - `"Bidirectional"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rshared" in Linux terminology). 3574 - `"HostToContainer"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume ("rslave" in Linux terminology). 3575 - `"None"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to "private" in Linux terminology. 3576 enum: 3577 - Bidirectional 3578 - HostToContainer 3579 - None 3580 type: string 3581 name: 3582 description: This must match the Name of a Volume. 3583 type: string 3584 readOnly: 3585 description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. 3586 type: boolean 3587 recursiveReadOnly: 3588 description: |- 3589 RecursiveReadOnly specifies whether read-only mounts should be handled recursively. 3590 3591 If ReadOnly is false, this field has no meaning and must be unspecified. 3592 3593 If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason. 3594 3595 If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None). 3596 3597 If this field is not specified, it is treated as an equivalent of Disabled. 3598 type: string 3599 subPath: 3600 description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). 3601 type: string 3602 subPathExpr: 3603 description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. 3604 type: string 3605 required: 3606 - name 3607 - mountPath 3608 type: object 3609 type: array 3610 workingDir: 3611 description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. 3612 type: string 3613 required: 3614 - name 3615 type: object 3616 type: array 3617 nodeName: 3618 description: NodeName indicates in which node this pod is scheduled. If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. This field should not be used to express a desire for the pod to be scheduled on a specific node. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename 3619 type: string 3620 nodeSelector: 3621 additionalProperties: 3622 type: string 3623 description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" 3624 type: object 3625 x-kubernetes-map-type: atomic 3626 os: 3627 description: |- 3628 Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set. 3629 3630 If the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions 3631 3632 If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.securityContext.supplementalGroupsPolicy - spec.containers[*].securityContext.appArmorProfile - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup 3633 properties: 3634 name: 3635 description: "Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: null" 3636 type: string 3637 required: 3638 - name 3639 type: object 3640 overhead: 3641 additionalProperties: 3642 type: string 3643 description: "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md" 3644 type: object 3645 preemptionPolicy: 3646 description: |- 3647 PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. 3648 3649 Possible enum values: 3650 - `"Never"` means that pod never preempts other pods with lower priority. 3651 - `"PreemptLowerPriority"` means that pod can preempt other pods with lower priority. 3652 enum: 3653 - Never 3654 - PreemptLowerPriority 3655 type: string 3656 priority: 3657 description: The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority. 3658 format: int32 3659 type: integer 3660 priorityClassName: 3661 description: If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. 3662 type: string 3663 readinessGates: 3664 description: "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates" 3665 items: 3666 properties: 3667 conditionType: 3668 description: ConditionType refers to a condition in the pod's condition list with matching type. 3669 type: string 3670 required: 3671 - conditionType 3672 type: object 3673 type: array 3674 resourceClaims: 3675 description: |- 3676 ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name. 3677 3678 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 3679 3680 This field is immutable. 3681 items: 3682 properties: 3683 name: 3684 description: Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL. 3685 type: string 3686 resourceClaimName: 3687 description: |- 3688 ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod. 3689 3690 Exactly one of ResourceClaimName and ResourceClaimTemplateName must be set. 3691 type: string 3692 resourceClaimTemplateName: 3693 description: |- 3694 ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. 3695 3696 The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. 3697 3698 This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim. 3699 3700 Exactly one of ResourceClaimName and ResourceClaimTemplateName must be set. 3701 type: string 3702 required: 3703 - name 3704 type: object 3705 type: array 3706 resources: 3707 description: |- 3708 Resources is the total amount of CPU and Memory resources required by all containers in the pod. It supports specifying Requests and Limits for "cpu" and "memory" resource names only. ResourceClaims are not supported. 3709 3710 This field enables fine-grained control over resource allocation for the entire pod, allowing resource sharing among containers in a pod. 3711 3712 This is an alpha field and requires enabling the PodLevelResources feature gate. 3713 properties: 3714 claims: 3715 description: |- 3716 Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. 3717 3718 This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. 3719 3720 This field is immutable. It can only be set for containers. 3721 items: 3722 properties: 3723 name: 3724 description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. 3725 type: string 3726 request: 3727 description: Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. 3728 type: string 3729 required: 3730 - name 3731 type: object 3732 type: array 3733 limits: 3734 additionalProperties: 3735 type: string 3736 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 3737 type: object 3738 requests: 3739 additionalProperties: 3740 type: string 3741 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 3742 type: object 3743 type: object 3744 restartPolicy: 3745 description: |- 3746 Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy 3747 3748 Possible enum values: 3749 - `"Always"` 3750 - `"Never"` 3751 - `"OnFailure"` 3752 enum: 3753 - Always 3754 - Never 3755 - OnFailure 3756 type: string 3757 runtimeClassName: 3758 description: "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class" 3759 type: string 3760 schedulerName: 3761 description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler. 3762 type: string 3763 schedulingGates: 3764 description: |- 3765 SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. 3766 3767 SchedulingGates can only be set at pod creation time, and be removed only afterwards. 3768 items: 3769 properties: 3770 name: 3771 description: Name of the scheduling gate. Each scheduling gate must have a unique name field. 3772 type: string 3773 required: 3774 - name 3775 type: object 3776 type: array 3777 securityContext: 3778 description: "SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field." 3779 properties: 3780 appArmorProfile: 3781 description: appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. 3782 properties: 3783 localhostProfile: 3784 description: localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost". 3785 type: string 3786 type: 3787 description: |- 3788 type indicates which kind of AppArmor profile will be applied. Valid options are: 3789 Localhost - a profile pre-loaded on the node. 3790 RuntimeDefault - the container runtime's default profile. 3791 Unconfined - no AppArmor enforcement. 3792 3793 Possible enum values: 3794 - `"Localhost"` indicates that a profile pre-loaded on the node should be used. 3795 - `"RuntimeDefault"` indicates that the container runtime's default AppArmor profile should be used. 3796 - `"Unconfined"` indicates that no AppArmor profile should be enforced. 3797 enum: 3798 - Localhost 3799 - RuntimeDefault 3800 - Unconfined 3801 type: string 3802 required: 3803 - type 3804 type: object 3805 fsGroup: 3806 description: |- 3807 A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 3808 3809 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- 3810 3811 If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows. 3812 format: int64 3813 type: integer 3814 fsGroupChangePolicy: 3815 description: |- 3816 fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows. 3817 3818 Possible enum values: 3819 - `"Always"` indicates that volume's ownership and permissions should always be changed whenever volume is mounted inside a Pod. This the default behavior. 3820 - `"OnRootMismatch"` indicates that volume's ownership and permissions will be changed only when permission and ownership of root directory does not match with expected permissions on the volume. This can help shorten the time it takes to change ownership and permissions of a volume. 3821 enum: 3822 - Always 3823 - OnRootMismatch 3824 type: string 3825 runAsGroup: 3826 description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. 3827 format: int64 3828 type: integer 3829 runAsNonRoot: 3830 description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3831 type: boolean 3832 runAsUser: 3833 description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. 3834 format: int64 3835 type: integer 3836 seLinuxChangePolicy: 3837 description: |- 3838 seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive". 3839 3840 "Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node. 3841 3842 "MountOption" mounts all eligible Pod volumes with `-o context` mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled. 3843 3844 If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes. 3845 3846 This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers. 3847 3848 All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows. 3849 type: string 3850 seLinuxOptions: 3851 description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. 3852 properties: 3853 level: 3854 description: Level is SELinux level label that applies to the container. 3855 type: string 3856 role: 3857 description: Role is a SELinux role label that applies to the container. 3858 type: string 3859 type: 3860 description: Type is a SELinux type label that applies to the container. 3861 type: string 3862 user: 3863 description: User is a SELinux user label that applies to the container. 3864 type: string 3865 type: object 3866 seccompProfile: 3867 description: The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. 3868 properties: 3869 localhostProfile: 3870 description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type. 3871 type: string 3872 type: 3873 description: |- 3874 type indicates which kind of seccomp profile will be applied. Valid options are: 3875 3876 Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied. 3877 3878 Possible enum values: 3879 - `"Localhost"` indicates a profile defined in a file on the node should be used. The file's location relative to <kubelet-root-dir>/seccomp. 3880 - `"RuntimeDefault"` represents the default container runtime seccomp profile. 3881 - `"Unconfined"` indicates no seccomp profile is applied (A.K.A. unconfined). 3882 enum: 3883 - Localhost 3884 - RuntimeDefault 3885 - Unconfined 3886 type: string 3887 required: 3888 - type 3889 type: object 3890 supplementalGroups: 3891 description: A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows. 3892 items: 3893 format: int64 3894 type: integer 3895 type: array 3896 supplementalGroupsPolicy: 3897 description: |- 3898 Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows. 3899 3900 Possible enum values: 3901 - `"Merge"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be merged with the primary user's groups as defined in the container image (in /etc/group). 3902 - `"Strict"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be used instead of any groups defined in the container image. 3903 enum: 3904 - Merge 3905 - Strict 3906 type: string 3907 sysctls: 3908 description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. 3909 items: 3910 properties: 3911 name: 3912 description: Name of a property to set 3913 type: string 3914 value: 3915 description: Value of a property to set 3916 type: string 3917 required: 3918 - name 3919 - value 3920 type: object 3921 type: array 3922 windowsOptions: 3923 description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. 3924 properties: 3925 gmsaCredentialSpec: 3926 description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. 3927 type: string 3928 gmsaCredentialSpecName: 3929 description: GMSACredentialSpecName is the name of the GMSA credential spec to use. 3930 type: string 3931 hostProcess: 3932 description: HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true. 3933 type: boolean 3934 runAsUserName: 3935 description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. 3936 type: string 3937 type: object 3938 type: object 3939 serviceAccount: 3940 description: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead." 3941 type: string 3942 serviceAccountName: 3943 description: "ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" 3944 type: string 3945 setHostnameAsFQDN: 3946 description: If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false. 3947 type: boolean 3948 shareProcessNamespace: 3949 description: "Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false." 3950 type: boolean 3951 subdomain: 3952 description: If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all. 3953 type: string 3954 terminationGracePeriodSeconds: 3955 description: Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. 3956 format: int64 3957 type: integer 3958 tolerations: 3959 description: If specified, the pod's tolerations. 3960 items: 3961 properties: 3962 effect: 3963 description: |- 3964 Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. 3965 3966 Possible enum values: 3967 - `"NoExecute"` Evict any already-running pods that do not tolerate the taint. Currently enforced by NodeController. 3968 - `"NoSchedule"` Do not allow new pods to schedule onto the node unless they tolerate the taint, but allow all pods submitted to Kubelet without going through the scheduler to start, and allow all already-running pods to continue running. Enforced by the scheduler. 3969 - `"PreferNoSchedule"` Like TaintEffectNoSchedule, but the scheduler tries not to schedule new pods onto the node, rather than prohibiting new pods from scheduling onto the node entirely. Enforced by the scheduler. 3970 enum: 3971 - NoExecute 3972 - NoSchedule 3973 - PreferNoSchedule 3974 type: string 3975 key: 3976 description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. 3977 type: string 3978 operator: 3979 description: |- 3980 Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. 3981 3982 Possible enum values: 3983 - `"Equal"` 3984 - `"Exists"` 3985 enum: 3986 - Equal 3987 - Exists 3988 type: string 3989 tolerationSeconds: 3990 description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. 3991 format: int64 3992 type: integer 3993 value: 3994 description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. 3995 type: string 3996 type: object 3997 type: array 3998 topologySpreadConstraints: 3999 description: TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. 4000 items: 4001 properties: 4002 labelSelector: 4003 description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. 4004 properties: 4005 matchExpressions: 4006 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 4007 items: 4008 properties: 4009 key: 4010 description: key is the label key that the selector applies to. 4011 type: string 4012 operator: 4013 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 4014 type: string 4015 values: 4016 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 4017 items: 4018 type: string 4019 type: array 4020 required: 4021 - key 4022 - operator 4023 type: object 4024 type: array 4025 matchLabels: 4026 additionalProperties: 4027 type: string 4028 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 4029 type: object 4030 type: object 4031 x-kubernetes-map-type: atomic 4032 matchLabelKeys: 4033 description: |- 4034 MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. 4035 4036 This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). 4037 items: 4038 type: string 4039 type: array 4040 maxSkew: 4041 description: "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed." 4042 format: int32 4043 type: integer 4044 minDomains: 4045 description: |- 4046 MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. 4047 4048 For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. 4049 format: int32 4050 type: integer 4051 nodeAffinityPolicy: 4052 description: |- 4053 NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. 4054 4055 If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. 4056 4057 Possible enum values: 4058 - `"Honor"` means use this scheduling directive when calculating pod topology spread skew. 4059 - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew. 4060 enum: 4061 - Honor 4062 - Ignore 4063 type: string 4064 nodeTaintsPolicy: 4065 description: |- 4066 NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. 4067 4068 If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. 4069 4070 Possible enum values: 4071 - `"Honor"` means use this scheduling directive when calculating pod topology spread skew. 4072 - `"Ignore"` means ignore this scheduling directive when calculating pod topology spread skew. 4073 enum: 4074 - Honor 4075 - Ignore 4076 type: string 4077 topologyKey: 4078 description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. 4079 type: string 4080 whenUnsatisfiable: 4081 description: |- 4082 WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, 4083 but giving higher precedence to topologies that would help reduce the 4084 skew. 4085 A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. 4086 4087 Possible enum values: 4088 - `"DoNotSchedule"` instructs the scheduler not to schedule the pod when constraints are not satisfied. 4089 - `"ScheduleAnyway"` instructs the scheduler to schedule the pod even if constraints are not satisfied. 4090 enum: 4091 - DoNotSchedule 4092 - ScheduleAnyway 4093 type: string 4094 required: 4095 - maxSkew 4096 - topologyKey 4097 - whenUnsatisfiable 4098 type: object 4099 type: array 4100 volumes: 4101 description: "List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes" 4102 items: 4103 properties: 4104 awsElasticBlockStore: 4105 description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 4106 properties: 4107 fsType: 4108 description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 4109 type: string 4110 partition: 4111 description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." 4112 format: int32 4113 type: integer 4114 readOnly: 4115 description: "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 4116 type: boolean 4117 volumeID: 4118 description: "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" 4119 type: string 4120 required: 4121 - volumeID 4122 type: object 4123 azureDisk: 4124 description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver." 4125 properties: 4126 cachingMode: 4127 description: |- 4128 cachingMode is the Host Caching mode: None, Read Only, Read Write. 4129 4130 Possible enum values: 4131 - `"None"` 4132 - `"ReadOnly"` 4133 - `"ReadWrite"` 4134 enum: 4135 - None 4136 - ReadOnly 4137 - ReadWrite 4138 type: string 4139 diskName: 4140 description: diskName is the Name of the data disk in the blob storage 4141 type: string 4142 diskURI: 4143 description: diskURI is the URI of data disk in the blob storage 4144 type: string 4145 fsType: 4146 description: fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 4147 type: string 4148 kind: 4149 description: |- 4150 kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared 4151 4152 Possible enum values: 4153 - `"Dedicated"` 4154 - `"Managed"` 4155 - `"Shared"` 4156 enum: 4157 - Dedicated 4158 - Managed 4159 - Shared 4160 type: string 4161 readOnly: 4162 description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 4163 type: boolean 4164 required: 4165 - diskName 4166 - diskURI 4167 type: object 4168 azureFile: 4169 description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver." 4170 properties: 4171 readOnly: 4172 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 4173 type: boolean 4174 secretName: 4175 description: secretName is the name of secret that contains Azure Storage Account Name and Key 4176 type: string 4177 shareName: 4178 description: shareName is the azure share Name 4179 type: string 4180 required: 4181 - secretName 4182 - shareName 4183 type: object 4184 cephfs: 4185 description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported." 4186 properties: 4187 monitors: 4188 description: "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 4189 items: 4190 type: string 4191 type: array 4192 path: 4193 description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" 4194 type: string 4195 readOnly: 4196 description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 4197 type: boolean 4198 secretFile: 4199 description: "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 4200 type: string 4201 secretRef: 4202 description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 4203 properties: 4204 name: 4205 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 4206 type: string 4207 type: object 4208 x-kubernetes-map-type: atomic 4209 user: 4210 description: "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" 4211 type: string 4212 required: 4213 - monitors 4214 type: object 4215 cinder: 4216 description: "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 4217 properties: 4218 fsType: 4219 description: "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 4220 type: string 4221 readOnly: 4222 description: "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 4223 type: boolean 4224 secretRef: 4225 description: "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack." 4226 properties: 4227 name: 4228 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 4229 type: string 4230 type: object 4231 x-kubernetes-map-type: atomic 4232 volumeID: 4233 description: "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" 4234 type: string 4235 required: 4236 - volumeID 4237 type: object 4238 configMap: 4239 description: configMap represents a configMap that should populate this volume 4240 properties: 4241 defaultMode: 4242 description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 4243 format: int32 4244 type: integer 4245 items: 4246 description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 4247 items: 4248 properties: 4249 key: 4250 description: key is the key to project. 4251 type: string 4252 mode: 4253 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 4254 format: int32 4255 type: integer 4256 path: 4257 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 4258 type: string 4259 required: 4260 - key 4261 - path 4262 type: object 4263 type: array 4264 name: 4265 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 4266 type: string 4267 optional: 4268 description: optional specify whether the ConfigMap or its keys must be defined 4269 type: boolean 4270 type: object 4271 csi: 4272 description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers. 4273 properties: 4274 driver: 4275 description: driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. 4276 type: string 4277 fsType: 4278 description: fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. 4279 type: string 4280 nodePublishSecretRef: 4281 description: nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. 4282 properties: 4283 name: 4284 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 4285 type: string 4286 type: object 4287 x-kubernetes-map-type: atomic 4288 readOnly: 4289 description: readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). 4290 type: boolean 4291 volumeAttributes: 4292 additionalProperties: 4293 type: string 4294 description: volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. 4295 type: object 4296 required: 4297 - driver 4298 type: object 4299 downwardAPI: 4300 description: downwardAPI represents downward API about the pod that should populate this volume 4301 properties: 4302 defaultMode: 4303 description: "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 4304 format: int32 4305 type: integer 4306 items: 4307 description: Items is a list of downward API volume file 4308 items: 4309 properties: 4310 fieldRef: 4311 description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." 4312 properties: 4313 apiVersion: 4314 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 4315 type: string 4316 fieldPath: 4317 description: Path of the field to select in the specified API version. 4318 type: string 4319 required: 4320 - fieldPath 4321 type: object 4322 x-kubernetes-map-type: atomic 4323 mode: 4324 description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 4325 format: int32 4326 type: integer 4327 path: 4328 description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" 4329 type: string 4330 resourceFieldRef: 4331 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." 4332 properties: 4333 containerName: 4334 description: "Container name: required for volumes, optional for env vars" 4335 type: string 4336 divisor: 4337 description: Specifies the output format of the exposed resources, defaults to "1" 4338 type: string 4339 resource: 4340 description: "Required: resource to select" 4341 type: string 4342 required: 4343 - resource 4344 type: object 4345 x-kubernetes-map-type: atomic 4346 required: 4347 - path 4348 type: object 4349 type: array 4350 type: object 4351 emptyDir: 4352 description: "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" 4353 properties: 4354 medium: 4355 description: "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" 4356 type: string 4357 sizeLimit: 4358 description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" 4359 type: string 4360 type: object 4361 ephemeral: 4362 description: |- 4363 ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. 4364 4365 Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity 4366 tracking are needed, 4367 c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through 4368 a PersistentVolumeClaim (see EphemeralVolumeSource for more 4369 information on the connection between this volume type 4370 and PersistentVolumeClaim). 4371 4372 Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. 4373 4374 Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. 4375 4376 A pod can use both types of ephemeral volumes and persistent volumes at the same time. 4377 properties: 4378 volumeClaimTemplate: 4379 description: |- 4380 Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `<pod name>-<volume name>` where `<volume name>` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). 4381 4382 An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. 4383 4384 This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. 4385 4386 Required, must not be nil. 4387 properties: 4388 metadata: 4389 description: May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. 4390 properties: 4391 annotations: 4392 additionalProperties: 4393 type: string 4394 description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations" 4395 type: object 4396 creationTimestamp: 4397 description: |- 4398 CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 4399 4400 Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 4401 format: date-time 4402 nullable: true 4403 type: string 4404 deletionGracePeriodSeconds: 4405 description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. 4406 format: int64 4407 type: integer 4408 deletionTimestamp: 4409 description: |- 4410 DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. 4411 4412 Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata 4413 format: date-time 4414 type: string 4415 finalizers: 4416 description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list. 4417 items: 4418 type: string 4419 type: array 4420 generateName: 4421 description: |- 4422 GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. 4423 4424 If this field is specified and the generated name exists, the server will return a 409. 4425 4426 Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency 4427 type: string 4428 generation: 4429 description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. 4430 format: int64 4431 type: integer 4432 labels: 4433 additionalProperties: 4434 type: string 4435 description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels" 4436 type: object 4437 managedFields: 4438 description: ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. 4439 items: 4440 properties: 4441 apiVersion: 4442 description: APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. 4443 type: string 4444 fieldsType: 4445 description: "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"" 4446 type: string 4447 fieldsV1: 4448 description: FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. 4449 type: object 4450 manager: 4451 description: Manager is an identifier of the workflow managing these fields. 4452 type: string 4453 operation: 4454 description: Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. 4455 type: string 4456 subresource: 4457 description: Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource. 4458 type: string 4459 time: 4460 description: Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over. 4461 format: date-time 4462 type: string 4463 type: object 4464 type: array 4465 name: 4466 description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 4467 type: string 4468 namespace: 4469 description: |- 4470 Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. 4471 4472 Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces 4473 type: string 4474 ownerReferences: 4475 description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. 4476 items: 4477 properties: 4478 apiVersion: 4479 description: API version of the referent. 4480 type: string 4481 blockOwnerDeletion: 4482 description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. 4483 type: boolean 4484 controller: 4485 description: If true, this reference points to the managing controller. 4486 type: boolean 4487 kind: 4488 description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" 4489 type: string 4490 name: 4491 description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" 4492 type: string 4493 uid: 4494 description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids" 4495 type: string 4496 required: 4497 - apiVersion 4498 - kind 4499 - name 4500 - uid 4501 type: object 4502 x-kubernetes-map-type: atomic 4503 type: array 4504 resourceVersion: 4505 description: |- 4506 An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. 4507 4508 Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 4509 type: string 4510 selfLink: 4511 description: "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system." 4512 type: string 4513 uid: 4514 description: |- 4515 UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. 4516 4517 Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids 4518 type: string 4519 type: object 4520 spec: 4521 description: The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. 4522 properties: 4523 accessModes: 4524 description: "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" 4525 items: 4526 enum: 4527 - ReadOnlyMany 4528 - ReadWriteMany 4529 - ReadWriteOnce 4530 - ReadWriteOncePod 4531 type: string 4532 type: array 4533 dataSource: 4534 description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource." 4535 properties: 4536 apiGroup: 4537 description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. 4538 type: string 4539 kind: 4540 description: Kind is the type of resource being referenced 4541 type: string 4542 name: 4543 description: Name is the name of resource being referenced 4544 type: string 4545 required: 4546 - kind 4547 - name 4548 type: object 4549 x-kubernetes-map-type: atomic 4550 dataSourceRef: 4551 description: |- 4552 dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef 4553 allows any non-core object, as well as PersistentVolumeClaim objects. 4554 * While dataSource ignores disallowed values (dropping them), dataSourceRef 4555 preserves all values, and generates an error if a disallowed value is 4556 specified. 4557 * While dataSource only allows local objects, dataSourceRef allows objects 4558 in any namespaces. 4559 (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. 4560 properties: 4561 apiGroup: 4562 description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. 4563 type: string 4564 kind: 4565 description: Kind is the type of resource being referenced 4566 type: string 4567 name: 4568 description: Name is the name of resource being referenced 4569 type: string 4570 namespace: 4571 description: Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. 4572 type: string 4573 required: 4574 - kind 4575 - name 4576 type: object 4577 resources: 4578 description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" 4579 properties: 4580 limits: 4581 additionalProperties: 4582 type: string 4583 description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 4584 type: object 4585 requests: 4586 additionalProperties: 4587 type: string 4588 description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" 4589 type: object 4590 type: object 4591 selector: 4592 description: selector is a label query over volumes to consider for binding. 4593 properties: 4594 matchExpressions: 4595 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 4596 items: 4597 properties: 4598 key: 4599 description: key is the label key that the selector applies to. 4600 type: string 4601 operator: 4602 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 4603 type: string 4604 values: 4605 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 4606 items: 4607 type: string 4608 type: array 4609 required: 4610 - key 4611 - operator 4612 type: object 4613 type: array 4614 matchLabels: 4615 additionalProperties: 4616 type: string 4617 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 4618 type: object 4619 type: object 4620 x-kubernetes-map-type: atomic 4621 storageClassName: 4622 description: "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" 4623 type: string 4624 volumeAttributesClassName: 4625 description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass will be applied to the claim but it's not allowed to reset this field to empty string once it is set. If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass will be set by the persistentvolume controller if it exists. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." 4626 type: string 4627 volumeMode: 4628 description: |- 4629 volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. 4630 4631 Possible enum values: 4632 - `"Block"` means the volume will not be formatted with a filesystem and will remain a raw block device. 4633 - `"Filesystem"` means the volume will be or is formatted with a filesystem. 4634 enum: 4635 - Block 4636 - Filesystem 4637 type: string 4638 volumeName: 4639 description: volumeName is the binding reference to the PersistentVolume backing this claim. 4640 type: string 4641 type: object 4642 required: 4643 - spec 4644 type: object 4645 type: object 4646 fc: 4647 description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. 4648 properties: 4649 fsType: 4650 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 4651 type: string 4652 lun: 4653 description: "lun is Optional: FC target lun number" 4654 format: int32 4655 type: integer 4656 readOnly: 4657 description: "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." 4658 type: boolean 4659 targetWWNs: 4660 description: "targetWWNs is Optional: FC target worldwide names (WWNs)" 4661 items: 4662 type: string 4663 type: array 4664 wwids: 4665 description: "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." 4666 items: 4667 type: string 4668 type: array 4669 type: object 4670 flexVolume: 4671 description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead." 4672 properties: 4673 driver: 4674 description: driver is the name of the driver to use for this volume. 4675 type: string 4676 fsType: 4677 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. 4678 type: string 4679 options: 4680 additionalProperties: 4681 type: string 4682 description: "options is Optional: this field holds extra command options if any." 4683 type: object 4684 readOnly: 4685 description: "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." 4686 type: boolean 4687 secretRef: 4688 description: "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." 4689 properties: 4690 name: 4691 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 4692 type: string 4693 type: object 4694 x-kubernetes-map-type: atomic 4695 required: 4696 - driver 4697 type: object 4698 flocker: 4699 description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported." 4700 properties: 4701 datasetName: 4702 description: datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated 4703 type: string 4704 datasetUUID: 4705 description: datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset 4706 type: string 4707 type: object 4708 gcePersistentDisk: 4709 description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 4710 properties: 4711 fsType: 4712 description: "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 4713 type: string 4714 partition: 4715 description: "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 4716 format: int32 4717 type: integer 4718 pdName: 4719 description: "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 4720 type: string 4721 readOnly: 4722 description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" 4723 type: boolean 4724 required: 4725 - pdName 4726 type: object 4727 gitRepo: 4728 description: "gitRepo represents a git repository at a particular revision. Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." 4729 properties: 4730 directory: 4731 description: directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. 4732 type: string 4733 repository: 4734 description: repository is the URL 4735 type: string 4736 revision: 4737 description: revision is the commit hash for the specified revision. 4738 type: string 4739 required: 4740 - repository 4741 type: object 4742 glusterfs: 4743 description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md" 4744 properties: 4745 endpoints: 4746 description: "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" 4747 type: string 4748 path: 4749 description: "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" 4750 type: string 4751 readOnly: 4752 description: "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" 4753 type: boolean 4754 required: 4755 - endpoints 4756 - path 4757 type: object 4758 hostPath: 4759 description: "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" 4760 properties: 4761 path: 4762 description: "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" 4763 type: string 4764 type: 4765 description: |- 4766 type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath 4767 4768 Possible enum values: 4769 - `""` For backwards compatible, leave it empty if unset 4770 - `"BlockDevice"` A block device must exist at the given path 4771 - `"CharDevice"` A character device must exist at the given path 4772 - `"Directory"` A directory must exist at the given path 4773 - `"DirectoryOrCreate"` If nothing exists at the given path, an empty directory will be created there as needed with file mode 0755, having the same group and ownership with Kubelet. 4774 - `"File"` A file must exist at the given path 4775 - `"FileOrCreate"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet. 4776 - `"Socket"` A UNIX socket must exist at the given path 4777 enum: 4778 - "" 4779 - BlockDevice 4780 - CharDevice 4781 - Directory 4782 - DirectoryOrCreate 4783 - File 4784 - FileOrCreate 4785 - Socket 4786 type: string 4787 required: 4788 - path 4789 type: object 4790 image: 4791 description: |- 4792 image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided: 4793 4794 - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. 4795 4796 The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. 4797 properties: 4798 pullPolicy: 4799 description: |- 4800 Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. 4801 4802 Possible enum values: 4803 - `"Always"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. 4804 - `"IfNotPresent"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. 4805 - `"Never"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present 4806 enum: 4807 - Always 4808 - IfNotPresent 4809 - Never 4810 type: string 4811 reference: 4812 description: "Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." 4813 type: string 4814 type: object 4815 iscsi: 4816 description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" 4817 properties: 4818 chapAuthDiscovery: 4819 description: chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication 4820 type: boolean 4821 chapAuthSession: 4822 description: chapAuthSession defines whether support iSCSI Session CHAP authentication 4823 type: boolean 4824 fsType: 4825 description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" 4826 type: string 4827 initiatorName: 4828 description: initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection. 4829 type: string 4830 iqn: 4831 description: iqn is the target iSCSI Qualified Name. 4832 type: string 4833 iscsiInterface: 4834 description: iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). 4835 type: string 4836 lun: 4837 description: lun represents iSCSI Target Lun number. 4838 format: int32 4839 type: integer 4840 portals: 4841 description: portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). 4842 items: 4843 type: string 4844 type: array 4845 readOnly: 4846 description: readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. 4847 type: boolean 4848 secretRef: 4849 description: secretRef is the CHAP Secret for iSCSI target and initiator authentication 4850 properties: 4851 name: 4852 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 4853 type: string 4854 type: object 4855 x-kubernetes-map-type: atomic 4856 targetPortal: 4857 description: targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). 4858 type: string 4859 required: 4860 - targetPortal 4861 - iqn 4862 - lun 4863 type: object 4864 name: 4865 description: "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 4866 type: string 4867 nfs: 4868 description: "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 4869 properties: 4870 path: 4871 description: "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 4872 type: string 4873 readOnly: 4874 description: "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 4875 type: boolean 4876 server: 4877 description: "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" 4878 type: string 4879 required: 4880 - server 4881 - path 4882 type: object 4883 persistentVolumeClaim: 4884 description: "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" 4885 properties: 4886 claimName: 4887 description: "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" 4888 type: string 4889 readOnly: 4890 description: readOnly Will force the ReadOnly setting in VolumeMounts. Default false. 4891 type: boolean 4892 required: 4893 - claimName 4894 type: object 4895 photonPersistentDisk: 4896 description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported." 4897 properties: 4898 fsType: 4899 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 4900 type: string 4901 pdID: 4902 description: pdID is the ID that identifies Photon Controller persistent disk 4903 type: string 4904 required: 4905 - pdID 4906 type: object 4907 portworxVolume: 4908 description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on." 4909 properties: 4910 fsType: 4911 description: fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. 4912 type: string 4913 readOnly: 4914 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 4915 type: boolean 4916 volumeID: 4917 description: volumeID uniquely identifies a Portworx volume 4918 type: string 4919 required: 4920 - volumeID 4921 type: object 4922 projected: 4923 description: projected items for all in one resources secrets, configmaps, and downward API 4924 properties: 4925 defaultMode: 4926 description: defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. 4927 format: int32 4928 type: integer 4929 sources: 4930 description: sources is the list of volume projections. Each entry in this list handles one source. 4931 items: 4932 properties: 4933 clusterTrustBundle: 4934 description: |- 4935 ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file. 4936 4937 Alpha, gated by the ClusterTrustBundleProjection feature gate. 4938 4939 ClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector. 4940 4941 Kubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time. 4942 properties: 4943 labelSelector: 4944 description: Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as "match nothing". If set but empty, interpreted as "match everything". 4945 properties: 4946 matchExpressions: 4947 description: matchExpressions is a list of label selector requirements. The requirements are ANDed. 4948 items: 4949 properties: 4950 key: 4951 description: key is the label key that the selector applies to. 4952 type: string 4953 operator: 4954 description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. 4955 type: string 4956 values: 4957 description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. 4958 items: 4959 type: string 4960 type: array 4961 required: 4962 - key 4963 - operator 4964 type: object 4965 type: array 4966 matchLabels: 4967 additionalProperties: 4968 type: string 4969 description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. 4970 type: object 4971 type: object 4972 x-kubernetes-map-type: atomic 4973 name: 4974 description: Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector. 4975 type: string 4976 optional: 4977 description: If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles. 4978 type: boolean 4979 path: 4980 description: Relative path from the volume root to write the bundle. 4981 type: string 4982 signerName: 4983 description: Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated. 4984 type: string 4985 required: 4986 - path 4987 type: object 4988 configMap: 4989 description: configMap information about the configMap data to project 4990 properties: 4991 items: 4992 description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 4993 items: 4994 properties: 4995 key: 4996 description: key is the key to project. 4997 type: string 4998 mode: 4999 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 5000 format: int32 5001 type: integer 5002 path: 5003 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 5004 type: string 5005 required: 5006 - key 5007 - path 5008 type: object 5009 type: array 5010 name: 5011 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5012 type: string 5013 optional: 5014 description: optional specify whether the ConfigMap or its keys must be defined 5015 type: boolean 5016 type: object 5017 downwardAPI: 5018 description: downwardAPI information about the downwardAPI data to project 5019 properties: 5020 items: 5021 description: Items is a list of DownwardAPIVolume file 5022 items: 5023 properties: 5024 fieldRef: 5025 description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." 5026 properties: 5027 apiVersion: 5028 description: Version of the schema the FieldPath is written in terms of, defaults to "v1". 5029 type: string 5030 fieldPath: 5031 description: Path of the field to select in the specified API version. 5032 type: string 5033 required: 5034 - fieldPath 5035 type: object 5036 x-kubernetes-map-type: atomic 5037 mode: 5038 description: "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 5039 format: int32 5040 type: integer 5041 path: 5042 description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" 5043 type: string 5044 resourceFieldRef: 5045 description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." 5046 properties: 5047 containerName: 5048 description: "Container name: required for volumes, optional for env vars" 5049 type: string 5050 divisor: 5051 description: Specifies the output format of the exposed resources, defaults to "1" 5052 type: string 5053 resource: 5054 description: "Required: resource to select" 5055 type: string 5056 required: 5057 - resource 5058 type: object 5059 x-kubernetes-map-type: atomic 5060 required: 5061 - path 5062 type: object 5063 type: array 5064 type: object 5065 secret: 5066 description: secret information about the secret data to project 5067 properties: 5068 items: 5069 description: items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 5070 items: 5071 properties: 5072 key: 5073 description: key is the key to project. 5074 type: string 5075 mode: 5076 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 5077 format: int32 5078 type: integer 5079 path: 5080 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 5081 type: string 5082 required: 5083 - key 5084 - path 5085 type: object 5086 type: array 5087 name: 5088 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5089 type: string 5090 optional: 5091 description: optional field specify whether the Secret or its key must be defined 5092 type: boolean 5093 type: object 5094 serviceAccountToken: 5095 description: serviceAccountToken is information about the serviceAccountToken data to project 5096 properties: 5097 audience: 5098 description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. 5099 type: string 5100 expirationSeconds: 5101 description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. 5102 format: int64 5103 type: integer 5104 path: 5105 description: path is the path relative to the mount point of the file to project the token into. 5106 type: string 5107 required: 5108 - path 5109 type: object 5110 type: object 5111 type: array 5112 type: object 5113 quobyte: 5114 description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported." 5115 properties: 5116 group: 5117 description: group to map volume access to Default is no group 5118 type: string 5119 readOnly: 5120 description: readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. 5121 type: boolean 5122 registry: 5123 description: registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes 5124 type: string 5125 tenant: 5126 description: tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin 5127 type: string 5128 user: 5129 description: user to map volume access to Defaults to serivceaccount user 5130 type: string 5131 volume: 5132 description: volume is a string that references an already created Quobyte volume by name. 5133 type: string 5134 required: 5135 - registry 5136 - volume 5137 type: object 5138 rbd: 5139 description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md" 5140 properties: 5141 fsType: 5142 description: "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" 5143 type: string 5144 image: 5145 description: "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 5146 type: string 5147 keyring: 5148 description: "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 5149 type: string 5150 monitors: 5151 description: "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 5152 items: 5153 type: string 5154 type: array 5155 pool: 5156 description: "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 5157 type: string 5158 readOnly: 5159 description: "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 5160 type: boolean 5161 secretRef: 5162 description: "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 5163 properties: 5164 name: 5165 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5166 type: string 5167 type: object 5168 x-kubernetes-map-type: atomic 5169 user: 5170 description: "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" 5171 type: string 5172 required: 5173 - monitors 5174 - image 5175 type: object 5176 scaleIO: 5177 description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported." 5178 properties: 5179 fsType: 5180 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". 5181 type: string 5182 gateway: 5183 description: gateway is the host address of the ScaleIO API Gateway. 5184 type: string 5185 protectionDomain: 5186 description: protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. 5187 type: string 5188 readOnly: 5189 description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 5190 type: boolean 5191 secretRef: 5192 description: secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. 5193 properties: 5194 name: 5195 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5196 type: string 5197 type: object 5198 x-kubernetes-map-type: atomic 5199 sslEnabled: 5200 description: sslEnabled Flag enable/disable SSL communication with Gateway, default false 5201 type: boolean 5202 storageMode: 5203 description: storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. 5204 type: string 5205 storagePool: 5206 description: storagePool is the ScaleIO Storage Pool associated with the protection domain. 5207 type: string 5208 system: 5209 description: system is the name of the storage system as configured in ScaleIO. 5210 type: string 5211 volumeName: 5212 description: volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source. 5213 type: string 5214 required: 5215 - gateway 5216 - system 5217 - secretRef 5218 type: object 5219 secret: 5220 description: "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" 5221 properties: 5222 defaultMode: 5223 description: "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 5224 format: int32 5225 type: integer 5226 items: 5227 description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. 5228 items: 5229 properties: 5230 key: 5231 description: key is the key to project. 5232 type: string 5233 mode: 5234 description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." 5235 format: int32 5236 type: integer 5237 path: 5238 description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. 5239 type: string 5240 required: 5241 - key 5242 - path 5243 type: object 5244 type: array 5245 optional: 5246 description: optional field specify whether the Secret or its keys must be defined 5247 type: boolean 5248 secretName: 5249 description: "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" 5250 type: string 5251 type: object 5252 storageos: 5253 description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported." 5254 properties: 5255 fsType: 5256 description: fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 5257 type: string 5258 readOnly: 5259 description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. 5260 type: boolean 5261 secretRef: 5262 description: secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. 5263 properties: 5264 name: 5265 description: "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" 5266 type: string 5267 type: object 5268 x-kubernetes-map-type: atomic 5269 volumeName: 5270 description: volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. 5271 type: string 5272 volumeNamespace: 5273 description: volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. 5274 type: string 5275 type: object 5276 vsphereVolume: 5277 description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver." 5278 properties: 5279 fsType: 5280 description: fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. 5281 type: string 5282 storagePolicyID: 5283 description: storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. 5284 type: string 5285 storagePolicyName: 5286 description: storagePolicyName is the storage Policy Based Management (SPBM) profile name. 5287 type: string 5288 volumePath: 5289 description: volumePath is the path that identifies vSphere volume vmdk 5290 type: string 5291 required: 5292 - volumePath 5293 type: object 5294 required: 5295 - name 5296 type: object 5297 type: array 5298 required: 5299 - containers 5300 type: object 5301 type: object 5302 5303 {{- end }}